commit a351e9b9fc24e982ec2f0e76379a49826036da12 Author: Linus Torvalds Date: Sun Apr 30 19:47:48 2017 -0700 Linux 4.11 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 97ce89f8a4eb15a1e82be419fcd6218fe4da1fbd Merge: 14e07f0 88d879d Author: Linus Torvalds Date: Sun Apr 30 11:44:18 2017 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "The final fixes for 4.11: - prevent a triple fault with function graph tracing triggered via suspend to ram - prevent optimizing for size when function graph tracing is enabled and the compiler does not support -mfentry - prevent mwaitx() being called with a zero timeout as mwaitx() might never return. Observed on the new Ryzen CPUs" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: Prevent timer value 0 for MWAITX x86/build: convert function graph '-Os' error to warning ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram commit 14e07f023ff6ed3e38850a9935a05b0b8e52fa49 Merge: 8c9a694 25e2d8c Author: Linus Torvalds Date: Sun Apr 30 11:35:00 2017 -0700 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fix from Thomas Gleixner: "A single fix for a cputime accounting regression which got introduced in the 4.11 cycle" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/cputime: Fix ksoftirqd cputime accounting regression commit 88d879d29f9cc0de2d930b584285638cdada6625 Author: Janakarajan Natarajan Date: Tue Apr 25 16:44:03 2017 -0500 Prevent timer value 0 for MWAITX Newer hardware has uncovered a bug in the software implementation of using MWAITX for the delay function. A value of 0 for the timer is meant to indicate that a timeout will not be used to exit MWAITX. On newer hardware this can result in MWAITX never returning, resulting in NMI soft lockup messages being printed. On older hardware, some of the other conditions under which MWAITX can exit masked this issue. The AMD APM does not currently document this and will be updated. Please refer to http://marc.info/?l=kvm&m=148950623231140 for information regarding NMI soft lockup messages on an AMD Ryzen 1800X. This has been root-caused as a 0 passed to MWAITX causing it to wait indefinitely. This change has the added benefit of avoiding the unnecessary setup of MONITORX/MWAITX when the delay value is zero. Signed-off-by: Janakarajan Natarajan Link: http://lkml.kernel.org/r/1493156643-29366-1-git-send-email-Janakarajan.Natarajan@amd.com Signed-off-by: Thomas Gleixner arch/x86/lib/delay.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 8c9a694dc046fab9dff249555860460b92990b52 Merge: 0060e79 4fa55ce Author: Linus Torvalds Date: Sat Apr 29 14:00:42 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull iov iter fix from Al Viro. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix a braino in ITER_PIPE iov_iter_revert() commit 4fa55cefee1bbecadb4c9f47d40a92f65dc44351 Author: Al Viro Date: Sat Apr 29 16:42:30 2017 -0400 fix a braino in ITER_PIPE iov_iter_revert() Fixes: 27c0e3748e41 Tested-by: Dave Jones Signed-off-by: Al Viro lib/iov_iter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0060e79a1f5231940ef38e6621745c0c808065cb Merge: 0e91178 36c02d0 Author: Linus Torvalds Date: Fri Apr 28 17:04:31 2017 -0700 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fix from Stephen Boyd: "One odd config build fix for a recent Allwinner clock driver change that got merged. The common code called code in another file that wasn't always built. This just forces it on so people don't run into this bad configuration" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: sunxi-ng: always select CCU_GATE commit 0e9117882da14e7914d05cf14781a7ac9c61c670 Merge: affb852 4c761da Author: Linus Torvalds Date: Fri Apr 28 14:13:16 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: "Just a couple more stragglers, I really hope this is it. 1) Don't let frags slip down into the GRO segmentation handlers, from Steffen Klassert. 2) Truesize under-estimation triggers warnings in TCP over loopback with socket filters, 2 part fix from Eric Dumazet. 3) Fix undesirable reset of bonding MTU to ETH_HLEN on slave removal, from Paolo Abeni. 4) If we flush the XFRM policy after garbage collection, it doesn't work because stray entries can be created afterwards. Fix from Xin Long. 5) Hung socket connection fixes in TIPC from Parthasarathy Bhuvaragan. 6) Fix GRO regression with IPSEC when netfilter is disabled, from Sabrina Dubroca. 7) Fix cpsw driver Kconfig dependency regression, from Arnd Bergmann" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: net: hso: register netdev later to avoid a race condition net: adjust skb->truesize in ___pskb_trim() tcp: do not underestimate skb->truesize in tcp_trim_head() bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal ipv4: Don't pass IP fragments to upper layer GRO handlers. cpsw/netcp: refine cpts dependency tipc: close the connection if protocol messages contain errors tipc: improve error validations for sockets in CONNECTING state tipc: Fix missing connection request handling xfrm: fix GRO for !CONFIG_NETFILTER xfrm: do the garbage collection after flushing policy commit 4c761daf8bb9a2cbda9facf53ea85d9061f4281e Author: Andreas Kemnade Date: Wed Apr 26 19:26:40 2017 +0200 net: hso: register netdev later to avoid a race condition If the netdev is accessed before the urbs are initialized, there will be NULL pointer dereferences. That is avoided by registering it when it is fully initialized. This case occurs e.g. if dhcpcd is running in the background and the device is probed, either after insmod hso or when the device appears on the usb bus. A backtrace is the following: [ 1357.356048] usb 1-2: new high-speed USB device number 12 using ehci-omap [ 1357.551177] usb 1-2: New USB device found, idVendor=0af0, idProduct=8800 [ 1357.558654] usb 1-2: New USB device strings: Mfr=3, Product=2, SerialNumber=0 [ 1357.568572] usb 1-2: Product: Globetrotter HSUPA Modem [ 1357.574096] usb 1-2: Manufacturer: Option N.V. [ 1357.685882] hso 1-2:1.5: Not our interface [ 1460.886352] hso: unloaded [ 1460.889984] usbcore: deregistering interface driver hso [ 1513.769134] hso: ../drivers/net/usb/hso.c: Option Wireless [ 1513.846771] Unable to handle kernel NULL pointer dereference at virtual address 00000030 [ 1513.887664] hso 1-2:1.5: Not our interface [ 1513.906890] usbcore: registered new interface driver hso [ 1513.937988] pgd = ecdec000 [ 1513.949890] [00000030] *pgd=acd15831, *pte=00000000, *ppte=00000000 [ 1513.956573] Internal error: Oops: 817 [#1] PREEMPT SMP ARM [ 1513.962371] Modules linked in: hso usb_f_ecm omap2430 bnep bluetooth g_ether usb_f_rndis u_ether libcomposite configfs ipv6 arc4 wl18xx wlcore mac80211 cfg80211 bq27xxx_battery panel_tpo_td028ttec1 omapdrm drm_kms_helper cfbfillrect snd_soc_simple_card syscopyarea cfbimgblt snd_soc_simple_card_utils sysfillrect sysimgblt fb_sys_fops snd_soc_omap_twl4030 cfbcopyarea encoder_opa362 drm twl4030_madc_hwmon wwan_on_off snd_soc_gtm601 pwm_omap_dmtimer generic_adc_battery connector_analog_tv pwm_bl extcon_gpio omap3_isp wlcore_sdio videobuf2_dma_contig videobuf2_memops w1_bq27000 videobuf2_v4l2 videobuf2_core omap_hdq snd_soc_omap_mcbsp ov9650 snd_soc_omap bmp280_i2c bmg160_i2c v4l2_common snd_pcm_dmaengine bmp280 bmg160_core at24 bmc150_magn_i2c nvmem_core videodev phy_twl4030_usb bmc150_accel_i2c tsc2007 [ 1514.037384] bmc150_magn bmc150_accel_core media leds_tca6507 bno055 industrialio_triggered_buffer kfifo_buf gpio_twl4030 musb_hdrc snd_soc_twl4030 twl4030_vibra twl4030_madc twl4030_pwrbutton twl4030_charger industrialio w2sg0004 ehci_omap omapdss [last unloaded: hso] [ 1514.062622] CPU: 0 PID: 3433 Comm: dhcpcd Tainted: G W 4.11.0-rc8-letux+ #1 [ 1514.071136] Hardware name: Generic OMAP36xx (Flattened Device Tree) [ 1514.077758] task: ee748240 task.stack: ecdd6000 [ 1514.082580] PC is at hso_start_net_device+0x50/0xc0 [hso] [ 1514.088287] LR is at hso_net_open+0x68/0x84 [hso] [ 1514.093231] pc : [] lr : [] psr: a00f0013 sp : ecdd7e20 ip : 00000000 fp : ffffffff [ 1514.105316] r10: 00000000 r9 : ed0e080c r8 : ecd8fe2c [ 1514.110839] r7 : bf79cef4 r6 : ecd8fe00 r5 : 00000000 r4 : ed0dbd80 [ 1514.117706] r3 : 00000000 r2 : c0020c80 r1 : 00000000 r0 : ecdb7800 [ 1514.124572] Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 1514.132110] Control: 10c5387d Table: acdec019 DAC: 00000051 [ 1514.138153] Process dhcpcd (pid: 3433, stack limit = 0xecdd6218) [ 1514.144470] Stack: (0xecdd7e20 to 0xecdd8000) [ 1514.149078] 7e20: ed0dbd80 ecd8fe98 00000001 00000000 ecd8f800 ecd8fe00 ecd8fe60 00000000 [ 1514.157714] 7e40: ed0e080c bf79ced8 bf79ce70 ecd8f800 00000001 bf7a0258 ecd8f830 c068d958 [ 1514.166320] 7e60: c068d8b8 ecd8f800 00000001 00001091 00001090 c068dba4 ecd8f800 00001090 [ 1514.174926] 7e80: ecd8f940 ecd8f800 00000000 c068dc60 00000000 00000001 ed0e0800 ecd8f800 [ 1514.183563] 7ea0: 00000000 c06feaa8 c0ca39c2 beea57dc 00000020 00000000 306f7368 00000000 [ 1514.192169] 7ec0: 00000000 00000000 00001091 00000000 00000000 00000000 00000000 00008914 [ 1514.200805] 7ee0: eaa9ab60 beea57dc c0c9bfc0 eaa9ab40 00000006 00000000 00046858 c066a948 [ 1514.209411] 7f00: beea57dc eaa9ab60 ecc6b0c0 c02837b0 00000006 c0282c90 0000c000 c0283654 [ 1514.218017] 7f20: c09b0c00 c098bc31 00000001 c0c5e513 c0c5e513 00000000 c0151354 c01a20c0 [ 1514.226654] 7f40: c0c5e513 c01a3134 ecdd6000 c01a3160 ee7487f0 600f0013 00000000 ee748240 [ 1514.235260] 7f60: ee748734 00000000 ecc6b0c0 ecc6b0c0 beea57dc 00008914 00000006 00000000 [ 1514.243896] 7f80: 00046858 c02837b0 00001091 0003a1f0 00046608 0003a248 00000036 c01071e4 [ 1514.252502] 7fa0: ecdd6000 c0107040 0003a1f0 00046608 00000006 00008914 beea57dc 00001091 [ 1514.261108] 7fc0: 0003a1f0 00046608 0003a248 00000036 0003ac0c 00046608 00046610 00046858 [ 1514.269744] 7fe0: 0003a0ac beea57d4 000167eb b6f23106 400f0030 00000006 00000000 00000000 [ 1514.278411] [] (hso_start_net_device [hso]) from [] (hso_net_open+0x68/0x84 [hso]) [ 1514.288238] [] (hso_net_open [hso]) from [] (__dev_open+0xa0/0xf4) [ 1514.296600] [] (__dev_open) from [] (__dev_change_flags+0x8c/0x130) [ 1514.305023] [] (__dev_change_flags) from [] (dev_change_flags+0x18/0x48) [ 1514.313934] [] (dev_change_flags) from [] (devinet_ioctl+0x348/0x714) [ 1514.322540] [] (devinet_ioctl) from [] (sock_ioctl+0x2b0/0x308) [ 1514.330627] [] (sock_ioctl) from [] (vfs_ioctl+0x20/0x34) [ 1514.338165] [] (vfs_ioctl) from [] (do_vfs_ioctl+0x82c/0x93c) [ 1514.346038] [] (do_vfs_ioctl) from [] (SyS_ioctl+0x4c/0x74) [ 1514.353759] [] (SyS_ioctl) from [] (ret_fast_syscall+0x0/0x1c) [ 1514.361755] Code: e3822103 e3822080 e1822781 e5981014 (e5832030) [ 1514.510833] ---[ end trace dfb3e53c657f34a0 ]--- Reported-by: H. Nikolaus Schaller Signed-off-by: Andreas Kemnade Reviewed-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/usb/hso.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit c21b48cc1bbf2f5af3ef54ada559f7fadf8b508b Author: Eric Dumazet Date: Wed Apr 26 09:07:46 2017 -0700 net: adjust skb->truesize in ___pskb_trim() Andrey found a way to trigger the WARN_ON_ONCE(delta < len) in skb_try_coalesce() using syzkaller and a filter attached to a TCP socket. As we did recently in commit 158f323b9868 ("net: adjust skb->truesize in pskb_expand_head()") we can adjust skb->truesize from ___pskb_trim(), via a call to skb_condense(). If all frags were freed, then skb->truesize can be recomputed. This call can be done if skb is not yet owned, or destructor is sock_edemux(). Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Cc: Willem de Bruijn Signed-off-by: David S. Miller net/core/skbuff.c | 2 ++ 1 file changed, 2 insertions(+) commit 7162fb242cb8322beb558828fd26b33c3e9fc805 Author: Eric Dumazet Date: Wed Apr 26 17:15:40 2017 -0700 tcp: do not underestimate skb->truesize in tcp_trim_head() Andrey found a way to trigger the WARN_ON_ONCE(delta < len) in skb_try_coalesce() using syzkaller and a filter attached to a TCP socket over loopback interface. I believe one issue with looped skbs is that tcp_trim_head() can end up producing skb with under estimated truesize. It hardly matters for normal conditions, since packets sent over loopback are never truncated. Bytes trimmed from skb->head should not change skb truesize, since skb->head is not reallocated. Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit 19cdead3e2ef8ed765c5d1ce48057ca9d97b5094 Author: Paolo Abeni Date: Thu Apr 27 19:29:34 2017 +0200 bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal On slave list updates, the bonding driver computes its hard_header_len as the maximum of all enslaved devices's hard_header_len. If the slave list is empty, e.g. on last enslaved device removal, ETH_HLEN is used. Since the bonding header_ops are set only when the first enslaved device is attached, the above can lead to header_ops->create() being called with the wrong skb headroom in place. If bond0 is configured on top of ipoib devices, with the following commands: ifup bond0 for slave in $BOND_SLAVES_LIST; do ip link set dev $slave nomaster done ping -c 1 we will obtain a skb_under_panic() with a similar call trace: skb_push+0x3d/0x40 push_pseudo_header+0x17/0x30 [ib_ipoib] ipoib_hard_header+0x4e/0x80 [ib_ipoib] arp_create+0x12f/0x220 arp_send_dst.part.19+0x28/0x50 arp_solicit+0x115/0x290 neigh_probe+0x4d/0x70 __neigh_event_send+0xa7/0x230 neigh_resolve_output+0x12e/0x1c0 ip_finish_output2+0x14b/0x390 ip_finish_output+0x136/0x1e0 ip_output+0x76/0xe0 ip_local_out+0x35/0x40 ip_send_skb+0x19/0x40 ip_push_pending_frames+0x33/0x40 raw_sendmsg+0x7d3/0xb50 inet_sendmsg+0x31/0xb0 sock_sendmsg+0x38/0x50 SYSC_sendto+0x102/0x190 SyS_sendto+0xe/0x10 do_syscall_64+0x67/0x180 entry_SYSCALL64_slow_path+0x25/0x25 This change addresses the issue avoiding updating the bonding device hard_header_len when the slaves list become empty, forbidding to shrink it below the value used by header_ops->create(). The bug is there since commit 54ef31371407 ("[PATCH] bonding: Handle large hard_header_len") but the panic can be triggered only since commit fc791b633515 ("IB/ipoib: move back IB LL address into the hard header"). Reported-by: Norbert P Fixes: 54ef31371407 ("[PATCH] bonding: Handle large hard_header_len") Fixes: fc791b633515 ("IB/ipoib: move back IB LL address into the hard header") Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: Paolo Abeni Signed-off-by: Jay Vosburgh Signed-off-by: David S. Miller drivers/net/bonding/bond_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9b83e0319840eca758ef586776a427284ff767bf Author: Steffen Klassert Date: Fri Apr 28 10:54:32 2017 +0200 ipv4: Don't pass IP fragments to upper layer GRO handlers. Upper layer GRO handlers can not handle IP fragments, so exit GRO processing in this case. This fixes ESP GRO because the packet must be reassembled before we can decapsulate, otherwise we get authentication failures. It also aligns IPv4 to IPv6 where packets with fragmentation headers are not passed to upper layer GRO handlers. Fixes: 7785bba299a8 ("esp: Add a software GRO codepath") Signed-off-by: Steffen Klassert Signed-off-by: David S. Miller net/ipv4/af_inet.c | 3 +++ 1 file changed, 3 insertions(+) commit 504926df6df5383cad25146de3ed0a45e02c0901 Author: Arnd Bergmann Date: Fri Apr 28 17:03:58 2017 +0200 cpsw/netcp: refine cpts dependency Tony Lindgren reports a kernel oops that resulted from my compile-time fix on the default config. This shows two problems: a) configurations that did not already enable PTP_1588_CLOCK will now miss the cpts driver b) when cpts support is disabled, the driver crashes. This is a preexisting problem that we did not notice before my patch. While the second problem is still being investigated, this modifies the dependencies again, getting us back to the original state, with another 'select NET_PTP_CLASSIFY' added in to avoid the original link error we got, and the 'depends on POSIX_TIMERS' to hide the CPTS support when turning it on would be useless. Cc: stable@vger.kernel.org # 4.11 needs this Fixes: 07fef3623407 ("cpsw/netcp: cpts depends on posix_timers") Signed-off-by: Arnd Bergmann Tested-by: Tony Lindgren Signed-off-by: David S. Miller drivers/net/ethernet/ti/Kconfig | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 5577e679564702664aaecce3c96036ace3ab64fa Merge: c518471 cfcf99f Author: David S. Miller Date: Fri Apr 28 15:42:11 2017 -0400 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2017-04-28 1) Do garbage collecting after a policy flush to remove old bundles immediately. From Xin Long. 2) Fix GRO if netfilter is not defined. From Sabrina Dubroca. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller commit affb852d2fa260402cbdc77976adb0dcda3b5fae Merge: 28b2013 7c5bb4a Author: Linus Torvalds Date: Fri Apr 28 11:08:42 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fix from Dmitry Torokhov: "Yet another quirk to i8042 to get touchpad recognized on some laptops" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: i8042 - add Clevo P650RS to the i8042 reset list commit 36c02d0be4c3c8804e51f9740f0d768e17f3b566 Author: Arnd Bergmann Date: Thu Apr 27 13:02:31 2017 +0200 clk: sunxi-ng: always select CCU_GATE When the base driver is enabled but all SoC specific drivers are turned off, we now get a build error after code was added to always refer to the clk gates: drivers/clk/built-in.o: In function `ccu_pll_notifier_cb': :(.text+0x154f8): undefined reference to `ccu_gate_helper_disable' :(.text+0x15504): undefined reference to `ccu_gate_helper_enable' This changes the Kconfig to always require the gate code to be built-in when CONFIG_SUNXI_CCU is set. Fixes: 02ae2bc6febd ("clk: sunxi-ng: Add clk notifier to gate then ungate PLL clocks") Signed-off-by: Arnd Bergmann Acked-by: Maxime Ripard Signed-off-by: Stephen Boyd drivers/clk/sunxi-ng/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 28b2013587e535cef8bd8d8e0eae5ad40868369b Merge: 8b5d11e 338bd52 Author: Linus Torvalds Date: Fri Apr 28 10:13:17 2017 -0700 Merge branch 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fix from Chris Mason: "We have one more fix for btrfs. This gets rid of a new WARN_ON from rc1 that ended up making more noise than we really want. The larger fix for the underflow got delayed a bit and it's better for now to put it under CONFIG_BTRFS_DEBUG" * 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: qgroup: move noisy underflow warning to debugging build commit c51847171162212618b3227812f007a654de2f4b Merge: f832460 c1be775 Author: David S. Miller Date: Fri Apr 28 12:20:43 2017 -0400 Merge branch 'tipc-socket-connection-hangs' Parthasarathy Bhuvaragan says: ==================== tipc: fix hanging socket connections This patch series contains fixes for the socket layer to prevent hanging / stale connections. ==================== Signed-off-by: David S. Miller commit c1be7756284b0fdbfe8aea8da968ce054697e0c5 Author: Parthasarathy Bhuvaragan Date: Wed Apr 26 10:05:02 2017 +0200 tipc: close the connection if protocol messages contain errors When a socket is shutting down, we notify the peer node about the connection termination by reusing an incoming message if possible. If the last received message was a connection acknowledgment message, we reverse this message and set the error code to TIPC_ERR_NO_PORT and send it to peer. In tipc_sk_proto_rcv(), we never check for message errors while processing the connection acknowledgment or probe messages. Thus this message performs the usual flow control accounting and leaves the session hanging. In this commit, we terminate the connection when we receive such error messages. Signed-off-by: Parthasarathy Bhuvaragan Reviewed-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/socket.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 4e0df4951e9ecb7ec026a1330ed59f12e8937a95 Author: Parthasarathy Bhuvaragan Date: Wed Apr 26 10:05:01 2017 +0200 tipc: improve error validations for sockets in CONNECTING state Until now, the checks for sockets in CONNECTING state was based on the assumption that the incoming message was always from the peer's accepted data socket. However an application using a non-blocking socket sends an implicit connect, this socket which is in CONNECTING state can receive error messages from the peer's listening socket. As we discard these messages, the application socket hangs as there due to inactivity. In addition to this, there are other places where we process errors but do not notify the user. In this commit, we process such incoming error messages and notify our users about them using sk_state_change(). Signed-off-by: Parthasarathy Bhuvaragan Reviewed-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/socket.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) commit 42b531de17d2f6bb9293f23398f6d9bb94635c3e Author: Parthasarathy Bhuvaragan Date: Wed Apr 26 10:05:00 2017 +0200 tipc: Fix missing connection request handling In filter_connect, we use waitqueue_active() to check for any connections to wakeup. But waitqueue_active() is missing memory barriers while accessing the critical sections, leading to inconsistent results. In this commit, we replace this with an SMP safe wq_has_sleeper() using the generic socket callback sk_data_ready(). Signed-off-by: Parthasarathy Bhuvaragan Reviewed-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/socket.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 8b5d11e4b095450e2f259d5f60ea18c13d2fe0a2 Merge: 19ac447 13bf9fb Author: Linus Torvalds Date: Thu Apr 27 13:39:19 2017 -0700 Merge tag 'nfsd-4.11-3' of git://linux-nfs.org/~bfields/linux Pull nfsd fixes from Bruce Fields: "Thanks to Ari Kauppi and Tuomas Haanpää at Synopsis for spotting bugs in our NFSv2/v3 xdr code that could crash the server or leak memory" * tag 'nfsd-4.11-3' of git://linux-nfs.org/~bfields/linux: nfsd: stricter decoding of write-like NFSv2/v3 ops nfsd4: minor NFSv2/v3 write decoding cleanup nfsd: check for oversized NFSv2/v3 arguments commit 19ac4474203863a8141663d73d5976fe25464bfd Merge: f56fc7b 8179a10 Author: Linus Torvalds Date: Thu Apr 27 11:38:05 2017 -0700 Merge tag 'ceph-for-4.11-rc9' of git://github.com/ceph/ceph-client Pull ceph fix from Ilya Dryomov: "A fix for a kernel stack overflow bug in ceph setattr code, marked for stable" * tag 'ceph-for-4.11-rc9' of git://github.com/ceph/ceph-client: ceph: fix recursion between ceph_set_acl() and __ceph_setattr() commit f56fc7bdaa22e7b2fac18de430db8195d2dfd7bd Merge: 59372bb 1741937 Author: Linus Torvalds Date: Thu Apr 27 11:09:37 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs fixes from Al Viro: - fix orangefs handling of faults on write() - I'd missed that one back when orangefs was going through review. - readdir counterpart of "9p: cope with bogus responses from server in p9_client_{read,write}" - server might be lying or broken, and we'd better not overrun the kmalloc'ed buffer we are copying the results into. - NFS O_DIRECT read/write can leave iov_iter advanced by too much; that's what had been causing iov_iter_pipe() warnings davej had been seeing. - statx_timestamp.tv_nsec type fix (s32 -> u32). That one really should go in before 4.11. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: uapi: change the type of struct statx_timestamp.tv_nsec to unsigned fix nfs O_DIRECT advancing iov_iter too much p9_client_readdir() fix orangefs_bufmap_copy_from_iovec(): fix EFAULT handling commit 59372bbf3abd5b24a7f6f676a3968685c280f955 Author: Michael Kerrisk (man-pages) Date: Thu Apr 27 13:54:11 2017 +0200 statx: correct error handling of NULL pathname The change in commit 1e2f82d1e9d1 ("statx: Kill fd-with-NULL-path support in favour of AT_EMPTY_PATH") to error on a NULL pathname to statx() is inconsistent. It results in the error EINVAL for a NULL pathname. Other system calls with similar APIs (fchownat(), fstatat(), linkat()), return EFAULT. The solution is simply to remove the EINVAL check. As I already pointed out in [1], user_path_at*() and filename_lookup() will handle the NULL pathname as per the other APIs, to correctly produce the error EFAULT. [1] https://lkml.org/lkml/2017/4/26/561 Signed-off-by: Michael Kerrisk Cc: David Howells Cc: Al Viro Cc: Eric Sandeen Signed-off-by: Linus Torvalds fs/stat.c | 2 -- 1 file changed, 2 deletions(-) commit cfcf99f987ba321a3d122580716beb9b08d52eb8 Author: Sabrina Dubroca Date: Thu Apr 27 12:03:37 2017 +0200 xfrm: fix GRO for !CONFIG_NETFILTER In xfrm_input() when called from GRO, async == 0, and we end up skipping the processing in xfrm4_transport_finish(). GRO path will always skip the NF_HOOK, so we don't need the special-case for !NETFILTER during GRO processing. Fixes: 7785bba299a8 ("esp: Add a software GRO codepath") Signed-off-by: Sabrina Dubroca Signed-off-by: Steffen Klassert net/xfrm/xfrm_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 25e2d8c1b9e327ed260edd13169cc22bc7a78bc6 Author: Frederic Weisbecker Date: Tue Apr 25 16:10:48 2017 +0200 sched/cputime: Fix ksoftirqd cputime accounting regression irq_time_read() returns the irqtime minus the ksoftirqd time. This is necessary because irq_time_read() is used to substract the IRQ time from the sum_exec_runtime of a task. If we were to include the softirq time of ksoftirqd, this task would substract its own CPU time everytime it updates ksoftirqd->sum_exec_runtime which would therefore never progress. But this behaviour got broken by: a499a5a14db ("sched/cputime: Increment kcpustat directly on irqtime account") ... which now includes ksoftirqd softirq time in the time returned by irq_time_read(). This has resulted in wrong ksoftirqd cputime reported to userspace through /proc/stat and thus "top" not showing ksoftirqd when it should after intense networking load. ksoftirqd->stime happens to be correct but it gets scaled down by sum_exec_runtime through task_cputime_adjusted(). To fix this, just account the strict IRQ time in a separate counter and use it to report the IRQ time. Reported-and-tested-by: Jesper Dangaard Brouer Signed-off-by: Frederic Weisbecker Reviewed-by: Rik van Riel Acked-by: Jesper Dangaard Brouer Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stanislaw Gruszka Cc: Thomas Gleixner Cc: Wanpeng Li Link: http://lkml.kernel.org/r/1493129448-5356-1-git-send-email-fweisbec@gmail.com Signed-off-by: Ingo Molnar kernel/sched/cputime.c | 27 ++++++++++++++++----------- kernel/sched/sched.h | 9 +++++++-- 2 files changed, 23 insertions(+), 13 deletions(-) commit 1741937d475d91ed95abb37f07e8571e23b9a7fe Author: Dmitry V. Levin Date: Wed Apr 26 14:50:00 2017 +0100 uapi: change the type of struct statx_timestamp.tv_nsec to unsigned The comment asserting that the value of struct statx_timestamp.tv_nsec must be negative when statx_timestamp.tv_sec is negative, is wrong, as could be seen from the following example: #define _FILE_OFFSET_BITS 64 #include #include #include #include #include #include #include int main(void) { static const struct timespec ts[2] = { { .tv_nsec = UTIME_OMIT }, { .tv_sec = -2, .tv_nsec = 42 } }; assert(utimensat(AT_FDCWD, ".", ts, 0) == 0); struct stat st; assert(stat(".", &st) == 0); printf("st_mtim.tv_sec = %lld, st_mtim.tv_nsec = %lu\n", (long long) st.st_mtim.tv_sec, (unsigned long) st.st_mtim.tv_nsec); struct statx stx; assert(syscall(__NR_statx, AT_FDCWD, ".", 0, 0, &stx) == 0); printf("stx_mtime.tv_sec = %lld, stx_mtime.tv_nsec = %lu\n", (long long) stx.stx_mtime.tv_sec, (unsigned long) stx.stx_mtime.tv_nsec); return 0; } It expectedly prints: st_mtim.tv_sec = -2, st_mtim.tv_nsec = 42 stx_mtime.tv_sec = -2, stx_mtime.tv_nsec = 42 The more generic comment asserting that the value of struct statx_timestamp.tv_nsec might be negative is confusing to say the least. It contradicts both the struct stat.st_[acm]time_nsec tradition and struct timespec.tv_nsec requirements in utimensat syscall. If statx syscall ever returns a stx_[acm]time containing a negative tv_nsec that cannot be passed unmodified to utimensat syscall, it will cause an immense confusion. Fix this source of confusion by changing the type of struct statx_timestamp.tv_nsec from __s32 to __u32. Fixes: a528d35e8bfc ("statx: Add a system call to make enhanced file info available") Signed-off-by: Dmitry V. Levin Signed-off-by: David Howells cc: linux-api@vger.kernel.org cc: mtk.manpages@gmail.com Signed-off-by: Al Viro include/uapi/linux/stat.h | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit f83246089ca09308425175d47f5e71e6da68b2ef Merge: 1e2f82d f6ebf0b Author: Linus Torvalds Date: Wed Apr 26 15:10:45 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc fixes from David Miller: "I didn't want the release to go out without the statx system call properly hooked up" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: Update syscall tables. sparc64: Fill in rest of HAVE_REGS_AND_STACK_ACCESS_API commit 1e2f82d1e9d12223b4cbd1feb3f2b5596f8049eb Author: David Howells Date: Wed Apr 26 22:15:55 2017 +0100 statx: Kill fd-with-NULL-path support in favour of AT_EMPTY_PATH With the new statx() syscall, the following both allow the attributes of the file attached to a file descriptor to be retrieved: statx(dfd, NULL, 0, ...); and: statx(dfd, "", AT_EMPTY_PATH, ...); Change the code to reject the first option, though this means copying the path and engaging pathwalk for the fstat() equivalent. dfd can be a non-directory provided path is "". [ The timing of this isn't wonderful, but applying this now before we have statx() in any released kernel, before anybody starts using the NULL special case. - Linus ] Fixes: a528d35e8bfc ("statx: Add a system call to make enhanced file info available") Reported-by: Michael Kerrisk Signed-off-by: David Howells cc: Eric Sandeen cc: fstests@vger.kernel.org cc: linux-api@vger.kernel.org cc: linux-man@vger.kernel.org Signed-off-by: Linus Torvalds fs/stat.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit fc08b197bb8c3bebda27b9e9884aaf7557fab53f Merge: ea3a8596 105f552 Author: Linus Torvalds Date: Wed Apr 26 13:42:32 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) MLX5 bug fixes from Saeed Mahameed et al: - released wrong resources when firmware timeout happens - fix wrong check for encapsulation size limits - UAR memory leak - ETHTOOL_GRXCLSRLALL failed to fill in info->data 2) Don't cache l3mdev on mis-matches local route, causes net devices to leak refs. From Robert Shearman. 3) Handle fragmented SKBs properly in macsec driver, the problem is that we were mis-sizing the sgvec table. From Jason A. Donenfeld. 4) We cannot have checksum offload enabled for inner UDP tunneled packet during IPSEC, from Ansis Atteka. 5) Fix double SKB free in ravb driver, from Dan Carpenter. 6) Fix CPU port handling in b53 DSA driver, from Florian Dainelli. 7) Don't use on-stack buffers for usb_control_msg() in CAN usb driver, from Maksim Salau. 8) Fix device leak in macvlan driver, from Herbert Xu. We have to purge the broadcast queue properly on port destroy. 9) Fix tx ring entry limit on EF10 devices in sfc driver. From Bert Kenward. 10) Fix memory leaks in team driver, from Pan Bian. 11) Don't setup ipv6_stub before it can be actually used, from Paolo Abeni. 12) Fix tipc socket flow control accounting, from Parthasarathy Bhuvaragan. 13) Fix crash on module unload in hso driver, from Andreas Kemnade. 14) Fix purging of bridge multicast entries, the problem is that if we don't defer it to ndo_uninit it's possible for new entries to get added after we purge. Fix from Xin Long. 15) Don't return garbage for PACKET_HDRLEN getsockopt, from Alexander Potapenko. 16) Fix autoneg stall properly in PHY layer, and revert micrel driver change that was papering over it. From Alexander Kochetkov. 17) Don't dereference an ipv4 route as an ipv6 one in the ip6_tunnnel code, from Cong Wang. 18) Clear out the congestion control private of the TCP socket in all of the right places, from Wei Wang. 19) rawv6_ioctl measures SKB length incorrectly, fix from Jamie Bainbridge. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits) ipv6: check raw payload size correctly in ioctl tcp: memset ca_priv data to 0 properly ipv6: check skb->protocol before lookup for nexthop net: core: Prevent from dereferencing null pointer when releasing SKB macsec: dynamically allocate space for sglist Revert "phy: micrel: Disable auto negotiation on startup" net: phy: fix auto-negotiation stall due to unavailable interrupt net/packet: check length in getsockopt() called with PACKET_HDRLEN net: ipv6: regenerate host route if moved to gc list bridge: move bridge multicast cleanup to ndo_uninit ipv6: fix source routing qed: Fix error in the dcbx app meta data initialization. netvsc: fix calculation of available send sections net: hso: fix module unloading tipc: fix socket flow control accounting error at tipc_recv_stream tipc: fix socket flow control accounting error at tipc_send_stream ipv6: move stub initialization after ipv6 setup completion team: fix memory leaks sfc: tx ring can only have 2048 entries for all EF10 NICs macvlan: Fix device ref leak when purging bc_queue ... commit 105f5528b9bbaa08b526d3405a5bcd2ff0c953c8 Author: Jamie Bainbridge Date: Wed Apr 26 10:43:27 2017 +1000 ipv6: check raw payload size correctly in ioctl In situations where an skb is paged, the transport header pointer and tail pointer can be the same because the skb contents are in frags. This results in ioctl(SIOCINQ/FIONREAD) incorrectly returning a length of 0 when the length to receive is actually greater than zero. skb->len is already correctly set in ip6_input_finish() with pskb_pull(), so use skb->len as it always returns the correct result for both linear and paged data. Signed-off-by: Jamie Bainbridge Signed-off-by: David S. Miller net/ipv6/raw.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit c1201444075009507a6818de6518e2822b9a87c8 Author: Wei Wang Date: Tue Apr 25 17:38:02 2017 -0700 tcp: memset ca_priv data to 0 properly Always zero out ca_priv data in tcp_assign_congestion_control() so that ca_priv data is cleared out during socket creation. Also always zero out ca_priv data in tcp_reinit_congestion_control() so that when cc algorithm is changed, ca_priv data is cleared out as well. We should still zero out ca_priv data even in TCP_CLOSE state because user could call connect() on AF_UNSPEC to disconnect the socket and leave it in TCP_CLOSE state and later call setsockopt() to switch cc algorithm on this socket. Fixes: 2b0a8c9ee ("tcp: add CDG congestion control") Reported-by: Andrey Konovalov Signed-off-by: Wei Wang Acked-by: Eric Dumazet Acked-by: Yuchung Cheng Acked-by: Neal Cardwell Signed-off-by: David S. Miller net/ipv4/tcp_cong.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) commit 199ab00f3cdb6f154ea93fa76fd80192861a821d Author: WANG Cong Date: Tue Apr 25 14:37:15 2017 -0700 ipv6: check skb->protocol before lookup for nexthop Andrey reported a out-of-bound access in ip6_tnl_xmit(), this is because we use an ipv4 dst in ip6_tnl_xmit() and cast an IPv4 neigh key as an IPv6 address: neigh = dst_neigh_lookup(skb_dst(skb), &ipv6_hdr(skb)->daddr); if (!neigh) goto tx_err_link_failure; addr6 = (struct in6_addr *)&neigh->primary_key; // <=== HERE addr_type = ipv6_addr_type(addr6); if (addr_type == IPV6_ADDR_ANY) addr6 = &ipv6_hdr(skb)->daddr; memcpy(&fl6->daddr, addr6, sizeof(fl6->daddr)); Also the network header of the skb at this point should be still IPv4 for 4in6 tunnels, we shold not just use it as IPv6 header. This patch fixes it by checking if skb->protocol is ETH_P_IPV6: if it is, we are safe to do the nexthop lookup using skb_dst() and ipv6_hdr(skb)->daddr; if not (aka IPv4), we have no clue about which dest address we can pick here, we have to rely on callers to fill it from tunnel config, so just fall to ip6_route_output() to make the decision. Fixes: ea3dc9601bda ("ip6_tunnel: Add support for wildcard tunnel endpoints.") Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Cc: Steffen Klassert Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/ipv6/ip6_tunnel.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) commit 9899886d5e8ec5b343b1efe44f185a0e68dc6454 Author: Myungho Jung Date: Tue Apr 25 11:58:15 2017 -0700 net: core: Prevent from dereferencing null pointer when releasing SKB Added NULL check to make __dev_kfree_skb_irq consistent with kfree family of functions. Link: https://bugzilla.kernel.org/show_bug.cgi?id=195289 Signed-off-by: Myungho Jung Signed-off-by: David S. Miller net/core/dev.c | 3 +++ 1 file changed, 3 insertions(+) commit 5294b83086cc1c35b4efeca03644cf9d12282e5b Author: Jason A. Donenfeld Date: Tue Apr 25 19:08:18 2017 +0200 macsec: dynamically allocate space for sglist We call skb_cow_data, which is good anyway to ensure we can actually modify the skb as such (another error from prior). Now that we have the number of fragments required, we can safely allocate exactly that amount of memory. Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Jason A. Donenfeld Acked-by: Sabrina Dubroca Signed-off-by: David S. Miller drivers/net/macsec.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) commit b43bd72835a5f7adef81fe53fa1fbe7b0e43df8e Author: David S. Miller Date: Wed Apr 26 14:33:14 2017 -0400 Revert "phy: micrel: Disable auto negotiation on startup" This reverts commit 99f81afc139c6edd14d77a91ee91685a414a1c66. It was papering over the real problem, which is fixed by commit f555f34fdc58 ("net: phy: fix auto-negotiation stall due to unavailable interrupt") Signed-off-by: David S. Miller drivers/net/phy/micrel.c | 11 ----------- 1 file changed, 11 deletions(-) commit f555f34fdc586a56204cd16d9a7c104ec6cb6650 Author: Alexander Kochetkov Date: Thu Apr 20 14:00:04 2017 +0300 net: phy: fix auto-negotiation stall due to unavailable interrupt The Ethernet link on an interrupt driven PHY was not coming up if the Ethernet cable was plugged before the Ethernet interface was brought up. The patch trigger PHY state machine to update link state if PHY was requested to do auto-negotiation and auto-negotiation complete flag already set. During power-up cycle the PHY do auto-negotiation, generate interrupt and set auto-negotiation complete flag. Interrupt is handled by PHY state machine but doesn't update link state because PHY is in PHY_READY state. After some time MAC bring up, start and request PHY to do auto-negotiation. If there are no new settings to advertise genphy_config_aneg() doesn't start PHY auto-negotiation. PHY continue to stay in auto-negotiation complete state and doesn't fire interrupt. At the same time PHY state machine expect that PHY started auto-negotiation and is waiting for interrupt from PHY and it won't get it. Fixes: 321beec5047a ("net: phy: Use interrupts when available in NOLINK state") Signed-off-by: Alexander Kochetkov Cc: stable # v4.9+ Tested-by: Roger Quadros Tested-by: Alexandre Belloni Signed-off-by: David S. Miller drivers/net/phy/phy.c | 40 ++++++++++++++++++++++++++++++++++++---- include/linux/phy.h | 1 + 2 files changed, 37 insertions(+), 4 deletions(-) commit ea3a8596a0b394c63f9692ef5ea4fb6fc2ff91aa Merge: ea839b4 d4a2fbc Author: Linus Torvalds Date: Wed Apr 26 09:30:33 2017 -0700 Merge tag 'sound-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Since we got a bonus week, let me try to screw a few pending fixes. A slightly large fix is the locking fix in ASoC STI driver, but it's pretty board-specific, and the risk is fairly low. All the rest are small / trivial fixes, mostly marked as stable, for ALSA sequencer core, ASoC topology, ASoC Intel bytcr and Firewire drivers" * tag 'sound-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ASoC: intel: Fix PM and non-atomic crash in bytcr drivers ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type ALSA: seq: Don't break snd_use_lock_sync() loop by timeout ASoC: topology: Fix to store enum text values ASoC: STI: Fix null ptr deference in IRQ handler ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d commit 35db0691218959f05efbe26fd623ee67581ebff6 Author: Xin Long Date: Mon Apr 24 15:33:39 2017 +0800 xfrm: do the garbage collection after flushing policy Now xfrm garbage collection can be triggered by 'ip xfrm policy del'. These is no reason not to do it after flushing policies, especially considering that 'garbage collection deferred' is only triggered when it reaches gc_thresh. It's no good that the policy is gone but the xdst still hold there. The worse thing is that xdst->route/orig_dst is also hold and can not be released even if the orig_dst is already expired. This patch is to do the garbage collection if there is any policy removed in xfrm_policy_flush. Signed-off-by: Xin Long Signed-off-by: Steffen Klassert net/xfrm/xfrm_policy.c | 4 ++++ 1 file changed, 4 insertions(+) commit ea839b41744dffe5c77b8d9842c9bb7073460901 Merge: 8f9cedc 3d5e801 Author: Linus Torvalds Date: Tue Apr 25 14:07:24 2017 -0700 Merge tag 'arc-4.11-final' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fix from Vineet Gupta: "Last minute fixes for ARC: - build error in Mellanox nps platform - addressing lack of saving FPU regs in releavnt configs" * tag 'arc-4.11-final' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARCv2: entry: save Accumulator register pair (r58:59) if present ARC: [plat-eznps] Fix build error commit 13bf9fbff0e5e099e2b6f003a0ab8ae145436309 Author: J. Bruce Fields Date: Fri Apr 21 15:26:30 2017 -0400 nfsd: stricter decoding of write-like NFSv2/v3 ops The NFSv2/v3 code does not systematically check whether we decode past the end of the buffer. This generally appears to be harmless, but there are a few places where we do arithmetic on the pointers involved and don't account for the possibility that a length could be negative. Add checks to catch these. Reported-by: Tuomas Haanpää Reported-by: Ari Kauppi Reviewed-by: NeilBrown Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields fs/nfsd/nfs3xdr.c | 4 ++++ fs/nfsd/nfsxdr.c | 2 ++ 2 files changed, 6 insertions(+) commit db44bac41bbfc0c0d9dd943092d8bded3c9db19b Author: J. Bruce Fields Date: Tue Apr 25 16:21:34 2017 -0400 nfsd4: minor NFSv2/v3 write decoding cleanup Use a couple shortcuts that will simplify a following bugfix. Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields fs/nfsd/nfs3xdr.c | 9 +++++---- fs/nfsd/nfsxdr.c | 8 ++++---- 2 files changed, 9 insertions(+), 8 deletions(-) commit e6838a29ecb484c97e4efef9429643b9851fba6e Author: J. Bruce Fields Date: Fri Apr 21 16:10:18 2017 -0400 nfsd: check for oversized NFSv2/v3 arguments A client can append random data to the end of an NFSv2 or NFSv3 RPC call without our complaining; we'll just stop parsing at the end of the expected data and ignore the rest. Encoded arguments and replies are stored together in an array of pages, and if a call is too large it could leave inadequate space for the reply. This is normally OK because NFS RPC's typically have either short arguments and long replies (like READ) or long arguments and short replies (like WRITE). But a client that sends an incorrectly long reply can violate those assumptions. This was observed to cause crashes. Also, several operations increment rq_next_page in the decode routine before checking the argument size, which can leave rq_next_page pointing well past the end of the page array, causing trouble later in svc_free_pages. So, following a suggestion from Neil Brown, add a central check to enforce our expectation that no NFSv2/v3 call has both a large call and a large reply. As followup we may also want to rewrite the encoding routines to check more carefully that they aren't running off the end of the page array. We may also consider rejecting calls that have any extra garbage appended. That would be safer, and within our rights by spec, but given the age of our server and the NFS protocol, and the fact that we've never enforced this before, we may need to balance that against the possibility of breaking some oddball client. Reported-by: Tuomas Haanpää Reported-by: Ari Kauppi Cc: stable@vger.kernel.org Reviewed-by: NeilBrown Signed-off-by: J. Bruce Fields fs/nfsd/nfssvc.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) commit 8179a101eb5f4ef0ac9a915fcea9a9d3109efa90 Author: Yan, Zheng Date: Wed Apr 19 10:01:48 2017 +0800 ceph: fix recursion between ceph_set_acl() and __ceph_setattr() ceph_set_acl() calls __ceph_setattr() if the setacl operation needs to modify inode's i_mode. __ceph_setattr() updates inode's i_mode, then calls posix_acl_chmod(). The problem is that __ceph_setattr() calls posix_acl_chmod() before sending the setattr request. The get_acl() call in posix_acl_chmod() can trigger a getxattr request. The reply of the getxattr request can restore inode's i_mode to its old value. The set_acl() call in posix_acl_chmod() sees old value of inode's i_mode, so it calls __ceph_setattr() again. Cc: stable@vger.kernel.org # needs backporting for < 4.9 Link: http://tracker.ceph.com/issues/19688 Reported-by: Jerry Lee Signed-off-by: "Yan, Zheng" Reviewed-by: Jeff Layton Tested-by: Luis Henriques Signed-off-by: Ilya Dryomov fs/ceph/inode.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) commit fd2c83b35752f0a8236b976978ad4658df14a59f Author: Alexander Potapenko Date: Tue Apr 25 18:51:46 2017 +0200 net/packet: check length in getsockopt() called with PACKET_HDRLEN In the case getsockopt() is called with PACKET_HDRLEN and optlen < 4 |val| remains uninitialized and the syscall may behave differently depending on its value, and even copy garbage to userspace on certain architectures. To fix this we now return -EINVAL if optlen is too small. This bug has been detected with KMSAN. Signed-off-by: Alexander Potapenko Signed-off-by: David S. Miller net/packet/af_packet.c | 2 ++ 1 file changed, 2 insertions(+) commit 8048ced9beb21a52e3305f3332ae82020619f24e Author: David Ahern Date: Tue Apr 25 09:17:29 2017 -0700 net: ipv6: regenerate host route if moved to gc list Taking down the loopback device wreaks havoc on IPv6 routing. By extension, taking down a VRF device wreaks havoc on its table. Dmitry and Andrey both reported heap out-of-bounds reports in the IPv6 FIB code while running syzkaller fuzzer. The root cause is a dead dst that is on the garbage list gets reinserted into the IPv6 FIB. While on the gc (or perhaps when it gets added to the gc list) the dst->next is set to an IPv4 dst. A subsequent walk of the ipv6 tables causes the out-of-bounds access. Andrey's reproducer was the key to getting to the bottom of this. With IPv6, host routes for an address have the dst->dev set to the loopback device. When the 'lo' device is taken down, rt6_ifdown initiates a walk of the fib evicting routes with the 'lo' device which means all host routes are removed. That process moves the dst which is attached to an inet6_ifaddr to the gc list and marks it as dead. The recent change to keep global IPv6 addresses added a new function, fixup_permanent_addr, that is called on admin up. That function restarts dad for an inet6_ifaddr and when it completes the host route attached to it is inserted into the fib. Since the route was marked dead and moved to the gc list, re-inserting the route causes the reported out-of-bounds accesses. If the device with the address is taken down or the address is removed, the WARN_ON in fib6_del is triggered. All of those faults are fixed by regenerating the host route if the existing one has been moved to the gc list, something that can be determined by checking if the rt6i_ref counter is 0. Fixes: f1705ec197e7 ("net: ipv6: Make address flushing on ifdown optional") Reported-by: Dmitry Vyukov Reported-by: Andrey Konovalov Signed-off-by: David Ahern Acked-by: Martin KaFai Lau Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv6/addrconf.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit b1b9d366028ff580e6dd80b48a69c473361456f1 Author: Xin Long Date: Tue Apr 25 22:58:37 2017 +0800 bridge: move bridge multicast cleanup to ndo_uninit During removing a bridge device, if the bridge is still up, a new mdb entry still can be added in br_multicast_add_group() after all mdb entries are removed in br_multicast_dev_del(). Like the path: mld_ifc_timer_expire -> mld_sendpack -> ... br_multicast_rcv -> br_multicast_add_group The new mp's timer will be set up. If the timer expires after the bridge is freed, it may cause use-after-free panic in br_multicast_group_expired. BUG: unable to handle kernel NULL pointer dereference at 0000000000000048 IP: [] br_multicast_group_expired+0x28/0xb0 [bridge] Call Trace: [] call_timer_fn+0x36/0x110 [] ? br_mdb_free+0x30/0x30 [bridge] [] run_timer_softirq+0x237/0x340 [] __do_softirq+0xef/0x280 [] call_softirq+0x1c/0x30 [] do_softirq+0x65/0xa0 [] irq_exit+0x115/0x120 [] smp_apic_timer_interrupt+0x45/0x60 [] apic_timer_interrupt+0x6d/0x80 Nikolay also found it would cause a memory leak - the mdb hash is reallocated and not freed due to the mdb rehash. unreferenced object 0xffff8800540ba800 (size 2048): backtrace: [] kmemleak_alloc+0x67/0xc0 [] __kmalloc+0x1ba/0x3e0 [] br_mdb_rehash+0x5e/0x340 [bridge] [] br_multicast_new_group+0x43f/0x6e0 [bridge] [] br_multicast_add_group+0x203/0x260 [bridge] [] br_multicast_rcv+0x945/0x11d0 [bridge] [] br_dev_xmit+0x180/0x470 [bridge] [] dev_hard_start_xmit+0xbb/0x3d0 [] __dev_queue_xmit+0xb13/0xc10 [] dev_queue_xmit+0x10/0x20 [] ip6_finish_output2+0x5ca/0xac0 [ipv6] [] ip6_finish_output+0x126/0x2c0 [ipv6] [] ip6_output+0xe5/0x390 [ipv6] [] NF_HOOK.constprop.44+0x6c/0x240 [ipv6] [] mld_sendpack+0x216/0x3e0 [ipv6] [] mld_ifc_timer_expire+0x18b/0x2b0 [ipv6] This could happen when ip link remove a bridge or destroy a netns with a bridge device inside. With Nikolay's suggestion, this patch is to clean up bridge multicast in ndo_uninit after bridge dev is shutdown, instead of br_dev_delete, so that netif_running check in br_multicast_add_group can avoid this issue. v1->v2: - fix this issue by moving br_multicast_dev_del to ndo_uninit, instead of calling dev_close in br_dev_delete. (NOTE: Depends upon b6fe0440c637 ("bridge: implement missing ndo_uninit()")) Fixes: e10177abf842 ("bridge: multicast: fix handling of temp and perm entries") Reported-by: Jianwen Ji Signed-off-by: Xin Long Reviewed-by: Stephen Hemminger Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_device.c | 1 + net/bridge/br_if.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) commit ec9c4215fef37da6668c4105f5ad3891aaa6527a Author: Sabrina Dubroca Date: Tue Apr 25 15:56:50 2017 +0200 ipv6: fix source routing Commit a149e7c7ce81 ("ipv6: sr: add support for SRH injection through setsockopt") introduced handling of IPV6_SRCRT_TYPE_4, but at the same time restricted it to only IPV6_SRCRT_TYPE_0 and IPV6_SRCRT_TYPE_4. Previously, ipv6_push_exthdr() and fl6_update_dst() would also handle other values (ie STRICT and TYPE_2). Restore previous source routing behavior, by handling IPV6_SRCRT_STRICT and IPV6_SRCRT_TYPE_2 the same way as IPV6_SRCRT_TYPE_0 in ipv6_push_exthdr() and fl6_update_dst(). Fixes: a149e7c7ce81 ("ipv6: sr: add support for SRH injection through setsockopt") Signed-off-by: Sabrina Dubroca Reviewed-by: Hannes Frederic Sowa Signed-off-by: David S. Miller net/ipv6/exthdrs.c | 4 ++++ 1 file changed, 4 insertions(+) commit c8fcd133eabcbbf51a6ecfd12a975cace8877d5a Author: sudarsana.kalluru@cavium.com Date: Mon Apr 24 20:59:10 2017 -0700 qed: Fix error in the dcbx app meta data initialization. DCBX app_data array is initialized with the incorrect values for personality field. This would prevent offloaded protocols from honoring the PFC. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit fdfb70d275223b9d69d5d3abe1f88507da579139 Author: stephen hemminger Date: Mon Apr 24 18:33:38 2017 -0700 netvsc: fix calculation of available send sections My change (introduced in 4.11) to use find_first_clear_bit incorrectly assumed that the size argument was words, not bits. The effect was only a small limited number of the available send sections were being actually used. This can cause performance loss with some workloads. Since map_words is now used only during initialization, it can be on stack instead of in per-device data. Fixes: b58a185801da ("netvsc: simplify get next send section") Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/hyperv_net.h | 1 - drivers/net/hyperv/netvsc.c | 9 ++++----- 2 files changed, 4 insertions(+), 6 deletions(-) commit a23f6ce6d95900ca83b44b6fa691afe6c7d4b941 Author: Andreas Kemnade Date: Mon Apr 24 21:18:39 2017 +0200 net: hso: fix module unloading keep tty driver until usb driver is unregistered rmmod hso produces traces like this without that: [40261.645904] usb 2-2: new high-speed USB device number 2 using ehci-omap [40261.854644] usb 2-2: New USB device found, idVendor=0af0, idProduct=8800 [40261.862609] usb 2-2: New USB device strings: Mfr=3, Product=2, SerialNumber=0 [40261.872772] usb 2-2: Product: Globetrotter HSUPA Modem [40261.880279] usb 2-2: Manufacturer: Option N.V. [40262.021270] hso 2-2:1.5: Not our interface [40265.556945] hso: unloaded [40265.559875] usbcore: deregistering interface driver hso [40265.595947] Unable to handle kernel NULL pointer dereference at virtual address 00000033 [40265.604522] pgd = ecb14000 [40265.611877] [00000033] *pgd=00000000 [40265.617034] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [40265.622650] Modules linked in: hso(-) bnep bluetooth ipv6 arc4 twl4030_madc_hwmon wl18xx wlcore mac80211 cfg80211 snd_soc_simple_card snd_soc_simple_card_utils snd_soc_omap_twl4030 snd_soc_gtm601 generic_adc_battery extcon_gpio omap3_isp videobuf2_dma_contig videobuf2_memops wlcore_sdio videobuf2_v4l2 videobuf2_core ov9650 bmp280_i2c v4l2_common bmp280 bmg160_i2c bmg160_core at24 nvmem_core videodev bmc150_accel_i2c bmc150_magn_i2c media bmc150_accel_core tsc2007 bmc150_magn leds_tca6507 bno055 snd_soc_omap_mcbsp industrialio_triggered_buffer snd_soc_omap kfifo_buf snd_pcm_dmaengine gpio_twl4030 snd_soc_twl4030 twl4030_vibra twl4030_madc wwan_on_off ehci_omap pwm_bl pwm_omap_dmtimer panel_tpo_td028ttec1 encoder_opa362 connector_analog_tv omapdrm drm_kms_helper cfbfillrect syscopyarea cfbimgblt sysfillrect [40265.698211] sysimgblt fb_sys_fops cfbcopyarea drm omapdss usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap2430 phy_twl4030_usb musb_hdrc twl4030_charger industrialio w2sg0004 twl4030_pwrbutton bq27xxx_battery w1_bq27000 omap_hdq [last unloaded: hso] [40265.723175] CPU: 0 PID: 2701 Comm: rmmod Not tainted 4.11.0-rc6-letux+ #6 [40265.730346] Hardware name: Generic OMAP36xx (Flattened Device Tree) [40265.736938] task: ecb81100 task.stack: ecb82000 [40265.741729] PC is at cdev_del+0xc/0x2c [40265.745666] LR is at tty_unregister_device+0x40/0x50 [40265.750915] pc : [] lr : [] psr: 600b0113 sp : ecb83ea8 ip : eca4f898 fp : 00000000 [40265.763000] r10: 00000000 r9 : 00000000 r8 : 00000001 [40265.768493] r7 : eca4f800 r6 : 00000003 r5 : 00000000 r4 : ffffffff [40265.775360] r3 : c1458d54 r2 : 00000000 r1 : 00000004 r0 : ffffffff [40265.782257] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [40265.789764] Control: 10c5387d Table: acb14019 DAC: 00000051 [40265.795806] Process rmmod (pid: 2701, stack limit = 0xecb82218) [40265.802062] Stack: (0xecb83ea8 to 0xecb84000) [40265.806640] 3ea0: ec9e8100 c04b3ecc bf737378 ed5b7c00 00000003 bf7327ec [40265.815277] 3ec0: eca4f800 00000000 ec9fd800 eca4f800 bf737070 bf7328bc eca4f820 c05a9a04 [40265.823883] 3ee0: eca4f820 00000000 00000001 eca4f820 ec9fd870 bf737070 eca4f854 ec9fd8a4 [40265.832519] 3f00: ecb82000 00000000 00000000 c04e6960 eca4f820 bf737070 bf737048 00000081 [40265.841125] 3f20: c01071e4 c04e6a60 ecb81100 bf737070 bf737070 c04e5d94 bf737020 c05a8f88 [40265.849731] 3f40: bf737100 00000800 7f5fa254 00000081 c01071e4 c01c4afc 00000000 006f7368 [40265.858367] 3f60: ecb815f4 00000000 c0cac9c4 c01071e4 ecb82000 00000000 00000000 c01512f4 [40265.866973] 3f80: ed5b3200 c01071e4 7f5fa220 7f5fa220 bea78ec9 0010711c 7f5fa220 7f5fa220 [40265.875579] 3fa0: bea78ec9 c0107040 7f5fa220 7f5fa220 7f5fa254 00000800 dd35b800 dd35b800 [40265.884216] 3fc0: 7f5fa220 7f5fa220 bea78ec9 00000081 bea78dcc 00000000 bea78bd8 00000000 [40265.892822] 3fe0: b6f70521 bea78b6c 7f5dd613 b6f70526 80070030 7f5fa254 ffffffff ffffffff [40265.901458] [] (cdev_del) from [] (tty_unregister_device+0x40/0x50) [40265.909942] [] (tty_unregister_device) from [] (hso_free_interface+0x80/0x144 [hso]) [40265.919982] [] (hso_free_interface [hso]) from [] (hso_disconnect+0xc/0x18 [hso]) [40265.929718] [] (hso_disconnect [hso]) from [] (usb_unbind_interface+0x84/0x200) [40265.939239] [] (usb_unbind_interface) from [] (device_release_driver_internal+0x138/0x1cc) [40265.949798] [] (device_release_driver_internal) from [] (driver_detach+0x60/0x6c) [40265.959503] [] (driver_detach) from [] (bus_remove_driver+0x64/0x8c) [40265.968017] [] (bus_remove_driver) from [] (usb_deregister+0x5c/0xb8) [40265.976654] [] (usb_deregister) from [] (SyS_delete_module+0x160/0x1dc) [40265.985443] [] (SyS_delete_module) from [] (ret_fast_syscall+0x0/0x1c) [40265.994171] Code: c1458d54 e59f3020 e92d4010 e1a04000 (e5941034) [40266.016693] ---[ end trace 9d5ac43c7e41075c ]--- Signed-off-by: Andreas Kemnade Reviewed-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/usb/hso.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 05ff8378975a9d5fdde19104b62163d2902926fb Author: Parthasarathy Bhuvaragan Date: Mon Apr 24 15:00:43 2017 +0200 tipc: fix socket flow control accounting error at tipc_recv_stream Until now in tipc_recv_stream(), we update the received unacknowledged bytes based on a stack variable and not based on the actual message size. If the user buffer passed at tipc_recv_stream() is smaller than the received skb, the size variable in stack differs from the actual message size in the skb. This leads to a flow control accounting error causing permanent congestion. In this commit, we fix this accounting error by always using the size of the incoming message. Fixes: 10724cc7bb78 ("tipc: redesign connection-level flow control") Signed-off-by: Parthasarathy Bhuvaragan Reviewed-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3364d61c92ecca7a8da990659c4b0ae1fcf0fcfb Author: Parthasarathy Bhuvaragan Date: Mon Apr 24 15:00:42 2017 +0200 tipc: fix socket flow control accounting error at tipc_send_stream Until now in tipc_send_stream(), we return -1 when the socket encounters link congestion even if the socket had successfully sent partial data. This is incorrect as the application resends the same the partial data leading to data corruption at receiver's end. In this commit, we return the partially sent bytes as the return value at link congestion. Fixes: 10724cc7bb78 ("tipc: redesign connection-level flow control") Signed-off-by: Parthasarathy Bhuvaragan Reviewed-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d4a2fbcee0c8449ce24d6de168f3d90c5e6d7596 Merge: dfb00a5 dc9617c Author: Takashi Iwai Date: Tue Apr 25 17:43:56 2017 +0200 Merge tag 'asoc-fix-v4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v4.11 A few last minute fixes for v4.11, the STI fix is relatively large but driver specific and has been cooking in -next for a little while now: - A fix from Takashi for some suspend/resume related crashes in the Intel drivers. - A fix from Mousumi Jana for issues with incorrectly created enumeration controls generated from topology files which could cause problems for userspace. - Fixes from Arnaud Pouliquen for some crashes due to races with the interrupt handler in the STI driver. commit b7d6df57516f8e6a1c847b822ec2a62555455f88 Author: Paolo Abeni Date: Mon Apr 24 14:18:28 2017 +0200 ipv6: move stub initialization after ipv6 setup completion The ipv6 stub pointer is currently initialized before the ipv6 routing subsystem: a 3rd party can access and use such stub before the routing data is ready. Moreover, such pointer is not cleared in case of initialization error, possibly leading to dangling pointers usage. This change addresses the above moving the stub initialization at the end of ipv6 init code. Fixes: 5f81bd2e5d80 ("ipv6: export a stub for IPv6 symbols used by vxlan") Signed-off-by: Paolo Abeni Acked-by: Cong Wang Signed-off-by: David S. Miller net/ipv6/af_inet6.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 72ec0bc64b9a5d8e0efcb717abfc757746b101b7 Author: Pan Bian Date: Mon Apr 24 18:29:16 2017 +0800 team: fix memory leaks In functions team_nl_send_port_list_get() and team_nl_send_options_get(), pointer skb keeps the return value of nlmsg_new(). When the call to genlmsg_put() fails, the memory is not freed(). This will result in memory leak bugs. Fixes: 9b00cf2d1024 ("team: implement multipart netlink messages for options transfers") Signed-off-by: Pan Bian Acked-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/team/team.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit dc9617cb81c4130858b6dd026039f42a39e93c18 Merge: 6e4cac2 b6e38b2 d05d862 Author: Mark Brown Date: Tue Apr 25 16:25:07 2017 +0100 Merge remote-tracking branches 'asoc/fix/intel', 'asoc/fix/topology' and 'asoc/fix/sti' into asoc-linus commit fccb4422d045263fa021438e2c52a07b037683f2 Merge: a53d26e b05c73b Author: David S. Miller Date: Tue Apr 25 11:20:30 2017 -0400 Merge tag 'linux-can-fixes-for-4.11-20170425' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2017-04-25 this is a pull request of three patches for net/master. There are two patches by Stephane Grosjean for that add a new variant to the PCAN-Chip USB driver. The other patch is by Maksim Salau, which swtiches the memory for USB transfers from heap to stack. ==================== Signed-off-by: David S. Miller commit a53d26eb888ab1c41779c443daf1af948c641e0b Author: Bert Kenward Date: Tue Apr 25 13:44:54 2017 +0100 sfc: tx ring can only have 2048 entries for all EF10 NICs Fixes: dd248f1bc65b ("sfc: Add PCI ID for Solarflare 8000 series 10/40G NIC") Reported-by: Patrick Talbert Signed-off-by: Bert Kenward Signed-off-by: David S. Miller drivers/net/ethernet/sfc/efx.h | 5 ++++- drivers/net/ethernet/sfc/workarounds.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) commit 6e4cac23c5a648d50b107d1b53e9c4e1120c7943 Author: Takashi Iwai Date: Mon Apr 24 14:09:55 2017 +0200 ASoC: intel: Fix PM and non-atomic crash in bytcr drivers The FE setups of Intel SST bytcr_rt5640 and bytcr_rt5651 drivers carry the ignore_suspend flag, and this prevents the suspend/resume working properly while the stream is running, since SST core code has the check of the running streams and returns -EBUSY. Drop these superfluous flags for fixing the behavior. Also, the bytcr_rt5640 driver lacks of nonatomic flag in some FE definitions, which leads to the kernel Oops at suspend/resume like: BUG: scheduling while atomic: systemd-sleep/3144/0x00000003 Call Trace: dump_stack+0x5c/0x7a __schedule_bug+0x55/0x70 __schedule+0x63c/0x8c0 schedule+0x3d/0x90 schedule_timeout+0x16b/0x320 ? del_timer_sync+0x50/0x50 ? sst_wait_timeout+0xa9/0x170 [snd_intel_sst_core] ? sst_wait_timeout+0xa9/0x170 [snd_intel_sst_core] ? remove_wait_queue+0x60/0x60 ? sst_prepare_and_post_msg+0x275/0x960 [snd_intel_sst_core] ? sst_pause_stream+0x9b/0x110 [snd_intel_sst_core] .... This patch addresses these appropriately, too. Signed-off-by: Takashi Iwai Acked-by: Vinod Koul Signed-off-by: Mark Brown Cc: # v4.1+ sound/soc/intel/boards/bytcr_rt5640.c | 4 ++-- sound/soc/intel/boards/bytcr_rt5651.c | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) commit f6478218e6edc2a587b8f132f66373baa7b2497c Author: Herbert Xu Date: Thu Apr 20 20:55:12 2017 +0800 macvlan: Fix device ref leak when purging bc_queue When a parent macvlan device is destroyed we end up purging its broadcast queue without dropping the device reference count on the packet source device. This causes the source device to linger. This patch drops that reference count. Fixes: 260916dfb48c ("macvlan: Fix potential use-after free for...") Reported-by: Joe Ghalam Signed-off-by: Herbert Xu Signed-off-by: David S. Miller drivers/net/macvlan.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 6f2aee0c0de65013333bbc26fe50c9c7b09a37f7 Author: Roman Spychała Date: Thu Apr 20 12:04:10 2017 +0200 usb: plusb: Add support for PL-27A1 This patch adds support for the PL-27A1 by adding the appropriate USB ID's. This chip is used in the goobay Active USB 3.0 Data Link and Unitek Y-3501 cables. Signed-off-by: Roman Spychała Signed-off-by: David S. Miller drivers/net/usb/Kconfig | 2 +- drivers/net/usb/plusb.c | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) commit b05c73bd1e3ec60357580eb042ee932a5ed754d5 Author: Maksim Salau Date: Sun Apr 23 20:31:40 2017 +0300 net: can: usb: gs_usb: Fix buffer on stack Allocate buffers on HEAP instead of STACK for local structures that are to be sent using usb_control_msg(). Signed-off-by: Maksim Salau Cc: linux-stable # >= v4.8 Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/gs_usb.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) commit 71b611562f45e8798d519a38d0143d5eafd6eb35 Author: Stephane Grosjean Date: Mon Mar 27 14:36:11 2017 +0200 can: usb: Kconfig: Add PCAN-USB X6 device in help text This patch adds a text line in the help section of the CAN_PEAK_USB config item describing the support of the PCAN-USB X6 adapter, which is already included in the Kernel since 4.9. Signed-off-by: Stephane Grosjean Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/Kconfig | 1 + 1 file changed, 1 insertion(+) commit ea8b65b596d78969629562f9728f76cbf565fbec Author: Stephane Grosjean Date: Mon Mar 27 14:36:10 2017 +0200 can: usb: Add support of PCAN-Chip USB stamp module This patch adds the support of the PCAN-Chip USB, a stamp module for customer hardware designs, which communicates via USB 2.0 with the hardware. The integrated CAN controller supports the protocols CAN 2.0 A/B as well as CAN FD. The physical CAN connection is determined by external wiring. The Stamp module with its single-sided mounting and plated half-holes is suitable for automatic assembly. Note that the chip is equipped with the same logic than the PCAN-USB FD. Signed-off-by: Stephane Grosjean Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/Kconfig | 1 + drivers/net/can/usb/peak_usb/pcan_usb_core.c | 2 + drivers/net/can/usb/peak_usb/pcan_usb_core.h | 2 + drivers/net/can/usb/peak_usb/pcan_usb_fd.c | 72 ++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+) commit 7c5bb4ac2b76d2a09256aec8a7d584bf3e2b0466 Author: Dmitry Torokhov Date: Thu Apr 13 15:36:31 2017 -0700 Input: i8042 - add Clevo P650RS to the i8042 reset list Clevo P650RS and other similar devices require i8042 to be reset in order to detect Synaptics touchpad. Reported-by: Paweł Bylica Tested-by: Ed Bordin Cc: stable@vger.kernel.org Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=190301 Signed-off-by: Dmitry Torokhov drivers/input/serio/i8042-x86ia64io.h | 7 +++++++ 1 file changed, 7 insertions(+) commit 38a98bceaf5f786b931d16826fbb46e73280849b Merge: 38baf3a bfcda65 Author: David S. Miller Date: Mon Apr 24 18:28:57 2017 -0400 Merge branch 'dsa-b53-58xx-fixes' Florian Fainelli says: ==================== net: dsa: b53: BCM58xx devices fixes This patch series contains fixes for the 58xx devices (Broadcom Northstar Plus), which were identified thanks to the help of Eric Anholt. ==================== Tested-by: Eric Anholt Signed-off-by: David S. Miller commit bfcda65c9ba57004533c12673347503f250c3290 Author: Florian Fainelli Date: Mon Apr 24 14:27:23 2017 -0700 net: dsa: b53: Fix CPU port for 58xx devices The 58xx devices (Northstar Plus) do actually have their CPU port wired at port 8, it was unfortunately set to port 5 (B53_CPU_PORT_25) which is incorrect, since that is the second possible management port. Fixes: 991a36bb4645 ("net: dsa: b53: Add support for BCM585xx/586xx/88312 integrated switch") Reported-by: Eric Anholt Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/dsa/b53/b53_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3fb22b0534e412569dd67dec625b4a051c7c2d7e Author: Florian Fainelli Date: Mon Apr 24 14:27:22 2017 -0700 net: dsa: b53: Implement software reset for 58xx devices Implement the correct software reset sequence for 58xx devices by setting all 3 reset bits and polling for the SW_RST bit to clear itself without a given timeout. We cannot use is58xx() here because that would also include the 7445/7278 Starfighter 2 which have their own driver doing the reset earlier on due to the HW specific integration. Fixes: 991a36bb4645 ("net: dsa: b53: Add support for BCM585xx/586xx/88312 integrated switch") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/dsa/b53/b53_common.c | 25 ++++++++++++++++++++++++- drivers/net/dsa/b53/b53_regs.h | 1 + 2 files changed, 25 insertions(+), 1 deletion(-) commit a424f0de61638cbb5047e0a888c54da9cf471f90 Author: Florian Fainelli Date: Mon Apr 24 14:27:21 2017 -0700 net: dsa: b53: Include IMP/CPU port in dumb forwarding mode Since Broadcom tags are not enabled in b53 (DSA_PROTO_TAG_NONE), we need to make sure that the IMP/CPU port is included in the forwarding decision. Without this change, switching between non-management ports would work, but not between management ports and non-management ports thus breaking the default state in which DSA switch are brought up. Fixes: 967dd82ffc52 ("net: dsa: b53: Add support for Broadcom RoboSwitch") Reported-by: Eric Anholt Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/dsa/b53/b53_common.c | 10 ++++++++++ drivers/net/dsa/b53/b53_regs.h | 4 ++++ 2 files changed, 14 insertions(+) commit 8f9cedc76fc7d9bc916127f8fe1287a249891d40 Merge: 3d339d3 ca855a5 Author: Linus Torvalds Date: Mon Apr 24 13:31:08 2017 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fix from James Bottomley: "Our final fix before the 4.12 release (hopefully). It's an error leg again: the fix to not bug on empty DMA transfers is returning the wrong code and confusing the block layer" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: return correct blkprep status code in case scsi_init_io() fails. commit 3d339d3370417b627011ac2a98525ca4dec325ae Merge: 5a7ad11 edb0b6a Author: Linus Torvalds Date: Mon Apr 24 13:20:33 2017 -0700 Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus Pull MIPS fixes from Ralf Baechle: "Another round of 4.11 for the MIPS architecture. This time around it's mostly arch but little platforms-specific code. - PCI: Register controllers in the right order to aoid a PCI error - KGDB: Use kernel context for sleeping threads - smp-cps: Fix potentially uninitialised value of core - KASLR: Fix build - ELF: Fix BUG() warning in arch_check_elf - Fix modversioning of _mcount symbol - fix out-of-tree defconfig target builds - cevt-r4k: Fix out-of-bounds array access - perf: fix deadlock - Malta: Fix i8259 irqchip setup" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: PCI: add controllers before the specified head MIPS: KGDB: Use kernel context for sleeping threads MIPS: smp-cps: Fix potentially uninitialised value of core MIPS: KASLR: Add missing header files MIPS: Avoid BUG warning in arch_check_elf MIPS: Fix modversioning of _mcount symbol MIPS: generic: fix out-of-tree defconfig target builds MIPS: cevt-r4k: Fix out-of-bounds array access MIPS: perf: fix deadlock MIPS: Malta: Fix i8259 irqchip setup commit 38baf3a68bd2a8bca346abf0ba4b98a691543e7e Merge: fc1f8f4 5e82c9e Author: David S. Miller Date: Mon Apr 24 15:58:03 2017 -0400 Merge tag 'mlx5-fixes-2017-04-22' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== Mellanox, mlx5 fixes 2017-04-22 This series contains some mlx5 fixes for net. For your convenience, the series doesn't introduce any conflict with the ongoing net-next pull request. Please pull and let me know if there's any problem. For -stable: ("net/mlx5: E-Switch, Correctly deal with inline mode on ConnectX-5") kernels >= 4.10 ("net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling") kernels >= 4.8 ("net/mlx5e: Fix small packet threshold") kernels >= 4.7 ("net/mlx5: Fix driver load bad flow when having fw initializing timeout") kernels >= 4.4 ==================== Signed-off-by: David S. Miller commit fc1f8f4f310ac65b1337e2d7ba52ae4ff2b7c849 Author: David Ahern Date: Sat Apr 22 09:10:13 2017 -0700 net: ipv6: send unsolicited NA if enabled for all interfaces When arp_notify is set to 1 for either a specific interface or for 'all' interfaces, gratuitous arp requests are sent. Since ndisc_notify is the ipv6 equivalent to arp_notify, it should follow the same semantics. Commit 4a6e3c5def13 ("net: ipv6: send unsolicited NA on admin up") sends the NA on admin up. The final piece is checking devconf_all->ndisc_notify in addition to the per device setting. Add it. Fixes: 5cb04436eef6 ("ipv6: add knob to send unsolicited ND on link-layer address change") Signed-off-by: David Ahern Reviewed-by: Simon Horman Signed-off-by: David S. Miller net/ipv6/ndisc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9199cb7677b388b42e3d95c755090dfc5ab2b11a Author: Dan Carpenter Date: Sat Apr 22 13:46:56 2017 +0300 ravb: Double free on error in ravb_start_xmit() If skb_put_padto() fails then it frees the skb. I shifted that code up a bit to make my error handling a little simpler. Fixes: a0d2f20650e8 ("Renesas Ethernet AVB PTP clock driver") Signed-off-by: Dan Carpenter Acked-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/ravb_main.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit b40c5f4fde22fb98eff205b3aece05b471c24eed Author: Ansis Atteka Date: Fri Apr 21 15:23:05 2017 -0700 udp: disable inner UDP checksum offloads in IPsec case Otherwise, UDP checksum offloads could corrupt ESP packets by attempting to calculate UDP checksum when this inner UDP packet is already protected by IPsec. One way to reproduce this bug is to have a VM with virtio_net driver (UFO set to ON in the guest VM); and then encapsulate all guest's Ethernet frames in Geneve; and then further encrypt Geneve with IPsec. In this case following symptoms are observed: 1. If using ixgbe NIC, then it will complain with following error message: ixgbe 0000:01:00.1: partial checksum but l4 proto=32! 2. Receiving IPsec stack will drop all the corrupted ESP packets and increase XfrmInStateProtoError counter in /proc/net/xfrm_stat. 3. iperf UDP test from the VM with packet sizes above MTU will not work at all. 4. iperf TCP test from the VM will get ridiculously low performance because. Signed-off-by: Ansis Atteka Co-authored-by: Steffen Klassert Signed-off-by: David S. Miller net/ipv4/udp_offload.c | 3 +++ 1 file changed, 3 insertions(+) commit 4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee Author: Jason A. Donenfeld Date: Fri Apr 21 23:14:48 2017 +0200 macsec: avoid heap overflow in skb_to_sgvec While this may appear as a humdrum one line change, it's actually quite important. An sk_buff stores data in three places: 1. A linear chunk of allocated memory in skb->data. This is the easiest one to work with, but it precludes using scatterdata since the memory must be linear. 2. The array skb_shinfo(skb)->frags, which is of maximum length MAX_SKB_FRAGS. This is nice for scattergather, since these fragments can point to different pages. 3. skb_shinfo(skb)->frag_list, which is a pointer to another sk_buff, which in turn can have data in either (1) or (2). The first two are rather easy to deal with, since they're of a fixed maximum length, while the third one is not, since there can be potentially limitless chains of fragments. Fortunately dealing with frag_list is opt-in for drivers, so drivers don't actually have to deal with this mess. For whatever reason, macsec decided it wanted pain, and so it explicitly specified NETIF_F_FRAGLIST. Because dealing with (1), (2), and (3) is insane, most users of sk_buff doing any sort of crypto or paging operation calls a convenient function called skb_to_sgvec (which happens to be recursive if (3) is in use!). This takes a sk_buff as input, and writes into its output pointer an array of scattergather list items. Sometimes people like to declare a fixed size scattergather list on the stack; othertimes people like to allocate a fixed size scattergather list on the heap. However, if you're doing it in a fixed-size fashion, you really shouldn't be using NETIF_F_FRAGLIST too (unless you're also ensuring the sk_buff and its frag_list children arent't shared and then you check the number of fragments in total required.) Macsec specifically does this: size += sizeof(struct scatterlist) * (MAX_SKB_FRAGS + 1); tmp = kmalloc(size, GFP_ATOMIC); *sg = (struct scatterlist *)(tmp + sg_offset); ... sg_init_table(sg, MAX_SKB_FRAGS + 1); skb_to_sgvec(skb, sg, 0, skb->len); Specifying MAX_SKB_FRAGS + 1 is the right answer usually, but not if you're using NETIF_F_FRAGLIST, in which case the call to skb_to_sgvec will overflow the heap, and disaster ensues. Signed-off-by: Jason A. Donenfeld Cc: stable@vger.kernel.org Cc: security@kernel.org Signed-off-by: David S. Miller drivers/net/macsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b7c8487cb3d99509220092fe77a2464dff43f015 Author: Robert Shearman Date: Fri Apr 21 21:34:59 2017 +0100 ipv4: Avoid caching l3mdev dst on mismatched local route David reported that doing the following: ip li add red type vrf table 10 ip link set dev eth1 vrf red ip addr add 127.0.0.1/8 dev red ip link set dev eth1 up ip li set red up ping -c1 -w1 -I red 127.0.0.1 ip li del red when either policy routing IP rules are present or the local table lookup ip rule is before the l3mdev lookup results in a hang with these messages: unregister_netdevice: waiting for red to become free. Usage count = 1 The problem is caused by caching the dst used for sending the packet out of the specified interface on a local route with a different nexthop interface. Thus the dst could stay around until the route in the table the lookup was done is deleted which may be never. Address the problem by not forcing output device to be the l3mdev in the flow's output interface if the lookup didn't use the l3mdev. This then results in the dst using the right device according to the route. Changes in v2: - make the dev_out passed in by __ip_route_output_key_hash correct instead of checking the nh dev if FLOWI_FLAG_SKIP_NH_OIF is set as suggested by David. Fixes: 5f02ce24c2696 ("net: l3mdev: Allow the l3mdev to be a loopback") Reported-by: David Ahern Suggested-by: David Ahern Signed-off-by: Robert Shearman Acked-by: David Ahern Tested-by: David Ahern Signed-off-by: David S. Miller net/ipv4/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 11faa7b0359aaf7efd406b7a6a077fda2b037d8e Author: Dan Carpenter Date: Fri Apr 21 13:49:37 2017 +0300 net: tc35815: move free after the dereference We dereference "skb" to get "skb->len" so we should probably do that step before freeing the skb. Fixes: eea221ce4880 ("tc35815 driver update (take 2)") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller drivers/net/ethernet/toshiba/tc35815.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1510d728639e183b60bd1285b09a49c393923ba5 Author: Martin KaFai Lau Date: Thu Apr 20 21:40:12 2017 -0700 net/mlx5e: Fix race in mlx5e_sw_stats and mlx5e_vport_stats We have observed a sudden spike in rx/tx_packets and rx/tx_bytes reported under /proc/net/dev. There is a race in mlx5e_update_stats() and some of the get-stats functions (the one that we hit is the mlx5e_get_stats() which is called by ndo_get_stats64()). In particular, the very first thing mlx5e_update_sw_counters() does is 'memset(s, 0, sizeof(*s))'. For example, if mlx5e_get_stats() is unlucky at one point, rx_bytes and rx_packets could be 0. One second later, a normal (and much bigger than 0) value will be reported. This patch is to use a 'struct mlx5e_sw_stats temp' to avoid a direct memset zero on priv->stats.sw. mlx5e_update_vport_counters() has a similar race. Hence, addressed together. However, memset zero is removed instead because it is not needed. I am lucky enough to catch this 0-reset in rx multicast: eth0: 41457665 76804 70 0 0 70 0 47085 15586634 87502 3 0 0 0 3 0 eth0: 41459860 76815 70 0 0 70 0 47094 15588376 87516 3 0 0 0 3 0 eth0: 41460577 76822 70 0 0 70 0 0 15589083 87521 3 0 0 0 3 0 eth0: 41463293 76838 70 0 0 70 0 47108 15595872 87538 3 0 0 0 3 0 eth0: 41463379 76839 70 0 0 70 0 47116 15596138 87539 3 0 0 0 3 0 v2: Remove memset zero from mlx5e_update_vport_counters() v1: Use temp and memcpy Fixes: 9218b44dcc05 ("net/mlx5e: Statistics handling refactoring") Suggested-by: Eric Dumazet Suggested-by: Saeed Mahameed Signed-off-by: Martin KaFai Lau Acked-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f6ebf0bb1a983a7b60a26acf282975b5da5b3202 Author: David S. Miller Date: Sun Apr 23 18:28:55 2017 -0700 sparc: Update syscall tables. Hook up statx. Ignore pkeys system calls, we don't have protection keeys on SPARC. Signed-off-by: David S. Miller arch/sparc/include/uapi/asm/unistd.h | 8 +++++++- arch/sparc/kernel/systbls_32.S | 1 + arch/sparc/kernel/systbls_64.S | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) commit b7c02b733c010eb65ab8957dc0d023763a3182bc Author: David S. Miller Date: Sun Apr 23 17:15:51 2017 -0700 sparc64: Fill in rest of HAVE_REGS_AND_STACK_ACCESS_API This lets us enable KPROBE_EVENTS. Signed-off-by: David S. Miller arch/sparc/Kconfig | 1 + arch/sparc/include/asm/ptrace.h | 3 ++- arch/sparc/kernel/ptrace_64.c | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) commit 5a7ad1146caa895ad718a534399e38bd2ba721b7 Author: Linus Torvalds Date: Sun Apr 23 16:53:00 2017 -0700 Linux 4.11-rc8 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9ea33c44fb19e6cbacf65021628f8ce393ba9f34 Merge: e0f4e01 32fe905 Author: Linus Torvalds Date: Sun Apr 23 16:49:16 2017 -0700 Merge tag 'upstream-4.11-rc7' of git://git.infradead.org/linux-ubifs Pull UBI/UBIFS fixes from Richard Weinberger: "This contains fixes for issues in both UBI and UBIFS: - more O_TMPFILE fallout - RENAME_WHITEOUT regression due to a mis-merge - memory leak in ubifs_mknod() - power-cut problem in UBI's update volume feature" * tag 'upstream-4.11-rc7' of git://git.infradead.org/linux-ubifs: ubifs: Fix O_TMPFILE corner case in ubifs_link() ubifs: Fix RENAME_WHITEOUT support ubifs: Fix debug messages for an invalid filename in ubifs_dump_inode ubifs: Fix debug messages for an invalid filename in ubifs_dump_node ubifs: Remove filename from debug messages in ubifs_readdir ubifs: Fix memory leak in error path in ubifs_mknod ubi/upd: Always flush after prepared for an update commit e0f4e0134a796f0e48403adf22db48a0dffdde1d Merge: fa8d7cd 0dc9c63 Author: Linus Torvalds Date: Sun Apr 23 12:51:42 2017 -0700 Merge branch 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RAS fix from Thomas Gleixner: "The MCE atomic notifier callchain invokes callbacks which might sleep. Convert it to a blocking notifier and prevent calls from atomic context" * 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mce: Make the MCE notifier a blocking one commit fa8d7cdc849e2ffa1748157277fc1d73315a4251 Merge: 94836ec b72f805 Author: Linus Torvalds Date: Sun Apr 23 12:48:05 2017 -0700 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fix from Thomas Gleixner: "The (hopefully) final fix for the irq affinity spreading logic" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: genirq/affinity: Fix calculating vectors to assign commit 5e82c9e4ed60beba83f46a1a5a8307b99a23e982 Author: Ilan Tayari Date: Thu Mar 2 15:49:45 2017 +0200 net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling Handler for ETHTOOL_GRXCLSRLALL must set info->data to the size of the table, regardless of the amount of entries in it. Existing code does not do that, and this breaks all usage of ethtool -N or -n without explicit location, with this error: rmgr: Invalid RX class rules table size: Success Set info->data to the table size. Tested: ethtool -n ens8 ethtool -N ens8 flow-type ip4 src-ip 1.1.1.1 dst-ip 2.2.2.2 action 1 ethtool -N ens8 flow-type ip4 src-ip 1.1.1.1 dst-ip 2.2.2.2 action 1 loc 55 ethtool -n ens8 ethtool -N ens8 delete 1023 ethtool -N ens8 delete 55 Fixes: f913a72aa008 ("net/mlx5e: Add support to get ethtool flow rules") Signed-off-by: Ilan Tayari Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 1 + 1 file changed, 1 insertion(+) commit cbad8cddb6ed7ef3a5f0a9a70f1711d4d7fb9a8f Author: Eugenia Emantayev Date: Wed Mar 22 11:44:14 2017 +0200 net/mlx5e: Fix small packet threshold RX packet headers are meant to be contained in SKB linear part, and chose a threshold of 128. It turns out this is not enough, i.e. for IPv6 packet over VxLAN. In this case, UDP/IPv4 needs 42 bytes, GENEVE header is 8 bytes, and 86 bytes for TCP/IPv6. In total 136 bytes that is more than current 128 bytes. In this case expand header flow is reached. The warning in skb_try_coalesce() caused by a wrong truesize was already fixed here: commit 158f323b9868 ("net: adjust skb->truesize in pskb_expand_head()"). Still, we prefer to totally avoid the expand header flow for performance reasons. Tested regular TCP_STREAM with iperf for 1 and 8 streams, no degradation was found. Fixes: 461017cb006a ("net/mlx5e: Support RX multi-packet WQE (Striding RQ)") Signed-off-by: Eugenia Emantayev Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5ae85b0edaa597b063ee9d8f48b830519a6e0c0f Author: Maor Gottlieb Date: Thu Apr 6 10:49:12 2017 +0300 net/mlx5: Fix UAR memory leak When UAR is released, we deallocate the device resource, but don't unmmap the UAR mapping memory. Fix the leak by unmapping this memory. Fixes: a6d51b68611e9 ('net/mlx5: Introduce blue flame register allocator) Signed-off-by: Maor Gottlieb Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/uar.c | 1 + 1 file changed, 1 insertion(+) commit 225aabaffe9ab42b2dd8770359442f019083275e Author: Or Gerlitz Date: Thu Apr 6 19:28:30 2017 +0300 net/mlx5e: Make sure the FW max encap size is enough for ipv6 tunnels Otherwise the code that fills the ipv6 encapsulation headers could be writing beyond the allocated headers buffer. Fixes: ce99f6b97fcd ('net/mlx5e: Support SRIOV TC encapsulation offloads for IPv6 tunnels') Signed-off-by: Or Gerlitz Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 42 ++++++++++++++----------- 1 file changed, 23 insertions(+), 19 deletions(-) commit 32f3671f6951836cfe9d84e1a6554908b85c61d7 Author: Or Gerlitz Date: Thu Apr 6 19:20:21 2017 +0300 net/mlx5e: Make sure the FW max encap size is enough for ipv4 tunnels Otherwise the code that fills the ipv4 encapsulation headers could be writing beyond the allocated headers buffer. Fixes: a54e20b4fcae ('net/mlx5e: Add basic TC tunnel set action for SRIOV offloads') Signed-off-by: Or Gerlitz Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 42 ++++++++++++++----------- 1 file changed, 23 insertions(+), 19 deletions(-) commit c415f704c8276bc686abcb0497bf2606038ca73c Author: Or Gerlitz Date: Thu Mar 30 15:56:10 2017 +0200 net/mlx5: E-Switch, Correctly deal with inline mode on ConnectX-5 On ConnectX5 the wqe inline mode is "none" and hence the FW reports MLX5_CAP_INLINE_MODE_NOT_REQUIRED. Fix our devlink callbacks to deal with that on get and set. Also fix the tc flow parsing code not to fail anything when inline isn't required. Fixes: bffaa916588e ('net/mlx5: E-Switch, Add control for inline mode') Signed-off-by: Or Gerlitz Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 3 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 36 ++++++++++++++-------- 2 files changed, 26 insertions(+), 13 deletions(-) commit 55378a238e04b39cc82957d91d16499704ea719b Author: Mohamad Haj Yahia Date: Thu Mar 30 17:00:25 2017 +0300 net/mlx5: Fix driver load bad flow when having fw initializing timeout If FW is stuck in initializing state we will skip the driver load, but current error handling flow doesn't clean previously allocated command interface resources. Fixes: e3297246c2c8 ('net/mlx5_core: Wait for FW readiness on startup') Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 94836ecf1e7378b64d37624fbb81fe48fbd4c772 Merge: 057a650 05b7278 Author: Linus Torvalds Date: Fri Apr 21 16:37:48 2017 -0700 Merge tag 'nfsd-4.11-2' of git://linux-nfs.org/~bfields/linux Pull nfsd bugfix from Bruce Fields: "Fix a 4.11 regression that triggers a BUG() on an attempt to use an unsupported NFSv4 compound op" * tag 'nfsd-4.11-2' of git://linux-nfs.org/~bfields/linux: nfsd: fix oops on unsupported operation commit 057a650bdcb05ec5947558b6baa5305a3cb15f17 Merge: 92b4fc7 c70b17b7 Author: Linus Torvalds Date: Fri Apr 21 13:20:47 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Don't race in IPSEC dumps, from Yuejie Shi. 2) Verify lengths properly in IPSEC reqeusts, from Herbert Xu. 3) Fix out of bounds access in ipv6 segment routing code, from David Lebrun. 4) Don't write into the header of cloned SKBs in smsc95xx driver, from James Hughes. 5) Several other drivers have this bug too, fix them. From Eric Dumazet. 6) Fix access to uninitialized data in TC action cookie code, from Wolfgang Bumiller. 7) Fix double free in IPV6 segment routing, again from David Lebrun. 8) Don't let userspace set the RTF_PCPU flag, oops. From David Ahern. 9) Fix use after free in qrtr code, from Dan Carpenter. 10) Don't double-destroy devices in ip6mr code, from Nikolay Aleksandrov. 11) Don't pass out-of-range TX queue indices into drivers, from Tushar Dave. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (30 commits) netpoll: Check for skb->queue_mapping ip6mr: fix notification device destruction bpf, doc: update bpf maintainers entry net: qrtr: potential use after free in qrtr_sendmsg() bpf: Fix values type used in test_maps net: ipv6: RTF_PCPU should not be settable from userspace gso: Validate assumption of frag_list segementation kaweth: use skb_cow_head() to deal with cloned skbs ch9200: use skb_cow_head() to deal with cloned skbs lan78xx: use skb_cow_head() to deal with cloned skbs sr9700: use skb_cow_head() to deal with cloned skbs cx82310_eth: use skb_cow_head() to deal with cloned skbs smsc75xx: use skb_cow_head() to deal with cloned skbs ipv6: sr: fix double free of skb after handling invalid SRH MAINTAINERS: Add "B:" field for networking. net sched actions: allocate act cookie early qed: Fix issue in populating the PFC config paramters. qed: Fix possible system hang in the dcbnl-getdcbx() path. qed: Fix sending an invalid PFC error mask to MFW. qed: Fix possible error in populating max_tc field. ... commit c70b17b775edb21280e9de7531acf6db3b365274 Author: Tushar Dave Date: Thu Apr 20 15:57:31 2017 -0700 netpoll: Check for skb->queue_mapping Reducing real_num_tx_queues needs to be in sync with skb queue_mapping otherwise skbs with queue_mapping greater than real_num_tx_queues can be sent to the underlying driver and can result in kernel panic. One such event is running netconsole and enabling VF on the same device. Or running netconsole and changing number of tx queues via ethtool on same device. e.g. Unable to handle kernel NULL pointer dereference tsk->{mm,active_mm}->context = 0000000000001525 tsk->{mm,active_mm}->pgd = fff800130ff9a000 \|/ ____ \|/ "@'/ .. \`@" /_| \__/ |_\ \__U_/ kworker/48:1(475): Oops [#1] CPU: 48 PID: 475 Comm: kworker/48:1 Tainted: G OE 4.11.0-rc3-davem-net+ #7 Workqueue: events queue_process task: fff80013113299c0 task.stack: fff800131132c000 TSTATE: 0000004480e01600 TPC: 00000000103f9e3c TNPC: 00000000103f9e40 Y: 00000000 Tainted: G OE TPC: g0: 0000000000000000 g1: 0000000000003fff g2: 0000000000000000 g3: 0000000000000001 g4: fff80013113299c0 g5: fff8001fa6808000 g6: fff800131132c000 g7: 00000000000000c0 o0: fff8001fa760c460 o1: fff8001311329a50 o2: fff8001fa7607504 o3: 0000000000000003 o4: fff8001f96e63a40 o5: fff8001311d77ec0 sp: fff800131132f0e1 ret_pc: 000000000049ed94 RPC: l0: 0000000000000000 l1: 0000000000000800 l2: 0000000000000000 l3: 0000000000000000 l4: 000b2aa30e34b10d l5: 0000000000000000 l6: 0000000000000000 l7: fff8001fa7605028 i0: fff80013111a8a00 i1: fff80013155a0780 i2: 0000000000000000 i3: 0000000000000000 i4: 0000000000000000 i5: 0000000000100000 i6: fff800131132f1a1 i7: 00000000103fa4b0 I7: Call Trace: [00000000103fa4b0] ixgbe_xmit_frame+0x30/0xa0 [ixgbe] [0000000000998c74] netpoll_start_xmit+0xf4/0x200 [0000000000998e10] queue_process+0x90/0x160 [0000000000485fa8] process_one_work+0x188/0x480 [0000000000486410] worker_thread+0x170/0x4c0 [000000000048c6b8] kthread+0xd8/0x120 [0000000000406064] ret_from_fork+0x1c/0x2c [0000000000000000] (null) Disabling lock debugging due to kernel taint Caller[00000000103fa4b0]: ixgbe_xmit_frame+0x30/0xa0 [ixgbe] Caller[0000000000998c74]: netpoll_start_xmit+0xf4/0x200 Caller[0000000000998e10]: queue_process+0x90/0x160 Caller[0000000000485fa8]: process_one_work+0x188/0x480 Caller[0000000000486410]: worker_thread+0x170/0x4c0 Caller[000000000048c6b8]: kthread+0xd8/0x120 Caller[0000000000406064]: ret_from_fork+0x1c/0x2c Caller[0000000000000000]: (null) Signed-off-by: Tushar Dave Signed-off-by: David S. Miller net/core/netpoll.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 723b929ca0f79c0796f160c2eeda4597ee98d2b8 Author: Nikolay Aleksandrov Date: Fri Apr 21 20:42:16 2017 +0300 ip6mr: fix notification device destruction Andrey Konovalov reported a BUG caused by the ip6mr code which is caused because we call unregister_netdevice_many for a device that is already being destroyed. In IPv4's ipmr that has been resolved by two commits long time ago by introducing the "notify" parameter to the delete function and avoiding the unregister when called from a notifier, so let's do the same for ip6mr. The trace from Andrey: ------------[ cut here ]------------ kernel BUG at net/core/dev.c:6813! invalid opcode: 0000 [#1] SMP KASAN Modules linked in: CPU: 1 PID: 1165 Comm: kworker/u4:3 Not tainted 4.11.0-rc7+ #251 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: netns cleanup_net task: ffff880069208000 task.stack: ffff8800692d8000 RIP: 0010:rollback_registered_many+0x348/0xeb0 net/core/dev.c:6813 RSP: 0018:ffff8800692de7f0 EFLAGS: 00010297 RAX: ffff880069208000 RBX: 0000000000000002 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88006af90569 RBP: ffff8800692de9f0 R08: ffff8800692dec60 R09: 0000000000000000 R10: 0000000000000006 R11: 0000000000000000 R12: ffff88006af90070 R13: ffff8800692debf0 R14: dffffc0000000000 R15: ffff88006af90000 FS: 0000000000000000(0000) GS:ffff88006cb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe7e897d870 CR3: 00000000657e7000 CR4: 00000000000006e0 Call Trace: unregister_netdevice_many.part.105+0x87/0x440 net/core/dev.c:7881 unregister_netdevice_many+0xc8/0x120 net/core/dev.c:7880 ip6mr_device_event+0x362/0x3f0 net/ipv6/ip6mr.c:1346 notifier_call_chain+0x145/0x2f0 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401 call_netdevice_notifiers_info+0x51/0x90 net/core/dev.c:1647 call_netdevice_notifiers net/core/dev.c:1663 rollback_registered_many+0x919/0xeb0 net/core/dev.c:6841 unregister_netdevice_many.part.105+0x87/0x440 net/core/dev.c:7881 unregister_netdevice_many net/core/dev.c:7880 default_device_exit_batch+0x4fa/0x640 net/core/dev.c:8333 ops_exit_list.isra.4+0x100/0x150 net/core/net_namespace.c:144 cleanup_net+0x5a8/0xb40 net/core/net_namespace.c:463 process_one_work+0xc04/0x1c10 kernel/workqueue.c:2097 worker_thread+0x223/0x19c0 kernel/workqueue.c:2231 kthread+0x35e/0x430 kernel/kthread.c:231 ret_from_fork+0x31/0x40 arch/x86/entry/entry_64.S:430 Code: 3c 32 00 0f 85 70 0b 00 00 48 b8 00 02 00 00 00 00 ad de 49 89 47 78 e9 93 fe ff ff 49 8d 57 70 49 8d 5f 78 eb 9e e8 88 7a 14 fe <0f> 0b 48 8b 9d 28 fe ff ff e8 7a 7a 14 fe 48 b8 00 00 00 00 00 RIP: rollback_registered_many+0x348/0xeb0 RSP: ffff8800692de7f0 ---[ end trace e0b29c57e9b3292c ]--- Reported-by: Andrey Konovalov Signed-off-by: Nikolay Aleksandrov Tested-by: Andrey Konovalov Signed-off-by: David S. Miller net/ipv6/ip6mr.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit cdb90499187c5084453665f1b0b2de72b069bbdf Author: Daniel Borkmann Date: Thu Apr 20 17:27:58 2017 +0200 bpf, doc: update bpf maintainers entry Add various related files that have been missing under BPF entry covering essential parts of its infrastructure and also add myself as co-maintainer. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller MAINTAINERS | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit 6f60f438108c66988c944894e5f673ab5d04fbc1 Author: Dan Carpenter Date: Thu Apr 20 13:21:30 2017 +0300 net: qrtr: potential use after free in qrtr_sendmsg() If skb_pad() fails then it frees the skb so we should check for errors. Fixes: bdabad3e363d ("net: Add Qualcomm IPC router") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller net/qrtr/qrtr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 89087c456fb5cb5e534edf1c30568a8baae4c906 Author: David Miller Date: Thu Apr 20 15:20:16 2017 -0400 bpf: Fix values type used in test_maps Maps of per-cpu type have their value element size adjusted to 8 if it is specified smaller during various map operations. This makes test_maps as a 32-bit binary fail, in fact the kernel writes past the end of the value's array on the user's stack. To be quite honest, I think the kernel should reject creation of a per-cpu map that doesn't have a value size of at least 8 if that's what the kernel is going to silently adjust to later. If the user passed something smaller, it is a sizeof() calcualtion based upon the type they will actually use (just like in this testcase code) in later calls to the map operations. Fixes: df570f577231 ("samples/bpf: unit test for BPF_MAP_TYPE_PERCPU_ARRAY") Signed-off-by: David S. Miller Acked-by: Daniel Borkmann Acked-by: Alexei Starovoitov tools/testing/selftests/bpf/test_maps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 557c44be917c322860665be3d28376afa84aa936 Author: David Ahern Date: Wed Apr 19 14:19:43 2017 -0700 net: ipv6: RTF_PCPU should not be settable from userspace Andrey reported a fault in the IPv6 route code: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN Modules linked in: CPU: 1 PID: 4035 Comm: a.out Not tainted 4.11.0-rc7+ #250 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff880069809600 task.stack: ffff880062dc8000 RIP: 0010:ip6_rt_cache_alloc+0xa6/0x560 net/ipv6/route.c:975 RSP: 0018:ffff880062dced30 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff8800670561c0 RCX: 0000000000000006 RDX: 0000000000000003 RSI: ffff880062dcfb28 RDI: 0000000000000018 RBP: ffff880062dced68 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff880062dcfb28 R14: dffffc0000000000 R15: 0000000000000000 FS: 00007feebe37e7c0(0000) GS:ffff88006cb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000205a0fe4 CR3: 000000006b5c9000 CR4: 00000000000006e0 Call Trace: ip6_pol_route+0x1512/0x1f20 net/ipv6/route.c:1128 ip6_pol_route_output+0x4c/0x60 net/ipv6/route.c:1212 ... Andrey's syzkaller program passes rtmsg.rtmsg_flags with the RTF_PCPU bit set. Flags passed to the kernel are blindly copied to the allocated rt6_info by ip6_route_info_create making a newly inserted route appear as though it is a per-cpu route. ip6_rt_cache_alloc sees the flag set and expects rt->dst.from to be set - which it is not since it is not really a per-cpu copy. The subsequent call to __ip6_dst_alloc then generates the fault. Fix by checking for the flag and failing with EINVAL. Fixes: d52d3997f843f ("ipv6: Create percpu rt6_info") Reported-by: Andrey Konovalov Signed-off-by: David Ahern Acked-by: Martin KaFai Lau Tested-by: Andrey Konovalov Signed-off-by: David S. Miller include/uapi/linux/ipv6_route.h | 2 +- net/ipv6/route.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) commit 43170c4e0ba709c79130c3fe5a41e66279950cd0 Author: Ilan Tayari Date: Wed Apr 19 21:26:07 2017 +0300 gso: Validate assumption of frag_list segementation Commit 07b26c9454a2 ("gso: Support partial splitting at the frag_list pointer") assumes that all SKBs in a frag_list (except maybe the last one) contain the same amount of GSO payload. This assumption is not always correct, resulting in the following warning message in the log: skb_segment: too many frags For example, mlx5 driver in Striding RQ mode creates some RX SKBs with one frag, and some with 2 frags. After GRO, the frag_list SKBs end up having different amounts of payload. If this frag_list SKB is then forwarded, the aforementioned assumption is violated. Validate the assumption, and fall back to software GSO if it not true. Change-Id: Ia03983f4a47b6534dd987d7a2aad96d54d46d212 Fixes: 07b26c9454a2 ("gso: Support partial splitting at the frag_list pointer") Signed-off-by: Ilan Tayari Signed-off-by: Ilya Lesokhin Signed-off-by: David S. Miller net/core/skbuff.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) commit 918b70244f57920db8fcb5ae63e2d0c79b509821 Merge: 95b9b88 39fba78 Author: David S. Miller Date: Fri Apr 21 13:24:07 2017 -0400 Merge branch 'skb_cow_head' Eric Dumazet says: ==================== net: use skb_cow_head() to deal with cloned skbs James Hughes found an issue with smsc95xx driver. Same problematic code is found in other drivers. ==================== Signed-off-by: David S. Miller commit 39fba7835aacda65284a86e611774cbba71dac20 Author: Eric Dumazet Date: Wed Apr 19 09:59:26 2017 -0700 kaweth: use skb_cow_head() to deal with cloned skbs We can use skb_cow_head() to properly deal with clones, especially the ones coming from TCP stack that allow their head being modified. This avoids a copy. Signed-off-by: Eric Dumazet Cc: James Hughes Signed-off-by: David S. Miller drivers/net/usb/kaweth.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) commit 6bc6895bdd6744e0136eaa4a11fbdb20a7db4e40 Author: Eric Dumazet Date: Wed Apr 19 09:59:25 2017 -0700 ch9200: use skb_cow_head() to deal with cloned skbs We need to ensure there is enough headroom to push extra header, but we also need to check if we are allowed to change headers. skb_cow_head() is the proper helper to deal with this. Fixes: 4a476bd6d1d9 ("usbnet: New driver for QinHeng CH9200 devices") Signed-off-by: Eric Dumazet Cc: James Hughes Cc: Matthew Garrett Signed-off-by: David S. Miller drivers/net/usb/ch9200.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit d4ca73591916b760478d2b04334d5dcadc028e9c Author: Eric Dumazet Date: Wed Apr 19 09:59:24 2017 -0700 lan78xx: use skb_cow_head() to deal with cloned skbs We need to ensure there is enough headroom to push extra header, but we also need to check if we are allowed to change headers. skb_cow_head() is the proper helper to deal with this. Fixes: 55d7de9de6c3 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver") Signed-off-by: Eric Dumazet Cc: James Hughes Cc: Woojung Huh Signed-off-by: David S. Miller drivers/net/usb/lan78xx.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit d532c1082f68176363ed766d09bf187616e282fe Author: Eric Dumazet Date: Wed Apr 19 09:59:23 2017 -0700 sr9700: use skb_cow_head() to deal with cloned skbs We need to ensure there is enough headroom to push extra header, but we also need to check if we are allowed to change headers. skb_cow_head() is the proper helper to deal with this. Fixes: c9b37458e956 ("USB2NET : SR9700 : One chip USB 1.1 USB2NET SR9700Device Driver Support") Signed-off-by: Eric Dumazet Cc: James Hughes Signed-off-by: David S. Miller drivers/net/usb/sr9700.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit a9e840a2081ed28c2b7caa6a9a0041c950b3c37d Author: Eric Dumazet Date: Wed Apr 19 09:59:22 2017 -0700 cx82310_eth: use skb_cow_head() to deal with cloned skbs We need to ensure there is enough headroom to push extra header, but we also need to check if we are allowed to change headers. skb_cow_head() is the proper helper to deal with this. Fixes: cc28a20e77b2 ("introduce cx82310_eth: Conexant CX82310-based ADSL router USB ethernet driver") Signed-off-by: Eric Dumazet Cc: James Hughes Signed-off-by: David S. Miller drivers/net/usb/cx82310_eth.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit b7c6d2675899cfff0180412c63fc9cbd5bacdb4d Author: Eric Dumazet Date: Wed Apr 19 09:59:21 2017 -0700 smsc75xx: use skb_cow_head() to deal with cloned skbs We need to ensure there is enough headroom to push extra header, but we also need to check if we are allowed to change headers. skb_cow_head() is the proper helper to deal with this. Fixes: d0cad871703b ("smsc75xx: SMSC LAN75xx USB gigabit ethernet adapter driver") Signed-off-by: Eric Dumazet Cc: James Hughes Signed-off-by: David S. Miller drivers/net/usb/smsc75xx.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit 95b9b88d2da5e43e025400afcb492643933bf858 Author: David Lebrun Date: Wed Apr 19 16:10:19 2017 +0200 ipv6: sr: fix double free of skb after handling invalid SRH The icmpv6_param_prob() function already does a kfree_skb(), this patch removes the duplicate one. Fixes: 1ababeba4a21f3dba3da3523c670b207fb2feb62 ("ipv6: implement dataplane support for rthdr type 4 (Segment Routing Header)") Reported-by: Dan Carpenter Cc: Dan Carpenter Signed-off-by: David Lebrun Signed-off-by: David S. Miller net/ipv6/exthdrs.c | 1 - 1 file changed, 1 deletion(-) commit 92b4fc75636be07af00b1c085513ce98e6bab324 Merge: fe7ba289 be5c5e8 Author: Linus Torvalds Date: Fri Apr 21 09:34:45 2017 -0700 Merge tag 'powerpc-4.11-8' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Just two fixes. The first fixes kprobing a stdu, and is marked for stable as it's been broken for ~ever. In hindsight this could have gone in next. The other is a fix for a change we merged this cycle, where if we take a certain exception when the kernel is running relocated (currently only used for kdump), we checkstop the box. Thanks to Ravi Bangoria" * tag 'powerpc-4.11-8' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64: Fix HMI exception on LE with CONFIG_RELOCATABLE=y powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction commit fe7ba289332e10215b8ea423a240f5d030bb4fb3 Merge: a9aa190 b9c1153 Author: Linus Torvalds Date: Fri Apr 21 09:26:34 2017 -0700 Merge tag 'pci-v4.11-fixes-5' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fix from Bjorn Helgaas: "Sorry this is so late. It's been in -next for over a week, but I forgot to send it on until now. A single fix to the DT binding of the HiSilicon PCIe host support" * tag 'pci-v4.11-fixes-5' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: hisi: Fix DT binding (hisi-pcie-almost-ecam) commit a9aa1908e224790e89f350cc26f21ae8d805869d Merge: 4664e32 3a07bb1 Author: Linus Torvalds Date: Fri Apr 21 09:20:35 2017 -0700 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block layer fixes from Jens Axboe: "A couple of last minute fixes for regressions in this cycle. More specifically: - Two patches from Andy, adjusting the NVMe APST quirks to avoid some issues specific to one Toshiba drive, and some variant of Samsung on two specific Dell laptops. - A fix for mtip32xx, turning off mq scheduling on that device. We have a real fix for this, but it's too late in the cycle. Thankfully we already have a NO_SCHED flag we can apply here. A prep patch for this is ensuring that we honor the NO_SCHED flag when attempting to online switch schedulers, previsouly we only did so for drive load time. From Ming. - Fixing an oops in blk-mq polling with scheduling attached. This one is easily reproducible, it would be a shame to release 4.11 with that issue. From me. I'd prefer not having to send in patches at this point in time, but the above are all things that have regressed in this cycle and the fixes are relatively straight forward" * 'for-linus' of git://git.kernel.dk/linux-block: blk-mq: fix potential oops with polling and blk-mq scheduler nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA" nvme: Adjust the Samsung APST quirk mtip32xx: pass BLK_MQ_F_NO_SCHED block: respect BLK_MQ_F_NO_SCHED commit 4664e3221bbac68a3547b82c042cec336b43931d Merge: 11b211e fe8c470 Author: Linus Torvalds Date: Fri Apr 21 09:18:17 2017 -0700 Merge tag 'acpi-4.11-final' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI build fix from Rafael Wysocki: "This avoids a false-positive build warning from the compiler. Specifics: - Avoid a false-positive warning regarding a variable that may not be initialized that started to trigger after a previous general build fix (Arnd Bergmann)" * tag 'acpi-4.11-final' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / power: Avoid maybe-uninitialized warning commit 11b211ede81d7a077b7bc084ccfb4d6d715c5bf0 Merge: 4d4dfc1 9f32784 Author: Linus Torvalds Date: Fri Apr 21 09:15:43 2017 -0700 Merge tag 'mmc-v4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "MMC core: - kmalloc sdio scratch buffer to make it DMA-friendly MMC host: - dw_mmc: Fix behaviour for SDIO IRQs when runtime PM is used - sdhci-esdhc-imx: Correct pad I/O drive strength for UHS-DDR50 cards" * tag 'mmc-v4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card mmc: dw_mmc: Don't allow Runtime PM for SDIO cards mmc: sdio: fix alignment issue in struct sdio_func commit 4d4dfc1caaea95e18223f48f5c4d49f898502941 Merge: c154165e 704de48 Author: Linus Torvalds Date: Fri Apr 21 09:13:43 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fixlet from Dmitry Torokhov: "An update to Elan PS/2 driver to allow working on yet another Lifebook" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled commit b0522e13b2e6266ac00dc579b79fbfee22753293 Author: David S. Miller Date: Fri Apr 21 10:44:47 2017 -0400 MAINTAINERS: Add "B:" field for networking. We want people to report bugs to the netdev list. Signed-off-by: David S. Miller MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 3d5e80125a6e5649c6bdad8d5780e39ea422c67d Author: Vineet Gupta Date: Thu Apr 20 15:36:51 2017 -0700 ARCv2: entry: save Accumulator register pair (r58:59) if present Accumulator is present in configs with FPU and/or DSP MPY (mpy > 6) Instead of doing this in pt_regs (and thus every kernel entry/exit), this could have been done in context switch (and for user task only) as currently kernel doesn't clobber these registers for its own accord. However we will soon start using 64-bit multiply instructions for kernel which can clobber these. Also gcc folks also plan to start using these as GPRs, hence better to always save/restore them Signed-off-by: Vineet Gupta arch/arc/Kconfig | 8 ++++++++ arch/arc/include/asm/entry-arcv2.h | 10 ++++++++++ arch/arc/include/asm/ptrace.h | 4 ++++ arch/arc/kernel/setup.c | 30 +++++++++++++++++++++--------- 4 files changed, 43 insertions(+), 9 deletions(-) commit c154165e93b7f1ee9c63906fa200bc735098d47d Merge: 160062e fc280fe Author: Linus Torvalds Date: Thu Apr 20 15:31:08 2017 -0700 Merge branch 'akpm' (patches from Andrew) Merge two mm fixes from Andrew Morton. * emailed patches from Andrew Morton : mm: prevent NR_ISOLATE_* stats from going negative Revert "mm, page_alloc: only use per-cpu allocator for irq-safe requests" commit fc280fe871449ead4bdbd1665fa52c7c01c64765 Author: Rabin Vincent Date: Thu Apr 20 14:37:46 2017 -0700 mm: prevent NR_ISOLATE_* stats from going negative Commit 6afcf8ef0ca0 ("mm, compaction: fix NR_ISOLATED_* stats for pfn based migration") moved the dec_node_page_state() call (along with the page_is_file_cache() call) to after putback_lru_page(). But page_is_file_cache() can change after putback_lru_page() is called, so it should be called before putback_lru_page(), as it was before that patch, to prevent NR_ISOLATE_* stats from going negative. Without this fix, non-CONFIG_SMP kernels end up hanging in the while(too_many_isolated()) { congestion_wait() } loop in shrink_active_list() due to the negative stats. Mem-Info: active_anon:32567 inactive_anon:121 isolated_anon:1 active_file:6066 inactive_file:6639 isolated_file:4294967295 ^^^^^^^^^^ unevictable:0 dirty:115 writeback:0 unstable:0 slab_reclaimable:2086 slab_unreclaimable:3167 mapped:3398 shmem:18366 pagetables:1145 bounce:0 free:1798 free_pcp:13 free_cma:0 Fixes: 6afcf8ef0ca0 ("mm, compaction: fix NR_ISOLATED_* stats for pfn based migration") Link: http://lkml.kernel.org/r/1492683865-27549-1-git-send-email-rabin.vincent@axis.com Signed-off-by: Rabin Vincent Acked-by: Michal Hocko Cc: Ming Ling Cc: Minchan Kim Cc: Vlastimil Babka Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/migrate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d34b0733b452ca3ef1dee36436dab08b8aa6a85c Author: Mel Gorman Date: Thu Apr 20 14:37:43 2017 -0700 Revert "mm, page_alloc: only use per-cpu allocator for irq-safe requests" This reverts commit 374ad05ab64. While the patch worked great for userspace allocations, the fact that softirq loses the per-cpu allocator caused problems. It needs to be redone taking into account that a separate list is needed for hard/soft IRQs or alternatively find a cheap way of detecting reentry due to an interrupt. Both are possible but sufficiently tricky that it shouldn't be rushed. Jesper had one method for allowing softirqs but reported that the cost was high enough that it performed similarly to a plain revert. His figures for netperf TCP_STREAM were as follows Baseline v4.10.0 : 60316 Mbit/s Current 4.11.0-rc6: 47491 Mbit/s Jesper's patch : 60662 Mbit/s This patch : 60106 Mbit/s As this is a regression, I wish to revert to noirq allocator for now and go back to the drawing board. Link: http://lkml.kernel.org/r/20170415145350.ixy7vtrzdzve57mh@techsingularity.net Signed-off-by: Mel Gorman Reported-by: Tariq Toukan Acked-by: Jesper Dangaard Brouer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 43 ++++++++++++++++++++----------------------- 1 file changed, 20 insertions(+), 23 deletions(-) commit 3a07bb1d7676ea24bc1585ba2a80604852c005e7 Author: Jens Axboe Date: Thu Apr 20 14:53:28 2017 -0600 blk-mq: fix potential oops with polling and blk-mq scheduler If we have a scheduler attached, blk_mq_tag_to_rq() on the scheduled tags will return NULL if a request is no longer in flight. This is different than using the normal tags, where it will always return the fixed request. Check for this condition for polling, in case we happen to enter polling for a completed request. The request address remains valid, so this check and return should be perfectly safe. Fixes: bd166ef183c2 ("blk-mq-sched: add framework for MQ capable IO schedulers") Tested-by: Stephen Bates Signed-off-by: Jens Axboe block/blk-mq.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit be56945c4edd5a3da15f8254b68d1ddb1588d0c4 Author: Andy Lutomirski Date: Thu Apr 20 13:37:56 2017 -0700 nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA" There's a report that it malfunctions with APST on. See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1678184 Cc: Kai-Heng Feng Signed-off-by: Andy Lutomirski Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit ff5350a86b20de23991e474e006e2ff2732b218e Author: Andy Lutomirski Date: Thu Apr 20 13:37:55 2017 -0700 nvme: Adjust the Samsung APST quirk I got a couple more reports: the Samsung APST issues appears to affect multiple 950-series devices in Dell XPS 15 9550 and Precision 5510 laptops. Change the quirk: rather than blacklisting the firmware on the first problematic SSD that was reported, disable APST on all 144d:a802 devices if they're installed in the two affected Dell models. While we're at it, disable only the deepest sleep state instead of all of them -- the reporters say that this is sufficient to fix the problem. (I have a device that appears to be entirely identical to one of the affected devices, but I have a different Dell laptop, so it's not the case that all Samsung devices with firmware BXW75D0Q are broken under all circumstances.) Samsung engineers have an affected system, and hopefully they'll give us a better workaround some time soon. In the mean time, this should minimize regressions. See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1678184 Cc: Kai-Heng Feng Signed-off-by: Andy Lutomirski Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 18 ++++++++---------- drivers/nvme/host/nvme.h | 5 +++++ drivers/nvme/host/pci.c | 26 +++++++++++++++++++++++++- 3 files changed, 38 insertions(+), 11 deletions(-) commit e0535ce58b92d7baf0b33284a6c4f8f0338f943e Author: Wolfgang Bumiller Date: Thu Apr 20 14:08:26 2017 +0200 net sched actions: allocate act cookie early Policing filters do not use the TCA_ACT_* enum and the tb[] nlattr array in tcf_action_init_1() doesn't get filled for them so we should not try to look for a TCA_ACT_COOKIE attribute in the then uninitialized array. The error handling in cookie allocation then calls tcf_hash_release() leading to invalid memory access later on. Additionally, if cookie allocation fails after an already existing non-policing filter has successfully been changed, tcf_action_release() should not be called, also we would have to roll back the changes in the error handling, so instead we now allocate the cookie early and assign it on success at the end. CVE-2017-7979 Fixes: 1045ba77a596 ("net sched actions: Add support for user cookies") Signed-off-by: Wolfgang Bumiller Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller net/sched/act_api.c | 55 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 23 deletions(-) commit 43af390573ad5539b6087831a1197747a0e672ad Merge: e9156cd c0c5dbe Author: David S. Miller Date: Thu Apr 20 16:29:41 2017 -0400 Merge branch 'qed-dcbx-fixes' Sudarsana Reddy Kalluru says: ==================== qed: Dcbx bug fixes The series has set of bug fixes for dcbx implementation of qed driver. Please consider applying this to 'net' branch. ==================== Signed-off-by: David S. Miller commit c0c5dbe711c7d642415359ef5d216896a15a434b Author: sudarsana.kalluru@cavium.com Date: Wed Apr 19 03:19:55 2017 -0700 qed: Fix issue in populating the PFC config paramters. Change ieee_setpfc() callback implementation to populate traffic class count with the user provided value. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 2 ++ 1 file changed, 2 insertions(+) commit 62289ba27558553871fd047baadaaeda886c6a63 Author: sudarsana.kalluru@cavium.com Date: Wed Apr 19 03:19:54 2017 -0700 qed: Fix possible system hang in the dcbnl-getdcbx() path. qed_dcbnl_get_dcbx() API uses kmalloc in GFT_KERNEL mode. The API gets invoked in the interrupt context by qed_dcbnl_getdcbx callback. Need to invoke this kmalloc in atomic mode. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6cf75f1cebb048cfc1424b4b8ac9bbc08d5f9f66 Author: sudarsana.kalluru@cavium.com Date: Wed Apr 19 03:19:53 2017 -0700 qed: Fix sending an invalid PFC error mask to MFW. PFC error-mask value is not supported by MFW, but this bit could be set in the pfc bit-map of the operational parameters if remote device supports it. These operational parameters are used as basis for populating the dcbx config parameters. User provided configs will be applied on top of these parameters and then send them to MFW when requested. Driver need to clear the error-mask bit before sending the config parameters to MFW. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 2 ++ 1 file changed, 2 insertions(+) commit 66367dab30c7040e638e5496a47184cfc8ba39a4 Author: sudarsana.kalluru@cavium.com Date: Wed Apr 19 03:19:52 2017 -0700 qed: Fix possible error in populating max_tc field. Some adapters may not publish the max_tc value. Populate the default value for max_tc field in case the mfw didn't provide one. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 7 +++++++ 1 file changed, 7 insertions(+) commit e9156cd26a495a18706e796f02a81fee41ec14f4 Author: James Hughes Date: Wed Apr 19 11:13:40 2017 +0100 smsc95xx: Use skb_cow_head to deal with cloned skbs The driver was failing to check that the SKB wasn't cloned before adding checksum data. Replace existing handling to extend/copy the header buffer with skb_cow_head. Signed-off-by: James Hughes Acked-by: Eric Dumazet Acked-by: Woojung Huh Signed-off-by: David S. Miller drivers/net/usb/smsc95xx.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 74d209b8350a19d4f70252aa7a4e3d0b865676dd Author: Sekhar Nori Date: Wed Apr 19 14:08:24 2017 +0530 MAINTAINERS: update entry for TI's CPSW driver Mugunthan V N, who was reviewing TI's CPSW driver patches is not working for TI anymore and wont be reviewing patches for that driver. Drop Mugunthan as the maintiainer for this driver. Grygorii continues to be a reviewer. Dave Miller applies the patches directly and adding a maintainer is actually misleading since get_maintainer.pl script stops suggesting that Dave Miller be copied. Signed-off-by: Sekhar Nori Signed-off-by: David S. Miller MAINTAINERS | 1 - 1 file changed, 1 deletion(-) commit 12a0a6c05471176a453e324d0d5e51c6f381ad63 Merge: 9d386cd 096f41d Author: David S. Miller Date: Thu Apr 20 16:19:46 2017 -0400 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2017-04-19 Two fixes for af_key: 1) Add a lock to key dump to prevent a NULL pointer dereference. From Yuejie Shi. 2) Fix slab-out-of-bounds in parse_ipsecrequests. From Herbert Xu. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller commit 9d386cd9a755c8293e8916264d4d053878a7c9c7 Author: Dan Carpenter Date: Tue Apr 18 22:14:26 2017 +0300 dp83640: don't recieve time stamps twice This patch is prompted by a static checker warning about a potential use after free. The concern is that netif_rx_ni() can free "skb" and we call it twice. When I look at the commit that added this, it looks like some stray lines were added accidentally. It doesn't make sense to me that we would recieve the same data two times. I asked the author but never recieved a response. I can't test this code, but I'm pretty sure my patch is correct. Fixes: 4b063258ab93 ("dp83640: Delay scheduled work.") Signed-off-by: Dan Carpenter Acked-by: Stefan Sørensen Signed-off-by: David S. Miller drivers/net/phy/dp83640.c | 2 -- 1 file changed, 2 deletions(-) commit 2f3bb64247b5b083d05ccecad9c2e139bbfdc294 Author: David Lebrun Date: Tue Apr 18 17:59:49 2017 +0200 ipv6: sr: fix out-of-bounds access in SRH validation This patch fixes an out-of-bounds access in seg6_validate_srh() when the trailing data is less than sizeof(struct sr6_tlv). Reported-by: Andrey Konovalov Cc: Andrey Konovalov Signed-off-by: David Lebrun Signed-off-by: David S. Miller net/ipv6/seg6.c | 3 +++ 1 file changed, 3 insertions(+) commit c1f8d0f98c3bc12393821c1bf00d8eaa0bd58bd8 Author: Mike Maloney Date: Tue Apr 18 11:14:16 2017 -0400 selftests/net: Fixes psock_fanout CBPF test case 'psock_fanout' has been failing since commit 4d7b9dc1f36a9 ("tools: psock_lib: harden socket filter used by psock tests"). That commit changed the CBPF filter to examine the full ethernet frame, and was tested on 'psock_tpacket' which uses SOCK_RAW. But 'psock_fanout' was also using this same CBPF in two places, for filtering and fanout, on a SOCK_DGRAM socket. Change 'psock_fanout' to use SOCK_RAW so that the CBPF program used with SO_ATTACH_FILTER can examine the entire frame. Create a new CBPF program for use with PACKET_FANOUT_DATA which ignores the header, as it cannot see the ethernet header. Tested: Ran tools/testing/selftests/net/psock_{fanout,tpacket} 10 times, and they all passed. Fixes: 4d7b9dc1f36a9 ("tools: psock_lib: harden socket filter used by psock tests") Signed-off-by: 'Mike Maloney ' Signed-off-by: David S. Miller tools/testing/selftests/net/psock_fanout.c | 22 ++++++++++++++++++++-- tools/testing/selftests/net/psock_lib.h | 13 +++---------- 2 files changed, 23 insertions(+), 12 deletions(-) commit 3018e947d7fd536d57e2b550c33e456d921fff8c Author: Johannes Berg Date: Thu Apr 20 21:32:16 2017 +0200 mac80211: reject ToDS broadcast data frames AP/AP_VLAN modes don't accept any real 802.11 multicast data frames, but since they do need to accept broadcast management frames the same is currently permitted for data frames. This opens a security problem because such frames would be decrypted with the GTK, and could even contain unicast L3 frames. Since the spec says that ToDS frames must always have the BSSID as the RA (addr1), reject any other data frames. The problem was originally reported in "Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys" at usenix https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/vanhoef and brought to my attention by Jouni. Cc: stable@vger.kernel.org Reported-by: Jouni Malinen Signed-off-by: Johannes Berg -- Dave, I didn't want to send you a new pull request for a single commit yet again - can you apply this one patch as is? Signed-off-by: David S. Miller net/mac80211/rx.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) commit 160062e19001b224370cddeaf652f258fd916fb0 Merge: 7f42589 78f7a45 Author: Linus Torvalds Date: Thu Apr 20 12:30:10 2017 -0700 Merge tag 'trace-v4.11-rc5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull two more ftrace fixes from Steven Rostedt: "While continuing my development, I uncovered two more small bugs. One is a race condition when enabling the snapshot function probe trigger. It enables the probe before allocating the snapshot, and if the probe triggers first, it stops tracing with a warning that the snapshot buffer was not allocated. The seconds is that the snapshot file should show how to use it when it is empty. But a bug fix from long ago broke the "is empty" test and the snapshot file no longer displays the help message" * tag 'trace-v4.11-rc5-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: ring-buffer: Have ring_buffer_iter_empty() return true when empty tracing: Allocate the snapshot buffer before enabling probe commit 7f425895926af100cfdaebd504703325e5c08d3c Merge: db5dc49 6f107fa Author: Linus Torvalds Date: Thu Apr 20 12:26:10 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: "Two last-minute regression fixes for Wacom driver from Jason Gerecke" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: wacom: Override incorrect logical maximum contact identifier HID: wacom: Treat HID_DG_TOOLSERIALNUMBER as unsigned commit db5dc4996414d61162c9c83bf73e0e2bf2636911 Merge: f205b5d a8f60d1 Author: Linus Torvalds Date: Thu Apr 20 12:20:30 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fix from Martin Schwidefsky: "There is one more fix I would like to see in 4.11: The combination of KVM, CMMA and heavy paging can cause data corruption, the fix is to clear the _PAGE_UNUSED bit in set_pte_at()" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/mm: fix CMMA vs KSM vs others commit f205b5dc1c9e62237ac6e21642724d8cbc85f7ee Merge: f61143c c9f838d Author: Linus Torvalds Date: Thu Apr 20 11:12:51 2017 -0700 Merge tag 'keys-fixes-20170419' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull keyrings fixes from David Howells: (1) Disallow keyrings whose name begins with a '.' to be joined [CVE-2016-9604]. (2) Change the name of the dead type to ".dead" to prevent user access [CVE-2017-6951]. (3) Fix keyctl_set_reqkey_keyring() to not leak thread keyrings [CVE-2017-7472] * tag 'keys-fixes-20170419' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings KEYS: Change the name of the dead type to ".dead" to prevent user access KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings commit 6324805979719c7183063520c4ab9c178dc2f60c Merge: 1debdc8 9e47806 Author: David S. Miller Date: Thu Apr 20 13:36:42 2017 -0400 Merge tag 'mac80211-for-davem-2017-04-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== A single fix, for the MU-MIMO monitor mode, that fixes bad SKB accesses if the SKB was paged, which is the case for the only driver supporting this - iwlwifi. ==================== Signed-off-by: David S. Miller commit b72f8051f34b8164a62391e3676edc34523c5952 Author: Keith Busch Date: Wed Apr 19 19:51:10 2017 -0400 genirq/affinity: Fix calculating vectors to assign The vectors_per_node is calculated from the remaining available vectors. The current vector starts after pre_vectors, so we need to subtract that from the current to properly account for the number of remaining vectors to assign. Fixes: 3412386b531 ("irq/affinity: Fix extra vecs calculation") Reported-by: Andrei Vagin Signed-off-by: Keith Busch Link: http://lkml.kernel.org/r/1492645870-13019-1-git-send-email-keith.busch@intel.com Signed-off-by: Thomas Gleixner kernel/irq/affinity.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9f327845358d3dd0d8a5a7a5436b0aa5c432e757 Author: Haibo Chen Date: Wed Apr 19 10:53:51 2017 +0800 mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card Currently for DDR50 card, it need tuning in default. We meet tuning fail issue for DDR50 card and some data CRC error when DDR50 sd card works. This is because the default pad I/O drive strength can't make sure DDR50 card work stable. So increase the pad I/O drive strength for DDR50 card, and use pins_100mhz. This fixes DDR50 card support for IMX since DDR50 tuning was enabled from commit 9faac7b95ea4 ("mmc: sdhci: enable tuning for DDR50") Tested-and-reported-by: Tim Harvey Signed-off-by: Haibo Chen Cc: stable@vger.kernel.org # v4.4+ Acked-by: Dong Aisheng Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-esdhc-imx.c | 1 + 1 file changed, 1 insertion(+) commit 6f107fab8f18228936cd3df88a3bb6050865c2c8 Author: Jason Gerecke Date: Wed Apr 19 14:47:24 2017 -0700 HID: wacom: Override incorrect logical maximum contact identifier It apears that devices designed around Wacom's G11 chipset (e.g. Lenovo ThinkPad Yoga 260, Lenovo ThinkPad X1 Yoga, Dell XPS 12 9250, Dell Venue 8 Pro 5855, etc.) suffer from a common issue in their HID descriptors. The logical maximum is not updated for the "Contact Identifier" usage, leaving it as just "1" despite these devices being capable of tracking far more touches. Commit 60a221869803 began ignoring usages with out-of-range values, causing problems for devices based on this chipset. Touches after the first will have an out-of-range Contact Identifier, and ignoring that usage will cause the kernel to incorrectly slot each finger's events (along with all the knock-on userspace effects that entails). This commit checks for these buggy descriptors and updates the maximum where required. Prior chipsets have used "255" as the maximum (and the G11, at least, doesn't seem to actually use IDs outside the range of 1..CONTACTMAX) so continue using this value. Cc: stable@vger.kernel.org Fixes: 60a221869803 ("HID: wacom: generic: add support for touchring") Signed-off-by: Jason Gerecke Signed-off-by: Jiri Kosina drivers/hid/wacom_wac.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 78f7a45dac2a2d2002f98a3a95f7979867868d73 Author: Steven Rostedt (VMware) Date: Wed Apr 19 14:29:46 2017 -0400 ring-buffer: Have ring_buffer_iter_empty() return true when empty I noticed that reading the snapshot file when it is empty no longer gives a status. It suppose to show the status of the snapshot buffer as well as how to allocate and use it. For example: ># cat snapshot # tracer: nop # # # * Snapshot is allocated * # # Snapshot commands: # echo 0 > snapshot : Clears and frees snapshot buffer # echo 1 > snapshot : Allocates snapshot buffer, if not already allocated. # Takes a snapshot of the main buffer. # echo 2 > snapshot : Clears snapshot buffer (but does not allocate or free) # (Doesn't have to be '2' works with any number that # is not a '0' or '1') But instead it just showed an empty buffer: ># cat snapshot # tracer: nop # # entries-in-buffer/entries-written: 0/0 #P:4 # # _-----=> irqs-off # / _----=> need-resched # | / _---=> hardirq/softirq # || / _--=> preempt-depth # ||| / delay # TASK-PID CPU# |||| TIMESTAMP FUNCTION # | | | |||| | | What happened was that it was using the ring_buffer_iter_empty() function to see if it was empty, and if it was, it showed the status. But that function was returning false when it was empty. The reason was that the iter header page was on the reader page, and the reader page was empty, but so was the buffer itself. The check only tested to see if the iter was on the commit page, but the commit page was no longer pointing to the reader page, but as all pages were empty, the buffer is also. Cc: stable@vger.kernel.org Fixes: 651e22f2701b ("ring-buffer: Always reset iterator to reader page") Signed-off-by: Steven Rostedt (VMware) kernel/trace/ring_buffer.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) commit f61143c45077df4fa78e2f1ba455a00bbe1d5b8c Merge: 4988f7a e759030 Author: Linus Torvalds Date: Wed Apr 19 17:16:18 2017 -0700 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd" - one stm32f4 fix for a change that introduced the PLL_I2S and PLL_SAI boards - two Allwinner clk driver build fixes - two Allwinner CPU clk driver fixes where we see random CPUFreq crashes because the CPU's PLL locks up sometimes when we change the rate * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: sunxi-ng: a33: gate then ungate PLL CPU clk after rate change clk: sunxi-ng: Add clk notifier to gate then ungate PLL clocks clk: sunxi-ng: fix build failure in ccu-sun9i-a80 driver clk: sunxi-ng: fix build error without CONFIG_RESET_CONTROLLER clk: stm32f4: fix: exclude values 0 and 1 for PLLQ commit 4988f7a40f45929588d4b8f09c71eb785f55a19c Merge: 073c516 62a6cfd Author: Linus Torvalds Date: Wed Apr 19 17:12:46 2017 -0700 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull CIFS fix from Steve French: "One more cifs fix for stable" * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: cifs: Do not send echoes before Negotiate is complete commit 073c516ff73557a8f7315066856c04b50383ac34 Author: Cong Wang Date: Wed Apr 19 15:11:00 2017 -0700 nsfs: mark dentry with DCACHE_RCUACCESS Andrey reported a use-after-free in __ns_get_path(): spin_lock include/linux/spinlock.h:299 [inline] lockref_get_not_dead+0x19/0x80 lib/lockref.c:179 __ns_get_path+0x197/0x860 fs/nsfs.c:66 open_related_ns+0xda/0x200 fs/nsfs.c:143 sock_ioctl+0x39d/0x440 net/socket.c:1001 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1bf/0x1780 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 We are under rcu read lock protection at that point: rcu_read_lock(); d = atomic_long_read(&ns->stashed); if (!d) goto slow; dentry = (struct dentry *)d; if (!lockref_get_not_dead(&dentry->d_lockref)) goto slow; rcu_read_unlock(); but don't use a proper RCU API on the free path, therefore a parallel __d_free() could free it at the same time. We need to mark the stashed dentry with DCACHE_RCUACCESS so that __d_free() will be called after all readers leave RCU. Fixes: e149ed2b805f ("take the targets of /proc/*/ns/* symlinks to separate fs") Cc: Alexander Viro Cc: Andrew Morton Reported-by: Andrey Konovalov Signed-off-by: Cong Wang Signed-off-by: Linus Torvalds fs/nsfs.c | 1 + 1 file changed, 1 insertion(+) commit 80d136e138f59de35aafb0440e8ab2f51c40ccd5 Author: Michal Hocko Date: Wed Apr 19 09:52:46 2017 +0200 mm: make mm_percpu_wq non freezable Geert has reported a freeze during PM resume and some additional debugging has shown that the device_resume worker cannot make a forward progress because it waits for an event which is stuck waiting in drain_all_pages: INFO: task kworker/u4:0:5 blocked for more than 120 seconds. Not tainted 4.11.0-rc7-koelsch-00029-g005882e53d62f25d-dirty #3476 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. kworker/u4:0 D 0 5 2 0x00000000 Workqueue: events_unbound async_run_entry_fn __schedule schedule schedule_timeout wait_for_common dpm_wait_for_superior device_resume async_resume async_run_entry_fn process_one_work worker_thread kthread [...] bash D 0 1703 1694 0x00000000 __schedule schedule schedule_timeout wait_for_common flush_work drain_all_pages start_isolate_page_range alloc_contig_range cma_alloc __alloc_from_contiguous cma_allocator_alloc __dma_alloc arm_dma_alloc sh_eth_ring_init sh_eth_open sh_eth_resume dpm_run_callback device_resume dpm_resume dpm_resume_end suspend_devices_and_enter pm_suspend state_store kernfs_fop_write __vfs_write vfs_write SyS_write [...] Showing busy workqueues and worker pools: [...] workqueue mm_percpu_wq: flags=0xc pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=0/0 delayed: drain_local_pages_wq, vmstat_update pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=0/0 delayed: drain_local_pages_wq BAR(1703), vmstat_update Tetsuo has properly noted that mm_percpu_wq is created as WQ_FREEZABLE so it is frozen this early during resume so we are effectively deadlocked. Fix this by dropping WQ_FREEZABLE when creating mm_percpu_wq. We really want to have it operational all the time. Fixes: ce612879ddc7 ("mm: move pcp and lru-pcp draining into single wq") Reported-and-tested-by: Geert Uytterhoeven Debugged-by: Tetsuo Handa Signed-off-by: Michal Hocko Signed-off-by: Linus Torvalds mm/vmstat.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit c4bac97b0d3405f760c30636ff0b2e32810507d3 Merge: 005882e 892c778 Author: Linus Torvalds Date: Wed Apr 19 14:45:51 2017 -0700 Merge tag 'backlight-for-v4.11' of git://git.linaro.org/people/daniel.thompson/linux Pull backlight fix from Daniel Thompson: "Normally pull requests for backlight come from Lee Jones (and will continue to do so) but the bug fixed here is annoying for few people so I'm providing a little holiday cover. Fix a single bug in the PWM backlight driver and make it play nice with a wider range of GPIO devices. This bug is a regression and was independently discovered by Geert Uytterhoevan and Paul Kocialkowski (and is tested by both)" * tag 'backlight-for-v4.11' of git://git.linaro.org/people/daniel.thompson/linux: backlight: pwm_bl: Fix GPIO out for unimplemented .get_direction() commit fe8c470ab87d90e4b5115902dd94eced7e3305c3 Author: Arnd Bergmann Date: Wed Apr 19 19:47:04 2017 +0200 ACPI / power: Avoid maybe-uninitialized warning gcc -O2 cannot always prove that the loop in acpi_power_get_inferred_state() is enterered at least once, so it assumes that cur_state might not get initialized: drivers/acpi/power.c: In function 'acpi_power_get_inferred_state': drivers/acpi/power.c:222:9: error: 'cur_state' may be used uninitialized in this function [-Werror=maybe-uninitialized] This sets the variable to zero at the start of the loop, to ensure that there is well-defined behavior even for an empty list. This gets rid of the warning. The warning first showed up when the -Os flag got removed in a bug fix patch in linux-4.11-rc5. I would suggest merging this addon patch on top of that bug fix to avoid introducing a new warning in the stable kernels. Fixes: 61b79e16c68d (ACPI: Fix incompatibility with mcount-based function graph tracing) Cc: All applicable Signed-off-by: Arnd Bergmann Signed-off-by: Rafael J. Wysocki drivers/acpi/power.c | 1 + 1 file changed, 1 insertion(+) commit 4981d04dd8f1ab19e2cce008da556d7f099b6e68 Author: Ming Lei Date: Sat Apr 15 20:38:23 2017 +0800 mtip32xx: pass BLK_MQ_F_NO_SCHED The recent introduced MQ IO scheduler breaks mtip32xx in the following way. mtip32xx use the 'request_index' passed to .init_request() as hardware tag index for initializing hardware queue, and it actually require that rq->tag is always same with 'request_index' passed to .init_request(). Current blk-mq IO scheduler can't guarantee this point, so this patch passes BLK_MQ_F_NO_SCHED and at least make mtip32xx working. This patch fixes the following strange hardware failure. The issue can be triggered easily when doing I/O with mq-deadline enabled. [ 186.972578] {1}[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 32993 [ 186.972578] {1}[Hardware Error]: event severity: fatal [ 186.972579] {1}[Hardware Error]: Error 0, type: fatal [ 186.972580] {1}[Hardware Error]: section_type: PCIe error [ 186.972580] {1}[Hardware Error]: port_type: 0, PCIe end point [ 186.972581] {1}[Hardware Error]: version: 1.0 [ 186.972581] {1}[Hardware Error]: command: 0x0407, status: 0x0010 [ 186.972582] {1}[Hardware Error]: device_id: 0000:07:00.0 [ 186.972582] {1}[Hardware Error]: slot: 4 [ 186.972583] {1}[Hardware Error]: secondary_bus: 0x00 [ 186.972583] {1}[Hardware Error]: vendor_id: 0x1344, device_id: 0x5150 [ 186.972584] {1}[Hardware Error]: class_code: 008001 [ 186.972585] Kernel panic - not syncing: Fatal hardware error! Reported-by: Jozef Mikovic Signed-off-by: Ming Lei Signed-off-by: Jens Axboe drivers/block/mtip32xx/mtip32xx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a5088c8c11ac9d56f7e90acaaae9e0e98c1ff94 Author: Ming Lei Date: Sat Apr 15 20:38:22 2017 +0800 block: respect BLK_MQ_F_NO_SCHED If one driver claims that it doesn't support io scheduler via BLK_MQ_F_NO_SCHED, we should not allow to change and show the availabe io schedulers. This patch adds check to enhance this behaviour. Signed-off-by: Ming Lei Signed-off-by: Jens Axboe block/elevator.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 892c7788c72480e8282b8aafe0783a244cc9f47f Author: Geert Uytterhoeven Date: Tue Apr 4 12:54:35 2017 +0200 backlight: pwm_bl: Fix GPIO out for unimplemented .get_direction() Commit 7613c922315e308a ("backlight: pwm_bl: Move the checks for initial power state to a separate function") not just moved some code, but made slight changes in semantics. If a gpiochip doesn't implement the optional .get_direction() callback, gpiod_get_direction always returns -EINVAL, which is never equal to GPIOF_DIR_IN, leading to the GPIO not being configured for output. To avoid this, invert the test and check for not GPIOF_DIR_OUT instead, like the original code did. This restores the display on r8a7740/armadillo. Fixes: 7613c922315e308a ("backlight: pwm_bl: Move the checks for initial power state to a separate function") Signed-off-by: Geert Uytterhoeven Reviewed-by: Peter Ujfalusi Acked-by: Philipp Zabel Acked-by: Daniel Thompson Signed-off-by: Daniel Thompson drivers/video/backlight/pwm_bl.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit df62db5be2e5f070ecd1a5ece5945b590ee112e0 Author: Steven Rostedt (VMware) Date: Wed Apr 19 12:07:08 2017 -0400 tracing: Allocate the snapshot buffer before enabling probe Currently the snapshot trigger enables the probe and then allocates the snapshot. If the probe triggers before the allocation, it could cause the snapshot to fail and turn tracing off. It's best to allocate the snapshot buffer first, and then enable the trigger. If something goes wrong in the enabling of the trigger, the snapshot buffer is still allocated, but it can also be freed by the user by writting zero into the snapshot buffer file. Also add a check of the return status of alloc_snapshot(). Cc: stable@vger.kernel.org Fixes: 77fd5c15e3 ("tracing: Add snapshot trigger to function probes") Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 286f3f478796fb4f9e003e9f7d649f3c33f08d2f Author: Jason Gerecke Date: Thu Apr 13 08:39:49 2017 -0700 HID: wacom: Treat HID_DG_TOOLSERIALNUMBER as unsigned Because HID_DG_TOOLSERIALNUMBER doesn't first cast the value recieved from HID to an unsigned type, sign-extension rules can cause the value of wacom_wac->serial[0] to inadvertently wind up with all 32 of its highest bits set if the highest bit of "value" was set. This can cause problems for Tablet PC devices which use AES sensors and the xf86-input-wacom userspace driver. It is not uncommon for AES sensors to send a serial number of '0' while the pen is entering or leaving proximity. The xf86-input-wacom driver ignores events with a serial number of '0' since it cannot match them up to an in-use tool. To ensure the xf86-input-wacom driver does not ignore the final out-of-proximity event, the kernel does not send MSC_SERIAL events when the value of wacom_wac->serial[0] is '0'. If the highest bit of HID_DG_TOOLSERIALNUMBER is set by an in-prox pen which later leaves proximity and sends a '0' for HID_DG_TOOLSERIALNUMBER, then only the lowest 32 bits of wacom_wac->serial[0] are actually cleared, causing the kernel to send an MSC_SERIAL event. Since the 'input_event' function takes an 'int' as argument, only those lowest (now-cleared) 32 bits of wacom_wac->serial[0] are sent to userspace, causing xf86-input-wacom to ignore the event. If the event was the final out-of-prox event, then xf86-input-wacom may remain in a state where it believes the pen is in proximity and refuses to allow other devices under its control (e.g. the touchscreen) to move the cursor. It should be noted that EMR devices and devices which use both the HID_DG_TOOLSERIALNUMBER and WACOM_HID_WD_SERIALHI usages (in that order) would be immune to this issue. It appears only AES devices are affected. Fixes: f85c9dc678a ("HID: wacom: generic: Support tool ID and additional tool types") Cc: stable@vger.kernel.org Signed-off-by: Jason Gerecke Acked-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/wacom_wac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 338bd52f3c3a86a1feea8c9a121d1cee60d68d69 Author: David Sterba Date: Tue Apr 18 17:00:12 2017 +0200 btrfs: qgroup: move noisy underflow warning to debugging build The WARN_ON and warning from report_reserved_underflow can become very noisy and is visible unconditionally although this is namely for debugging. The patch "btrfs: Add WARN_ON for qgroup reserved underflow" (18dc22c19bef520cca11ce4c0807ac9dec48d31f) went to 4.11-rc1 and the plan was to get the fix as well, but this hasn't happened. CC: Qu Wenruo Reviewed-by: Qu Wenruo Signed-off-by: David Sterba fs/btrfs/qgroup.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit a5859c6d7b6114fc0e52be40f7b0f5451c4aba93 Author: Josh Poimboeuf Date: Tue Apr 18 16:44:29 2017 -0500 x86/build: convert function graph '-Os' error to warning For pre-4.6.0 versions of GCC, which don't have '-mfentry', the '-maccumulate-outgoing-args' option is required for function graph tracing in order to avoid GCC bug 42109. However, GCC ignores '-maccumulate-outgoing-args' when '-Os' is also set. Currently we force a build error to prevent that scenario, but that breaks randconfigs. So change the error to a warning which also disables CONFIG_CC_OPTIMIZE_FOR_SIZE. Reported-by: Andi Kleen Signed-off-by: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Steven Rostedt Cc: Thomas Gleixner Cc: kbuild test robot Cc: kbuild-all@01.org Link: http://lkml.kernel.org/r/20170418214429.o7fbwbmf4nqosezy@treble Signed-off-by: Ingo Molnar arch/x86/Makefile | 8 ++++++++ arch/x86/kernel/ftrace.c | 6 ------ 2 files changed, 8 insertions(+), 6 deletions(-) commit 1debdc8f9ebd07daf140e417b3841596911e0066 Author: Sergei Shtylyov Date: Mon Apr 17 15:55:22 2017 +0300 sh_eth: unmap DMA buffers when freeing rings The DMA API debugging (when enabled) causes: WARNING: CPU: 0 PID: 1445 at lib/dma-debug.c:519 add_dma_entry+0xe0/0x12c DMA-API: exceeded 7 overlapping mappings of cacheline 0x01b2974d to be printed after repeated initialization of the Ether device, e.g. suspend/resume or 'ifconfig' up/down. This is because DMA buffers mapped using dma_map_single() in sh_eth_ring_format() and sh_eth_start_xmit() are never unmapped. Resolve this problem by unmapping the buffers when freeing the descriptor rings; in order to do it right, we'd have to add an extra parameter to sh_eth_txfree() (we rename this function to sh_eth_tx_free(), while at it). Based on the commit a47b70ea86bd ("ravb: unmap descriptors when freeing rings"). Signed-off-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/sh_eth.c | 122 +++++++++++++++++++--------------- 1 file changed, 67 insertions(+), 55 deletions(-) commit 32fe905c17f001c0eee13c59afddd0bf2eed509c Author: Richard Weinberger Date: Thu Mar 30 10:50:49 2017 +0200 ubifs: Fix O_TMPFILE corner case in ubifs_link() It is perfectly fine to link a tmpfile back using linkat(). Since tmpfiles are created with a link count of 0 they appear on the orphan list, upon re-linking the inode has to be removed from the orphan list again. Ralph faced a filesystem corruption in combination with overlayfs due to this bug. Cc: Cc: Ralph Sennhauser Cc: Amir Goldstein Reported-by: Ralph Sennhauser Tested-by: Ralph Sennhauser Reported-by: Amir Goldstein Fixes: 474b93704f321 ("ubifs: Implement O_TMPFILE") Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 005882e53d62f25dae10351a8d3f13326051e8f5 Merge: 40d9018 544f8f9 Author: Linus Torvalds Date: Tue Apr 18 13:56:51 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc fixes from David Miller: "Two Sparc bug fixes from Daniel Jordan and Nitin Gupta" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Fix hugepage page table free sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL commit 40d9018eb738f724dc9c27eec88c78cc488e0af0 Merge: fb5e215 acf167f Author: Linus Torvalds Date: Tue Apr 18 13:24:42 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) BPF tail call handling bug fixes from Daniel Borkmann. 2) Fix allowance of too many rx queues in sfc driver, from Bert Kenward. 3) Non-loopback ipv6 packets claiming src of ::1 should be dropped, from Florian Westphal. 4) Statistics requests on KSZ9031 can crash, fix from Grygorii Strashko. 5) TX ring handling fixes in mediatek driver, from Sean Wang. 6) ip_ra_control can deadlock, fix lock acquisition ordering to fix, from Cong WANG. 7) Fix use after free in ip_recv_error(), from Willem de Buijn. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: bpf: fix checking xdp_adjust_head on tail calls bpf: fix cb access in socket filter programs on tail calls ipv6: drop non loopback packets claiming to originate from ::1 net: ethernet: mediatek: fix inconsistency of port number carried in TXD net: ethernet: mediatek: fix inconsistency between TXD and the used buffer net: phy: micrel: fix crash when statistic requested for KSZ9031 phy net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule net: thunderx: Fix set_max_bgx_per_node for 81xx rgx net-timestamp: avoid use-after-free in ip_recv_error ipv4: fix a deadlock in ip_ra_control sfc: limit the number of receive queues commit 0dc9c639e6553e39c13b2c0d54c8a1b098cb95e2 Author: Vishal Verma Date: Tue Apr 18 20:42:35 2017 +0200 x86/mce: Make the MCE notifier a blocking one The NFIT MCE handler callback (for handling media errors on NVDIMMs) takes a mutex to add the location of a memory error to a list. But since the notifier call chain for machine checks (x86_mce_decoder_chain) is atomic, we get a lockdep splat like: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:620 in_atomic(): 1, irqs_disabled(): 0, pid: 4, name: kworker/0:0 [..] Call Trace: dump_stack ___might_sleep __might_sleep mutex_lock_nested ? __lock_acquire nfit_handle_mce notifier_call_chain atomic_notifier_call_chain ? atomic_notifier_call_chain mce_gen_pool_process Convert the notifier to a blocking one which gets to run only in process context. Boris: remove the notifier call in atomic context in print_mce(). For now, let's print the MCE on the atomic path so that we can make sure they go out and get logged at least. Fixes: 6839a6d96f4e ("nfit: do an ARS scrub on hitting a latent media error") Reported-by: Ross Zwisler Signed-off-by: Vishal Verma Acked-by: Tony Luck Cc: Dan Williams Cc: linux-edac Cc: x86-ml Cc: Link: http://lkml.kernel.org/r/20170411224457.24777-1-vishal.l.verma@intel.com Signed-off-by: Borislav Petkov Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/mcheck/mce-genpool.c | 2 +- arch/x86/kernel/cpu/mcheck/mce-internal.h | 2 +- arch/x86/kernel/cpu/mcheck/mce.c | 17 +++-------------- 3 files changed, 5 insertions(+), 16 deletions(-) commit 544f8f935863c5a9ca3e34306ea3316095e7b7bf Author: Nitin Gupta Date: Mon Apr 17 15:46:41 2017 -0700 sparc64: Fix hugepage page table free Make sure the start adderess is aligned to PMD_SIZE boundary when freeing page table backing a hugepage region. The issue was causing segfaults when a region backed by 64K pages was unmapped since such a region is in general not PMD_SIZE aligned. Signed-off-by: Nitin Gupta Signed-off-by: David S. Miller arch/sparc/mm/hugetlbpage.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 395102db441abb8fd18fec5dd81428b5120232af Author: Daniel Jordan Date: Mon Apr 10 11:50:52 2017 -0400 sparc64: Use LOCKDEP_SMALL, not PROVE_LOCKING_SMALL CONFIG_PROVE_LOCKING_SMALL shrinks the memory usage of lockdep so the kernel text, data, and bss fit in the required 32MB limit, but this option is not set for every config that enables lockdep. A 4.10 kernel fails to boot with the console output Kernel: Using 8 locked TLB entries for main kernel image. hypervisor_tlb_lock[2000000:0:8000000071c007c3:1]: errors with f Program terminated with these config options CONFIG_LOCKDEP=y CONFIG_LOCK_STAT=y CONFIG_PROVE_LOCKING=n To fix, rename CONFIG_PROVE_LOCKING_SMALL to CONFIG_LOCKDEP_SMALL, and enable this option with CONFIG_LOCKDEP=y so we get the reduced memory usage every time lockdep is turned on. Tested that CONFIG_LOCKDEP_SMALL is set to 'y' if and only if CONFIG_LOCKDEP is set to 'y'. When other lockdep-related config options that select CONFIG_LOCKDEP are enabled (e.g. CONFIG_LOCK_STAT or CONFIG_PROVE_LOCKING), verified that CONFIG_LOCKDEP_SMALL is also enabled. Fixes: e6b5f1be7afe ("config: Adding the new config parameter CONFIG_PROVE_LOCKING_SMALL for sparc") Signed-off-by: Daniel Jordan Reviewed-by: Babu Moger Signed-off-by: David S. Miller arch/sparc/Kconfig | 2 +- kernel/locking/lockdep_internals.h | 6 +++--- lib/Kconfig.debug | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) commit a6db2c86033bc41329770e90c20d4f1fec3824e4 Author: Douglas Anderson Date: Tue Apr 11 15:55:43 2017 -0700 mmc: dw_mmc: Don't allow Runtime PM for SDIO cards According to the SDIO standard interrupts are normally signalled in a very complicated way. They require the card clock to be running and require the controller to be paying close attention to the signals coming from the card. This simply can't happen with the clock stopped or with the controller in a low power mode. To that end, we'll disable runtime_pm when we detect that an SDIO card was inserted. This is much like with what we do with the special "SDMMC_CLKEN_LOW_PWR" bit that dw_mmc supports. NOTE: we specifically do this Runtime PM disabling at card init time rather than in the enable_sdio_irq() callback. This is _different_ than how SDHCI does it. Why do we do it differently? - Unlike SDHCI, dw_mmc uses the standard sdio_irq code in Linux (AKA dw_mmc doesn't set MMC_CAP2_SDIO_IRQ_NOTHREAD). - Because we use the standard sdio_irq code: - We see a constant stream of enable_sdio_irq(0) and enable_sdio_irq(1) calls. This is because the standard code disables interrupts while processing and re-enables them after. - While interrupts are disabled, there's technically a period where we could get runtime disabled while processing interrupts. - If we are runtime disabled while processing interrupts, we'll reset the controller at resume time (see dw_mci_runtime_resume), which seems like a terrible idea because we could possibly have another interrupt pending. To fix the above isues we'd want to put something in the standard sdio_irq code that makes sure to call pm_runtime get/put when interrupts are being actively being processed. That's possible to do, but it seems like a more complicated mechanism when we really just want the runtime pm disabled always for SDIO cards given that all the other bits needed to get Runtime PM vs. SDIO just aren't there. NOTE: at some point in time someone might come up with a fancy way to do SDIO interrupts and still allow (some) amount of runtime PM. Technically we could turn off the card clock if we used an alternate way of signaling SDIO interrupts (and out of band interrupt is one way to do this). We probably wouldn't actually want to fully runtime suspend in this case though--at least not with the current dw_mci_runtime_resume() which basically fully resets the controller at resume time. Fixes: e9ed8835e990 ("mmc: dw_mmc: add runtime PM callback") Cc: Reported-by: Brian Norris Signed-off-by: Douglas Anderson Acked-by: Jaehoon Chung Reviewed-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 704de489e0e3640a2ee2d0daf173e9f7375582ba Author: Thorsten Leemhuis Date: Tue Apr 18 11:14:28 2017 -0700 Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled Temporary got a Lifebook E547 into my hands and noticed the touchpad only works after running: echo "1" > /sys/devices/platform/i8042/serio2/crc_enabled Add it to the list of machines that need this workaround. Cc: stable@vger.kernel.org Signed-off-by: Thorsten Leemhuis Reviewed-by: Ulrik De Bie Signed-off-by: Dmitry Torokhov drivers/input/mouse/elantech.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit fb5e2154b764812705dce84881319471d27606fb Merge: 0bad6d7 9ed19c7 Author: Linus Torvalds Date: Tue Apr 18 10:19:47 2017 -0700 Merge tag 'trace-v4.11-rc5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull ftrace testcase update from Steven Rostedt: "While testing my development branch, without the fix for the pid use after free bug, the selftest that Namhyung added triggers it. I figured it would be good to add the test for the bug after the fix, such that it does not exist without the fix. I added another patch that lets the test only test part of the pid filtering, and ignores the function-fork (filtering on children as well) if the function-fork feature does not exist. This feature is added by Namhyung just before he added this test. But since the test tests both with and without the feature, it would be good to let it not fail if the feature does not exist" * tag 'trace-v4.11-rc5-4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: selftests: ftrace: Add check for function-fork before running pid filter test selftests: ftrace: Add a testcase for function PID filter commit 5ef1ecf060f28ecef313b5723f1fd39bf5a35f56 Author: Heiner Kallweit Date: Wed Mar 29 20:54:37 2017 +0200 mmc: sdio: fix alignment issue in struct sdio_func Certain 64-bit systems (e.g. Amlogic Meson GX) require buffers to be used for DMA to be 8-byte-aligned. struct sdio_func has an embedded small DMA buffer not meeting this requirement. When testing switching to descriptor chain mode in meson-gx driver SDIO is broken therefore. Fix this by allocating the small DMA buffer separately as kmalloc ensures that the returned memory area is properly aligned for every basic data type. Signed-off-by: Heiner Kallweit Tested-by: Helmut Klein Signed-off-by: Ulf Hansson drivers/mmc/core/sdio_bus.c | 12 +++++++++++- include/linux/mmc/sdio_func.h | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) commit 9ed19c7695670d00455c1de4682d5c7f14618689 Author: Steven Rostedt (VMware) Date: Tue Apr 18 12:32:21 2017 -0400 selftests: ftrace: Add check for function-fork before running pid filter test Have the func-filter-pid test check for the function-fork option before testing it. It can still test the pid filtering, but will stop before testing the function-fork option for children inheriting the pids. This allows the test to be added before the function-fork feature, but after a bug fix that triggers one of the bugs the test can cause. Cc: Namhyung Kim Cc: Shuah Khan Signed-off-by: Steven Rostedt (VMware) .../ftrace/test.d/ftrace/func-filter-pid.tc | 27 ++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) commit 0bad6d7e935a45d0dfbe6925f4ca36ad8812ff65 Merge: 5ee4c5a d879d0b Author: Linus Torvalds Date: Tue Apr 18 09:31:51 2017 -0700 Merge tag 'trace-v4.11-rc5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull ftrace fix from Steven Rostedt: "Namhyung Kim discovered a use after free bug. It has to do with adding a pid filter to function tracing in an instance, and then freeing the instance" * tag 'trace-v4.11-rc5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: ftrace: Fix function pid filter on instances commit 5ee4c5a92993458c6beaba76c087227675fc3ccd Merge: 20bb78f e6534ae Author: Linus Torvalds Date: Tue Apr 18 09:03:50 2017 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes the following problems: - regression in new XTS/LRW code when used with async crypto - long-standing bug in ahash API when used with certain algos - bogus memory dereference in async algif_aead with certain algos" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: algif_aead - Fix bogus request dereference in completion function crypto: ahash - Fix EINPROGRESS notification callback crypto: lrw - Fix use-after-free on EINPROGRESS crypto: xts - Fix use-after-free on EINPROGRESS commit 093be89a12c8724883ac803420cba8b08a947d3b Author: Namhyung Kim Date: Mon Apr 17 11:44:30 2017 +0900 selftests: ftrace: Add a testcase for function PID filter Like event pid filtering test, add function pid filtering test with the new "function-fork" option. It also tests it on an instance directory so that it can verify the bug related pid filtering on instances. Link: http://lkml.kernel.org/r/20170417024430.21194-5-namhyung@kernel.org Cc: Ingo Molnar Cc: Masami Hiramatsu Cc: Shuah Khan Signed-off-by: Namhyung Kim Signed-off-by: Steven Rostedt (VMware) .../ftrace/test.d/ftrace/func-filter-pid.tc | 98 ++++++++++++++++++++++ 1 file changed, 98 insertions(+) commit c9f838d104fed6f2f61d68164712e3204bf5271b Author: Eric Biggers Date: Tue Apr 18 15:31:09 2017 +0100 KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings This fixes CVE-2017-7472. Running the following program as an unprivileged user exhausts kernel memory by leaking thread keyrings: #include int main() { for (;;) keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_THREAD_KEYRING); } Fix it by only creating a new thread keyring if there wasn't one before. To make things more consistent, make install_thread_keyring_to_cred() and install_process_keyring_to_cred() both return 0 if the corresponding keyring is already present. Fixes: d84f4f992cbd ("CRED: Inaugurate COW credentials") Cc: stable@vger.kernel.org # 2.6.29+ Signed-off-by: Eric Biggers Signed-off-by: David Howells security/keys/keyctl.c | 11 ++++------- security/keys/process_keys.c | 44 +++++++++++++++++++++++++++----------------- 2 files changed, 31 insertions(+), 24 deletions(-) commit c1644fe041ebaf6519f6809146a77c3ead9193af Author: David Howells Date: Tue Apr 18 15:31:08 2017 +0100 KEYS: Change the name of the dead type to ".dead" to prevent user access This fixes CVE-2017-6951. Userspace should not be able to do things with the "dead" key type as it doesn't have some of the helper functions set upon it that the kernel needs. Attempting to use it may cause the kernel to crash. Fix this by changing the name of the type to ".dead" so that it's rejected up front on userspace syscalls by key_get_type_from_user(). Though this doesn't seem to affect recent kernels, it does affect older ones, certainly those prior to: commit c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 Author: David Howells Date: Tue Sep 16 17:36:06 2014 +0100 KEYS: Remove key_type::match in favour of overriding default by match_preparse which went in before 3.18-rc1. Signed-off-by: David Howells cc: stable@vger.kernel.org security/keys/gc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ee8f844e3c5a73b999edf733df1c529d6503ec2f Author: David Howells Date: Tue Apr 18 15:31:07 2017 +0100 KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings This fixes CVE-2016-9604. Keyrings whose name begin with a '.' are special internal keyrings and so userspace isn't allowed to create keyrings by this name to prevent shadowing. However, the patch that added the guard didn't fix KEYCTL_JOIN_SESSION_KEYRING. Not only can that create dot-named keyrings, it can also subscribe to them as a session keyring if they grant SEARCH permission to the user. This, for example, allows a root process to set .builtin_trusted_keys as its session keyring, at which point it has full access because now the possessor permissions are added. This permits root to add extra public keys, thereby bypassing module verification. This also affects kexec and IMA. This can be tested by (as root): keyctl session .builtin_trusted_keys keyctl add user a a @s keyctl list @s which on my test box gives me: 2 keys in keyring: 180010936: ---lswrv 0 0 asymmetric: Build time autogenerated kernel key: ae3d4a31b82daa8e1a75b49dc2bba949fd992a05 801382539: --alswrv 0 0 user: a Fix this by rejecting names beginning with a '.' in the keyctl. Signed-off-by: David Howells Acked-by: Mimi Zohar cc: linux-ima-devel@lists.sourceforge.net cc: stable@vger.kernel.org security/keys/keyctl.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit be5c5e843c4afa1c8397cb740b6032bd4142f32d Author: Michael Ellerman Date: Tue Apr 18 14:08:15 2017 +1000 powerpc/64: Fix HMI exception on LE with CONFIG_RELOCATABLE=y Prior to commit 2337d207288f ("powerpc/64: CONFIG_RELOCATABLE support for hmi interrupts"), the branch from hmi_exception_early() to hmi_exception_realmode() was just a bl hmi_exception_realmode, which the linker would turn into a bl to the local entry point of hmi_exception_realmode. This was broken when CONFIG_RELOCATABLE=y because hmi_exception_realmode() is not in the low part of the kernel text that is copied down to 0x0. But in fixing that, we added a new bug on little endian kernels. Because the branch is now a bctrl when CONFIG_RELOCATABLE=y, we branch to the global entry point of hmi_exception_realmode(). The global entry point must be called with r12 containing the address of hmi_exception_realmode(), because it uses that value to calculate the TOC value (r2). This may manifest as a checkstop, because we take a junk value from r12 which came from HSRR1, add a small constant to it and then use that as the TOC pointer. The HSRR1 value will have 0x9 as the top nibble, which puts it above RAM and somewhere in MMIO space. Fix it by changing the BRANCH_LINK_TO_FAR() macro to always use r12 to load the label we're branching to. This means r12 will be setup correctly on LE, fixing this bug, and r12 is also volatile across function calls on BE so it's a good choice anyway. Fixes: 2337d207288f ("powerpc/64: CONFIG_RELOCATABLE support for hmi interrupts") Reported-by: Mahesh Salgaonkar Acked-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/include/asm/exception-64s.h | 8 ++++---- arch/powerpc/kernel/exceptions-64s.S | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) commit 9e1ba4f27f018742a1aa95d11e35106feba08ec1 Author: Ravi Bangoria Date: Tue Apr 11 10:38:13 2017 +0530 powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction If we set a kprobe on a 'stdu' instruction on powerpc64, we see a kernel OOPS: Bad kernel stack pointer cd93c840 at c000000000009868 Oops: Bad kernel stack pointer, sig: 6 [#1] ... GPR00: c000001fcd93cb30 00000000cd93c840 c0000000015c5e00 00000000cd93c840 ... NIP [c000000000009868] resume_kernel+0x2c/0x58 LR [c000000000006208] program_check_common+0x108/0x180 On a 64-bit system when the user probes on a 'stdu' instruction, the kernel does not emulate actual store in emulate_step() because it may corrupt the exception frame. So the kernel does the actual store operation in exception return code i.e. resume_kernel(). resume_kernel() loads the saved stack pointer from memory using lwz, which only loads the low 32-bits of the address, causing the kernel crash. Fix this by loading the 64-bit value instead. Fixes: be96f63375a1 ("powerpc: Split out instruction analysis part of emulate_step()") Cc: stable@vger.kernel.org # v3.18+ Signed-off-by: Ravi Bangoria Reviewed-by: Naveen N. Rao Reviewed-by: Ananth N Mavinakayanahalli [mpe: Change log massage, add stable tag] Signed-off-by: Michael Ellerman arch/powerpc/kernel/entry_64.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 096f41d3a8fcbb8dde7f71379b1ca85fe213eded Author: Herbert Xu Date: Thu Apr 13 18:35:59 2017 +0800 af_key: Fix sadb_x_ipsecrequest parsing The parsing of sadb_x_ipsecrequest is broken in a number of ways. First of all we're not verifying sadb_x_ipsecrequest_len. This is needed when the structure carries addresses at the end. Worse we don't even look at the length when we parse those optional addresses. The migration code had similar parsing code that's better but it also has some deficiencies. The length is overcounted first of all as it includes the header itself. It also fails to check the length before dereferencing the sa_family field. This patch fixes those problems in parse_sockaddr_pair and then uses it in parse_ipsecrequest. Reported-by: Andrey Konovalov Signed-off-by: Herbert Xu Signed-off-by: Steffen Klassert net/key/af_key.c | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) commit 20bb78f6b3d1edfdfd52b8a05d2f4f111877618e Merge: 4f7d029 3f795ce Author: Linus Torvalds Date: Mon Apr 17 15:06:34 2017 -0700 Merge branch 'parisc-4.11-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fix from Helge Deller: "One patch which fixes get_user() for 64-bit values on 32-bit kernels. Up to now we lost the upper 32-bits of the returned 64-bit value" * 'parisc-4.11-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Fix get_user() for 64-bit value on 32-bit kernel commit 62a6cfddcc0a5313e7da3e8311ba16226fe0ac10 Author: Sachin Prabhu Date: Sun Apr 16 20:37:24 2017 +0100 cifs: Do not send echoes before Negotiate is complete commit 4fcd1813e640 ("Fix reconnect to not defer smb3 session reconnect long after socket reconnect") added support for Negotiate requests to be initiated by echo calls. To avoid delays in calling echo after a reconnect, I added the patch introduced by the commit b8c600120fc8 ("Call echo service immediately after socket reconnect"). This has however caused a regression with cifs shares which do not have support for echo calls to trigger Negotiate requests. On connections which need to call Negotiation, the echo calls trigger an error which triggers a reconnect which in turn triggers another echo call. This results in a loop which is only broken when an operation is performed on the cifs share. For an idle share, it can DOS a server. The patch uses the smb_operation can_echo() for cifs so that it is called only if connection has been already been setup. kernel bz: 194531 Signed-off-by: Sachin Prabhu Tested-by: Jonathan Liu Acked-by: Pavel Shilovsky CC: Stable Signed-off-by: Steve French fs/cifs/smb1ops.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit d879d0b8c183aabeb9a65eba91f3f9e3c7e7b905 Author: Namhyung Kim Date: Mon Apr 17 11:44:27 2017 +0900 ftrace: Fix function pid filter on instances When function tracer has a pid filter, it adds a probe to sched_switch to track if current task can be ignored. The probe checks the ftrace_ignore_pid from current tr to filter tasks. But it misses to delete the probe when removing an instance so that it can cause a crash due to the invalid tr pointer (use-after-free). This is easily reproducible with the following: # cd /sys/kernel/debug/tracing # mkdir instances/buggy # echo $$ > instances/buggy/set_ftrace_pid # rmdir instances/buggy ============================================================================ BUG: KASAN: use-after-free in ftrace_filter_pid_sched_switch_probe+0x3d/0x90 Read of size 8 by task kworker/0:1/17 CPU: 0 PID: 17 Comm: kworker/0:1 Tainted: G B 4.11.0-rc3 #198 Call Trace: dump_stack+0x68/0x9f kasan_object_err+0x21/0x70 kasan_report.part.1+0x22b/0x500 ? ftrace_filter_pid_sched_switch_probe+0x3d/0x90 kasan_report+0x25/0x30 __asan_load8+0x5e/0x70 ftrace_filter_pid_sched_switch_probe+0x3d/0x90 ? fpid_start+0x130/0x130 __schedule+0x571/0xce0 ... To fix it, use ftrace_clear_pids() to unregister the probe. As instance_rmdir() already updated ftrace codes, it can just free the filter safely. Link: http://lkml.kernel.org/r/20170417024430.21194-2-namhyung@kernel.org Fixes: 0c8916c34203 ("tracing: Add rmdir to remove multibuffer instances") Cc: Ingo Molnar Cc: stable@vger.kernel.org Reviewed-by: Masami Hiramatsu Signed-off-by: Namhyung Kim Signed-off-by: Steven Rostedt (VMware) kernel/trace/ftrace.c | 9 +++++++++ kernel/trace/trace.c | 1 + kernel/trace/trace.h | 2 ++ 3 files changed, 12 insertions(+) commit acf167f3f2495f0b6565f6e8ac9bd87158a0e98d Merge: 0aa8c13 c2002f9 Author: David S. Miller Date: Mon Apr 17 15:51:58 2017 -0400 Merge branch 'bpf-fixes' Daniel Borkmann says: ==================== Two BPF fixes The set fixes cb_access and xdp_adjust_head bits in struct bpf_prog, that are used for requirement checks on the program rather than f.e. heuristics. Thus, for tail calls, we cannot make any assumptions and are forced to set them. ==================== Signed-off-by: David S. Miller commit c2002f983767ea0a53acbb3e21f771e7a7e2ed28 Author: Daniel Borkmann Date: Mon Apr 17 03:12:07 2017 +0200 bpf: fix checking xdp_adjust_head on tail calls Commit 17bedab27231 ("bpf: xdp: Allow head adjustment in XDP prog") added the xdp_adjust_head bit to the BPF prog in order to tell drivers that the program that is to be attached requires support for the XDP bpf_xdp_adjust_head() helper such that drivers not supporting this helper can reject the program. There are also drivers that do support the helper, but need to check for xdp_adjust_head bit in order to move packet metadata prepended by the firmware away for making headroom. For these cases, the current check for xdp_adjust_head bit is insufficient since there can be cases where the program itself does not use the bpf_xdp_adjust_head() helper, but tail calls into another program that uses bpf_xdp_adjust_head(). As such, the xdp_adjust_head bit is still set to 0. Since the first program has no control over which program it calls into, we need to assume that bpf_xdp_adjust_head() helper is used upon tail calls. Thus, for the very same reasons in cb_access, set the xdp_adjust_head bit to 1 when the main program uses tail calls. Fixes: 17bedab27231 ("bpf: xdp: Allow head adjustment in XDP prog") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Cc: Martin KaFai Lau Signed-off-by: David S. Miller kernel/bpf/syscall.c | 1 + 1 file changed, 1 insertion(+) commit 6b1bb01bcc5be91452bd3b5bda4300f179fd4053 Author: Daniel Borkmann Date: Mon Apr 17 03:12:06 2017 +0200 bpf: fix cb access in socket filter programs on tail calls Commit ff936a04e5f2 ("bpf: fix cb access in socket filter programs") added a fix for socket filter programs such that in i) AF_PACKET the 20 bytes of skb->cb[] area gets zeroed before use in order to not leak data, and ii) socket filter programs attached to TCP/UDP sockets need to save/restore these 20 bytes since they are also used by protocol layers at that time. The problem is that bpf_prog_run_save_cb() and bpf_prog_run_clear_cb() only look at the actual attached program to determine whether to zero or save/restore the skb->cb[] parts. There can be cases where the actual attached program does not access the skb->cb[], but the program tail calls into another program which does access this area. In such a case, the zero or save/restore is currently not performed. Since the programs we tail call into are unknown at verification time and can dynamically change, we need to assume that whenever the attached program performs a tail call, that later programs could access the skb->cb[], and therefore we need to always set cb_access to 1. Fixes: ff936a04e5f2 ("bpf: fix cb access in socket filter programs") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/syscall.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 0aa8c13eb512823bc4d60397d666a6b6260bb965 Author: Florian Westphal Date: Fri Apr 14 20:22:43 2017 +0200 ipv6: drop non loopback packets claiming to originate from ::1 We lack a saddr check for ::1. This causes security issues e.g. with acls permitting connections from ::1 because of assumption that these originate from local machine. Assuming a source address of ::1 is local seems reasonable. RFC4291 doesn't allow such a source address either, so drop such packets. Reported-by: Eric Dumazet Signed-off-by: Florian Westphal Acked-by: Eric Dumazet Acked-by: Hannes Frederic Sowa Signed-off-by: David S. Miller net/ipv6/ip6_input.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 85128b2be6738fe36c224995c5ee80fe80fbb1b5 Author: Al Viro Date: Thu Apr 13 09:31:51 2017 -0400 fix nfs O_DIRECT advancing iov_iter too much It leaves the iterator advanced by the amount of IO it has requested instead of the amount actually transferred. Among other things, that confuses the hell out of generic_file_splice_read(). Signed-off-by: Al Viro fs/nfs/direct.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) commit 71d6ad08379304128e4bdfaf0b4185d54375423e Author: Al Viro Date: Fri Apr 14 17:22:18 2017 -0400 p9_client_readdir() fix Don't assume that server is sane and won't return more data than asked for. Cc: stable@vger.kernel.org Signed-off-by: Al Viro net/9p/client.c | 4 ++++ 1 file changed, 4 insertions(+) commit 890559e34eac1fb90a4b5916d4a1387376a05d51 Author: Al Viro Date: Thu Apr 13 03:10:18 2017 -0400 orangefs_bufmap_copy_from_iovec(): fix EFAULT handling short copy here should mean instant EFAULT, not "move to the next page and hope it fails there, this time with nothing copied" Signed-off-by: Al Viro fs/orangefs/orangefs-bufmap.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit e7590308d17e578e47f298cc3fec359108341cb6 Merge: daffad2 372fa10 Author: Stephen Boyd Date: Mon Apr 17 11:04:12 2017 -0700 Merge tag 'sunxi-clk-fixes-for-4.11-2-bis' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux into clk-fixes Pull Allwinner clock fixes for 4.11 from Maxime Ripard: Two build errors fixes for the sunxi-ng drivers. The two other patches fix random CPU crashes happening on the A33 since CPUFreq has been enabled in 4.11. * tag 'sunxi-clk-fixes-for-4.11-2-bis' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux: clk: sunxi-ng: a33: gate then ungate PLL CPU clk after rate change clk: sunxi-ng: Add clk notifier to gate then ungate PLL clocks clk: sunxi-ng: fix build failure in ccu-sun9i-a80 driver clk: sunxi-ng: fix build error without CONFIG_RESET_CONTROLLER commit 71947f0f91ad9c995e11c671d24bd4da5d11c0cb Merge: bfe7244 134d215 Author: David S. Miller Date: Mon Apr 17 13:33:59 2017 -0400 Merge branch 'mediatek-tx-bugs' Sean Wang says: ==================== mediatek: Fix crash caused by reporting inconsistent skb->len to BQL Changes since v1: - fix inconsistent enumeration which easily causes the potential bug The series fixes kernel BUG caused by inconsistent SKB length reported into BQL. The reason for inconsistent length comes from hardware BUG which results in different port number carried on the TXD within the lifecycle of SKB. So patch 2) is proposed for use a software way to track which port the SKB involving instead of hardware way. And patch 1) is given for another issue I found which causes TXD and SKB inconsistency that is not expected in the initial logic, so it is also being corrected it in the series. The log for the kernel BUG caused by the issue is posted as below. [ 120.825955] kernel BUG at ... lib/dynamic_queue_limits.c:26! [ 120.837684] Internal error: Oops - BUG: 0 [#1] SMP ARM [ 120.842778] Modules linked in: [ 120.845811] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.11.0-rc1-191576-gdbcef47 #35 [ 120.853488] Hardware name: Mediatek Cortex-A7 (Device Tree) [ 120.859012] task: c1007480 task.stack: c1000000 [ 120.863510] PC is at dql_completed+0x108/0x17c [ 120.867915] LR is at 0x46 [ 120.870512] pc : [] lr : [<00000046>] psr: 80000113 [ 120.870512] sp : c1001d58 ip : c1001d80 fp : c1001d7c [ 120.881895] r10: 0000003e r9 : df6b3400 r8 : 0ed86506 [ 120.887075] r7 : 00000001 r6 : 00000001 r5 : 0ed8654c r4 : df0135d8 [ 120.893546] r3 : 00000001 r2 : df016800 r1 : 0000fece r0 : df6b3480 [ 120.900018] Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 120.907093] Control: 10c5387d Table: 9e27806a DAC: 00000051 [ 120.912789] Process swapper/0 (pid: 0, stack limit = 0xc1000218) [ 120.918744] Stack: (0xc1001d58 to 0xc1002000) .... 121.085331] 1fc0: 00000000 c0a52a28 00000000 c10855d4 c1003c58 c0a52a24 c100885c 8000406a [ 121.093444] 1fe0: 410fc073 00000000 00000000 c1001ff8 8000807c c0a009cc 00000000 00000000 [ 121.101575] [] (dql_completed) from [] (mtk_napi_tx+0x1d0/0x37c) [ 121.109263] [] (mtk_napi_tx) from [] (net_rx_action+0x24c/0x3b8) [ 121.116951] [] (net_rx_action) from [] (__do_softirq+0xe4/0x35c) [ 121.124638] [] (__do_softirq) from [] (irq_exit+0xe8/0x150) [ 121.131895] [] (irq_exit) from [] (__handle_domain_irq+0x70/0xc4) [ 121.139666] [] (__handle_domain_irq) from [] (gic_handle_irq+0x58/0x9c) [ 121.147953] [] (gic_handle_irq) from [] (__irq_svc+0x6c/0x90) [ 121.155373] Exception stack(0xc1001ef8 to 0xc1001f40) ==================== Signed-off-by: David S. Miller commit 134d21525f5f7c89f1f6ce052a11ac09dc27b331 Author: Sean Wang Date: Fri Apr 14 11:19:12 2017 +0800 net: ethernet: mediatek: fix inconsistency of port number carried in TXD Fix port inconsistency on TXD due to hardware BUG that would cause different port number is carried on the same TXD between tx_map() and tx_unmap() with the iperf test. It would cause confusing BQL logic which leads to kernel panic when dual GMAC runs concurrently. Signed-off-by: Sean Wang Signed-off-by: David S. Miller drivers/net/ethernet/mediatek/mtk_eth_soc.c | 14 +++++++++----- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 12 +++++++++--- 2 files changed, 18 insertions(+), 8 deletions(-) commit 81d2dd09ca11a2b834c8a915c6aabf8325d57ecf Author: Sean Wang Date: Fri Apr 14 11:19:11 2017 +0800 net: ethernet: mediatek: fix inconsistency between TXD and the used buffer Fix inconsistency between the TXD descriptor and the used buffer that would cause unexpected logic at mtk_tx_unmap() during skb housekeeping. Signed-off-by: Sean Wang Signed-off-by: David S. Miller drivers/net/ethernet/mediatek/mtk_eth_soc.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) commit bfe72442578bb112626e476ffe1f276504d85b95 Author: Grygorii Strashko Date: Thu Apr 13 14:11:27 2017 -0500 net: phy: micrel: fix crash when statistic requested for KSZ9031 phy Now the command: ethtool --phy-statistics eth0 will cause system crash with meassage "Unable to handle kernel NULL pointer dereference at virtual address 00000010" from: (kszphy_get_stats) from [] (ethtool_get_phy_stats+0xd8/0x210) (ethtool_get_phy_stats) from [] (dev_ethtool+0x5b8/0x228c) (dev_ethtool) from [] (dev_ioctl+0x3fc/0x964) (dev_ioctl) from [] (sock_ioctl+0x170/0x2c0) (sock_ioctl) from [] (do_vfs_ioctl+0xa8/0x95c) (do_vfs_ioctl) from [] (SyS_ioctl+0x3c/0x64) (SyS_ioctl) from [] (ret_fast_syscall+0x0/0x44) The reason: phy_driver structure for KSZ9031 phy has no .probe() callback defined. As result, struct phy_device *phydev->priv pointer will not be initializes (null). This issue will affect also following phys: KSZ8795, KSZ886X, KSZ8873MLL, KSZ9031, KSZ9021, KSZ8061, KS8737 Fix it by: - adding .probe() = kszphy_probe() callback to KSZ9031, KSZ9021 phys. The kszphy_probe() can be re-used as it doesn't do any phy specific settings. - removing statistic callbacks from other phys (KSZ8795, KSZ886X, KSZ8873MLL, KSZ8061, KS8737) as they doesn't have corresponding statistic counters. Fixes: 2b2427d06426 ("phy: micrel: Add ethtool statistics counters") Signed-off-by: Grygorii Strashko Reviewed-by: Andrew Lunn Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/micrel.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) commit 426c87caa2b4578b43cd3f689f02c65b743b2559 Author: David Ahern Date: Thu Apr 13 10:57:15 2017 -0600 net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule Only need 1 l3mdev FIB rule. Fix setting NLM_F_EXCL in the nlmsghdr. Fixes: 1aa6c4f6b8cd8 ("net: vrf: Add l3mdev rules on first device create") Signed-off-by: David Ahern Signed-off-by: David S. Miller drivers/net/vrf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b47a57a273fc0c1a922fe8b6a139881971e3d8de Author: George Cherian Date: Thu Apr 13 07:25:01 2017 +0000 net: thunderx: Fix set_max_bgx_per_node for 81xx rgx Add the PCI_SUBSYS_DEVID_81XX_RGX and use the same to set the max bgx per node count. This fixes the issue intoduced by following commit 78aacb6f6 net: thunderx: Fix invalid mac addresses for node1 interfaces With this commit the max_bgx_per_node for 81xx is set as 2 instead of 3 because of which num_vfs is always calculated as zero. Signed-off-by: George Cherian Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 1 + drivers/net/ethernet/cavium/thunder/thunder_bgx.h | 1 + 2 files changed, 2 insertions(+) commit 1862d6208db0aeca9c8ace44915b08d5ab2cd667 Author: Willem de Bruijn Date: Wed Apr 12 19:24:35 2017 -0400 net-timestamp: avoid use-after-free in ip_recv_error Syzkaller reported a use-after-free in ip_recv_error at line info->ipi_ifindex = skb->dev->ifindex; This function is called on dequeue from the error queue, at which point the device pointer may no longer be valid. Save ifindex on enqueue in __skb_complete_tx_timestamp, when the pointer is valid or NULL. Store it in temporary storage skb->cb. It is safe to reference skb->dev here, as called from device drivers or dev_queue_xmit. The exception is when called from tcp_ack_tstamp; in that case it is NULL and ifindex is set to 0 (invalid). Do not return a pktinfo cmsg if ifindex is 0. This maintains the current behavior of not returning a cmsg if skb->dev was NULL. On dequeue, the ipv4 path will cast from sock_exterr_skb to in_pktinfo. Both have ifindex as their first element, so no explicit conversion is needed. This is by design, introduced in commit 0b922b7a829c ("net: original ingress device index in PKTINFO"). For ipv6 ip6_datagram_support_cmsg converts to in6_pktinfo. Fixes: 829ae9d61165 ("net-timestamp: allow reading recv cmsg on errqueue with origin tstamp") Reported-by: Andrey Konovalov Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller net/core/skbuff.c | 1 + net/ipv4/ip_sockglue.c | 9 ++++----- net/ipv6/datagram.c | 10 +--------- 3 files changed, 6 insertions(+), 14 deletions(-) commit 1215e51edad1272e669172b26aa12aac94810c7f Author: WANG Cong Date: Wed Apr 12 12:32:13 2017 -0700 ipv4: fix a deadlock in ip_ra_control Similar to commit 87e9f0315952 ("ipv4: fix a potential deadlock in mcast getsockopt() path"), there is a deadlock scenario for IP_ROUTER_ALERT too: CPU0 CPU1 ---- ---- lock(rtnl_mutex); lock(sk_lock-AF_INET); lock(rtnl_mutex); lock(sk_lock-AF_INET); Fix this by always locking RTNL first on all setsockopt() paths. Note, after this patch ip_ra_lock is no longer needed either. Reported-by: Dmitry Vyukov Tested-by: Andrey Konovalov Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/ipv4/ip_sockglue.c | 1 + net/ipv4/ipmr.c | 11 ++--------- net/ipv4/raw.c | 2 ++ 3 files changed, 5 insertions(+), 9 deletions(-) commit 271a8b428f8361f3ad4c599835ccd34dd458b212 Author: Bert Kenward Date: Wed Apr 12 17:06:52 2017 +0100 sfc: limit the number of receive queues The number of rx queues is determined by the rss_cpus parameter or the cpu topology. If that is higher than EFX_MAX_RX_QUEUES the driver can corrupt state. Fixes: 8ceee660aacb ("New driver "sfc" for Solarstorm SFC4000 controller.") Signed-off-by: Bert Kenward Signed-off-by: David S. Miller drivers/net/ethernet/sfc/efx.c | 7 +++++++ drivers/net/ethernet/sfc/falcon/efx.c | 7 +++++++ 2 files changed, 14 insertions(+) commit 4f7d029b9bf009fbee76bb10c0c4351a1870d2f3 Author: Linus Torvalds Date: Sun Apr 16 13:00:18 2017 -0700 Linux 4.11-rc7 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7395ca0f912c44e70db18b6a34c7024ba34564bd Merge: a86f106 e2647b6 Author: Linus Torvalds Date: Sun Apr 16 12:38:17 2017 -0700 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "Again, a batch that's been sitting a couple of weeks, mostly because I anticipated a bit more material but it didn't show up -- which is good. These are all your garden variety fixes for ARM platforms. The most visible issue fixed here is probably the SMP reset issue on OMAP, the rest are minor stuff" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: arm64: allwinner: a64: add pmu0 regs for USB PHY ARM: OMAP2+: omap_device: Sync omap_device and pm_runtime after probe defer reset: add exported __reset_control_get, return NULL if optional ARM: orion5x: only call into phylib when available ARM: omap2+: Revert omap-smp.c changes resetting CPU1 during boot ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend ARM: dts: ti: fix PCI bus dtc warnings ARM: dts: am335x-baltos: disable EEE for Atheros 8035 PHY ARM: dts: OMAP3: Fix MFG ID EEPROM ARM: sun8i: a33: add operating-points-v2 property to all nodes ARM: sun8i: a33: remove highest OPP to fix CPU crashes commit a86f106f488b170e6a0361c723c5a7ad72d4ab33 Merge: 11c994d 5a8d75a Author: Linus Torvalds Date: Sun Apr 16 12:05:09 2017 -0700 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Four small fixes. Three of them fix the same error in NVMe, in loop, fc, and rdma respectively. The last fix from Ming fixes a regression in this series, where our bvec gap logic was wrong and causes an oops on NVMe for certain conditions" * 'for-linus' of git://git.kernel.dk/linux-block: block: fix bio_will_gap() for first bvec with offset nvme-fc: Fix sqsize wrong assignment based on ctrl MQES capability nvme-rdma: Fix sqsize wrong assignment based on ctrl MQES capability nvme-loop: Fix sqsize wrong assignment based on ctrl MQES capability commit e2647b6de7247b8b8ed50da8d89138a1566c0293 Merge: 5fa22a6 04abaf0 Author: Olof Johansson Date: Sun Apr 16 11:52:26 2017 -0700 Merge tag 'omap-for-v4.11/fixes-rc6-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Regression fix for omap interconnect code for deferred probe. Without this fix we can get PM related warnings for devices that use deferred probe. If necessary, this fix can wait for the v4.12 merge window no problem. * tag 'omap-for-v4.11/fixes-rc6-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: OMAP2+: omap_device: Sync omap_device and pm_runtime after probe defer ARM: omap2+: Revert omap-smp.c changes resetting CPU1 during boot ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend ARM: dts: ti: fix PCI bus dtc warnings ARM: dts: am335x-baltos: disable EEE for Atheros 8035 PHY ARM: dts: OMAP3: Fix MFG ID EEPROM Signed-off-by: Olof Johansson commit 11c994d9a50b6ba5a96a1c1450ce0fa7bd840f1c Merge: 032aaf3 330c418 Author: Linus Torvalds Date: Sun Apr 16 11:48:10 2017 -0700 Merge branch 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup fix from Tejun Heo: "Unfortunately, the commit to fix the cgroup mount race in the previous pull request can lead to hangs. The original bug has been around for a while and isn't too likely to be triggered in usual use cases. Revert the commit for now" * 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: Revert "cgroup: avoid attaching a cgroup root to two different superblocks" commit 032aaf3f9ff9faa039673d95ea95e02ddff3a26b Merge: 4853886 a8983d0 Author: Linus Torvalds Date: Sun Apr 16 11:35:34 2017 -0700 Merge tag 'tty-4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty fix from Greg KH: "Here is a single tty core revert for a patch that was reported to cause problems. The original issue is one that we have lived with for decades, so trying to scramble to fix the fix in time for 4.11-final does not make sense due to the fragility of the tty ldisc layer. Just reverting it makes sense for now" * tag 'tty-4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: Revert "tty: don't panic on OOM in tty_set_ldisc()" commit 48538861b993255ec6e1012b5af1cfbb8787a4d6 Merge: d5ff081 82cc4fc Author: Linus Torvalds Date: Sun Apr 16 10:01:34 2017 -0700 Merge tag 'trace-v4.11-rc5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull ftrace fix from Steven Rostedt: "While rewriting the function probe code, I stumbled over a long standing bug. This bug has been there sinc function tracing was added way back when. But my new development depends on this bug being fixed, and it should be fixed regardless as it causes ftrace to disable itself when triggered, and a reboot is required to enable it again. The bug is that the function probe does not disable itself properly if there's another probe of its type still enabled. For example: # cd /sys/kernel/debug/tracing # echo schedule:traceoff > set_ftrace_filter # echo do_IRQ:traceoff > set_ftrace_filter # echo \!do_IRQ:traceoff > /debug/tracing/set_ftrace_filter # echo do_IRQ:traceoff > set_ftrace_filter The above registers two traceoff probes (one for schedule and one for do_IRQ, and then removes do_IRQ. But since there still exists one for schedule, it is not done properly. When adding do_IRQ back, the breakage in the accounting is noticed by the ftrace self tests, and it causes a warning and disables ftrace" * tag 'trace-v4.11-rc5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: ftrace: Fix removing of second function probe commit 330c418638612d7658b6314e6a244fcb5f7efac5 Author: Tejun Heo Date: Sun Apr 16 23:17:37 2017 +0900 Revert "cgroup: avoid attaching a cgroup root to two different superblocks" This reverts commit bfb0b80db5f9dca5ac0a5fd0edb765ee555e5a8e. Andrei reports CRIU test hangs with the patch applied. The bug fixed by the patch isn't too likely to trigger in actual uses. Revert the patch for now. Signed-off-by: Tejun Heo Reported-by: Andrei Vagin Link: http://lkml.kernel.org/r/20170414232737.GC20350@outlook.office365.com kernel/cgroup/cgroup-v1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3f795cef0ecdf9bc980dd058d49bdab4b19af1d3 Author: Helge Deller Date: Sun Apr 16 10:00:14 2017 +0200 parisc: Fix get_user() for 64-bit value on 32-bit kernel This fixes a bug in which the upper 32-bits of a 64-bit value which is read by get_user() was lost on a 32-bit kernel. While touching this code, split out pre-loading of %sr2 space register and clean up code indent. Cc: # v4.9+ Signed-off-by: Helge Deller arch/parisc/include/asm/uaccess.h | 86 +++++++++++++++++++++++++-------------- 1 file changed, 55 insertions(+), 31 deletions(-) commit d5ff0814fda50f0306e102f39640cf5bb76af08e Merge: 403a39f 11e63f6 Author: Linus Torvalds Date: Sat Apr 15 14:07:03 2017 -0700 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull nvdimm fixes from Dan Williams: "A small crop of lockdep, sleeping while atomic, and other fixes / band-aids in advance of the full-blown reworks targeting the next merge window. The largest change here is "libnvdimm: fix blk free space accounting" which deletes a pile of buggy code that better testing would have caught before merging. The next change that is borderline too big for a late rc is switching the device-dax locking from rcu to srcu, I couldn't think of a smaller way to make that fix. The __copy_user_nocache fix will have a full replacement in 4.12 to move those pmem special case considerations into the pmem driver. The "libnvdimm: band aid btt vs clear poison locking" commit admits that our error clearing support for btt went in broken, so we just disable it in 4.11 and -stable. A replacement / full fix is in the pipeline for 4.12 Some of these would have been caught earlier had DEBUG_ATOMIC_SLEEP been enabled on my development station. I wonder if we should have: config DEBUG_ATOMIC_SLEEP default PROVE_LOCKING ...since I mistakenly thought I got both with PROVE_LOCKING=y. These have received a build success notification from the 0day robot, and some have appeared in a -next release with no reported issues" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation libnvdimm: band aid btt vs clear poison locking libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat libnvdimm: fix blk free space accounting acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison) commit 403a39f8b0c7b819f8c7ea14bc81f598b1d352cf Merge: be84a46 0e1bfea Author: Linus Torvalds Date: Sat Apr 15 09:42:14 2017 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "This is seven small fixes which are all for user visible issues that fortunately only occur in rare circumstances. The most serious is the sr one in which QEMU can cause us to read beyond the end of a buffer (I don't think it's exploitable, but just in case). The next is the sd capacity fix which means all non 512 byte sector drives greater than 2TB fail to be correctly sized. The rest are either in new drivers (qedf) or on error legs" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION scsi: aacraid: fix PCI error recovery path scsi: sd: Fix capacity calculation with 32-bit sector_t scsi: qla2xxx: Add fix to read correct register value for ISP82xx. scsi: qedf: Fix crash due to unsolicited FIP VLAN response. scsi: sr: Sanity check returned mode data scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable commit be84a46c7f6b1328abea4a5132a107f2bdbf2437 Merge: 1ec1688 409c1b2 Author: Linus Torvalds Date: Sat Apr 15 09:40:35 2017 -0700 Merge branch 'parisc-4.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fix from Helge Deller: "Mikulas Patocka fixed a few bugs in our new pa_memcpy() assembler function, e.g. one bug made the kernel unbootable if source and destination address are the same" * 'parisc-4.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: fix bugs in pa_memcpy commit 1ec1688c5360e14dde4094d6acbf7516bf6db37e Author: Martin Brandenburg Date: Fri Apr 14 14:22:41 2017 -0400 orangefs: free superblock when mount fails Otherwise lockdep says: [ 1337.483798] ================================================ [ 1337.483999] [ BUG: lock held when returning to user space! ] [ 1337.484252] 4.11.0-rc6 #19 Not tainted [ 1337.484423] ------------------------------------------------ [ 1337.484626] mount/14766 is leaving the kernel with locks still held! [ 1337.484841] 1 lock held by mount/14766: [ 1337.485017] #0: (&type->s_umount_key#33/1){+.+.+.}, at: [] sget_userns+0x2af/0x520 Caught by xfstests generic/413 which tried to mount with the unsupported mount option dax. Then xfstests generic/422 ran sync which deadlocks. Signed-off-by: Martin Brandenburg Acked-by: Mike Marshall Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds fs/orangefs/devorangefs-req.c | 9 +++++++-- fs/orangefs/orangefs-kernel.h | 1 + fs/orangefs/super.c | 23 ++++++++++++++++------- 3 files changed, 24 insertions(+), 9 deletions(-) commit ca855a5e2679e9e571dfb0e64f4484b36f1992a8 Merge: 0e1bfea e7661a8 Author: James Bottomley Date: Sat Apr 15 09:36:06 2017 -0700 Merge remote-tracking branch 'mkp-scsi/4.11/scsi-fixes' into fixes commit c0eb027e5aef70b71e5a38ee3e264dc0b497f343 Author: Linus Torvalds Date: Sun Apr 2 17:10:08 2017 -0700 vfs: don't do RCU lookup of empty pathnames Normal pathname lookup doesn't allow empty pathnames, but using AT_EMPTY_PATH (with name_to_handle_at() or fstatat(), for example) you can trigger an empty pathname lookup. And not only is the RCU lookup in that case entirely unnecessary (because we'll obviously immediately finalize the end result), it is actively wrong. Why? An empth path is a special case that will return the original 'dirfd' dentry - and that dentry may not actually be RCU-free'd, resulting in a potential use-after-free if we were to initialize the path lazily under the RCU read lock and depend on complete_walk() finalizing the dentry. Found by syzkaller and KASAN. Reported-by: Dmitry Vyukov Reported-by: Vegard Nossum Acked-by: Al Viro Signed-off-by: Linus Torvalds fs/namei.c | 3 +++ 1 file changed, 3 insertions(+) commit 409c1b250e30ad0e48b4d15d7319b4e18c046c4f Author: Mikulas Patocka Date: Fri Apr 14 14:15:20 2017 -0400 parisc: fix bugs in pa_memcpy The patch 554bfeceb8a22d448cd986fc9efce25e833278a1 ("parisc: Fix access fault handling in pa_memcpy()") reimplements the pa_memcpy function. Unfortunatelly, it makes the kernel unbootable. The crash happens in the function ide_complete_cmd where memcpy is called with the same source and destination address. This patch fixes a few bugs in pa_memcpy: * When jumping to .Lcopy_loop_16 for the first time, don't skip the instruction "ldi 31,t0" (this bug made the kernel unbootable) * Use the COND macro when comparing length, so that the comparison is 64-bit (a theoretical issue, in case the length is greater than 0xffffffff) * Don't use the COND macro after the "extru" instruction (the PA-RISC specification says that the upper 32-bits of extru result are undefined, although they are set to zero in practice) * Fix exception addresses in .Lcopy16_fault and .Lcopy8_fault * Rename .Lcopy_loop_4 to .Lcopy_loop_8 (so that it is consistent with .Lcopy8_fault) Cc: # v4.9+ Fixes: 554bfeceb8a2 ("parisc: Fix access fault handling in pa_memcpy()") Signed-off-by: Mikulas Patocka Signed-off-by: Helge Deller arch/parisc/lib/lusercopy.S | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) commit 1bf4b1268e66d9364fc6fd41f906bc01458530ac Merge: 7e703ec 5376366 Author: Linus Torvalds Date: Fri Apr 14 17:51:16 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fixes from Dmitry Torokhov: "Just a small update to xpad driver to recognize yet another gamepad, and another change making sure userio.h is exported" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: xpad - add support for Razer Wildcat gamepad uapi: add missing install of userio.h commit 7e703eccf02a4a6aac6574f5fd4680a0619fdbfb Merge: 9117439 f4c13c8 Author: Linus Torvalds Date: Fri Apr 14 17:38:24 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: "Things seem to be settling down as far as networking is concerned, let's hope this trend continues... 1) Add iov_iter_revert() and use it to fix the behavior of skb_copy_datagram_msg() et al., from Al Viro. 2) Fix the protocol used in the synthetic SKB we cons up for the purposes of doing a simulated route lookup for RTM_GETROUTE requests. From Florian Larysch. 3) Don't add noop_qdisc to the per-device qdisc hashes, from Cong Wang. 4) Don't call netdev_change_features with the team lock held, from Xin Long. 5) Revert TCP F-RTO extension to catch more spurious timeouts because it interacts very badly with some middle-boxes. From Yuchung Cheng. 6) Fix the loss of error values in l2tp {s,g}etsockopt calls, from Guillaume Nault. 7) ctnetlink uses bit positions where it should be using bit masks, fix from Liping Zhang. 8) Missing RCU locking in netfilter helper code, from Gao Feng. 9) Avoid double frees and use-after-frees in tcp_disconnect(), from Eric Dumazet. 10) Don't do a changelink before we register the netdevice in bridging, from Ido Schimmel. 11) Lock the ipv6 device address list properly, from Rabin Vincent" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (29 commits) netfilter: ipt_CLUSTERIP: Fix wrong conntrack netns refcnt usage netfilter: nft_hash: do not dump the auto generated seed drivers: net: usb: qmi_wwan: add QMI_QUIRK_SET_DTR for Telit PID 0x1201 ipv6: Fix idev->addr_list corruption net: xdp: don't export dev_change_xdp_fd() bridge: netlink: register netdevice before executing changelink bridge: implement missing ndo_uninit() bpf: reference may_access_skb() from __bpf_prog_run() tcp: clear saved_syn in tcp_disconnect() netfilter: nf_ct_expect: use proper RCU list traversal/update APIs netfilter: ctnetlink: skip dumping expect when nfct_help(ct) is NULL netfilter: make it safer during the inet6_dev->addr_list traversal netfilter: ctnetlink: make it safer when checking the ct helper name netfilter: helper: Add the rcu lock when call __nf_conntrack_helper_find netfilter: ctnetlink: using bit to represent the ct event netfilter: xt_TCPMSS: add more sanity tests on tcph->doff net: tcp: Increase TCP_MIB_OUTRSTS even though fail to alloc skb l2tp: don't mask errors in pppol2tp_getsockopt() l2tp: don't mask errors in pppol2tp_setsockopt() tcp: restrict F-RTO to work-around broken middle-boxes ... commit 91174391bf5a368c9837b63b84d7f5a813efd719 Merge: 07c7016 7f00f38 Author: Linus Torvalds Date: Fri Apr 14 17:00:01 2017 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "A set of small fixes for x86: - fix locking in RDT to prevent memory leaks and freeing in use memory - prevent setting invalid values for vdso32_enabled which cause inconsistencies for user space resulting in application crashes. - plug a race in the vdso32 code between fork and sysctl which causes inconsistencies for user space resulting in application crashes. - make MPX signal delivery work in compat mode - make the dmesg output of traps and faults readable again" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/intel_rdt: Fix locking in rdtgroup_schemata_write() x86/debug: Fix the printk() debug output of signal_fault(), do_trap() and do_general_protection() x86/vdso: Plug race between mapping and ELF header setup x86/vdso: Ensure vdso32_enabled gets set to valid values only x86/signals: Fix lower/upper bound reporting in compat siginfo commit 07c7016de7896493e95bef64fe913ac849509d6e Merge: d295917 f2200ac Author: Linus Torvalds Date: Fri Apr 14 16:58:38 2017 -0700 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Thomas Gleixner: "Two small fixes for perf: - the move to support cross arch annotation introduced per arch initialization requirements, fullfill them for s/390 (Christian Borntraeger) - add the missing initialization to the LBR entries to avoid exposing random or stale data" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() perf annotate s390: Fix perf annotate error -95 (4.10 regression) commit d295917a47e99fe43f1efb14261612e67120e4bb Merge: f399ecb 75eb5e1 Author: Linus Torvalds Date: Fri Apr 14 16:57:14 2017 -0700 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Thomas Gleixner: "The irq department provides: - two fixes for the CPU affinity spread infrastructure to prevent unbalanced spreading in corner cases which leads to horrible performance, because interrupts are rather aggregated than spread - add a missing spinlock initializer in the imx-gpcv2 init code" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/irq-imx-gpcv2: Fix spinlock initialization irq/affinity: Fix extra vecs calculation irq/affinity: Fix CPU spread for unbalanced nodes commit f399ecb4b49b3b6afb5bbb613bfa3728682a3e4f Merge: 4b31ac4 6f6266a Author: Linus Torvalds Date: Fri Apr 14 16:55:33 2017 -0700 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI fixes from Thomas Gleixner: "Three fixes from EFI land: - prevent accessing a Graphic Output Device (GOP) which the kernel does not know to handle - prevent PCI reconfiguration to modify a BAR which covers the framebuffer because that's already in use through the EFI GOP interface - avoid reserving EFI runtime regions as this results in bogus memory mappings" * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/efi: Don't try to reserve runtime regions efi/fb: Avoid reconfiguration of BAR that covers the framebuffer efi/libstub: Skip GOP with PIXEL_BLT_ONLY format commit 4b31ac485daabc50483598500055d63ce5677cc3 Merge: 5466f4d a967efb Author: Linus Torvalds Date: Fri Apr 14 16:53:45 2017 -0700 Merge branch 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fixes from Chris Mason: "Dave Sterba collected a few more fixes for the last rc. These aren't marked for stable, but I'm putting them in with a batch were testing/sending by hand for this release" * 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: Btrfs: fix potential use-after-free for cloned bio Btrfs: fix segmentation fault when doing dio read Btrfs: fix invalid dereference in btrfs_retry_endio btrfs: drop the nossd flag when remounting with -o ssd commit 5466f4dfce857a7954f19bc9acfc7ca4a73321b6 Merge: 82f1faa 67dbea2 Author: Linus Torvalds Date: Fri Apr 14 16:51:29 2017 -0700 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull more CIFS fixes from Steve French: "As promised, here is the remaining set of cifs/smb3 fixes for stable (and a fix for one regression) now that they have had additional review and testing" * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: CIFS: Fix SMB3 mount without specifying a security mechanism CIFS: store results of cifs_reopen_file to avoid infinite wait CIFS: remove bad_network_name flag CIFS: reconnect thread reschedule itself CIFS: handle guest access errors to Windows shares CIFS: Fix null pointer deref during read resp processing commit 82cc4fc2e70ec5baeff8f776f2773abc8b2cc0ae Author: Steven Rostedt (VMware) Date: Fri Apr 14 17:45:45 2017 -0400 ftrace: Fix removing of second function probe When two function probes are added to set_ftrace_filter, and then one of them is removed, the update to the function locations is not performed, and the record keeping of the function states are corrupted, and causes an ftrace_bug() to occur. This is easily reproducable by adding two probes, removing one, and then adding it back again. # cd /sys/kernel/debug/tracing # echo schedule:traceoff > set_ftrace_filter # echo do_IRQ:traceoff > set_ftrace_filter # echo \!do_IRQ:traceoff > /debug/tracing/set_ftrace_filter # echo do_IRQ:traceoff > set_ftrace_filter Causes: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 1098 at kernel/trace/ftrace.c:2369 ftrace_get_addr_curr+0x143/0x220 Modules linked in: [...] CPU: 2 PID: 1098 Comm: bash Not tainted 4.10.0-test+ #405 Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v02.05 05/07/2012 Call Trace: dump_stack+0x68/0x9f __warn+0x111/0x130 ? trace_irq_work_interrupt+0xa0/0xa0 warn_slowpath_null+0x1d/0x20 ftrace_get_addr_curr+0x143/0x220 ? __fentry__+0x10/0x10 ftrace_replace_code+0xe3/0x4f0 ? ftrace_int3_handler+0x90/0x90 ? printk+0x99/0xb5 ? 0xffffffff81000000 ftrace_modify_all_code+0x97/0x110 arch_ftrace_update_code+0x10/0x20 ftrace_run_update_code+0x1c/0x60 ftrace_run_modify_code.isra.48.constprop.62+0x8e/0xd0 register_ftrace_function_probe+0x4b6/0x590 ? ftrace_startup+0x310/0x310 ? debug_lockdep_rcu_enabled.part.4+0x1a/0x30 ? update_stack_state+0x88/0x110 ? ftrace_regex_write.isra.43.part.44+0x1d3/0x320 ? preempt_count_sub+0x18/0xd0 ? mutex_lock_nested+0x104/0x800 ? ftrace_regex_write.isra.43.part.44+0x1d3/0x320 ? __unwind_start+0x1c0/0x1c0 ? _mutex_lock_nest_lock+0x800/0x800 ftrace_trace_probe_callback.isra.3+0xc0/0x130 ? func_set_flag+0xe0/0xe0 ? __lock_acquire+0x642/0x1790 ? __might_fault+0x1e/0x20 ? trace_get_user+0x398/0x470 ? strcmp+0x35/0x60 ftrace_trace_onoff_callback+0x48/0x70 ftrace_regex_write.isra.43.part.44+0x251/0x320 ? match_records+0x420/0x420 ftrace_filter_write+0x2b/0x30 __vfs_write+0xd7/0x330 ? do_loop_readv_writev+0x120/0x120 ? locks_remove_posix+0x90/0x2f0 ? do_lock_file_wait+0x160/0x160 ? __lock_is_held+0x93/0x100 ? rcu_read_lock_sched_held+0x5c/0xb0 ? preempt_count_sub+0x18/0xd0 ? __sb_start_write+0x10a/0x230 ? vfs_write+0x222/0x240 vfs_write+0xef/0x240 SyS_write+0xab/0x130 ? SyS_read+0x130/0x130 ? trace_hardirqs_on_caller+0x182/0x280 ? trace_hardirqs_on_thunk+0x1a/0x1c entry_SYSCALL_64_fastpath+0x18/0xad RIP: 0033:0x7fe61c157c30 RSP: 002b:00007ffe87890258 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: ffffffff8114a410 RCX: 00007fe61c157c30 RDX: 0000000000000010 RSI: 000055814798f5e0 RDI: 0000000000000001 RBP: ffff8800c9027f98 R08: 00007fe61c422740 R09: 00007fe61ca53700 R10: 0000000000000073 R11: 0000000000000246 R12: 0000558147a36400 R13: 00007ffe8788f160 R14: 0000000000000024 R15: 00007ffe8788f15c ? trace_hardirqs_off_caller+0xc0/0x110 ---[ end trace 99fa09b3d9869c2c ]--- Bad trampoline accounting at: ffffffff81cc3b00 (do_IRQ+0x0/0x150) Cc: stable@vger.kernel.org Fixes: 59df055f1991 ("ftrace: trace different functions with a different tracer") Signed-off-by: Steven Rostedt (VMware) kernel/trace/ftrace.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) commit 5a8d75a1b8c99bdc926ba69b7b7dbe4fae81a5af Author: Ming Lei Date: Fri Apr 14 13:58:29 2017 -0600 block: fix bio_will_gap() for first bvec with offset Commit 729204ef49ec("block: relax check on sg gap") allows us to merge bios, if both are physically contiguous. This change can merge a huge number of small bios, through mkfs for example, mkfs.ntfs running time can be decreased to ~1/10. But if one rq starts with a non-aligned buffer (the 1st bvec's bv_offset is non-zero) and if we allow the merge, it is quite difficult to respect sg gap limit, especially the max segment size, or we risk having an unaligned virtual boundary. This patch tries to avoid the issue by disallowing a merge, if the req starts with an unaligned buffer. Also add comments to explain why the merged segment can't end in unaligned virt boundary. Fixes: 729204ef49ec ("block: relax check on sg gap") Tested-by: Johannes Thumshirn Reviewed-by: Johannes Thumshirn Signed-off-by: Ming Lei Rewrote parts of the commit message and comments. Signed-off-by: Jens Axboe include/linux/blkdev.h | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) commit 6492f09e864417d382e22b922ae30693a7ce2982 Author: Noam Camus Date: Tue Apr 4 11:00:41 2017 +0300 ARC: [plat-eznps] Fix build error Make ATOMIC_INIT available for all ARC platforms (including plat-eznps) Cc: # 4.9+ Signed-off-by: Noam Camus Signed-off-by: Vineet Gupta arch/arc/include/asm/atomic.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 82f1faa86727de976e38eade5e96a1846742d71e Merge: e16d8b6 e68d490 Author: Linus Torvalds Date: Fri Apr 14 09:18:17 2017 -0700 Merge tag 'fbdev-v4.11-rc6' of git://github.com/bzolnier/linux Pull fbdev fixes from Bartlomiej Zolnierkiewicz: - fix probing time checks in omapfb driver (regression fix) - fix optional VBAT support in ssd1307fb driver (regression fix) - fix connecting to backend in xen-fbfront driver * tag 'fbdev-v4.11-rc6' of git://github.com/bzolnier/linux: fbdev: omapfb: delete check_required_callbacks() xen, fbfront: fix connecting to backend fbdev/ssd1307fb: fix optional VBAT support commit e16d8b6e1f8b67eda0a746a3b9ee7c37fc3b688b Merge: 321ae37 66803c9 Author: Linus Torvalds Date: Fri Apr 14 09:16:23 2017 -0700 Merge tag 'pm-4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix a cpufreq core regression related to CPU online/offline and several issues in the turbostat and cpupower utilities. Specifics: - Allow CPUs to be put back online even if the cpufreq driver is unable to work with them (eg. due to missing information from platform firmware), which was the previous behavior expected by users, but changed in the 4.9 time frame (Chen Yu). - Fix a few minor issues in the turbostat utility, introduced mostly during the recent update of it (Len Brown, Doug Smythies). - Fix a cpupower utility bug causing it to report incorrect values for turbo frequencies in some cases (Ben Hutchings)" * tag 'pm-4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores cpufreq: Bring CPUs up even if cpufreq_online() failed tools/power turbostat: update version number tools/power turbostat: fix impossibly large CPU%c1 value tools/power turbostat: turbostat.8 add missing column definitions tools/power turbostat: update HWP dump to decimal from hex tools/power turbostat: enable package THERM_INTERRUPT dump tools/power turbostat: show missing Core and GFX power on SKL and KBL tools/power turbostat: bugfix: GFXMHz column not changing commit 321ae379af3d7707c31c8b3170308ade7faa199f Merge: 1882e56 f83e13f Author: Linus Torvalds Date: Fri Apr 14 09:05:42 2017 -0700 Merge tag 'acpi-4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These revert a recent ACPICA commit that turned out to be problematic and fix a device enumeration breakage from the 4.8 cycle. Specifics: - Revert a recent ACPICA commit targeted at catching firmware bugs which promptly did that and caused functional problems to appear (Rafael Wysocki). - Fix a device enumeration problem introduced in the 4.8 time frame which caused the ACPI docking station driver to report incorrect status via sysfs among other things (Rafael Wysocki)" * tag 'acpi-4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: Revert "ACPICA: Resources: Not a valid resource if buffer length too long" ACPI / scan: Set the visited flag for all enumerated devices commit 1882e562d37c8d4ed01a7ee7161c04fbaa428565 Merge: 7873933 a4866aa Author: Linus Torvalds Date: Fri Apr 14 08:57:20 2017 -0700 Merge tag 'devmem-v4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull CONFIG_STRICT_DEVMEM fix from Kees Cook: "Fixes /dev/mem to read back zeros for System RAM areas in the 1MB exception area on x86 to avoid exposing RAM or tripping hardened usercopy" * tag 'devmem-v4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: mm: Tighten x86 /dev/mem with zeroing reads commit 787393338557456d2ad2dd49c45080624e39cbe5 Merge: a232591 2f8dc3a Author: Linus Torvalds Date: Fri Apr 14 08:49:39 2017 -0700 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio fixes from Michael S. Tsirkin: "virtio oops fixes The virtio pci rework using shared interrupts caused a lot of issues. We tried to fix them but run out of time. Revert for now, and revisit the issue for the next kernel. Luckily we are able to do this without loosing automatic interrupt NUMA affinity which was the main motivator for the rework" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio-pci: Remove affinity hint before freeing the interrupt Revert "virtio_pci: remove struct virtio_pci_vq_info" Revert "virtio_pci: use shared interrupts for virtqueues" Revert "virtio_pci: don't duplicate the msix_enable flag in struct pci_dev" Revert "virtio_pci: simplify MSI-X setup" Revert "virtio_pci: fix out of bound access for msix_names" MAINTAINERS: fix virtio file pattern virtio_console: fix uninitialized variable use virtio_net: clear MTU when out of range virtio: allow drivers to validate features virtio_net: enable big packets for large MTU values commit f4c13c8ec56e70eeff3e365e0c5fcdad16845b32 Merge: 14cf4a7 fe50543 Author: David S. Miller Date: Fri Apr 14 10:47:13 2017 -0400 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree, they are: 1) Missing TCP header sanity check in TCPMSS target, from Eric Dumazet. 2) Incorrect event message type for related conntracks created via ctnetlink, from Liping Zhang. 3) Fix incorrect rcu locking when handling helpers from ctnetlink, from Gao feng. 4) Fix missing rcu locking when updating helper, from Liping Zhang. 5) Fix missing read_lock_bh when iterating over list of device addresses from TPROXY and redirect, also from Liping. 6) Fix crash when trying to dump expectations from conntrack with no helper via ctnetlink, from Liping. 7) Missing RCU protection to expecation list update given ctnetlink iterates over the list under rcu read lock side, from Liping too. 8) Don't dump autogenerated seed in nft_hash to userspace, this is very confusing to the user, again from Liping. 9) Fix wrong conntrack netns module refcount in ipt_CLUSTERIP, from Gao feng. ==================== Signed-off-by: David S. Miller commit e68d490def9f7d726eea6dc62ebd692af64ec8b5 Author: Aaro Koskinen Date: Fri Apr 14 13:38:32 2017 +0200 fbdev: omapfb: delete check_required_callbacks() Commit 561eb9d09a93 ("fbdev: omap/lcd: Make callbacks optional") made panel callbacks optional but forgot to update check_required_callbacks(). As a result many (all?) OMAP systems using omapfb will crash at boot. Fix by deleting the whole function. Fixes: 561eb9d09a93 ("fbdev: omap/lcd: Make callbacks optional") Signed-off-by: Aaro Koskinen Cc: Tomi Valkeinen Cc: Lars-Peter Clausen Signed-off-by: Bartlomiej Zolnierkiewicz drivers/video/fbdev/omap/omapfb_main.c | 15 --------------- 1 file changed, 15 deletions(-) commit f83e13f94e14d27c9610f917e40e23a6c2bbeaf0 Merge: f406270 1315f01 Author: Rafael J. Wysocki Date: Fri Apr 14 13:11:43 2017 +0200 Merge branches 'acpi-scan-fixes' and 'acpica-fixes' * acpi-scan-fixes: ACPI / scan: Set the visited flag for all enumerated devices * acpica-fixes: Revert "ACPICA: Resources: Not a valid resource if buffer length too long" commit 66803c946ee6065bc49a7f029b0a48d93467f228 Merge: c4a3fa2 4cca045 Author: Rafael J. Wysocki Date: Fri Apr 14 13:11:09 2017 +0200 Merge branches 'pm-cpufreq-fixes' and 'pm-tools-fixes' * pm-cpufreq-fixes: cpufreq: Bring CPUs up even if cpufreq_online() failed * pm-tools-fixes: cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores tools/power turbostat: update version number tools/power turbostat: fix impossibly large CPU%c1 value tools/power turbostat: turbostat.8 add missing column definitions tools/power turbostat: update HWP dump to decimal from hex tools/power turbostat: enable package THERM_INTERRUPT dump tools/power turbostat: show missing Core and GFX power on SKL and KBL tools/power turbostat: bugfix: GFXMHz column not changing commit 34a477e5297cbaa6ecc6e17c042a866e1cbe80d6 Author: Josh Poimboeuf Date: Thu Apr 13 17:53:55 2017 -0500 ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram On x86-32, with CONFIG_FIRMWARE and multiple CPUs, if you enable function graph tracing and then suspend to RAM, it will triple fault and reboot when it resumes. The first fault happens when booting a secondary CPU: startup_32_smp() load_ucode_ap() prepare_ftrace_return() ftrace_graph_is_dead() (accesses 'kill_ftrace_graph') The early head_32.S code calls into load_ucode_ap(), which has an an ftrace hook, so it calls prepare_ftrace_return(), which calls ftrace_graph_is_dead(), which tries to access the global 'kill_ftrace_graph' variable with a virtual address, causing a fault because the CPU is still in real mode. The fix is to add a check in prepare_ftrace_return() to make sure it's running in protected mode before continuing. The check makes sure the stack pointer is a virtual kernel address. It's a bit of a hack, but it's not very intrusive and it works well enough. For reference, here are a few other (more difficult) ways this could have potentially been fixed: - Move startup_32_smp()'s call to load_ucode_ap() down to *after* paging is enabled. (No idea what that would break.) - Track down load_ucode_ap()'s entire callee tree and mark all the functions 'notrace'. (Probably not realistic.) - Pause graph tracing in ftrace_suspend_notifier_call() or bringup_cpu() or __cpu_up(), and ensure that the pause facility can be queried from real mode. Reported-by: Paul Menzel Signed-off-by: Josh Poimboeuf Tested-by: Paul Menzel Reviewed-by: Steven Rostedt (VMware) Cc: "Rafael J . Wysocki" Cc: linux-acpi@vger.kernel.org Cc: Borislav Petkov Cc: stable@kernel.org Cc: Len Brown Link: http://lkml.kernel.org/r/5c1272269a580660703ed2eccf44308e790c7a98.1492123841.git.jpoimboe@redhat.com Signed-off-by: Thomas Gleixner arch/x86/kernel/ftrace.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit a8983d01f9b7d600fbdb3916899edf395954cc83 Author: Greg Kroah-Hartman Date: Fri Apr 14 10:57:52 2017 +0200 Revert "tty: don't panic on OOM in tty_set_ldisc()" This reverts commit 5362544bebe85071188dd9e479b5a5040841c895 as it is reported to cause a reproducable crash. Fixes: 5362544bebe8 ("tty: don't panic on OOM in tty_set_ldisc()") Reported-by: Vegard Nossum Cc: Dmitry Vyukov Cc: Cc: Greg Kroah-Hartman Cc: Jiri Slaby Cc: Peter Hurley Cc: One Thousand Gnomes Cc: Linus Torvalds Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org drivers/tty/tty_ldisc.c | 85 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 69 insertions(+), 16 deletions(-) commit 75eb5e1e7b4edbc8e8f930de59004d21cb46961f Author: Tyler Baker Date: Thu Apr 13 15:27:31 2017 -0700 irqchip/irq-imx-gpcv2: Fix spinlock initialization The raw_spinlock in the IMX GPCV2 interupt chip is not initialized before usage. That results in a lockdep splat: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. Add the missing raw_spin_lock_init() to the setup code. Fixes: e324c4dc4a59 ("irqchip/imx-gpcv2: IMX GPCv2 driver for wakeup sources") Signed-off-by: Tyler Baker Reviewed-by: Fabio Estevam Cc: jason@lakedaemon.net Cc: marc.zyngier@arm.com Cc: shawnguo@kernel.org Cc: andrew.smirnov@gmail.com Cc: linux-arm-kernel@lists.infradead.org Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20170413222731.5917-1-tyler.baker@linaro.org Signed-off-by: Thomas Gleixner drivers/irqchip/irq-imx-gpcv2.c | 2 ++ 1 file changed, 2 insertions(+) commit f2200ac311302fcdca6556fd0c5127eab6c65a3e Author: Peter Zijlstra Date: Tue Apr 11 10:10:28 2017 +0200 perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() When the perf_branch_entry::{in_tx,abort,cycles} fields were added, intel_pmu_lbr_read_32() wasn't updated to initialize them. Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Cc: Fixes: 135c5612c460 ("perf/x86/intel: Support Haswell/v4 LBR format") Signed-off-by: Ingo Molnar arch/x86/events/intel/lbr.c | 3 +++ 1 file changed, 3 insertions(+) commit dfb00a56935186171abb5280b3407c3f910011f1 Author: Takashi Sakamoto Date: Fri Apr 14 12:43:01 2017 +0900 ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type An abstraction of asynchronous transaction for transmission of MIDI messages was introduced in Linux v4.4. Each driver can utilize this abstraction to transfer MIDI messages via fixed-length payload of transaction to a certain unit address. Filling payload of the transaction is done by callback. In this callback, each driver can return negative error code, however current implementation assigns the return value to unsigned variable. This commit changes type of the variable to fix the bug. Reported-by: Julia Lawall Cc: # 4.4+ Fixes: 585d7cba5e1f ("ALSA: firewire-lib: add helper functions for asynchronous transactions to transfer MIDI messages") Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/firewire/lib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a232591ba289a1a397e0005c9f276a126c1bc1b1 Merge: d8a6e3a 5714320 Author: Linus Torvalds Date: Thu Apr 13 20:08:33 2017 -0700 Merge branch 'akpm' (patches from Andrew) Merge fixes from Andrew Morton: "11 fixes. The presence of 'thp: reduce indentation level in change_huge_pmd()' is unfortunate. But the patchset had been decently reviewed and tested before we decided it was needed in -stable and I felt it best not to churn things at the last minute" * emailed patches from Andrew Morton : mailmap: add Martin Kepplinger's email zsmalloc: expand class bit zram: do not use copy_page with non-page aligned address zram: fix operator precedence to get offset hugetlbfs: fix offset overflow in hugetlbfs mmap thp: fix MADV_DONTNEED vs clear soft dirty race thp: fix MADV_DONTNEED vs. MADV_FREE race mm: drop unused pmdp_huge_get_and_clear_notify() thp: fix MADV_DONTNEED vs. numa balancing race thp: reduce indentation level in change_huge_pmd() z3fold: fix page locking in z3fold_alloc() commit e7661a8e5ce10b5321882d0bbaf3f81070903319 Author: Johannes Thumshirn Date: Wed Apr 12 09:21:19 2017 +0200 scsi: return correct blkprep status code in case scsi_init_io() fails. When instrumenting the SCSI layer to run into the !blk_rq_nr_phys_segments(rq) case the following warning emitted from the block layer: blk_peek_request: bad return=-22 This happens because since commit fd3fc0b4d730 ("scsi: don't BUG_ON() empty DMA transfers") we return the wrong error value from scsi_prep_fn() back to the block layer. [mkp: silenced checkpatch] Signed-off-by: Johannes Thumshirn Fixes: fd3fc0b4d730 scsi: don't BUG_ON() empty DMA transfers Cc: Reviewed-by: Christoph Hellwig Reviewed-by: Hannes Reinecke Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen drivers/scsi/scsi_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5714320d316ae6e830bfc463bfdaf288695f6b62 Author: Martin Kepplinger Date: Thu Apr 13 14:56:43 2017 -0700 mailmap: add Martin Kepplinger's email Set the partly deprecated companies' email addresses as alias for the personal one. Link: http://lkml.kernel.org/r/1491984622-17321-1-git-send-email-martin.kepplinger@ginzinger.com Signed-off-by: Martin Kepplinger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds .mailmap | 2 ++ 1 file changed, 2 insertions(+) commit 85d492f28d056c40629fc25d79f54da618a29dc4 Author: Minchan Kim Date: Thu Apr 13 14:56:40 2017 -0700 zsmalloc: expand class bit Now 64K page system, zsamlloc has 257 classes so 8 class bit is not enough. With that, it corrupts the system when zsmalloc stores 65536byte data(ie, index number 256) so that this patch increases class bit for simple fix for stable backport. We should clean up this mess soon. index size 0 32 1 288 .. .. 204 52256 256 65536 Fixes: 3783689a1 ("zsmalloc: introduce zspage structure") Link: http://lkml.kernel.org/r/1492042622-12074-3-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Cc: Sergey Senozhatsky Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/zsmalloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d72e9a7a93e4f8e9e52491921d99e0c8aa89eb4e Author: Minchan Kim Date: Thu Apr 13 14:56:37 2017 -0700 zram: do not use copy_page with non-page aligned address The copy_page is optimized memcpy for page-alinged address. If it is used with non-page aligned address, it can corrupt memory which means system corruption. With zram, it can happen with 1. 64K architecture 2. partial IO 3. slub debug Partial IO need to allocate a page and zram allocates it via kmalloc. With slub debug, kmalloc(PAGE_SIZE) doesn't return page-size aligned address. And finally, copy_page(mem, cmem) corrupts memory. So, this patch changes it to memcpy. Actuaully, we don't need to change zram_bvec_write part because zsmalloc returns page-aligned address in case of PAGE_SIZE class but it's not good to rely on the internal of zsmalloc. Note: When this patch is merged to stable, clear_page should be fixed, too. Unfortunately, recent zram removes it by "same page merge" feature so it's hard to backport this patch to -stable tree. I will handle it when I receive the mail from stable tree maintainer to merge this patch to backport. Fixes: 42e99bd ("zram: optimize memory operations with clear_page()/copy_page()") Link: http://lkml.kernel.org/r/1492042622-12074-2-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Cc: Sergey Senozhatsky Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/block/zram/zram_drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4ca82dabc9fbf7bc5322aa54d802cb3cb7b125c5 Author: Minchan Kim Date: Thu Apr 13 14:56:35 2017 -0700 zram: fix operator precedence to get offset In zram_rw_page, the logic to get offset is wrong by operator precedence (i.e., "<<" is higher than "&"). With wrong offset, zram can corrupt the user's data. This patch fixes it. Fixes: 8c7f01025 ("zram: implement rw_page operation of zram") Link: http://lkml.kernel.org/r/1492042622-12074-1-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Cc: Sergey Senozhatsky Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/block/zram/zram_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 045c7a3f53d9403b62d396b6d051c4be5044cdb4 Author: Mike Kravetz Date: Thu Apr 13 14:56:32 2017 -0700 hugetlbfs: fix offset overflow in hugetlbfs mmap If mmap() maps a file, it can be passed an offset into the file at which the mapping is to start. Offset could be a negative value when represented as a loff_t. The offset plus length will be used to update the file size (i_size) which is also a loff_t. Validate the value of offset and offset + length to make sure they do not overflow and appear as negative. Found by syzcaller with commit ff8c0c53c475 ("mm/hugetlb.c: don't call region_abort if region_chg fails") applied. Prior to this commit, the overflow would still occur but we would luckily return ENOMEM. To reproduce: mmap(0, 0x2000, 0, 0x40021, 0xffffffffffffffffULL, 0x8000000000000000ULL); Resulted in, kernel BUG at mm/hugetlb.c:742! Call Trace: hugetlbfs_evict_inode+0x80/0xa0 evict+0x24a/0x620 iput+0x48f/0x8c0 dentry_unlink_inode+0x31f/0x4d0 __dentry_kill+0x292/0x5e0 dput+0x730/0x830 __fput+0x438/0x720 ____fput+0x1a/0x20 task_work_run+0xfe/0x180 exit_to_usermode_loop+0x133/0x150 syscall_return_slowpath+0x184/0x1c0 entry_SYSCALL_64_fastpath+0xab/0xad Fixes: ff8c0c53c475 ("mm/hugetlb.c: don't call region_abort if region_chg fails") Link: http://lkml.kernel.org/r/1491951118-30678-1-git-send-email-mike.kravetz@oracle.com Reported-by: Vegard Nossum Signed-off-by: Mike Kravetz Acked-by: Hillf Danton Cc: Dmitry Vyukov Cc: Michal Hocko Cc: "Kirill A . Shutemov" Cc: Andrey Ryabinin Cc: Naoya Horiguchi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/hugetlbfs/inode.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit 5b7abeae3af8c08c577e599dd0578b9e3ee6687b Author: Kirill A. Shutemov Date: Thu Apr 13 14:56:28 2017 -0700 thp: fix MADV_DONTNEED vs clear soft dirty race Yet another instance of the same race. Fix is identical to change_huge_pmd(). See "thp: fix MADV_DONTNEED vs. numa balancing race" for more details. Link: http://lkml.kernel.org/r/20170302151034.27829-5-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/task_mmu.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 58ceeb6bec86d9140f9d91d71a710e963523d063 Author: Kirill A. Shutemov Date: Thu Apr 13 14:56:26 2017 -0700 thp: fix MADV_DONTNEED vs. MADV_FREE race Both MADV_DONTNEED and MADV_FREE handled with down_read(mmap_sem). It's critical to not clear pmd intermittently while handling MADV_FREE to avoid race with MADV_DONTNEED: CPU0: CPU1: madvise_free_huge_pmd() pmdp_huge_get_and_clear_full() madvise_dontneed() zap_pmd_range() pmd_trans_huge(*pmd) == 0 (without ptl) // skip the pmd set_pmd_at(); // pmd is re-established It results in MADV_DONTNEED skipping the pmd, leaving it not cleared. It violates MADV_DONTNEED interface and can result is userspace misbehaviour. Basically it's the same race as with numa balancing in change_huge_pmd(), but a bit simpler to mitigate: we don't need to preserve dirty/young flags here due to MADV_FREE functionality. [kirill.shutemov@linux.intel.com: Urgh... Power is special again] Link: http://lkml.kernel.org/r/20170303102636.bhd2zhtpds4mt62a@black.fi.intel.com Link: http://lkml.kernel.org/r/20170302151034.27829-4-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Minchan Kim Cc: Minchan Kim Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit c0c379e2931b05facef538e53bf3b21f283d9a0b Author: Kirill A. Shutemov Date: Thu Apr 13 14:56:23 2017 -0700 mm: drop unused pmdp_huge_get_and_clear_notify() Dave noticed that after fixing MADV_DONTNEED vs numa balancing race the last pmdp_huge_get_and_clear_notify() user is gone. Let's drop the helper. Link: http://lkml.kernel.org/r/20170306112047.24809-1-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Dave Hansen Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mmu_notifier.h | 13 ------------- 1 file changed, 13 deletions(-) commit ced108037c2aa542b3ed8b7afd1576064ad1362a Author: Kirill A. Shutemov Date: Thu Apr 13 14:56:20 2017 -0700 thp: fix MADV_DONTNEED vs. numa balancing race In case prot_numa, we are under down_read(mmap_sem). It's critical to not clear pmd intermittently to avoid race with MADV_DONTNEED which is also under down_read(mmap_sem): CPU0: CPU1: change_huge_pmd(prot_numa=1) pmdp_huge_get_and_clear_notify() madvise_dontneed() zap_pmd_range() pmd_trans_huge(*pmd) == 0 (without ptl) // skip the pmd set_pmd_at(); // pmd is re-established The race makes MADV_DONTNEED miss the huge pmd and don't clear it which may break userspace. Found by code analysis, never saw triggered. Link: http://lkml.kernel.org/r/20170302151034.27829-3-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) commit 0a85e51d37645e9ce57e5e1a30859e07810ed07c Author: Kirill A. Shutemov Date: Thu Apr 13 14:56:17 2017 -0700 thp: reduce indentation level in change_huge_pmd() Patch series "thp: fix few MADV_DONTNEED races" For MADV_DONTNEED to work properly with huge pages, it's critical to not clear pmd intermittently unless you hold down_write(mmap_sem). Otherwise MADV_DONTNEED can miss the THP which can lead to userspace breakage. See example of such race in commit message of patch 2/4. All these races are found by code inspection. I haven't seen them triggered. I don't think it's worth to apply them to stable@. This patch (of 4): Restructure code in preparation for a fix. Link: http://lkml.kernel.org/r/20170302151034.27829-2-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Vlastimil Babka Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) commit 76e32a2a084ed71b48179023cd8fdb3787c8a6ad Author: Vitaly Wool Date: Thu Apr 13 14:56:14 2017 -0700 z3fold: fix page locking in z3fold_alloc() Stress testing of the current z3fold implementation on a 8-core system revealed it was possible that a z3fold page deleted from its unbuddied list in z3fold_alloc() would be put on another unbuddied list by z3fold_free() while z3fold_alloc() is still processing it. This has been introduced with commit 5a27aa822 ("z3fold: add kref refcounting") due to the removal of special handling of a z3fold page not on any list in z3fold_free(). To fix this, the z3fold page lock should be taken in z3fold_alloc() before the pool lock is released. To avoid deadlocking, we just try to lock the page as soon as we get a hold of it, and if trylock fails, we drop this page and take the next one. Signed-off-by: Vitaly Wool Cc: Dan Streetman Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/z3fold.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit d8a6e3aed955342dd68dd72e0feaf2cd32be683b Author: Jan Beulich Date: Thu Apr 13 11:06:00 2017 -0700 ia64: restore symbol versions for symbols defined in assembly The ia64 build generates many warnings like this: WARNING: EXPORT symbol "empty_zero_page" [vmlinux] version generation failed, symbol will not be versioned. Besides adding the necessary header this also requires fiddling with some explicit .S -> .o rules. Cc: IA64-ML Signed-off-by: Jan Beulich Signed-off-by: Tony Luck Signed-off-by: Linus Torvalds arch/ia64/include/asm/asm-prototypes.h | 29 +++++++++++++++++++++++++++++ arch/ia64/lib/Makefile | 16 ++++++++-------- 2 files changed, 37 insertions(+), 8 deletions(-) commit 3412386b531244f24a27c79ee003506a52a00848 Author: Keith Busch Date: Thu Apr 13 13:28:12 2017 -0400 irq/affinity: Fix extra vecs calculation This fixes a math error calculating the extra_vecs. The error assumed only 1 cpu per vector, but the value needs to account for the actual number of cpus per vector in order to get the correct remainder for extra CPU assignment. Fixes: 7bf8222b9bd0 ("irq/affinity: Fix CPU spread for unbalanced nodes") Reported-by: Xiaolong Ye Signed-off-by: Keith Busch Link: http://lkml.kernel.org/r/1492104492-19943-1-git-send-email-keith.busch@intel.com Signed-off-by: Thomas Gleixner kernel/irq/affinity.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fe50543c194e2e1aee2f3eba41fcafd187b3dbde Author: Gao Feng Date: Thu Apr 6 09:45:22 2017 +0800 netfilter: ipt_CLUSTERIP: Fix wrong conntrack netns refcnt usage Current codes invoke wrongly nf_ct_netns_get in the destroy routine, it should use nf_ct_netns_put, not nf_ct_netns_get. It could cause some modules could not be unloaded. Fixes: ecb2421b5ddf ("netfilter: add and use nf_ct_netns_get/put") Signed-off-by: Gao Feng Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 79e09ef96b6a5fb888f5241f3aa707e9ad0b1cce Author: Liping Zhang Date: Mon Apr 3 16:34:38 2017 +0800 netfilter: nft_hash: do not dump the auto generated seed This can prevent the nft utility from printing out the auto generated seed to the user, which is unnecessary and confusing. Fixes: cb1b69b0b15b ("netfilter: nf_tables: add hash expression") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_hash.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 14cf4a771b3098e431d2677e3533bdd962e478d8 Author: Daniele Palmas Date: Mon Apr 10 17:34:23 2017 +0200 drivers: net: usb: qmi_wwan: add QMI_QUIRK_SET_DTR for Telit PID 0x1201 Telit LE920A4 uses the same pid 0x1201 of LE920, but modem implementation is different, since it requires DTR to be set for answering to qmi messages. This patch replaces QMI_FIXED_INTF with QMI_QUIRK_SET_DTR: tests on LE920 have been performed in order to verify backward compatibility. Signed-off-by: Daniele Palmas Signed-off-by: David S. Miller drivers/net/usb/qmi_wwan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1315f01632da417f1f27074bc6631df8eaf223bb Author: Rafael J. Wysocki Date: Thu Apr 13 18:14:55 2017 +0200 Revert "ACPICA: Resources: Not a valid resource if buffer length too long" Revert commit 57707a9a7780 (ACPICA: Resources: Not a valid resource if buffer length too long) as it is reported to prevent the TPM module from loading on Lenovo X60 with Coreboot. It also causes new confusing warnings to show up in the kernel log. Link: https://bugzilla.kernel.org/show_bug.cgi?id=195311 Reported-by: Paul Menzel Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/utresrc.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) commit 2760078203a6b46b96307f4b06030ab0b801c97e Merge: ee921c7 7036502 Author: Linus Torvalds Date: Thu Apr 13 09:08:29 2017 -0700 Merge tag 'pinctrl-v4.11-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: "Two pin control fixes arriving late, these are hopefully the last pin control fixes I send this kernel cycle. A Chromebook and an Exynos SoC thingie. The Exynos patch is pretty big, it is fixing unbroken a breakage caused by yours truly when trying to figure out the merge mess with the different Samsung platforms for this merge window. Sorry about that. We have countered this situation by assigning a Samsung pin control submaintainer to catch stuff earlier. Summary: - Make the Acer Chromebook keyboard work again with the Intel Cherryview driver. - Fix a merge error in the Exynos 5433 driver" * tag 'pinctrl-v4.11-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: cherryview: Add a quirk to make Acer Chromebook keyboard work again pinctrl: samsung: Add missing part for PINCFG_TYPE_DRV of Exynos5433 commit 05b7278d510a6a1c23624caee5b0a9667a72e745 Author: Olga Kornievskaia Date: Thu Mar 23 14:36:20 2017 -0400 nfsd: fix oops on unsupported operation I'm hitting the BUG in nfsd4_max_reply() at fs/nfsd/nfs4proc.c:2495 when client sends an operation the server doesn't support. in nfsd4_max_reply() it checks for NULL rsize_bop but a non-supported operation wouldn't have that set. Cc: Kinglong Mee Fixes: 2282cd2c05e2 "NFSD: Get response size before operation..." Signed-off-by: J. Bruce Fields fs/nfsd/nfs4proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 67dbea2ce6873f8ba57988ba3e608e8bf61c347f Author: Pavel Shilovsky Date: Wed Apr 12 13:32:07 2017 -0700 CIFS: Fix SMB3 mount without specifying a security mechanism Commit ef65aaede23f ("smb2: Enforce sec= mount option") changed the behavior of a mount command to enforce a specified security mechanism during mounting. On another hand according to the spec if SMB3 server doesn't respond with a security context it implies that it supports NTLMSSP. The current code doesn't keep it in mind and fails a mount for such servers if no security mechanism is specified. Fix this by indicating that a server supports NTLMSSP if a security context isn't returned during negotiate phase. This allows the code to use NTLMSSP by default for SMB3 mounts. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/smb2pdu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 4cca0457686e4ee1677d69469e4ddfd94d389a80 Author: Ben Hutchings Date: Tue Apr 11 00:29:44 2017 +0100 cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores The switch that conditionally sets CPUPOWER_CAP_HAS_TURBO_RATIO and CPUPOWER_CAP_IS_SNB flags is missing a break, so all cores get both flags set and an assumed base clock of 100 MHz for turbo values. Reported-by: GSR Tested-by: GSR References: https://bugs.debian.org/859978 Fixes: 8fb2e440b223 (cpupower: Show Intel turbo ratio support via ...) Signed-off-by: Ben Hutchings Signed-off-by: Rafael J. Wysocki tools/power/cpupower/utils/helpers/cpuid.c | 1 + 1 file changed, 1 insertion(+) commit ad0d9c3bca6722824284c0243708d7f7d511465c Merge: 39da7c5 5f9bf02 Author: Rafael J. Wysocki Date: Thu Apr 13 14:50:11 2017 +0200 Merge branch 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux Pull turbostat utility fixes for v4.11 from Len Brown. * 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux: tools/power turbostat: update version number tools/power turbostat: fix impossibly large CPU%c1 value tools/power turbostat: turbostat.8 add missing column definitions tools/power turbostat: update HWP dump to decimal from hex tools/power turbostat: enable package THERM_INTERRUPT dump tools/power turbostat: show missing Core and GFX power on SKL and KBL tools/power turbostat: bugfix: GFXMHz column not changing commit 9e478066eae41211c92a8f63cc69aafc391bd6ab Author: Johannes Berg Date: Thu Apr 13 14:23:49 2017 +0200 mac80211: fix MU-MIMO follow-MAC mode There are two bugs in the follow-MAC code: * it treats the radiotap header as the 802.11 header (therefore it can't possibly work) * it doesn't verify that the skb data it accesses is actually present in the header, which is mitigated by the first point Fix this by moving all of this out into a separate function. This function copies the data it needs using skb_copy_bits() to make sure it can be accessed if it's paged, and offsets that by the possibly present vendor radiotap header. This also makes all those conditions more readable. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg net/mac80211/rx.c | 65 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 18 deletions(-) commit 4e7655fd4f47c23e5249ea260dc802f909a64611 Author: Takashi Iwai Date: Sun Apr 9 10:41:27 2017 +0200 ALSA: seq: Don't break snd_use_lock_sync() loop by timeout The snd_use_lock_sync() (thus its implementation snd_use_lock_sync_helper()) has the 5 seconds timeout to break out of the sync loop. It was introduced from the beginning, just to be "safer", in terms of avoiding the stupid bugs. However, as Ben Hutchings suggested, this timeout rather introduces a potential leak or use-after-free that was apparently fixed by the commit 2d7d54002e39 ("ALSA: seq: Fix race during FIFO resize"): for example, snd_seq_fifo_event_in() -> snd_seq_event_dup() -> copy_from_user() could block for a long time, and snd_use_lock_sync() goes timeout and still leaves the cell at releasing the pool. For fixing such a problem, we remove the break by the timeout while still keeping the warning. Suggested-by: Ben Hutchings Cc: Signed-off-by: Takashi Iwai sound/core/seq/seq_lock.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 372fa10172a2f9e1bfbc70778449628e82b72341 Author: Chen-Yu Tsai Date: Thu Apr 13 10:13:53 2017 +0800 clk: sunxi-ng: a33: gate then ungate PLL CPU clk after rate change This patch utilizes the new PLL clk notifier to gate then ungate the PLL CPU clock after rate changes. This should mitigate the system hangs observed after the introduction of cpufreq for the A33. Signed-off-by: Chen-Yu Tsai Tested-by: Quentin Schulz Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/ccu-sun8i-a33.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 02ae2bc6febd90cf3de61b6a1bdf491966ed410f Author: Chen-Yu Tsai Date: Thu Apr 13 10:13:52 2017 +0800 clk: sunxi-ng: Add clk notifier to gate then ungate PLL clocks In common PLL designs, changes to the dividers take effect almost immediately, while changes to the multipliers (implemented as dividers in the feedback loop) take a few cycles to work into the feedback loop for the PLL to stablize. Sometimes when the PLL clock rate is changed, the decrease in the divider is too much for the decrease in the multiplier to catch up. The PLL clock rate will spike, and in some cases, might lock up completely. This is especially the case if the divider changed is the pre-divider, which affects the reference frequency. This patch introduces a clk notifier callback that will gate and then ungate a clk after a rate change, effectively resetting it, so it continues to work, despite any possible lockups. Care must be taken to reparent any consumers to other temporary clocks during the rate change, and that this notifier callback must be the first to be registered. This is intended to fix occasional lockups with cpufreq on newer Allwinner SoCs, such as the A33 and the H3. Previously it was thought that reparenting the cpu clock away from the PLL while it stabilized was enough, as this worked quite well on the A31. On the A33, hangs have been observed after cpufreq was recently introduced. With the H3, a more thorough test [1] showed that reparenting alone isn't enough. The system still locks up unless the dividers are limited to 1. A hunch was if the PLL was stuck in some unknown state, perhaps gating then ungating it would bring it back to normal. Tests done by Icenowy Zheng using Ondrej's test firmware shows this to be a valid solution. [1] http://www.spinics.net/lists/arm-kernel/msg552501.html Reported-by: Ondrej Jirman Signed-off-by: Chen-Yu Tsai Tested-by: Icenowy Zheng Tested-by: Quentin Schulz Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/ccu_common.c | 49 +++++++++++++++++++++++++++++++++++++++ drivers/clk/sunxi-ng/ccu_common.h | 12 ++++++++++ 2 files changed, 61 insertions(+) commit e87741ac6c578b240409a8114b9350a58b0f9e93 Author: Tobias Regnery Date: Mon Apr 10 14:15:44 2017 +0200 clk: sunxi-ng: fix build failure in ccu-sun9i-a80 driver The ccu-sun9i-a80 driver uses the ccu_mult_ops struct, but unlike the other users it doesen't select the corresponding Kconfig symbol under which the struct is compiled in. This results in the following link error with CONFIG_SUN9I_A80_CCU=y and CONFIG_SUNXI_CCU_MULT=n: drivers/built-in.o:(.data+0x2d638): undefined reference to 'ccu_mult_ops' Fix this by explicitly selecting CONFIG_SUNXI_CCU_MULT like the other users of the struct. Signed-off-by: Tobias Regnery Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/Kconfig | 1 + 1 file changed, 1 insertion(+) commit aa01338c018469274848a973bcbd287ef341937c Author: Tobias Regnery Date: Mon Mar 27 11:57:53 2017 +0200 clk: sunxi-ng: fix build error without CONFIG_RESET_CONTROLLER With CONFIG_RESET_CONTROLLER=n we get the following link error in the sunxi-ng clk driver: drivers/built-in.o: In function `sunxi_ccu_probe': mux-core.c:(.text+0x12fe68): undefined reference to 'reset_controller_register' mux-core.c:(.text+0x12fe68): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol 'reset_controller_register' Fix this by adding the appropriate select statement. Signed-off-by: Tobias Regnery Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/Kconfig | 1 + 1 file changed, 1 insertion(+) commit ee921c762cf90652add60ebacb5b90636ac108df Merge: 827c30a 2ca62d8 Author: Linus Torvalds Date: Wed Apr 12 23:36:23 2017 -0700 Merge tag 'drm-fixes-for-v4.11-rc7' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "i915, gvt, nouveau, udl and etnaviv fixes. I was away the end of last week, so some of these would have been in rc6, and it's Easter from tomorrow, so I decided I better dequeue what I have now. The nouveau changes, just add a hw enable for GP107 display (like a pci id addition really), and fix a couple of regressions. i915 has some more gvt fixes, along with a few run of the mill ones, the rcu one seems like a few people have hit it. Otherwise a small udl and small etnaviv fix" * tag 'drm-fixes-for-v4.11-rc7' of git://people.freedesktop.org/~airlied/linux: (22 commits) drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit() drm/udl: Fix unaligned memory access in udl_render_hline drm/i915: Don't call synchronize_rcu_expedited under struct_mutex drm/i915: Suspend GuC prior to GPU Reset during GEM suspend drm/nouveau: initial support (display-only) for GP107 drm/nouveau/kms/nv50: fix double dma_fence_put() when destroying plane state drm/nouveau/kms/nv50: fix setting of HeadSetRasterVertBlankDmi method drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one drm/nouveau/mpeg: mthd returns true on success now drm/i915/gvt: set the correct default value of CTX STATUS PTR drm/i915/gvt: Fix firmware loading interface for GVT-g golden HW state drm/i915: Use a dummy timeline name for a signaled fence drm/i915: Ironlake do_idle_maps w/a may be called w/o struct_mutex drm/i915/gvt: remove the redundant info NULL check drm/i915/gvt: adjust mem size for low resolution type drm/i915: Avoid lock dropping between rescheduling drm/i915/gvt: exclude cfg space from failsafe mode drm/i915/gvt: Activate/de-activate vGPU in mdev ops. drm/i915/execlists: Wrap tail pointer after reset tweaking drm/i915/perf: remove user triggerable warn ... commit 827c30a758392d00ce46d5d0c0a243cdecf5826e Merge: b9b3322 a900152 Author: Linus Torvalds Date: Wed Apr 12 23:29:45 2017 -0700 Merge tag 'pwm/for-4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm fixes from Thierry Reding: "This contain a fix for the atomic update support recently added to the Rockchip driver where the clock reference count would become unbalanced and result in the clock feeding the PWM to always be disabled. Another fix to the Intel LPSS driver that adds an update bit quirk required for a specific configuration" * tag 'pwm/for-4.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: pwm: rockchip: State of PWM clock should synchronize with PWM enabled state pwm: lpss: Set enable-bit before waiting for update-bit to go low pwm: lpss: Split Tangier configuration commit 6f6266a561306e206e0e31a5038f029b6a7b1d89 Author: Omar Sandoval Date: Wed Apr 12 16:27:19 2017 +0100 x86/efi: Don't try to reserve runtime regions Reserving a runtime region results in splitting the EFI memory descriptors for the runtime region. This results in runtime region descriptors with bogus memory mappings, leading to interesting crashes like the following during a kexec: general protection fault: 0000 [#1] SMP Modules linked in: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.11.0-rc1 #53 Hardware name: Wiwynn Leopard-Orv2/Leopard-DDR BW, BIOS LBM05 09/30/2016 RIP: 0010:virt_efi_set_variable() ... Call Trace: efi_delete_dummy_variable() efi_enter_virtual_mode() start_kernel() ? set_init_arg() x86_64_start_reservations() x86_64_start_kernel() start_cpu() ... Kernel panic - not syncing: Fatal exception Runtime regions will not be freed and do not need to be reserved, so skip the memmap modification in this case. Signed-off-by: Omar Sandoval Signed-off-by: Matt Fleming Cc: # v4.9+ Cc: Ard Biesheuvel Cc: Dave Young Cc: Linus Torvalds Cc: Peter Jones Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Fixes: 8e80632fb23f ("efi/esrt: Use efi_mem_reserve() and avoid a kmalloc()") Link: http://lkml.kernel.org/r/20170412152719.9779-2-matt@codeblueprint.co.uk Signed-off-by: Ingo Molnar arch/x86/platform/efi/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) commit f406270bf73d71ea7b35ee3f7a08a44f6594c9b1 Author: Rafael J. Wysocki Date: Tue Apr 11 00:23:42 2017 +0200 ACPI / scan: Set the visited flag for all enumerated devices Commit 10c7e20b2ff3 (ACPI / scan: fix enumeration (visited) flags for bus rescans) attempted to fix a problem with ACPI-based enumerateion of I2C/SPI devices, but it forgot to ensure that the visited flag will be set for all of the other enumerated devices, so fix that. Fixes: 10c7e20b2ff3 (ACPI / scan: fix enumeration (visited) flags for bus rescans) Link: https://bugzilla.kernel.org/show_bug.cgi?id=194885 Reported-and-tested-by: Kevin Locke Signed-off-by: Rafael J. Wysocki Reviewed-by: Mika Westerberg Cc: 4.8+ # 4.8+ drivers/acpi/scan.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit c4a3fa261b16858416f1fd7db03a33d7ef5fc0b3 Author: Chen Yu Date: Sun Apr 9 13:45:16 2017 +0800 cpufreq: Bring CPUs up even if cpufreq_online() failed There is a report that after commit 27622b061eb4 ("cpufreq: Convert to hotplug state machine"), the normal CPU offline/online cycle fails on some platforms. According to the ftrace result, this problem was triggered on platforms using acpi-cpufreq as the default cpufreq driver, and due to the lack of some ACPI freq method (eg. _PCT), cpufreq_online() failed and returned a negative value, so the CPU hotplug state machine rolled back the CPU online process. Actually, from the user's perspective, the failure of cpufreq_online() should not prevent that CPU from being brought up, although cpufreq might not work on that CPU. BTW, during system startup cpufreq_online() is not invoked via CPU online but by the cpufreq device creation process, so the APs can be brought up even though cpufreq_online() fails in that stage. This patch ignores the return value of cpufreq_online/offline() and lets the cpufreq framework deal with the failure. cpufreq_online() itself will do a proper rollback in that case and if _PCT is missing, the ACPI cpufreq driver will print a warning if the corresponding debug options have been enabled. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=194581 Fixes: 27622b061eb4 ("cpufreq: Convert to hotplug state machine") Reported-and-tested-by: Tomasz Maciej Nowak Signed-off-by: Chen Yu Acked-by: Viresh Kumar Cc: 4.9+ # 4.9+ Signed-off-by: Rafael J. Wysocki drivers/cpufreq/cpufreq.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit 5f9bf02a58f0f62d111994805212d0a775499862 Author: Len Brown Date: Sat Mar 4 17:26:29 2017 -0500 tools/power turbostat: update version number Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 95149369c1c28b10f7318dfde54018ab107277d0 Author: Len Brown Date: Wed Apr 12 19:44:51 2017 -0400 tools/power turbostat: fix impossibly large CPU%c1 value Most CPUs do not have a hardware c1 counter, and so turbostat derives c1 residency: c1 = TSC - MPERF - other_core_cstate_counters As it is not possible to atomically read these coutners, measurement jitter can case this calcuation to "go negative" when very close to 0. Turbostat detect that case and simply prints c1 = 0.00% But that check neglected to account for systems where the TSC crystal clock domain and the MPERF BCLK domain are differ by a small amount. That allowed very small negative c1 numbers to escape this check and be printed as huge positve numbers. This code begs for a bit of cleanup, but this patch is the minimal change to fix the issue. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ab23d1146a8e7bd045507fe8a380827dc03e056d Author: Doug Smythies Date: Sat Mar 4 14:48:49 2017 -0800 tools/power turbostat: turbostat.8 add missing column definitions Add GFX%rc6 and GFXMHz to the column descriptions section of the turbostat man page. Signed-off-by: Doug Smythies Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 2 ++ 1 file changed, 2 insertions(+) commit 6dbd25a24599db07d88a805615bad1f4d48a5749 Author: Len Brown Date: Sat Mar 4 18:18:28 2017 -0500 tools/power turbostat: update HWP dump to decimal from hex Syntax only. The HWP CAPABILTIES and REQUEST ratios are more easily viewed in decimal -- just multiply by 100 and you get MHz... new: cpu0: MSR_HWP_CAPABILITIES: 0x010c1b23 (high 35 guar 27 eff 12 low 1) cpu0: MSR_HWP_REQUEST: 0x80002301 (min 1 max 35 des 0 epp 0x80 window 0x0 pkg 0x0) old: cpu0: MSR_HWP_CAPABILITIES: 0x010c1b23 (high 0x23 guar 0x1b eff 0xc low 0x1) cpu0: MSR_HWP_REQUEST: 0x80002301 (min 0x1 max 0x23 des 0x0 epp 0x80 window 0x0 pkg 0x0) Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f4896fa502b81c5bce93f375bd17b14725c01826 Author: Len Brown Date: Sat Mar 4 18:10:45 2017 -0500 tools/power turbostat: enable package THERM_INTERRUPT dump cpu0: MSR_IA32_TEMPERATURE_TARGET: 0x00641400 (100 C) cpu0: MSR_IA32_PACKAGE_THERM_STATUS: 0x884b0800 (25 C) cpu0: MSR_IA32_PACKAGE_THERM_INTERRUPT: 0x00000003 (100 C, 100 C) Enable the same per-core output, but hide it behind --debug because it is too verbose on big systems. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit 818249216d7dc9340a7d2332f6d07b462e818ee5 Author: Len Brown Date: Sat Mar 4 17:23:07 2017 -0500 tools/power turbostat: show missing Core and GFX power on SKL and KBL While the current SDM is silent on the matter, the Core and GFX RAPL power meters on SKL and KBL appear to work -- so show them. Reported-by: Yaroslav Isakov Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 2ca62d8a606a95e098799f128f6a40a6300d2a2a Merge: 88b0b92 da2ba56 Author: Dave Airlie Date: Thu Apr 13 09:56:05 2017 +1000 Merge branch 'linux-4.11' of git://github.com/skeggsb/linux into drm-fixes GP107 modesetting support (just recognising the chipset, no other changes until 4.12) a couple of regression fixes, one of them a rather serious double-free issue that appeared in 4.10. * 'linux-4.11' of git://github.com/skeggsb/linux: drm/nouveau: initial support (display-only) for GP107 drm/nouveau/kms/nv50: fix double dma_fence_put() when destroying plane state drm/nouveau/kms/nv50: fix setting of HeadSetRasterVertBlankDmi method drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one drm/nouveau/mpeg: mthd returns true on success now commit 88b0b92bdaadfc43b11dc4172219ff0972673790 Merge: 97d93f3 c053b5a Author: Dave Airlie Date: Thu Apr 13 09:13:04 2017 +1000 Merge tag 'drm-intel-fixes-2017-04-12' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes drm/i915 fixes for v4.11-rc7 one rcu related fix, and a few GVT fixes. * tag 'drm-intel-fixes-2017-04-12' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: Don't call synchronize_rcu_expedited under struct_mutex drm/i915: Suspend GuC prior to GPU Reset during GEM suspend drm/i915/gvt: set the correct default value of CTX STATUS PTR drm/i915/gvt: Fix firmware loading interface for GVT-g golden HW state drm/i915: Use a dummy timeline name for a signaled fence drm/i915: Ironlake do_idle_maps w/a may be called w/o struct_mutex drm/i915/gvt: remove the redundant info NULL check drm/i915/gvt: adjust mem size for low resolution type drm/i915: Avoid lock dropping between rescheduling drm/i915/gvt: exclude cfg space from failsafe mode drm/i915/gvt: Activate/de-activate vGPU in mdev ops. drm/i915/execlists: Wrap tail pointer after reset tweaking drm/i915/perf: remove user triggerable warn drm/i915/perf: destroy stream on sample_flags mismatch drm/i915: Align "unfenced" tiled access on gen2, early gen3 commit 97d93f35493f39c2b79e3379b30c17a2d00ec19d Merge: c7aae62 0c45b36 Author: Dave Airlie Date: Thu Apr 13 09:12:26 2017 +1000 Merge tag 'drm-misc-fixes-2017-04-11' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes drm-misc-fixes for 2017-04-11 Core changes: - None Driver changes - udl: Fix unaligned memory access on SPARC (Jonathan) * tag 'drm-misc-fixes-2017-04-11' of git://anongit.freedesktop.org/git/drm-misc: drm/udl: Fix unaligned memory access in udl_render_hline commit c7aae6221f73312bb66464c353eb45d91433aea1 Merge: 39da7c5 45abdf3 Author: Dave Airlie Date: Thu Apr 13 09:11:24 2017 +1000 Merge branch 'etnaviv/fixes' of https://git.pengutronix.de/git/lst/linux into drm-fixes Single etnaviv error path fix. * 'etnaviv/fixes' of https://git.pengutronix.de/git/lst/linux: drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit() commit edb0b6a0b4490014924d56c4c7117c7c8fc608ca Author: Mathias Kresin Date: Sun Mar 26 19:05:36 2017 +0200 MIPS: PCI: add controllers before the specified head With commit 23dac14d058f ("MIPS: PCI: Use struct list_head lists") new controllers are added after the specified head where they where added before the specified head previously. Use list_add_tail to restore the former order. This patches fixes the following PCI error on lantiq: pci 0000:01:00.0: BAR 0: error updating (0x1c000004 != 0x000000) Fixes: 23dac14d058f ("MIPS: PCI: Use struct list_head lists") Signed-off-by: Mathias Kresin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15808/ Signed-off-by: Ralf Baechle arch/mips/pci/pci-legacy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 11e63f6d920d6f2dfd3cd421e939a4aec9a58dcd Author: Dan Williams Date: Thu Apr 6 09:04:31 2017 -0700 x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions Before we rework the "pmem api" to stop abusing __copy_user_nocache() for memcpy_to_pmem() we need to fix cases where we may strand dirty data in the cpu cache. The problem occurs when copy_from_iter_pmem() is used for arbitrary data transfers from userspace. There is no guarantee that these transfers, performed by dax_iomap_actor(), will have aligned destinations or aligned transfer lengths. Backstop the usage __copy_user_nocache() with explicit cache management in these unaligned cases. Yes, copy_from_iter_pmem() is now too big for an inline, but addressing that is saved for a later patch that moves the entirety of the "pmem api" into the pmem driver directly. Fixes: 5de490daec8b ("pmem: add copy_from_iter_pmem() and clear_pmem()") Cc: Cc: Cc: Jan Kara Cc: Jeff Moyer Cc: Ingo Molnar Cc: Christoph Hellwig Cc: "H. Peter Anvin" Cc: Al Viro Cc: Thomas Gleixner Cc: Matthew Wilcox Reviewed-by: Ross Zwisler Signed-off-by: Toshi Kani Signed-off-by: Dan Williams arch/x86/include/asm/pmem.h | 42 +++++++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 11 deletions(-) commit 956a4cd2c957acf638ff29951aabaa9d8e92bbc2 Author: Dan Williams Date: Fri Apr 7 16:42:08 2017 -0700 device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation The following warning triggers with a new unit test that stresses the device-dax interface. =============================== [ ERR: suspicious RCU usage. ] 4.11.0-rc4+ #1049 Tainted: G O ------------------------------- ./include/linux/rcupdate.h:521 Illegal context switch in RCU read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 2 locks held by fio/9070: #0: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x167/0x4f0 #1: (rcu_read_lock){......}, at: [] dax_dev_huge_fault+0x32/0x620 [dax] Call Trace: dump_stack+0x86/0xc3 lockdep_rcu_suspicious+0xd7/0x110 ___might_sleep+0xac/0x250 __might_sleep+0x4a/0x80 __alloc_pages_nodemask+0x23a/0x360 alloc_pages_current+0xa1/0x1f0 pte_alloc_one+0x17/0x80 __pte_alloc+0x1e/0x120 __get_locked_pte+0x1bf/0x1d0 insert_pfn.isra.70+0x3a/0x100 ? lookup_memtype+0xa6/0xd0 vm_insert_mixed+0x64/0x90 dax_dev_huge_fault+0x520/0x620 [dax] ? dax_dev_huge_fault+0x32/0x620 [dax] dax_dev_fault+0x10/0x20 [dax] __do_fault+0x1e/0x140 __handle_mm_fault+0x9af/0x10d0 handle_mm_fault+0x16d/0x370 ? handle_mm_fault+0x47/0x370 __do_page_fault+0x28c/0x4f0 trace_do_page_fault+0x58/0x2a0 do_async_page_fault+0x1a/0xa0 async_page_fault+0x28/0x30 Inserting a page table entry may trigger an allocation while we are holding a read lock to keep the device instance alive for the duration of the fault. Use srcu for this keep-alive protection. Fixes: dee410792419 ("/dev/dax, core: file operations and dax-mmap") Cc: Signed-off-by: Dan Williams drivers/dax/Kconfig | 1 + drivers/dax/dax.c | 13 +++++++------ 2 files changed, 8 insertions(+), 6 deletions(-) commit 162b270c664dca2e0944308e92f9fcc887151a72 Author: James Hogan Date: Thu Mar 30 16:06:02 2017 +0100 MIPS: KGDB: Use kernel context for sleeping threads KGDB is a kernel debug stub and it can't be used to debug userland as it can only safely access kernel memory. On MIPS however KGDB has always got the register state of sleeping processes from the userland register context at the beginning of the kernel stack. This is meaningless for kernel threads (which never enter userland), and for user threads it prevents the user seeing what it is doing while in the kernel: (gdb) info threads Id Target Id Frame ... 3 Thread 2 (kthreadd) 0x0000000000000000 in ?? () 2 Thread 1 (init) 0x000000007705c4b4 in ?? () 1 Thread -2 (shadowCPU0) 0xffffffff8012524c in arch_kgdb_breakpoint () at arch/mips/kernel/kgdb.c:201 Get the register state instead from the (partial) kernel register context stored in the task's thread_struct for resume() to restore. All threads now correctly appear to be in context_switch(): (gdb) info threads Id Target Id Frame ... 3 Thread 2 (kthreadd) context_switch (rq=, cookie=..., next=, prev=0x0) at kernel/sched/core.c:2903 2 Thread 1 (init) context_switch (rq=, cookie=..., next=, prev=0x0) at kernel/sched/core.c:2903 1 Thread -2 (shadowCPU0) 0xffffffff8012524c in arch_kgdb_breakpoint () at arch/mips/kernel/kgdb.c:201 Call clobbered registers which aren't saved and exception registers (BadVAddr & Cause) which can't be easily determined without stack unwinding are reported as 0. The PC is taken from the return address, such that the state presented matches that found immediately after returning from resume(). Fixes: 8854700115ec ("[MIPS] kgdb: add arch support for the kernel's kgdb core") Signed-off-by: James Hogan Cc: Jason Wessel Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15829/ Signed-off-by: Ralf Baechle arch/mips/kernel/kgdb.c | 48 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 15 deletions(-) commit bac06cf0fb9dfd79877a4eaa2ec7c09a6b853ffa Author: Matt Redfearn Date: Fri Mar 31 11:51:08 2017 +0100 MIPS: smp-cps: Fix potentially uninitialised value of core Turning on DEBUG in smp-cps.c, or compiling the kernel with CONFIG_DYNAMIC_DEBUG enabled results the build error: arch/mips/kernel/smp-cps.c: In function 'play_dead': ./include/linux/dynamic_debug.h:126:3: error: 'core' may be used uninitialized in this function [-Werror=maybe-uninitialized] Fix this by always initialising the variable. Fixes: 0d2808f338c7 ("MIPS: smp-cps: Add support for CPU hotplug of MIPSr6 processors") Signed-off-by: Matt Redfearn Cc: James Hogan Cc: Masahiro Yamada Cc: Paul Burton Cc: Ingo Molnar Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15848/ Signed-off-by: Ralf Baechle arch/mips/kernel/smp-cps.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit a4866aa812518ed1a37d8ea0c881dc946409de94 Author: Kees Cook Date: Wed Apr 5 09:39:08 2017 -0700 mm: Tighten x86 /dev/mem with zeroing reads Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is disallowed. However, on x86, the first 1MB was always allowed for BIOS and similar things, regardless of it actually being System RAM. It was possible for heap to end up getting allocated in low 1MB RAM, and then read by things like x86info or dd, which would trip hardened usercopy: usercopy: kernel memory exposure attempt detected from ffff880000090000 (dma-kmalloc-256) (4096 bytes) This changes the x86 exception for the low 1MB by reading back zeros for System RAM areas instead of blindly allowing them. More work is needed to extend this to mmap, but currently mmap doesn't go through usercopy, so hardened usercopy won't Oops the kernel. Reported-by: Tommi Rantala Tested-by: Tommi Rantala Signed-off-by: Kees Cook arch/x86/mm/init.c | 41 +++++++++++++++++++-------- drivers/char/mem.c | 82 ++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 82 insertions(+), 41 deletions(-) commit a2d6cbb0670d54806f18192cb0db266b4a6d285a Author: Rabin Vincent Date: Mon Apr 10 08:36:39 2017 +0200 ipv6: Fix idev->addr_list corruption addrconf_ifdown() removes elements from the idev->addr_list without holding the idev->lock. If this happens while the loop in __ipv6_dev_get_saddr() is handling the same element, that function ends up in an infinite loop: NMI watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [test:1719] Call Trace: ipv6_get_saddr_eval+0x13c/0x3a0 __ipv6_dev_get_saddr+0xe4/0x1f0 ipv6_dev_get_saddr+0x1b4/0x204 ip6_dst_lookup_tail+0xcc/0x27c ip6_dst_lookup_flow+0x38/0x80 udpv6_sendmsg+0x708/0xba8 sock_sendmsg+0x18/0x30 SyS_sendto+0xb8/0xf8 syscall_common+0x34/0x58 Fixes: 6a923934c33 (Revert "ipv6: Revert optional address flusing on ifdown.") Signed-off-by: Rabin Vincent Acked-by: David Ahern Signed-off-by: David S. Miller net/ipv6/addrconf.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit b9c1153f7a9cb2d53b845615a0edd510f7fe8341 Author: Dongdong Liu Date: Thu Mar 23 21:18:17 2017 +0800 PCI: hisi: Fix DT binding (hisi-pcie-almost-ecam) The "hisilicon,pcie-almost-ecam" binding goes against the usual DT conventions, and is non-sensical in that it describes the IP based on what it isn't. Fix the DT binding with "hisilicon,hip06-pcie-ecam" and "hisilicon,hip07-pcie-ecam". Signed-off-by: Mark Rutland Signed-off-by: Dongdong Liu Signed-off-by: Bjorn Helgaas Documentation/devicetree/bindings/pci/hisilicon-pcie.txt | 10 ++++++++-- drivers/pci/dwc/pcie-hisi.c | 6 +++++- 2 files changed, 13 insertions(+), 3 deletions(-) commit 45abdf35cf82e4270328c7237e7812de960ac560 Author: Wei Yongjun Date: Wed Apr 12 00:31:16 2017 +0000 drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit() Add the missing unlock before return from function etnaviv_gpu_submit() in the error handling case. lst: fixed label name. Fixes: f3cd1b064f11 ("drm/etnaviv: (re-)protect fence allocation with GPU mutex") CC: stable@vger.kernel.org #4.9+ Signed-off-by: Wei Yongjun Signed-off-by: Lucas Stach drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit ec62a3bd84df90a19b7d59d032fa807bbfea7cbb Author: Matt Redfearn Date: Fri Mar 31 11:51:33 2017 +0100 MIPS: KASLR: Add missing header files After the split of linux/sched.h, KASLR stopped building. Fix this by including the correct header file for init_thread_union Signed-off-by: Matt Redfearn Cc: James Hogan Cc: Marcin Nowakowski Cc: Steven J. Hill Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15849/ Signed-off-by: Ralf Baechle arch/mips/kernel/relocate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit df7dd8fc965c665e83b71a649378cdf200ff36df Author: Johannes Berg Date: Wed Apr 12 09:32:07 2017 +0200 net: xdp: don't export dev_change_xdp_fd() Since dev_change_xdp_fd() is only used in rtnetlink, which must be built-in, there's no reason to export dev_change_xdp_fd(). Signed-off-by: Johannes Berg Acked-by: Daniel Borkmann Signed-off-by: David S. Miller net/core/dev.c | 1 - 1 file changed, 1 deletion(-) commit 0e1bfea999daa27c801b19617a6ef8b8ec4adc75 Merge: 0917ac4 785a470 Author: James Bottomley Date: Wed Apr 12 07:29:17 2017 -0700 Merge remote-tracking branch 'mkp-scsi/4.11/scsi-fixes' into fixes commit c46f59e90226fa5bfcc83650edebe84ae47d454b Author: James Cowgill Date: Tue Apr 11 13:51:07 2017 +0100 MIPS: Avoid BUG warning in arch_check_elf arch_check_elf contains a usage of current_cpu_data that will call smp_processor_id() with preemption enabled and therefore triggers a "BUG: using smp_processor_id() in preemptible" warning when an fpxx executable is loaded. As a follow-up to commit b244614a60ab ("MIPS: Avoid a BUG warning during prctl(PR_SET_FP_MODE, ...)"), apply the same fix to arch_check_elf by using raw_current_cpu_data instead. The rationale quoted from the previous commit: "It is assumed throughout the kernel that if any CPU has an FPU, then all CPUs would have an FPU as well, so it is safe to perform the check with preemption enabled - change the code to use raw_ variant of the check to avoid the warning." Fixes: 46490b572544 ("MIPS: kernel: elf: Improve the overall ABI and FPU mode checks") Signed-off-by: James Cowgill CC: # 4.0+ Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15951/ Signed-off-by: Ralf Baechle arch/mips/kernel/elf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e0211327f068901ce654ba78951c35bc69fdc1de Author: James Cowgill Date: Tue Apr 11 13:51:08 2017 +0100 MIPS: Fix modversioning of _mcount symbol In commit 827456e71036 ("MIPS: Export _mcount alongside its definition") the EXPORT_SYMBOL macro exporting _mcount was moved from C code into assembly. Unlike C, exported assembly symbols need to have a function prototype in asm/asm-prototypes.h for modversions to work properly. Without this, modpost prints out this warning: WARNING: EXPORT symbol "_mcount" [vmlinux] version generation failed, symbol will not be versioned. Fix by including asm/ftrace.h (where _mcount is declared) in asm/asm-prototypes.h. Fixes: 827456e71036 ("MIPS: Export _mcount alongside its definition") Signed-off-by: James Cowgill Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15952/ Signed-off-by: Ralf Baechle arch/mips/include/asm/asm-prototypes.h | 1 + 1 file changed, 1 insertion(+) commit b9b3322f13f350587f17f0a76f008830e3a420d3 Merge: 025def9 264d509 Author: Linus Torvalds Date: Wed Apr 12 00:02:33 2017 -0700 Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit Pull audit fix from Paul Moore: "One more small audit fix, this should be the last for v4.11. Seth Forshee noticed a problem where the audit retry queue wasn't being flushed properly when audit was enabled and the audit daemon wasn't running; this patches fixes the problem (see the commit description for more details on the change). Both Seth and I have tested this and everything looks good" * 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit: audit: make sure we don't let the retry queue grow without bounds commit 025def92dd6b5b84b0d6d9069e2bb24e51e48c17 Merge: 06ea4c3 a5d68ba Author: Linus Torvalds Date: Tue Apr 11 23:51:58 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending Pull SCSI target fixes from Nicholas Bellinger: "There has been work in a number of different areas over the last weeks, including: - Fix target-core-user (TCMU) back-end bi-directional handling (Xiubo Li + Mike Christie + Ilias Tsitsimpis) - Fix iscsi-target TMR reference leak during session shutdown (Rob Millner + Chu Yuan Lin) - Fix target_core_fabric_configfs.c race between LUN shutdown + mapped LUN creation (James Shen) - Fix target-core unknown fabric callback queue-full errors (Potnuri Bharat Teja) - Fix iscsi-target + iser-target queue-full handling in order to support iw_cxgb4 RNICs. (Potnuri Bharat Teja + Sagi Grimberg) - Fix ALUA transition state race between multiple initiator (Mike Christie) - Drop work-around for legacy GlobalSAN initiator, to allow QLogic 57840S + 579xx offload HBAs to work out-of-the-box in MSFT environments. (Martin Svec + Arun Easi) Note that a number are CC'ed for stable, and although the queue-full bug-fixes required for iser-target to work with iw_cxgb4 aren't CC'ed here, they'll be posted to Greg-KH separately" * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case iscsi-target: Drop work-around for legacy GlobalSAN initiator target: Fix ALUA transition state race between multiple initiators iser-target: avoid posting a recv buffer twice iser-target: Fix queue-full response handling iscsi-target: Propigate queue_data_in + queue_status errors target: Fix unknown fabric callback queue-full errors tcmu: Fix wrongly calculating of the base_command_size tcmu: Fix possible overwrite of t_data_sg's last iov[] target: Avoid mappedlun symlink creation during lun shutdown iscsi-target: Fix TMR reference leak during session shutdown usb: gadget: Correct usb EP argument for BOT status request tcmu: Allow cmd_time_out to be set to zero (disabled) commit 06ea4c38bce80f3eb99b01d7c17419eb1a49fec2 Merge: af94bdf bfb0b80 Author: Linus Torvalds Date: Tue Apr 11 23:38:16 2017 -0700 Merge branch 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup fixes from Tejun Heo: "This contains fixes for two long standing subtle bugs: - kthread_bind() on a new kthread binds it to specific CPUs and prevents userland from messing with the affinity or cgroup membership. Unfortunately, for cgroup membership, there's a window between kthread creation and kthread_bind*() invocation where the kthread can be moved into a non-root cgroup by userland. Depending on what controllers are in effect, this can assign the kthread unexpected attributes. For example, in the reported case, workqueue workers ended up in a non-root cpuset cgroups and had their CPU affinities overridden. This broke workqueue invariants and led to workqueue stalls. Fixed by closing the window between kthread creation and kthread_bind() as suggested by Oleg. - There was a bug in cgroup mount path which could allow two competing mount attempts to attach the same cgroup_root to two different superblocks. This was caused by mishandling return value from kernfs_pin_sb(). Fixed" * 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: cgroup: avoid attaching a cgroup root to two different superblocks cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups commit af94bdfa798b7da92cc82609acca61a287a004a4 Merge: fe251c4 3cf8645 Author: Linus Torvalds Date: Tue Apr 11 23:36:46 2017 -0700 Merge branch 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata fixes from Tejun Heo: "Two libata fixes. One to disable hotplug on VT6420 which never worked properly. The other reverts an earlier patch which disabled the second port on SB600/700. There were some confusions due to earlier datasheets which incorrectly indicated that the second port is not implemented on both SB600 and 700" * 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: sata_via: Enable hotplug only on VT6421 Revert "pata_atiixp: Don't use unconnected secondary port on SB600/SB700" commit fe251c4b9a272af45983ebc7dd538789e78fcf2e Merge: c08e611 84379d8 Author: Linus Torvalds Date: Tue Apr 11 23:35:14 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - revert of a commit that switched all Synaptics touchpads over to be driven by hid-rmi. It turns out that this caused several user-visible regressions, and therefore we revert back to the original state before all the reported issues have been fixed. - a new uclogic device ID addition, from Xiaolei Yu. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: Revert "HID: rmi: Handle all Synaptics touchpads using hid-rmi" HID: uclogic: add support for Ugee Tablet EX07S commit a8f60d1fadf7b8b54449fcc9d6b15248917478ba Author: Christian Borntraeger Date: Sun Apr 9 22:09:38 2017 +0200 s390/mm: fix CMMA vs KSM vs others On heavy paging with KSM I see guest data corruption. Turns out that KSM will add pages to its tree, where the mapping return true for pte_unused (or might become as such later). KSM will unmap such pages and reinstantiate with different attributes (e.g. write protected or special, e.g. in replace_page or write_protect_page)). This uncovered a bug in our pagetable handling: We must remove the unused flag as soon as an entry becomes present again. Cc: stable@vger.kernel.org Signed-of-by: Christian Borntraeger Signed-off-by: Martin Schwidefsky arch/s390/include/asm/pgtable.h | 2 ++ 1 file changed, 2 insertions(+) commit fc9c89b19c56813434c3d2967652a4fa6906926a Merge: 96a94cc 5b8d542 Author: David S. Miller Date: Tue Apr 11 22:22:45 2017 -0400 Merge branch 'bridge-register-netdev-before-changelink' Ido Schimmel says: ==================== bridge: Fix kernel oops during bridge creation First patch adds a missing ndo_uninit() in the bridge driver, which is a prerequisite for the second patch that actually fixes the oops. Please consider both patches for 4.4.y, 4.9.y and 4.10.y ==================== Signed-off-by: David S. Miller commit 5b8d5429daa05bebef6ffd3297df3b502cc6f184 Author: Ido Schimmel Date: Mon Apr 10 14:59:28 2017 +0300 bridge: netlink: register netdevice before executing changelink Peter reported a kernel oops when executing the following command: $ ip link add name test type bridge vlan_default_pvid 1 [13634.939408] BUG: unable to handle kernel NULL pointer dereference at 0000000000000190 [13634.939436] IP: __vlan_add+0x73/0x5f0 [...] [13634.939783] Call Trace: [13634.939791] ? pcpu_next_unpop+0x3b/0x50 [13634.939801] ? pcpu_alloc+0x3d2/0x680 [13634.939810] ? br_vlan_add+0x135/0x1b0 [13634.939820] ? __br_vlan_set_default_pvid.part.28+0x204/0x2b0 [13634.939834] ? br_changelink+0x120/0x4e0 [13634.939844] ? br_dev_newlink+0x50/0x70 [13634.939854] ? rtnl_newlink+0x5f5/0x8a0 [13634.939864] ? rtnl_newlink+0x176/0x8a0 [13634.939874] ? mem_cgroup_commit_charge+0x7c/0x4e0 [13634.939886] ? rtnetlink_rcv_msg+0xe1/0x220 [13634.939896] ? lookup_fast+0x52/0x370 [13634.939905] ? rtnl_newlink+0x8a0/0x8a0 [13634.939915] ? netlink_rcv_skb+0xa1/0xc0 [13634.939925] ? rtnetlink_rcv+0x24/0x30 [13634.939934] ? netlink_unicast+0x177/0x220 [13634.939944] ? netlink_sendmsg+0x2fe/0x3b0 [13634.939954] ? _copy_from_user+0x39/0x40 [13634.939964] ? sock_sendmsg+0x30/0x40 [13634.940159] ? ___sys_sendmsg+0x29d/0x2b0 [13634.940326] ? __alloc_pages_nodemask+0xdf/0x230 [13634.940478] ? mem_cgroup_commit_charge+0x7c/0x4e0 [13634.940592] ? mem_cgroup_try_charge+0x76/0x1a0 [13634.940701] ? __handle_mm_fault+0xdb9/0x10b0 [13634.940809] ? __sys_sendmsg+0x51/0x90 [13634.940917] ? entry_SYSCALL_64_fastpath+0x1e/0xad The problem is that the bridge's VLAN group is created after setting the default PVID, when registering the netdevice and executing its ndo_init(). Fix this by changing the order of both operations, so that br_changelink() is only processed after the netdevice is registered, when the VLAN group is already initialized. Fixes: b6677449dff6 ("bridge: netlink: call br_changelink() during br_dev_newlink()") Signed-off-by: Nikolay Aleksandrov Signed-off-by: Ido Schimmel Reported-by: Peter V. Saveliev Tested-by: Peter V. Saveliev Signed-off-by: David S. Miller net/bridge/br_netlink.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit b6fe0440c63716e09cfc0d1484e3898a0f29d1d1 Author: Ido Schimmel Date: Mon Apr 10 14:59:27 2017 +0300 bridge: implement missing ndo_uninit() While the bridge driver implements an ndo_init(), it was missing a symmetric ndo_uninit(), causing the different de-initialization operations to be scattered around its dellink() and destructor(). Implement a symmetric ndo_uninit() and remove the overlapping operations from its dellink() and destructor(). This is a prerequisite for the next patch, as it allows us to have a proper cleanup upon changelink() failure during the bridge's newlink(). Fixes: b6677449dff6 ("bridge: netlink: call br_changelink() during br_dev_newlink()") Signed-off-by: Nikolay Aleksandrov Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller net/bridge/br_device.c | 20 +++++++++++--------- net/bridge/br_if.c | 1 - net/bridge/br_multicast.c | 7 +++++-- net/bridge/br_private.h | 5 +++++ 4 files changed, 21 insertions(+), 12 deletions(-) commit 785a470496d8e0a32e3d39f376984eb2c98ca5b3 Author: Mauricio Faria de Oliveira Date: Tue Apr 11 11:46:04 2017 -0300 scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION On a dual controller setup with multipath enabled, some MEDIUM ERRORs caused both paths to be failed, thus I/O got queued/blocked since the 'queue_if_no_path' feature is enabled by default on IPR controllers. This example disabled 'queue_if_no_path' so the I/O failure is seen at the sg_dd program. Notice that after the sg_dd test-case, both paths are in 'failed' state, and both path/priority groups are in 'enabled' state (not 'active') -- which would block I/O with 'queue_if_no_path'. # sg_dd if=/dev/dm-2 bs=4096 count=1 dio=1 verbose=4 blk_sgio=0 <...> read(unix): count=4096, res=-1 sg_dd: reading, skip=0 : Input/output error <...> # dmesg [...] sd 2:2:16:0: [sds] FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE [...] sd 2:2:16:0: [sds] Sense Key : Medium Error [current] [...] sd 2:2:16:0: [sds] Add. Sense: Unrecovered read error - recommend rewrite the data [...] sd 2:2:16:0: [sds] CDB: Read(10) 28 00 00 00 00 00 00 00 20 00 [...] blk_update_request: I/O error, dev sds, sector 0 [...] device-mapper: multipath: Failing path 65:32. <...> [...] device-mapper: multipath: Failing path 65:224. # multipath -l 1IBM_IPR-0_59C2AE0000001F80 dm-2 IBM ,IPR-0 59C2AE00 size=5.2T features='0' hwhandler='1 alua' wp=rw |-+- policy='service-time 0' prio=0 status=enabled | `- 2:2:16:0 sds 65:32 failed undef running `-+- policy='service-time 0' prio=0 status=enabled `- 1:2:7:0 sdae 65:224 failed undef running This is not the desired behavior. The dm-multipath explicitly checks for the MEDIUM ERROR case (and a few others) so not to fail the path (e.g., I/O to other sectors could potentially happen without problems). See dm-mpath.c :: do_end_io_bio() -> noretry_error() !->! fail_path(). The problem trace is: 1) ipr_scsi_done() // SENSE KEY/CHECK CONDITION detected, go to.. 2) ipr_erp_start() // ipr_is_gscsi() and masked_ioasc OK, go to.. 3) ipr_gen_sense() // masked_ioasc is IPR_IOASC_MED_DO_NOT_REALLOC, // so set DID_PASSTHROUGH. 4) scsi_decide_disposition() // check for DID_PASSTHROUGH and return // early on, faking a DID_OK.. *instead* // of reaching scsi_check_sense(). // Had it reached the latter, that would // set host_byte to DID_MEDIUM_ERROR. 5) scsi_finish_command() 6) scsi_io_completion() 7) __scsi_error_from_host_byte() // That would be converted to -ENODATA <...> 8) dm_softirq_done() 9) multipath_end_io() 10) do_end_io() 11) noretry_error() // And that is checked in dm-mpath :: noretry_error() // which would cause fail_path() not to be called. With this patch applied, the I/O is failed but the paths are not. This multipath device continues accepting more I/O requests without blocking. (and notice the different host byte/driver byte handling per SCSI layer). # dmesg [...] sd 2:2:7:0: [sdaf] Done: SUCCESS Result: hostbyte=0x13 driverbyte=DRIVER_OK [...] sd 2:2:7:0: [sdaf] CDB: Read(10) 28 00 00 00 00 00 00 00 40 00 [...] sd 2:2:7:0: [sdaf] Sense Key : Medium Error [current] [...] sd 2:2:7:0: [sdaf] Add. Sense: Unrecovered read error - recommend rewrite the data [...] blk_update_request: critical medium error, dev sdaf, sector 0 [...] blk_update_request: critical medium error, dev dm-6, sector 0 [...] sd 2:2:7:0: [sdaf] Done: SUCCESS Result: hostbyte=0x13 driverbyte=DRIVER_OK [...] sd 2:2:7:0: [sdaf] CDB: Read(10) 28 00 00 00 00 00 00 00 10 00 [...] sd 2:2:7:0: [sdaf] Sense Key : Medium Error [current] [...] sd 2:2:7:0: [sdaf] Add. Sense: Unrecovered read error - recommend rewrite the data [...] blk_update_request: critical medium error, dev sdaf, sector 0 [...] blk_update_request: critical medium error, dev dm-6, sector 0 [...] Buffer I/O error on dev dm-6, logical block 0, async page read # multipath -l 1IBM_IPR-0_59C2AE0000001F80 1IBM_IPR-0_59C2AE0000001F80 dm-6 IBM ,IPR-0 59C2AE00 size=5.2T features='1 queue_if_no_path' hwhandler='1 alua' wp=rw |-+- policy='service-time 0' prio=0 status=active | `- 2:2:7:0 sdaf 65:240 active undef running `-+- policy='service-time 0' prio=0 status=enabled `- 1:2:7:0 sdh 8:112 active undef running Signed-off-by: Mauricio Faria de Oliveira Acked-by: Brian King Signed-off-by: Martin K. Petersen drivers/scsi/ipr.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 911e572e98656056ebbbb4274d8fe61434188646 Author: Guilherme G. Piccoli Date: Thu Apr 6 18:12:09 2017 -0300 scsi: aacraid: fix PCI error recovery path During a PCI error recovery, if aac_check_health() is not aware that a PCI error happened and we have an offline PCI channel, it might trigger some errors (like NULL pointer dereference) and inhibit the error recovery process to complete. This patch makes the health check procedure aware of PCI channel issues, and in case of error recovery process, the function aac_adapter_check_health() returns -1 and let the recovery process to complete successfully. This patch was tested on upstream kernel v4.11-rc5 in PowerPC ppc64le architecture with adapter 9005:028d (VID:DID) - the error recovery procedure was able to recover fine. Fixes: 5c63f7f710bd ("aacraid: Added EEH support") Cc: stable@vger.kernel.org # v4.6+ Signed-off-by: Guilherme G. Piccoli Reviewed-by: Dave Carroll Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/aacraid.h | 11 ++++++++--- drivers/scsi/aacraid/commsup.c | 3 ++- 2 files changed, 10 insertions(+), 4 deletions(-) commit 0718b334068475d5eac4e25f1a88981880917f1d Merge: c08e611 3c1a427 Author: Ingo Molnar Date: Tue Apr 11 21:41:39 2017 +0200 Merge tag 'perf-urgent-for-mingo-4.11-20170411' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull 'perf annotate' fix for s390: - The move to support cross arch annotation introduced per arch initialization requirements, fullfill them for s/390 (Christian Borntraeger) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit b6e38b2944f1153199becefb14ae3ee01778863e Author: Mousumi Jana Date: Tue Apr 11 13:06:22 2017 +0530 ASoC: topology: Fix to store enum text values Add missing enum texts store in soc_enum. Signed-off-by: Mousumi Jana Signed-off-by: Pardha Saradhi K Signed-off-by: Kranthikumar, GudishaX Signed-off-by: Subhransu S. Prusty Acked-by: Liam Girdwood Signed-off-by: Mark Brown sound/soc/soc-topology.c | 1 + 1 file changed, 1 insertion(+) commit a967efb30b3afa3d858edd6a17f544f9e9e46eea Author: Liu Bo Date: Mon Apr 10 12:36:26 2017 -0700 Btrfs: fix potential use-after-free for cloned bio KASAN reports that there is a use-after-free case of bio in btrfs_map_bio. If we need to submit IOs to several disks at a time, the original bio would get cloned and mapped to the destination disk, but we really should use the original bio instead of a cloned bio to do the sanity check because cloned bios are likely to be freed by its endio. Reported-by: Diego Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/volumes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 97bf5a5589aa3a59c60aa775fc12ec0483fc5002 Author: Liu Bo Date: Fri Apr 7 13:11:10 2017 -0700 Btrfs: fix segmentation fault when doing dio read Commit 2dabb3248453 ("Btrfs: Direct I/O read: Work on sectorsized blocks") introduced this bug during iterating bio pages in dio read's endio hook, and it could end up with segment fault of the dio reading task. So the reason is 'if (nr_sectors--)', and it makes the code assume that there is one more block in the same page, so page offset is increased and the bio which is created to repair the bad block then has an incorrect bvec.bv_offset, and a later access of the page content would throw a segmentation fault. This also adds ASSERT to check page offset against page size. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/inode.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 2e949b0a5592664f8b3eb3e2e48213f514892561 Author: Liu Bo Date: Wed Apr 5 14:04:19 2017 -0700 Btrfs: fix invalid dereference in btrfs_retry_endio When doing directIO repair, we have this oops: [ 1458.532816] general protection fault: 0000 [#1] SMP ... [ 1458.536291] Workqueue: btrfs-endio-repair btrfs_endio_repair_helper [btrfs] [ 1458.536893] task: ffff88082a42d100 task.stack: ffffc90002b3c000 [ 1458.537499] RIP: 0010:btrfs_retry_endio+0x7e/0x1a0 [btrfs] ... [ 1458.543261] Call Trace: [ 1458.543958] ? rcu_read_lock_sched_held+0xc4/0xd0 [ 1458.544374] bio_endio+0xed/0x100 [ 1458.544750] end_workqueue_fn+0x3c/0x40 [btrfs] [ 1458.545257] normal_work_helper+0x9f/0x900 [btrfs] [ 1458.545762] btrfs_endio_repair_helper+0x12/0x20 [btrfs] [ 1458.546224] process_one_work+0x34d/0xb70 [ 1458.546570] ? process_one_work+0x29e/0xb70 [ 1458.546938] worker_thread+0x1cf/0x960 [ 1458.547263] ? process_one_work+0xb70/0xb70 [ 1458.547624] kthread+0x17d/0x180 [ 1458.547909] ? kthread_create_on_node+0x70/0x70 [ 1458.548300] ret_from_fork+0x31/0x40 It turns out that btrfs_retry_endio is trying to get inode from a directIO page. This fixes the problem by using the saved inode pointer, done->inode. btrfs_retry_endio_nocsum has the same problem, and it's fixed as well. Also cleanup unused @start (which is too trivial for a separate patch). Cc: David Sterba Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/inode.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit 951e7966398b0fd6bacebec2d87ffd61c3f68b18 Author: Adam Borowski Date: Fri Mar 31 17:19:04 2017 +0200 btrfs: drop the nossd flag when remounting with -o ssd The opposite case was already handled right in the very next switch entry. And also when turning on nossd, drop ssd_spread. Reported-by: Hans van Kranenburg Signed-off-by: Adam Borowski Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/super.c | 3 +++ 1 file changed, 3 insertions(+) commit 96a94cc5158859943b7e4e72ae69e572815f5413 Author: Johannes Berg Date: Tue Apr 11 12:10:58 2017 +0200 bpf: reference may_access_skb() from __bpf_prog_run() It took me quite some time to figure out how this was linked, so in order to save the next person the effort of finding it add a comment in __bpf_prog_run() that indicates what exactly determines that a program can access the ctx == skb. Signed-off-by: Johannes Berg Acked-by: Daniel Borkmann Signed-off-by: David S. Miller kernel/bpf/core.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 0c45b36f8acc89cb94c8696a27574f01e0e411dc Author: Jonathan Neuschäfer Date: Fri Apr 7 22:02:29 2017 +0200 drm/udl: Fix unaligned memory access in udl_render_hline On SPARC, the udl driver filled my kernel log with these messages: [186668.910612] Kernel unaligned access at TPC[76609c] udl_render_hline+0x13c/0x3a0 Use put_unaligned_be16 to avoid them. On x86 this results in the same code, but on SPARC the compiler emits two single-byte stores. Signed-off-by: Jonathan Neuschäfer Acked-by: David Airlie Signed-off-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/20170407200229.20642-1-j.neuschaefer@gmx.net drivers/gpu/drm/udl/udl_transfer.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 337b775b6cf5d093295961c1aa6ac76693b5f847 Author: Marcin Nowakowski Date: Mon Mar 13 15:57:14 2017 +0100 MIPS: generic: fix out-of-tree defconfig target builds When specifying a generic defconfig target with O=... option set, make is invoked in the output location before a target makefile wrapper is created. Ensure that the correct makefile is used by specifying the kernel source makefile during make invocation. This fixes the either of the following errors: $ make sead3_defoncifg ARCH=mips O=test make[1]: Entering directory '/mnt/ssd/MIPS/linux-next/test' make[2]: *** No rule to make target '32r2el_defconfig'. Stop. arch/mips/Makefile:506: recipe for target 'sead3_defconfig' failed make[1]: *** [sead3_defconfig] Error 2 make[1]: Leaving directory '/mnt/ssd/MIPS/linux-next/test' Makefile:152: recipe for target 'sub-make' failed make: *** [sub-make] Error 2 $ make 32r2el_defconfig ARCH=mips O=test make[1]: Entering directory '/mnt/ssd/MIPS/linux-next/test' Using ../arch/mips/configs/generic_defconfig as base Merging ../arch/mips/configs/generic/32r2.config Merging ../arch/mips/configs/generic/el.config Merging ../arch/mips/configs/generic/board-sead-3.config ! ! merged configuration written to .config (needs make) ! make[2]: *** No rule to make target 'olddefconfig'. Stop. arch/mips/Makefile:489: recipe for target '32r2el_defconfig' failed make[1]: *** [32r2el_defconfig] Error 2 make[1]: Leaving directory '/mnt/ssd/MIPS/linux-next/test' Makefile:152: recipe for target 'sub-make' failed make: *** [sub-make] Error 2 Fixes: eed0eabd12ef ('MIPS: generic: Introduce generic DT-based board support') Fixes: 3f5f0a4475e1 ('MIPS: generic: Convert SEAD-3 to a generic board') Signed-off-by: Marcin Nowakowski Cc: Paul Burton Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15464/ Signed-off-by: Ralf Baechle arch/mips/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit c053b5a506d3afc038c485a86e3d461f6c7fb207 Author: Joonas Lahtinen Date: Fri Apr 7 13:49:34 2017 +0300 drm/i915: Don't call synchronize_rcu_expedited under struct_mutex Only call synchronize_rcu_expedited after unlocking struct_mutex to avoid deadlock because the workqueues depend on struct_mutex. >From original patch by Andrea: synchronize_rcu/synchronize_sched/synchronize_rcu_expedited() will hang until its own workqueues are run. The i915 gem workqueues will wait on the struct_mutex to be released. So we cannot wait for a quiescent state using those rcu primitives while holding the struct_mutex or it creates a circular lock dependency resulting in kernel hangs (which is reproducible but goes undetected by lockdep). kswapd0 D 0 700 2 0x00000000 Call Trace: ? __schedule+0x1a5/0x660 ? schedule+0x36/0x80 ? _synchronize_rcu_expedited.constprop.65+0x2ef/0x300 ? wake_up_bit+0x20/0x20 ? rcu_stall_kick_kthreads.part.54+0xc0/0xc0 ? rcu_exp_wait_wake+0x530/0x530 ? i915_gem_shrink+0x34b/0x4b0 ? i915_gem_shrinker_scan+0x7c/0x90 ? i915_gem_shrinker_scan+0x7c/0x90 ? shrink_slab.part.61.constprop.72+0x1c1/0x3a0 ? shrink_zone+0x154/0x160 ? kswapd+0x40a/0x720 ? kthread+0xf4/0x130 ? try_to_free_pages+0x450/0x450 ? kthread_create_on_node+0x40/0x40 ? ret_from_fork+0x23/0x30 plasmashell D 0 4657 4614 0x00000000 Call Trace: ? __schedule+0x1a5/0x660 ? schedule+0x36/0x80 ? schedule_preempt_disabled+0xe/0x10 ? __mutex_lock.isra.4+0x1c9/0x790 ? i915_gem_close_object+0x26/0xc0 ? i915_gem_close_object+0x26/0xc0 ? drm_gem_object_release_handle+0x48/0x90 ? drm_gem_handle_delete+0x50/0x80 ? drm_ioctl+0x1fa/0x420 ? drm_gem_handle_create+0x40/0x40 ? pipe_write+0x391/0x410 ? __vfs_write+0xc6/0x120 ? do_vfs_ioctl+0x8b/0x5d0 ? SyS_ioctl+0x3b/0x70 ? entry_SYSCALL_64_fastpath+0x13/0x94 kworker/0:0 D 0 29186 2 0x00000000 Workqueue: events __i915_gem_free_work Call Trace: ? __schedule+0x1a5/0x660 ? schedule+0x36/0x80 ? schedule_preempt_disabled+0xe/0x10 ? __mutex_lock.isra.4+0x1c9/0x790 ? del_timer_sync+0x44/0x50 ? update_curr+0x57/0x110 ? __i915_gem_free_objects+0x31/0x300 ? __i915_gem_free_objects+0x31/0x300 ? __i915_gem_free_work+0x2d/0x40 ? process_one_work+0x13a/0x3b0 ? worker_thread+0x4a/0x460 ? kthread+0xf4/0x130 ? process_one_work+0x3b0/0x3b0 ? kthread_create_on_node+0x40/0x40 ? ret_from_fork+0x23/0x30 Fixes: 3d3d18f086cd ("drm/i915: Avoid rcu_barrier() from reclaim paths (shrinker)") Reported-by: Andrea Arcangeli Signed-off-by: Joonas Lahtinen Cc: Andrea Arcangeli Cc: Chris Wilson Cc: Daniel Vetter Cc: Jani Nikula Reviewed-by: Chris Wilson (cherry picked from commit 8f612d055183545070ca1009ac2eb1f2e044cc20) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_shrinker.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) commit 63987bfebd8869e00b34e2bdd12e59d71909bec0 Author: Sagar Arun Kamble Date: Wed Apr 5 15:51:50 2017 +0530 drm/i915: Suspend GuC prior to GPU Reset during GEM suspend i915 is currently doing a full GPU reset at the end of i915_gem_suspend() followed by GuC suspend in i915_drm_suspend(). This GPU reset clobbers the GuC, causing the suspend request to then fail, leaving the GuC in an undefined state. We need to tell the GuC to suspend before we do the direct intel_gpu_reset(). v2: Commit message update. (Chris, Daniele) Fixes: 1c777c5d1dcd ("drm/i915/hsw: Fix GPU hang during resume from S3-devices state") Cc: Jeff McGee Cc: Daniele Ceraolo Spurio Cc: Chris Wilson Cc: Joonas Lahtinen Cc: Imre Deak Cc: Mika Kuoppala Signed-off-by: Sagar Arun Kamble Link: http://patchwork.freedesktop.org/patch/msgid/1491387710-20553-1-git-send-email-sagar.a.kamble@intel.com Reviewed-by: Daniele Ceraolo Spurio Acked-by: Chris Wilson Signed-off-by: Chris Wilson (cherry picked from commit fd08923384385400101c71ac0d21d37d6b23b00d) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 2 -- drivers/gpu/drm/i915/i915_gem.c | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) commit e5199a37f7ed0effc74d3aaeedd6ce3f816a91d1 Merge: cf082a4 a34f836 Author: Jani Nikula Date: Tue Apr 11 12:51:47 2017 +0300 Merge tag 'gvt-fixes-2017-04-07' of https://github.com/01org/gvt-linux into drm-intel-fixes gvt-fixes-2017-04-07 - execlist csb initial read ptr fix (Min) Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/20170407084240.4d2ig5ja2umcnsq3@zhen-hp.sh.intel.com commit 84379d83d8e536aef2c706744ff22c136d0be6c9 Author: Jiri Kosina Date: Tue Apr 11 11:10:16 2017 +0200 Revert "HID: rmi: Handle all Synaptics touchpads using hid-rmi" This reverts commit 279967a65b320d174a507498aea7d44db3fee7f4. Multiple regressions [1] [2] [3] have been reported. The hid-rmi support would have to fixed and redone in 4.11+. [1] http://lkml.kernel.org/r/b79b88c8-770a-13f6-5668-c3a94254e5e0@gmail.com [2] http://lkml.kernel.org/r/375e67b5-2cb8-3491-1d71-d8650d6e9451@gmail.com [3] https://bugzilla.kernel.org/show_bug.cgi?id=195287 Reported-by: Cameron Gutman Reported-by: Gabriele Mazzotta Reported-by: Lorenzo J. Lucchini Reported-by: Thorsten Leemhuis Signed-off-by: Jiri Kosina drivers/hid/hid-core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 7036502783729c2aaf7a3c24c89087c58721430f Author: Mika Westerberg Date: Mon Apr 10 13:16:33 2017 +0300 pinctrl: cherryview: Add a quirk to make Acer Chromebook keyboard work again After commit 47c950d10202 ("pinctrl: cherryview: Do not add all southwest and north GPIOs to IRQ domain") the driver does not add all GPIOs to the irqdomain. The reason for that is that those GPIOs cannot generate IRQs at all, only GPEs (General Purpose Events). This causes Linux virtual IRQ numbering to change. However, it seems some CYAN Chromebooks, including Acer Chromebook hardcodes these Linux IRQ numbers in the ACPI tables of the machine. Since the numbering is different now, the IRQ meant for keyboard does not match the Linux virtual IRQ number anymore making the keyboard non-functional. Work this around by adding special quirk just for these machines where we add back all GPIOs to the irqdomain. Rest of the Cherryview/Braswell based machines will not be affected by the change. Link: https://bugzilla.kernel.org/show_bug.cgi?id=194945 Fixes: 47c950d10202 ("pinctrl: cherryview: Do not add all southwest and north GPIOs to IRQ domain") Reported-by: Adam S Levy Signed-off-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-cherryview.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) commit 7f00f388712b29005782bad7e4b25942620f3b9c Author: Jiri Olsa Date: Tue Apr 11 09:14:46 2017 +0200 x86/intel_rdt: Fix locking in rdtgroup_schemata_write() The schemata lock is released before freeing the resource's temporary tmp_cbms allocation. That's racy versus another write which allocates and uses new temporary storage, resulting in memory leaks, freeing in use memory, double a free or any combination of those. Move the unlock after the release code. Fixes: 60ec2440c63d ("x86/intel_rdt: Add schemata file") Signed-off-by: Jiri Olsa Cc: Fenghua Yu Cc: Peter Zijlstra Cc: Peter Zijlstra Cc: Mike Galbraith Cc: Shaohua Li Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20170411071446.15241-1-jolsa@kernel.org Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/intel_rdt_schemata.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1c99a6874133ebf4513504ef7c32ce1f532d323f Author: Markus Trippelsdorf Date: Fri Apr 7 14:09:04 2017 +0200 x86/debug: Fix the printk() debug output of signal_fault(), do_trap() and do_general_protection() Since commit: 4bcc595ccd80 "printk: reinstate KERN_CONT for printing" ... the debug output of signal_fault(), do_trap() and do_general_protection() looks garbled, e.g.: traps: conftest[9335] trap invalid opcode ip:400428 sp:7ffeaba1b0d8 error:0 in conftest[400000+1000] (note the unintended line break.) Fix the bug by adding KERN_CONTs. Signed-off-by: Markus Trippelsdorf Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/x86/kernel/signal.c | 2 +- arch/x86/kernel/traps.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 1fa839b4986d648b907d117275869a0e46c324b9 Author: Germano Percossi Date: Fri Apr 7 12:29:38 2017 +0100 CIFS: store results of cifs_reopen_file to avoid infinite wait This fixes Continuous Availability when errors during file reopen are encountered. cifs_user_readv and cifs_user_writev would wait for ever if results of cifs_reopen_file are not stored and for later inspection. In fact, results are checked and, in case of errors, a chain of function calls leading to reads and writes to be scheduled in a separate thread is skipped. These threads will wake up the corresponding waiters once reads and writes are done. However, given the return value is not stored, when rc is checked for errors a previous one (always zero) is inspected instead. This leads to pending reads/writes added to the list, making cifs_user_readv and cifs_user_writev wait for ever. Signed-off-by: Germano Percossi Reviewed-by: Pavel Shilovsky CC: Stable Signed-off-by: Steve French fs/cifs/file.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a0918f1ce6a43ac980b42b300ec443c154970979 Author: Germano Percossi Date: Fri Apr 7 12:29:37 2017 +0100 CIFS: remove bad_network_name flag STATUS_BAD_NETWORK_NAME can be received during node failover, causing the flag to be set and making the reconnect thread always unsuccessful, thereafter. Once the only place where it is set is removed, the remaining bits are rendered moot. Removing it does not prevent "mount" from failing when a non existent share is passed. What happens when the share really ceases to exist while the share is mounted is undefined now as much as it was before. Signed-off-by: Germano Percossi Reviewed-by: Pavel Shilovsky CC: Stable Signed-off-by: Steve French fs/cifs/cifsglob.h | 1 - fs/cifs/smb2pdu.c | 5 ----- 2 files changed, 6 deletions(-) commit 18ea43113f5b74a97dd4be9bddbac10d68b1a6ce Author: Germano Percossi Date: Fri Apr 7 12:29:36 2017 +0100 CIFS: reconnect thread reschedule itself In case of error, smb2_reconnect_server reschedule itself with a delay, to avoid being too aggressive. Signed-off-by: Germano Percossi Reviewed-by: Pavel Shilovsky CC: Stable Signed-off-by: Steve French fs/cifs/smb2pdu.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 40920c2bb119fd49ba03e2f97a172171781be442 Author: Mark Syms Date: Tue Nov 29 11:36:46 2016 +0000 CIFS: handle guest access errors to Windows shares Commit 1a967d6c9b39c226be1b45f13acd4d8a5ab3dc44 ("correctly to anonymous authentication for the NTLM(v2) authentication") introduces a regression in handling errors related to attempting a guest connection to a Windows share which requires authentication. This should result in a permission denied error but actually causes the kernel module to enter a never-ending loop trying to follow a DFS referal which doesn't exist. The base cause of this is the failure now occurs later in the process during tree connect and not at the session setup setup and all errors in tree connect are interpreted as needing to follow the DFS paths which isn't in this case correct. So, check the returned error against EACCES and fail if this is returned error. Feedback from Aurelien: PS> net user guest /activate:no PS> mkdir C:\guestshare PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F' PS> new-smbshare -name guestshare -path C:\guestshare -fullaccess Everyone I've tested v3.10, v4.4, master, master+your patch using default options (empty or no user "NU") and user=abc (U). NT_LOGON_FAILURE in session setup: LF This is what you seem to have in 3.10. NT_ACCESS_DENIED in tree connect to the share: AD This is what you get before your infinite loop. | NU U -------------------------------- 3.10 | LF LF 4.4 | LF LF master | AD LF master+patch | AD LF No infinite DFS loop :( All these issues result in mount failing very fast with permission denied. I guess it could be from either the Windows version or the share/folder ACL. A deeper analysis of the packets might reveal more. In any case I did not notice any issues for on a basic DFS setup with the patch so I don't think it introduced any regressions, which is probably all that matters. It still bothers me a little I couldn't hit the bug. I've included kernel output w/ debugging output and network capture of my tests if anyone want to have a look at it. (master+patch = ml-guestfix). Signed-off-by: Mark Syms Reviewed-by: Aurelien Aptel Tested-by: Aurelien Aptel Acked-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/connect.c | 3 +++ 1 file changed, 3 insertions(+) commit 350be257ea83029daee974c72b1fe2e6f1f8e615 Author: Pavel Shilovsky Date: Mon Apr 10 10:31:33 2017 -0700 CIFS: Fix null pointer deref during read resp processing Currently during receiving a read response mid->resp_buf can be NULL when it is being passed to cifs_discard_remaining_data() from cifs_readv_discard(). Fix it by always passing server->smallbuf instead and initializing mid->resp_buf at the end of read response processing. Signed-off-by: Pavel Shilovsky CC: Stable Acked-by: Sachin Prabhu Signed-off-by: Steve French fs/cifs/cifsproto.h | 3 +-- fs/cifs/cifssmb.c | 15 ++++++++------- fs/cifs/smb2ops.c | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) commit 5376366886251e2f8f248704adb620a4bc4c0937 Author: Cameron Gutman Date: Mon Apr 10 20:44:25 2017 -0700 Input: xpad - add support for Razer Wildcat gamepad Cc: stable@vger.kernel.org Signed-off-by: Cameron Gutman Signed-off-by: Dmitry Torokhov drivers/input/joystick/xpad.c | 2 ++ 1 file changed, 2 insertions(+) commit 4aa5615e080a9855e607accc75b07ab79b252dde Author: Dan Williams Date: Fri Apr 7 12:25:52 2017 -0700 libnvdimm: band aid btt vs clear poison locking The following warning results from holding a lane spinlock, preempt_disable(), or the btt map spinlock and then trying to take the reconfig_mutex to walk the poison list and potentially add new entries. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:747 in_atomic(): 1, irqs_disabled(): 0, pid: 17159, name: dd [..] Call Trace: dump_stack+0x85/0xc8 ___might_sleep+0x184/0x250 __might_sleep+0x4a/0x90 __mutex_lock+0x58/0x9b0 ? nvdimm_bus_lock+0x21/0x30 [libnvdimm] ? __nvdimm_bus_badblocks_clear+0x2f/0x60 [libnvdimm] ? acpi_nfit_forget_poison+0x79/0x80 [nfit] ? _raw_spin_unlock+0x27/0x40 mutex_lock_nested+0x1b/0x20 nvdimm_bus_lock+0x21/0x30 [libnvdimm] nvdimm_forget_poison+0x25/0x50 [libnvdimm] nvdimm_clear_poison+0x106/0x140 [libnvdimm] nsio_rw_bytes+0x164/0x270 [libnvdimm] btt_write_pg+0x1de/0x3e0 [nd_btt] ? blk_queue_enter+0x30/0x290 btt_make_request+0x11a/0x310 [nd_btt] ? blk_queue_enter+0xb7/0x290 ? blk_queue_enter+0x30/0x290 generic_make_request+0x118/0x3b0 As a minimal fix, disable error clearing when the BTT is enabled for the namespace. For the final fix a larger rework of the poison list locking is needed. Note that this is not a problem in the blk case since that path never calls nvdimm_clear_poison(). Cc: Fixes: 82bf1037f2ca ("libnvdimm: check and clear poison before writing to pmem") Cc: Dave Jiang [jeff: dynamically disable error clearing in the btt case] Suggested-by: Jeff Moyer Reviewed-by: Jeff Moyer Reported-by: Vishal Verma Signed-off-by: Dan Williams drivers/nvdimm/claim.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 0beb2012a1722633515c8aaa263c73449636c893 Author: Dan Williams Date: Fri Apr 7 09:47:24 2017 -0700 libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat Holding the reconfig_mutex over a potential userspace fault sets up a lockdep dependency chain between filesystem-DAX and the libnvdimm ioctl path. Move the user access outside of the lock. [ INFO: possible circular locking dependency detected ] 4.11.0-rc3+ #13 Tainted: G W O ------------------------------------------------------- fallocate/16656 is trying to acquire lock: (&nvdimm_bus->reconfig_mutex){+.+.+.}, at: [] nvdimm_bus_lock+0x21/0x30 [libnvdimm] but task is already holding lock: (jbd2_handle){++++..}, at: [] start_this_handle+0x104/0x460 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (jbd2_handle){++++..}: lock_acquire+0xbd/0x200 start_this_handle+0x16a/0x460 jbd2__journal_start+0xe9/0x2d0 __ext4_journal_start_sb+0x89/0x1c0 ext4_dirty_inode+0x32/0x70 __mark_inode_dirty+0x235/0x670 generic_update_time+0x87/0xd0 touch_atime+0xa9/0xd0 ext4_file_mmap+0x90/0xb0 mmap_region+0x370/0x5b0 do_mmap+0x415/0x4f0 vm_mmap_pgoff+0xd7/0x120 SyS_mmap_pgoff+0x1c5/0x290 SyS_mmap+0x22/0x30 entry_SYSCALL_64_fastpath+0x1f/0xc2 -> #1 (&mm->mmap_sem){++++++}: lock_acquire+0xbd/0x200 __might_fault+0x70/0xa0 __nd_ioctl+0x683/0x720 [libnvdimm] nvdimm_ioctl+0x8b/0xe0 [libnvdimm] do_vfs_ioctl+0xa8/0x740 SyS_ioctl+0x79/0x90 do_syscall_64+0x6c/0x200 return_from_SYSCALL_64+0x0/0x7a -> #0 (&nvdimm_bus->reconfig_mutex){+.+.+.}: __lock_acquire+0x16b6/0x1730 lock_acquire+0xbd/0x200 __mutex_lock+0x88/0x9b0 mutex_lock_nested+0x1b/0x20 nvdimm_bus_lock+0x21/0x30 [libnvdimm] nvdimm_forget_poison+0x25/0x50 [libnvdimm] nvdimm_clear_poison+0x106/0x140 [libnvdimm] pmem_do_bvec+0x1c2/0x2b0 [nd_pmem] pmem_make_request+0xf9/0x270 [nd_pmem] generic_make_request+0x118/0x3b0 submit_bio+0x75/0x150 Cc: Fixes: 62232e45f4a2 ("libnvdimm: control (ioctl) messages for nvdimm_bus and nvdimm devices") Cc: Dave Jiang Reported-by: Vishal Verma Signed-off-by: Dan Williams drivers/nvdimm/bus.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 3cf864520e877505158f09075794a08abab11bbe Author: Ondrej Zary Date: Fri Mar 31 20:35:42 2017 +0200 sata_via: Enable hotplug only on VT6421 Commit 57e5568fda27 ("sata_via: Implement hotplug for VT6421") adds hotplug IRQ handler for VT6421 but enables hotplug on all chips. This is a bug because it causes "irq xx: nobody cared" error on VT6420 when hot-(un)plugging a drive: [ 381.839948] irq 20: nobody cared (try booting with the "irqpoll" option) [ 381.840014] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.10.0-rc5+ #148 [ 381.840066] Hardware name: P4VM800/P4VM800, BIOS P1.60 05/29/2006 [ 381.840117] Call Trace: [ 381.840167] [ 381.840225] ? dump_stack+0x44/0x58 [ 381.840278] ? __report_bad_irq+0x14/0x97 [ 381.840327] ? handle_edge_irq+0xa5/0xa5 [ 381.840376] ? note_interrupt+0x155/0x1cf [ 381.840426] ? handle_edge_irq+0xa5/0xa5 [ 381.840474] ? handle_irq_event_percpu+0x32/0x38 [ 381.840524] ? handle_irq_event+0x1f/0x38 [ 381.840573] ? handle_fasteoi_irq+0x69/0xb8 [ 381.840625] ? handle_irq+0x4f/0x5d [ 381.840672] [ 381.840726] ? do_IRQ+0x2e/0x8b [ 381.840782] ? common_interrupt+0x2c/0x34 [ 381.840836] ? mwait_idle+0x60/0x82 [ 381.840892] ? arch_cpu_idle+0x6/0x7 [ 381.840949] ? do_idle+0x96/0x18e [ 381.841002] ? cpu_startup_entry+0x16/0x1a [ 381.841057] ? start_kernel+0x319/0x31c [ 381.841111] ? startup_32_smp+0x166/0x168 [ 381.841165] handlers: [ 381.841219] [] ata_bmdma_interrupt [ 381.841274] Disabling IRQ #20 Seems that VT6420 can do hotplug too (there's no documentation) but the comments say that SCR register access (required for detecting hotplug events) can cause problems on these chips. For now, just keep hotplug disabled on anything other than VT6421. Signed-off-by: Ondrej Zary Signed-off-by: Tejun Heo drivers/ata/sata_via.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit bfb0b80db5f9dca5ac0a5fd0edb765ee555e5a8e Author: Zefan Li Date: Fri Apr 7 16:51:55 2017 +0800 cgroup: avoid attaching a cgroup root to two different superblocks Run this: touch file0 for ((; ;)) { mount -t cpuset xxx file0 } And this concurrently: touch file1 for ((; ;)) { mount -t cpuset xxx file1 } We'll trigger a warning like this: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 4675 at lib/percpu-refcount.c:317 percpu_ref_kill_and_confirm+0x92/0xb0 percpu_ref_kill_and_confirm called more than once on css_release! CPU: 1 PID: 4675 Comm: mount Not tainted 4.11.0-rc5+ #5 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 Call Trace: dump_stack+0x63/0x84 __warn+0xd1/0xf0 warn_slowpath_fmt+0x5f/0x80 percpu_ref_kill_and_confirm+0x92/0xb0 cgroup_kill_sb+0x95/0xb0 deactivate_locked_super+0x43/0x70 deactivate_super+0x46/0x60 ... ---[ end trace a79f61c2a2633700 ]--- Here's a race: Thread A Thread B cgroup1_mount() # alloc a new cgroup root cgroup_setup_root() cgroup1_mount() # no sb yet, returns NULL kernfs_pin_sb() # but succeeds in getting the refcnt, # so re-use cgroup root percpu_ref_tryget_live() # alloc sb with cgroup root cgroup_do_mount() cgroup_kill_sb() # alloc another sb with same root cgroup_do_mount() cgroup_kill_sb() We end up using the same cgroup root for two different superblocks, so percpu_ref_kill() will be called twice on the same root when the two superblocks are destroyed. We should fix to make sure the superblock pinning is really successful. Cc: stable@vger.kernel.org # 3.16+ Reported-by: Dmitry Vyukov Signed-off-by: Zefan Li Signed-off-by: Tejun Heo kernel/cgroup/cgroup-v1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2f8dc3a01f1cf8ed17b1e295812ad12b688be5d3 Author: Marc Zyngier Date: Wed Mar 8 08:09:27 2017 +0000 virtio-pci: Remove affinity hint before freeing the interrupt virtio-pci registers a per-vq affinity hint when using MSIX, but fails to remove it when freeing the interrupt, resulting in this type of splat: [ 31.111202] WARNING: CPU: 0 PID: 2823 at kernel/irq/manage.c:1503 __free_irq+0x2c4/0x2c8 [ 31.114689] Modules linked in: [ 31.116101] CPU: 0 PID: 2823 Comm: kexec Not tainted 4.10.0+ #6941 [ 31.118911] Hardware name: Generic DT based system [ 31.121319] [] (unwind_backtrace) from [] (show_stack+0x18/0x1c) [ 31.125017] [] (show_stack) from [] (dump_stack+0x84/0x98) [ 31.128427] [] (dump_stack) from [] (__warn+0xf4/0x10c) [ 31.131910] [] (__warn) from [] (warn_slowpath_null+0x28/0x30) [ 31.135543] [] (warn_slowpath_null) from [] (__free_irq+0x2c4/0x2c8) [ 31.139355] [] (__free_irq) from [] (free_irq+0x44/0x78) [ 31.142909] [] (free_irq) from [] (vp_del_vqs+0x68/0x1c0) [ 31.146299] [] (vp_del_vqs) from [] (pci_device_shutdown+0x3c/0x78) The obvious fix is to drop the affinity hint before freeing the interrupt. Signed-off-by: Marc Zyngier Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 0a9b3f47da5b8a2c4bf4f2f2199761f49ac0a54e Author: Michael S. Tsirkin Date: Tue Apr 4 21:44:44 2017 +0300 Revert "virtio_pci: remove struct virtio_pci_vq_info" This reverts commit 5c34d002dcc7a6dd665a19d098b4f4cd5501ba1a. Conflicts: drivers/virtio/virtio_pci_common.c The cleanup seems to be one of the changes that broke hybernation for some users. We are still not sure why but revert helps. This reverts the cleanup changes but keeps the affinity support. Tested-by: Mike Galbraith Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 128 ++++++++++++++++++++++++++----------- drivers/virtio/virtio_pci_common.h | 25 +++++++- drivers/virtio/virtio_pci_legacy.c | 6 +- drivers/virtio/virtio_pci_modern.c | 6 +- 4 files changed, 122 insertions(+), 43 deletions(-) commit 0b0f9dc52ed0333fa52a9314b53d0b2b248b821d Author: Michael S. Tsirkin Date: Tue Apr 4 21:15:41 2017 +0300 Revert "virtio_pci: use shared interrupts for virtqueues" This reverts commit 07ec51480b5eb1233f8c1b0f5d7a7c8d1247c507. Conflicts: drivers/virtio/virtio_pci_common.c Unfortunately the idea does not work with threadirqs as more than 32 queues can then map to a single interrupts. Further, the cleanup seems to be one of the changes that broke hybernation for some users. We are still not sure why but revert helps. This reverts the cleanup changes but keeps the affinity support. Tested-by: Mike Galbraith Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 244 ++++++++++++++++++++----------------- drivers/virtio/virtio_pci_common.h | 16 ++- 2 files changed, 148 insertions(+), 112 deletions(-) commit 2008c1544c73d5190f81ef1790fa5bd2fade5bd0 Author: Michael S. Tsirkin Date: Tue Apr 4 21:09:20 2017 +0300 Revert "virtio_pci: don't duplicate the msix_enable flag in struct pci_dev" This reverts commit 53a020c661741f3b87ad3ac6fa545088aaebac9b. The cleanup seems to be one of the changes that broke hybernation for some users. We are still not sure why but revert helps. Tested-by: Mike Galbraith Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 5 +++-- drivers/virtio/virtio_pci_common.h | 2 ++ drivers/virtio/virtio_pci_legacy.c | 2 +- drivers/virtio/virtio_pci_modern.c | 2 +- include/uapi/linux/virtio_pci.h | 2 +- 5 files changed, 8 insertions(+), 5 deletions(-) commit bf951b1045cc5d694b5e767c4f4d05df4f2cbe89 Author: Michael S. Tsirkin Date: Tue Apr 4 21:08:54 2017 +0300 Revert "virtio_pci: simplify MSI-X setup" This reverts commit 52a61516125fa9a21b3bdf4f90928308e2e5573f. Conflicts: drivers/virtio/virtio_pci_common.c The cleanup seems to be one of the changes that broke hybernation for some users. We are still not sure why but revert helps. This reverts the cleanup changes but keeps the affinity support. Tested-by: Mike Galbraith Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) commit 8f10d0149fb983aa84a02a92f9c2113d69e23cb8 Author: Michael S. Tsirkin Date: Tue Apr 4 21:04:23 2017 +0300 Revert "virtio_pci: fix out of bound access for msix_names" This reverts commit de85ec8b07f82c8c84de7687f769e74bf4c26a1e. Follow-up patches will revert 07ec51480b5e ("virtio_pci: use shared interrupts for virtqueues") that triggered the problem so no need for this one anymore. Tested-by: Mike Galbraith Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit c08e611b7d0169b513e3b4515ffd51ac7f37f22c Merge: 39da7c5 40c98cb Author: Linus Torvalds Date: Mon Apr 10 09:37:43 2017 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes a number of bugs in the caam driver: - device creation fails after release - error-path NULL-pointer dereference - spurious hardware error in RNG deinstantiation" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: caam - fix RNG deinstantiation error checking crypto: caam - fix invalid dereference in caam_rsa_init_tfm() crypto: caam - fix JR platform device subsequent (re)creations commit 6fdc6dd90272ce7e75d744f71535cfbd8d77da81 Author: Thomas Gleixner Date: Mon Apr 10 17:14:28 2017 +0200 x86/vdso: Plug race between mapping and ELF header setup The vsyscall32 sysctl can racy against a concurrent fork when it switches from disabled to enabled: arch_setup_additional_pages() if (vdso32_enabled) --> No mapping sysctl.vsysscall32() --> vdso32_enabled = true create_elf_tables() ARCH_DLINFO_IA32 if (vdso32_enabled) { --> Add VDSO entry with NULL pointer Make ARCH_DLINFO_IA32 check whether the VDSO mapping has been set up for the newly forked process or not. Signed-off-by: Thomas Gleixner Acked-by: Andy Lutomirski Cc: Peter Zijlstra Cc: Mathias Krause Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20170410151723.602367196@linutronix.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/elf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c06989da39cdb10604d572c8c7ea8c8c97f3c483 Author: Mathias Krause Date: Mon Apr 10 17:14:27 2017 +0200 x86/vdso: Ensure vdso32_enabled gets set to valid values only vdso_enabled can be set to arbitrary integer values via the kernel command line 'vdso32=' parameter or via 'sysctl abi.vsyscall32'. load_vdso32() only maps VDSO if vdso_enabled == 1, but ARCH_DLINFO_IA32 merily checks for vdso_enabled != 0. As a consequence the AT_SYSINFO_EHDR auxiliary vector for the VDSO_ENTRY is emitted with a NULL pointer which causes a segfault when the application tries to use the VDSO. Restrict the valid arguments on the command line and the sysctl to 0 and 1. Fixes: b0b49f2673f0 ("x86, vdso: Remove compat vdso support") Signed-off-by: Mathias Krause Acked-by: Andy Lutomirski Cc: Peter Zijlstra Cc: stable@vger.kernel.org Cc: Roland McGrath Link: http://lkml.kernel.org/r/1491424561-7187-1-git-send-email-minipli@googlemail.com Link: http://lkml.kernel.org/r/20170410151723.518412863@linutronix.de Signed-off-by: Thomas Gleixner arch/x86/entry/vdso/vdso32-setup.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 264d509637d95f9404e52ced5003ad352e0f6a26 Author: Paul Moore Date: Mon Apr 10 11:16:59 2017 -0400 audit: make sure we don't let the retry queue grow without bounds The retry queue is intended to provide a temporary buffer in the case of transient errors when communicating with auditd, it is not meant as a long life queue, that functionality is provided by the hold queue. This patch fixes a problem identified by Seth where the retry queue could grow uncontrollably if an auditd instance did not connect to the kernel to drain the queues. This commit fixes this by doing the following: * Make sure we always call auditd_reset() if we decide the connection with audit is really dead. There were some cases in kauditd_hold_skb() where we did not reset the connection, this patch relocates the reset calls to kauditd_thread() so all the error conditions are caught and the connection reset. As a side effect, this means we could move auditd_reset() and get rid of the forward definition at the top of kernel/audit.c. * We never checked the status of the auditd connection when processing the main audit queue which meant that the retry queue could grow unchecked. This patch adds a call to auditd_reset() after the main queue has been processed if auditd is not connected, the auditd_reset() call will make sure the retry and hold queues are correctly managed/flushed so that the retry queue remains reasonable. Cc: # 4.10.x-: 5b52330bbfe6 Reported-by: Seth Forshee Signed-off-by: Paul Moore kernel/audit.c | 67 ++++++++++++++++++++++++++++------------------------------ 1 file changed, 32 insertions(+), 35 deletions(-) commit 9d7f29cdb4ca53506115cf1d7a02ce6013894df0 Author: James Hogan Date: Wed Apr 5 16:32:45 2017 +0100 MIPS: cevt-r4k: Fix out-of-bounds array access calculate_min_delta() may incorrectly access a 4th element of buf2[] which only has 3 elements. This may trigger undefined behaviour and has been reported to cause strange crashes in start_kernel() sometime after timer initialization when built with GCC 5.3, possibly due to register/stack corruption: sched_clock: 32 bits at 200MHz, resolution 5ns, wraps every 10737418237ns CPU 0 Unable to handle kernel paging request at virtual address ffffb0aa, epc == 8067daa8, ra == 8067da84 Oops[#1]: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.18 #51 task: 8065e3e0 task.stack: 80644000 $ 0 : 00000000 00000001 00000000 00000000 $ 4 : 8065b4d0 00000000 805d0000 00000010 $ 8 : 00000010 80321400 fffff000 812de408 $12 : 00000000 00000000 00000000 ffffffff $16 : 00000002 ffffffff 80660000 806a666c $20 : 806c0000 00000000 00000000 00000000 $24 : 00000000 00000010 $28 : 80644000 80645ed0 00000000 8067da84 Hi : 00000000 Lo : 00000000 epc : 8067daa8 start_kernel+0x33c/0x500 ra : 8067da84 start_kernel+0x318/0x500 Status: 11000402 KERNEL EXL Cause : 4080040c (ExcCode 03) BadVA : ffffb0aa PrId : 0501992c (MIPS 1004Kc) Modules linked in: Process swapper/0 (pid: 0, threadinfo=80644000, task=8065e3e0, tls=00000000) Call Trace: [<8067daa8>] start_kernel+0x33c/0x500 Code: 24050240 0c0131f9 24849c64 41606020 000000c0 0c1a45e6 00000000 0c1a5f44 UBSAN also detects the same issue: ================================================================ UBSAN: Undefined behaviour in arch/mips/kernel/cevt-r4k.c:85:41 load of address 80647e4c with insufficient space for an object of type 'unsigned int' CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.18 #47 Call Trace: [<80028f70>] show_stack+0x88/0xa4 [<80312654>] dump_stack+0x84/0xc0 [<8034163c>] ubsan_epilogue+0x14/0x50 [<803417d8>] __ubsan_handle_type_mismatch+0x160/0x168 [<8002dab0>] r4k_clockevent_init+0x544/0x764 [<80684d34>] time_init+0x18/0x90 [<8067fa5c>] start_kernel+0x2f0/0x500 ================================================================= buf2[] is intentionally only 3 elements so that the last element is the median once 5 samples have been inserted, so explicitly prevent the possibility of comparing against the 4th element rather than extending the array. Fixes: 1fa405552e33f2 ("MIPS: cevt-r4k: Dynamically calculate min_delta_ns") Reported-by: Rabin Vincent Signed-off-by: James Hogan Tested-by: Rabin Vincent Cc: linux-mips@linux-mips.org Cc: # 4.7.x- Patchwork: https://patchwork.linux-mips.org/patch/15892/ Signed-off-by: Ralf Baechle arch/mips/kernel/cevt-r4k.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e6534aebb26e32fbab14df9c713c65e8507d17e4 Author: Herbert Xu Date: Mon Apr 10 17:59:07 2017 +0800 crypto: algif_aead - Fix bogus request dereference in completion function The algif_aead completion function tries to deduce the aead_request from the crypto_async_request argument. This is broken because the API does not guarantee that the same request will be pased to the completion function. Only the value of req->data can be used in the completion function. This patch fixes it by storing a pointer to sk in areq and using that instead of passing in sk through req->data. Fixes: 83094e5e9e49 ("crypto: af_alg - add async support to...") Cc: Signed-off-by: Herbert Xu crypto/algif_aead.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit ef0579b64e93188710d48667cb5e014926af9f1b Author: Herbert Xu Date: Mon Apr 10 17:27:57 2017 +0800 crypto: ahash - Fix EINPROGRESS notification callback The ahash API modifies the request's callback function in order to clean up after itself in some corner cases (unaligned final and missing finup). When the request is complete ahash will restore the original callback and everything is fine. However, when the request gets an EBUSY on a full queue, an EINPROGRESS callback is made while the request is still ongoing. In this case the ahash API will incorrectly call its own callback. This patch fixes the problem by creating a temporary request object on the stack which is used to relay EINPROGRESS back to the original completion function. This patch also adds code to preserve the original flags value. Fixes: ab6bf4e5e5e4 ("crypto: hash - Fix the pointer voodoo in...") Cc: Reported-by: Sabrina Dubroca Tested-by: Sabrina Dubroca Signed-off-by: Herbert Xu crypto/ahash.c | 79 ++++++++++++++++++++++++++---------------- include/crypto/internal/hash.h | 10 ++++++ 2 files changed, 60 insertions(+), 29 deletions(-) commit 4702bbeefb490e315189636a5588628c1151223d Author: Herbert Xu Date: Mon Apr 10 17:15:48 2017 +0800 crypto: lrw - Fix use-after-free on EINPROGRESS When we get an EINPROGRESS completion in lrw, we will end up marking the request as done and freeing it. This then blows up when the request is really completed as we've already freed the memory. Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher") Cc: Signed-off-by: Herbert Xu crypto/lrw.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit aa4a829bdaced81e70c215a84ef6595ce8bd4308 Author: Herbert Xu Date: Sat Apr 8 10:02:46 2017 +0800 crypto: xts - Fix use-after-free on EINPROGRESS When we get an EINPROGRESS completion in xts, we will end up marking the request as done and freeing it. This then blows up when the request is really completed as we've already freed the memory. Fixes: f1c131b45410 ("crypto: xts - Convert to skcipher") Cc: Reported-by: Nathan Royce Reported-by: Krzysztof Kozlowski Signed-off-by: Herbert Xu Tested-by: Krzysztof Kozlowski crypto/xts.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit f2b42866b1bb30c1f62a84f6d829b8789495da95 Author: Rabin Vincent Date: Wed Apr 5 15:14:08 2017 +0200 MIPS: perf: fix deadlock mipsxx_pmu_handle_shared_irq() calls irq_work_run() while holding the pmuint_rwlock for read. irq_work_run() can, via perf_pending_event(), call try_to_wake_up() which can try to take rq->lock. However, perf can also call perf_pmu_enable() (and thus take the pmuint_rwlock for write) while holding the rq->lock, from finish_task_switch() via perf_event_context_sched_in(). This leads to an ABBA deadlock: PID: 3855 TASK: 8f7ce288 CPU: 2 COMMAND: "process" #0 [89c39ac8] __delay at 803b5be4 #1 [89c39ac8] do_raw_spin_lock at 8008fdcc #2 [89c39af8] try_to_wake_up at 8006e47c #3 [89c39b38] pollwake at 8018eab0 #4 [89c39b68] __wake_up_common at 800879f4 #5 [89c39b98] __wake_up at 800880e4 #6 [89c39bc8] perf_event_wakeup at 8012109c #7 [89c39be8] perf_pending_event at 80121184 #8 [89c39c08] irq_work_run_list at 801151f0 #9 [89c39c38] irq_work_run at 80115274 #10 [89c39c50] mipsxx_pmu_handle_shared_irq at 8002cc7c PID: 1481 TASK: 8eaac6a8 CPU: 3 COMMAND: "process" #0 [8de7f900] do_raw_write_lock at 800900e0 #1 [8de7f918] perf_event_context_sched_in at 80122310 #2 [8de7f938] __perf_event_task_sched_in at 80122608 #3 [8de7f958] finish_task_switch at 8006b8a4 #4 [8de7f998] __schedule at 805e4dc4 #5 [8de7f9f8] schedule at 805e5558 #6 [8de7fa10] schedule_hrtimeout_range_clock at 805e9984 #7 [8de7fa70] poll_schedule_timeout at 8018e8f8 #8 [8de7fa88] do_select at 8018f338 #9 [8de7fd88] core_sys_select at 8018f5cc #10 [8de7fee0] sys_select at 8018f854 #11 [8de7ff28] syscall_common at 80028fc8 The lock seems to be there to protect the hardware counters so there is no need to hold it across irq_work_run(). Signed-off-by: Rabin Vincent Signed-off-by: Ralf Baechle arch/mips/kernel/perf_event_mipsxx.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 9eec1c01a073fe1fdba4e50e53bd953d1c59ad00 Author: Matt Redfearn Date: Thu Apr 6 16:58:09 2017 +0100 MIPS: Malta: Fix i8259 irqchip setup Since commit 4cfffcfa5106 ("irqchip/mips-gic: Fix local interrupts"), the gic driver has been allocating virq's for local interrupts during its initialisation. Unfortunately on Malta platforms, these are the first IRQs to be allocated and so are allocated virqs 1-3. The i8259 driver uses a legacy irq domain which expects to map virqs 0-15. Probing of that driver therefore fails because some of those virqs are already taken, with the warning: WARNING: CPU: 0 PID: 0 at kernel/irq/irqdomain.c:344 irq_domain_associate+0x1e8/0x228 error: virq1 is already associated Modules linked in: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.10.0-rc6-00011-g4cfffcfa5106 #368 Stack : 00000000 00000000 807ae03a 0000004d 00000000 806c1010 0000000b ffff0a01 80725467 807258f4 806a64a4 00000000 00000000 807a9acc 00000100 80713e68 806d5598 8017593c 8072bf90 8072bf94 806ac358 00000000 806abb60 80713ce4 00000100 801b22d4 806d5598 8017593c 807ae03a 00000000 80713ce4 80720000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... Call Trace: [<8010c480>] show_stack+0x88/0xa4 [<80376758>] dump_stack+0x88/0xd0 [<8012c4a8>] __warn+0x104/0x118 [<8012c4ec>] warn_slowpath_fmt+0x30/0x3c [<8017edfc>] irq_domain_associate+0x1e8/0x228 [<8017efd0>] irq_domain_add_legacy+0x7c/0xb0 [<80764c50>] __init_i8259_irqs+0x64/0xa0 [<80764ca4>] i8259_of_init+0x18/0x74 [<8076ddc0>] of_irq_init+0x19c/0x310 [<80752dd8>] arch_init_irq+0x28/0x19c [<80750a08>] start_kernel+0x2a8/0x434 Fix this by reserving the required i8259 virqs in malta platform code before probing any irq chips. Fixes: 4cfffcfa5106 ("irqchip/mips-gic: Fix local interrupts") Signed-off-by: Matt Redfearn Cc: James Hogan Cc: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15919/ Signed-off-by: Ralf Baechle arch/mips/mti-malta/malta-int.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit dbc9d69edfa0fc3b44156f32747a5add3fbdfb8b Author: Chanwoo Choi Date: Wed Mar 22 17:03:31 2017 +0900 pinctrl: samsung: Add missing part for PINCFG_TYPE_DRV of Exynos5433 The commit 1259feddd0f8("pinctrl: samsung: Fix the width of PINCFG_TYPE_DRV bitfields for Exynos5433") already fixed the different width of PINCFG_TYPE_DRV from previous Exynos SoC. However wrong merge conflict resolution was chosen in commit 7f36f5d11cda ("Merge tag 'v4.10-rc6' into devel") effectively dropping the changes for PINCFG_TYPE_DRV. Re-do them here. The macro EXYNOS_PIN_BANK_EINTW is no longer used so remove it. Fixes: 7f36f5d11cda ("Merge tag 'v4.10-rc6' into devel") Signed-off-by: Chanwoo Choi Signed-off-by: Krzysztof Kozlowski Signed-off-by: Linus Walleij drivers/pinctrl/samsung/pinctrl-exynos.c | 80 ++++++++++++++++---------------- drivers/pinctrl/samsung/pinctrl-exynos.h | 11 ----- 2 files changed, 40 insertions(+), 51 deletions(-) commit 17c3060b1701fc69daedb4c90be6325d3d9fca8e Author: Eric Dumazet Date: Sat Apr 8 08:07:33 2017 -0700 tcp: clear saved_syn in tcp_disconnect() In the (very unlikely) case a passive socket becomes a listener, we do not want to duplicate its saved SYN headers. This would lead to double frees, use after free, and please hackers and various fuzzers Tested: 0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, IPPROTO_TCP, TCP_SAVE_SYN, [1], 4) = 0 +0 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 5) = 0 +0 < S 0:0(0) win 32972 +0 > S. 0:0(0) ack 1 <...> +.1 < . 1:1(0) ack 1 win 257 +0 accept(3, ..., ...) = 4 +0 connect(4, AF_UNSPEC, ...) = 0 +0 close(3) = 0 +0 bind(4, ..., ...) = 0 +0 listen(4, 5) = 0 +0 < S 0:0(0) win 32972 +0 > S. 0:0(0) ack 1 <...> +.1 < . 1:1(0) ack 1 win 257 Fixes: cd8ae85299d5 ("tcp: provide SYN headers for passive connections") Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp.c | 1 + 1 file changed, 1 insertion(+) commit c6c64a942c87faa6fca68f5dd208094b8cf61236 Author: Sagi Grimberg Date: Thu Apr 6 09:15:52 2017 +0300 nvme-fc: Fix sqsize wrong assignment based on ctrl MQES capability both our sqsize and the controller MQES cap are a 0 based value, so making it 1 based is wrong. Reported-by: Trapp, Darren Reported-by: Daniel Verkamp Signed-off-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/host/fc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1af76ddaa80e3bca8001b535e44aaaebd3e1907e Author: Sagi Grimberg Date: Thu Apr 6 09:15:51 2017 +0300 nvme-rdma: Fix sqsize wrong assignment based on ctrl MQES capability both our sqsize and the controller MQES cap are a 0 based value, so making it 1 based is wrong. Reported-by: Trapp, Darren Reported-by: Daniel Verkamp Signed-off-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/host/rdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 096e9e912ba8c973213e57701e0591e01064be26 Author: Sagi Grimberg Date: Thu Apr 6 09:15:50 2017 +0300 nvme-loop: Fix sqsize wrong assignment based on ctrl MQES capability both our sqsize and the controller MQES cap are a 0 based value, so making it 1 based is wrong. Reported-by: Trapp, Darren Reported-by: Daniel Verkamp Signed-off-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/target/loop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 39da7c509acff13fc8cb12ec1bb20337c988ed36 Author: Linus Torvalds Date: Sun Apr 9 09:49:44 2017 -0700 Linux 4.11-rc6 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 84ced7fd06dac98aa630dcfd5f008e3f3c323737 Merge: 462e9a3 806a28e Author: Linus Torvalds Date: Sun Apr 9 09:10:02 2017 -0700 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull CIFS fixes from Steve French: "This is a set of CIFS/SMB3 fixes for stable. There is another set of four SMB3 reconnect fixes for stable in progress but they are still being reviewed/tested, so didn't want to wait any longer to send these five below" * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: Reset TreeId to zero on SMB2 TREE_CONNECT CIFS: Fix build failure with smb2 Introduce cifs_copy_file_range() SMB3: Rename clone_range to copychunk_range Handle mismatched open calls commit 462e9a355e7488fde3712c3b2585fc2f2a2c263d Merge: 5b50be7 3872fe8 Author: Linus Torvalds Date: Sun Apr 9 09:05:25 2017 -0700 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fixes from Russell King: "A number of ARM fixes: - prevent oopses caused by dma_get_sgtable() and declared DMA coherent memory - fix boot failure on nommu caused by ID_PFR1 access - a number of kprobes fixes from Jon Medhurst and Masami Hiramatsu" * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: 8665/1: nommu: access ID_PFR1 only if CPUID scheme ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory arm: kprobes: Align stack to 8-bytes in test code arm: kprobes: Fix the return address of multiple kretprobes arm: kprobes: Skip single-stepping in recursing path if possible arm: kprobes: Allow to handle reentered kprobe on single-stepping commit 5b50be743f495b000891d430ecba7372cc59bb64 Merge: 62e1fd0 27f395b Author: Linus Torvalds Date: Sun Apr 9 09:03:51 2017 -0700 Merge tag 'driver-core-4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fixes from Greg KH: "Here are 3 small fixes for 4.11-rc6. One resolves a reported issue with sysfs files that NeilBrown found, one is a documenatation fix for the stable kernel rules, and the last is a small MAINTAINERS file update for kernfs" * tag 'driver-core-4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: MAINTAINERS: separate out kernfs maintainership sysfs: be careful of error returns from ops->show() Documentation: stable-kernel-rules: fix stable-tag format commit 62e1fd08ede3ea2af25b3aa5f81c6c525bac2ce3 Merge: 2a610b8 97fbfef Author: Linus Torvalds Date: Sun Apr 9 09:02:31 2017 -0700 Merge tag 'staging-4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/IIO driver rfixes from Greg KH: "Here are a number of small IIO and staging driver fixes for 4.11-rc6. Nothing big here, just iio fixes for reported issues, and an ashmem fix for a very old bug that has been reported by a number of Android vendors" * tag 'staging-4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: android: ashmem: lseek failed due to no FMODE_LSEEK. iio: hid-sensor-attributes: Fix sensor property setting failure. iio: accel: hid-sensor-accel-3d: Fix duplicate scan index error iio: core: Fix IIO_VAL_FRACTIONAL_LOG2 for negative values iio: st_pressure: initialize lps22hb bootime iio: bmg160: reset chip when probing iio: cros_ec_sensors: Fix return value to get raw and calibbias data. commit 2a610b8aa8e5bd449ba270e517b0e72295d62c9c Merge: 78d91a7 a8e2844 Author: Linus Torvalds Date: Sun Apr 9 08:26:21 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull VFS fixes from Al Viro: "statx followup fixes and a fix for stack-smashing on alpha" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: alpha: fix stack smashing in old_adjtimex(2) statx: Include a mask for stx_attributes in struct statx statx: Reserve the top bit of the mask for future struct expansion xfs: report crtime and attribute flags to statx ext4: Add statx support statx: optimize copy of struct statx to userspace statx: remove incorrect part of vfs_statx() comment statx: reject unknown flags when using NULL path Documentation/filesystems: fix documentation for ->getattr() commit 7cddd967bfc2e4fc6b3218c2ddc67fbeed433ad3 Author: Liping Zhang Date: Sun Apr 2 18:25:37 2017 +0800 netfilter: nf_ct_expect: use proper RCU list traversal/update APIs We should use proper RCU list APIs to manipulate help->expectations, as we can dump the conntrack's expectations via nfnetlink, i.e. in ctnetlink_exp_ct_dump_table(), where only rcu_read_lock is acquired. So for list traversal, use hlist_for_each_entry_rcu; for list add/del, use hlist_add_head_rcu and hlist_del_rcu. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_expect.c | 4 ++-- net/netfilter/nf_conntrack_netlink.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) commit 207df81501021f6d1a935cebf8e1f34d6d25564b Author: Liping Zhang Date: Sun Apr 2 18:01:33 2017 +0800 netfilter: ctnetlink: skip dumping expect when nfct_help(ct) is NULL For IPCTNL_MSG_EXP_GET, if the CTA_EXPECT_MASTER attr is specified, then the NLM_F_DUMP request will dump the expectations related to this connection tracking. But we forget to check whether the conntrack has nf_conn_help or not, so if nfct_help(ct) is NULL, oops will happen: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: ctnetlink_exp_ct_dump_table+0xf9/0x1e0 [nf_conntrack_netlink] Call Trace: ? ctnetlink_exp_ct_dump_table+0x75/0x1e0 [nf_conntrack_netlink] netlink_dump+0x124/0x2a0 __netlink_dump_start+0x161/0x190 ctnetlink_dump_exp_ct+0x16c/0x1bc [nf_conntrack_netlink] ? ctnetlink_exp_fill_info.constprop.33+0xf0/0xf0 [nf_conntrack_netlink] ? ctnetlink_glue_seqadj+0x20/0x20 [nf_conntrack_netlink] ctnetlink_get_expect+0x32e/0x370 [nf_conntrack_netlink] ? debug_lockdep_rcu_enabled+0x1d/0x20 nfnetlink_rcv_msg+0x60a/0x6a9 [nfnetlink] ? nfnetlink_rcv_msg+0x1b9/0x6a9 [nfnetlink] [...] Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_netlink.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 0c7930e5763bdd189bd50035c025a9cbe5e82f23 Author: Liping Zhang Date: Sun Apr 2 17:27:53 2017 +0800 netfilter: make it safer during the inet6_dev->addr_list traversal inet6_dev->addr_list is protected by inet6_dev->lock, so only using rcu_read_lock is not enough, we should acquire read_lock_bh(&idev->lock) before the inet6_dev->addr_list traversal. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_nat_redirect.c | 2 ++ net/netfilter/xt_TPROXY.c | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) commit 3173d5b8c89e67fa3176292ff9af06f09f365348 Author: Liping Zhang Date: Sat Apr 1 20:55:44 2017 +0800 netfilter: ctnetlink: make it safer when checking the ct helper name One CPU is doing ctnetlink_change_helper(), while another CPU is doing unhelp() at the same time. So even if help->helper is not NULL at first, the later statement strcmp(help->helper->name, ...) may still access the NULL pointer. So we must use rcu_read_lock and rcu_dereference to avoid such _bad_ thing happen. Fixes: f95d7a46bc57 ("netfilter: ctnetlink: Fix regression in CTA_HELP processing") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_netlink.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit 8b5995d0633b04f9a0d321a7cc77e386440730cf Author: Gao Feng Date: Wed Mar 29 19:11:27 2017 +0800 netfilter: helper: Add the rcu lock when call __nf_conntrack_helper_find When invoke __nf_conntrack_helper_find, it needs the rcu lock to protect the helper module which would not be unloaded. Now there are two caller nf_conntrack_helper_try_module_get and ctnetlink_create_expect which don't hold rcu lock. And the other callers left like ctnetlink_change_helper, ctnetlink_create_conntrack, and ctnetlink_glue_attach_expect, they already hold the rcu lock or spin_lock_bh. Remove the rcu lock in functions nf_ct_helper_expectfn_find_by_name and nf_ct_helper_expectfn_find_by_symbol. Because they return one pointer which needs rcu lock, so their caller should hold the rcu lock, not in these two functions. Signed-off-by: Gao Feng Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_helper.c | 17 ++++++++++++----- net/netfilter/nf_conntrack_netlink.c | 10 ++++++++-- 2 files changed, 20 insertions(+), 7 deletions(-) commit 97aae0df1de4d7dd80905fb067e28b032a132995 Author: Liping Zhang Date: Sat Apr 1 20:31:32 2017 +0800 netfilter: ctnetlink: using bit to represent the ct event Otherwise, creating a new conntrack via nfnetlink: # conntrack -I -p udp -s 1.1.1.1 -d 2.2.2.2 -t 10 --sport 10 --dport 20 will emit the wrong ct events(where UPDATE should be NEW): # conntrack -E [UPDATE] udp 17 10 src=1.1.1.1 dst=2.2.2.2 sport=10 dport=20 [UNREPLIED] src=2.2.2.2 dst=1.1.1.1 sport=20 dport=10 mark=0 Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_netlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2638fd0f92d4397884fd991d8f4925cb3f081901 Author: Eric Dumazet Date: Mon Apr 3 10:55:11 2017 -0700 netfilter: xt_TCPMSS: add more sanity tests on tcph->doff Denys provided an awesome KASAN report pointing to an use after free in xt_TCPMSS I have provided three patches to fix this issue, either in xt_TCPMSS or in xt_tcpudp.c. It seems xt_TCPMSS patch has the smallest possible impact. Signed-off-by: Eric Dumazet Reported-by: Denys Fedoryshchenko Signed-off-by: Pablo Neira Ayuso net/netfilter/xt_TCPMSS.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 78d91a75b40fcf6a08506d308abf2413a29b7e30 Merge: c3df1c7 6d8c6c0 Author: Linus Torvalds Date: Sat Apr 8 11:56:58 2017 -0700 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Here's a pull request for 4.11-rc, fixing a set of issues mostly centered around the new scheduling framework. These have been brewing for a while, but split up into what we absolutely need in 4.11, and what we can defer until 4.12. These are well tested, on both single queue and multiqueue setups, and with and without shared tags. They fix several hangs that have happened in testing. This is obviously larger than I would have preferred at this point in time, but I don't think we can shave much off this and still get the desired results. In detail, this pull request contains: - a set of five fixes for NVMe, mostly from Christoph and one from Roland. - a series from Bart, fixing issues with dm-mq and SCSI shared tags and scheduling. Note that one of those patches commit messages may read like an optimization, but it is in fact an important fix for queue restarts in particular. - a series from Omar, most importantly fixing a hang with multiple hardware queues when we fail to get a driver tag. Another important fix in there is for resizing hardware queues, which nbd does when handling multiple sockets for one connection. - fixing an imbalance in putting the ctx for hctx request allocations from Minchan" * 'for-linus' of git://git.kernel.dk/linux-block: blk-mq: Restart a single queue if tag sets are shared dm rq: Avoid that request processing stalls sporadically scsi: Avoid that SCSI queues get stuck blk-mq: Introduce blk_mq_delay_run_hw_queue() blk-mq: remap queues when adding/removing hardware queues blk-mq-sched: fix crash in switch error path blk-mq-sched: set up scheduler tags when bringing up new queues blk-mq-sched: refactor scheduler initialization blk-mq: use the right hctx when getting a driver tag fails nvmet: fix byte swap in nvmet_parse_io_cmd nvmet: fix byte swap in nvmet_execute_write_zeroes nvmet: add missing byte swap in nvmet_get_smart_log nvme: add missing byte swap in nvme_setup_discard nvme: Correct NVMF enum values to match NVMe-oF rev 1.0 block: do not put mq context in blk_mq_alloc_request_hctx commit c3df1c7c36aa55fa76d77d57383af334856ab9f8 Merge: 894ca30 6118714 Author: Linus Torvalds Date: Sat Apr 8 11:43:38 2017 -0700 Merge tag 'pinctrl-v4.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fix from Linus Walleij: "This late fix for pin control is hopefully the last I send this cycle. The problem was detected early in the v4.11 release cycle and there has been some back and forth on how to solve it. Sadly the proper fix arrives late, but at least not too late. An issue was detected with pin control on the Freescale i.MX after the refactorings for more general group and function handling. We now have the proper fix for this" * tag 'pinctrl-v4.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: core: Fix pinctrl_register_and_init() with pinctrl_enable() commit 894ca30cf6ddf891aa17c39a4b8d511c0a8cf2e9 Merge: cf01fb9 4749228 Author: Linus Torvalds Date: Sat Apr 8 11:06:12 2017 -0700 Merge tag 'powerpc-4.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Some more powerpc fixes for 4.11: Headed to stable: - disable HFSCR[TM] if TM is not supported, fixes a potential host kernel crash triggered by a hostile guest, but only in configurations that no one uses - don't try to fix up misaligned load-with-reservation instructions - fix flush_(d|i)cache_range() called from modules on little endian kernels - add missing global TLB invalidate if cxl is active - fix missing preempt_disable() in crc32c-vpmsum And a fix for selftests build changes that went in this release: - selftests/powerpc: Fix standalone powerpc build Thanks to: Benjamin Herrenschmidt, Frederic Barrat, Oliver O'Halloran, Paul Mackerras" * tag 'powerpc-4.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/crypto/crc32c-vpmsum: Fix missing preempt_disable() powerpc/mm: Add missing global TLB invalidate if cxl is active powerpc/64: Fix flush_(d|i)cache_range() called from modules powerpc: Don't try to fix up misaligned load-with-reservation instructions powerpc: Disable HFSCR[TM] if TM is not supported selftests/powerpc: Fix standalone powerpc build commit cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 Author: Chris Salls Date: Fri Apr 7 23:48:11 2017 -0700 mm/mempolicy.c: fix error handling in set_mempolicy and mbind. In the case that compat_get_bitmap fails we do not want to copy the bitmap to the user as it will contain uninitialized stack data and leak sensitive data. Signed-off-by: Chris Salls Signed-off-by: Linus Torvalds mm/mempolicy.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) commit 425fffd886bae3d127a08fa6a17f2e31e24ed7ff Author: Liping Zhang Date: Fri Apr 7 23:51:07 2017 +0800 sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec Currently, inputting the following command will succeed but actually the value will be truncated: # echo 0x12ffffffff > /proc/sys/net/ipv4/tcp_notsent_lowat This is not friendly to the user, so instead, we should report error when the value is larger than UINT_MAX. Fixes: e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields") Signed-off-by: Liping Zhang Cc: Subash Abhinov Kasiviswanathan Cc: Andrew Morton Cc: Eric W. Biederman Signed-off-by: Linus Torvalds kernel/sysctl.c | 2 ++ 1 file changed, 2 insertions(+) commit 27f395b857abee5bced8356d39e1a491ff08748a Author: Tejun Heo Date: Thu Mar 23 13:34:47 2017 -0400 MAINTAINERS: separate out kernfs maintainership Separate out kernfs from driver core and add myself as a co-maintainer. Signed-off-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit df59577d8c6fecc53e0ea8e98519ee83b4ca5b04 Merge: 7cc2b04 ca257b9 Author: David S. Miller Date: Sat Apr 8 08:48:50 2017 -0700 Merge tag 'linux-can-fixes-for-4.12-20170404' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2017-04-04 this is a pull request of two patches for net/master. The first patch by Markus Marb fixes a register read access in the ifi driver. The second patch by Geert Uytterhoeven for the rcar driver remove the printing of a kernel virtual address. ==================== Signed-off-by: David S. Miller commit c8a139d001a1aab1ea8734db14b22dac9dd143b6 Author: NeilBrown Date: Mon Apr 3 11:30:34 2017 +1000 sysfs: be careful of error returns from ops->show() ops->show() can return a negative error code. Commit 65da3484d9be ("sysfs: correctly handle short reads on PREALLOC attrs.") (in v4.4) caused this to be stored in an unsigned 'size_t' variable, so errors would look like large numbers. As a result, if an error is returned, sysfs_kf_read() will return the value of 'count', typically 4096. Commit 17d0774f8068 ("sysfs: correctly handle read offset on PREALLOC attrs") (in v4.8) extended this error to use the unsigned large 'len' as a size for memmove(). Consequently, if ->show returns an error, then the first read() on the sysfs file will return 4096 and could return uninitialized memory to user-space. If the application performs a subsequent read, this will trigger a memmove() with extremely large count, and is likely to crash the machine is bizarre ways. This bug can currently only be triggered by reading from an md sysfs attribute declared with __ATTR_PREALLOC() during the brief period between when mddev_put() deletes an mddev from the ->all_mddevs list, and when mddev_delayed_delete() - which is scheduled on a workqueue - completes. Before this, an error won't be returned by the ->show() After this, the ->show() won't be called. I can reproduce it reliably only by putting delay like usleep_range(500000,700000); early in mddev_delayed_delete(). Then after creating an md device md0 run echo clear > /sys/block/md0/md/array_state; cat /sys/block/md0/md/array_state The bug can be triggered without the usleep. Fixes: 65da3484d9be ("sysfs: correctly handle short reads on PREALLOC attrs.") Fixes: 17d0774f8068 ("sysfs: correctly handle read offset on PREALLOC attrs") Cc: stable@vger.kernel.org Signed-off-by: NeilBrown Acked-by: Tejun Heo Reported-and-tested-by: Miroslav Benes Signed-off-by: Greg Kroah-Hartman fs/sysfs/file.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit cf903e9d3a97f89b224d2d07be37c0f160db8192 Author: Johan Hovold Date: Mon Apr 3 15:53:34 2017 +0200 Documentation: stable-kernel-rules: fix stable-tag format A patch documenting how to specify which kernels a particular fix should be backported to (seemingly) inadvertently added a minus sign after the kernel version. This particular stable-tag format had never been used prior to this patch, and was neither present when the patch in question was first submitted (it was added in v2 without any comment). Drop the minus sign to avoid any confusion. Fixes: fdc81b7910ad ("stable_kernel_rules: Add clause about specification of kernel versions to patch.") Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman Documentation/process/stable-kernel-rules.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7cc2b043bc3f1e8139e807528c8041c15924a411 Author: Gao Feng Date: Thu Apr 6 23:05:49 2017 +0800 net: tcp: Increase TCP_MIB_OUTRSTS even though fail to alloc skb Because TCP_MIB_OUTRSTS is an important count, so always increase it whatever send it successfully or not. Now move the increment of TCP_MIB_OUTRSTS to the top of tcp_send_active_reset to make sure it is increased always even though fail to alloc skb. Signed-off-by: Gao Feng Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3aecfbb19ca746a62575de90957c14e03b9c5d23 Merge: cc663f4 321a52a Author: David S. Miller Date: Sat Apr 8 08:29:05 2017 -0700 Merge branch 'l2tp-sockopt-errors' Guillaume Nault says: ==================== l2tp: fix error handling of PPPoL2TP socket options Fix pppol2tp_[gs]etsockopt() so that they don't ignore errors returned by their helper functions. ==================== Signed-off-by: David S. Miller commit 321a52a39189d5e4af542f7dcdc07bba4545cf5d Author: Guillaume Nault Date: Thu Apr 6 18:31:21 2017 +0200 l2tp: don't mask errors in pppol2tp_getsockopt() pppol2tp_getsockopt() doesn't take into account the error code returned by pppol2tp_tunnel_getsockopt() or pppol2tp_session_getsockopt(). If error occurs there, pppol2tp_getsockopt() continues unconditionally and reports erroneous values. Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ppp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 364700cf8fd54f54ad08313464105a414e3bccb7 Author: Guillaume Nault Date: Thu Apr 6 18:31:20 2017 +0200 l2tp: don't mask errors in pppol2tp_setsockopt() pppol2tp_setsockopt() unconditionally overwrites the error value returned by pppol2tp_tunnel_setsockopt() or pppol2tp_session_setsockopt(), thus hiding errors from userspace. Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ppp.c | 2 -- 1 file changed, 2 deletions(-) commit 97fbfef6bd597888485b653175fb846c6998b60c Author: Shuxiao Zhang Date: Thu Apr 6 22:30:29 2017 +0800 staging: android: ashmem: lseek failed due to no FMODE_LSEEK. vfs_llseek will check whether the file mode has FMODE_LSEEK, no return failure. But ashmem can be lseek, so add FMODE_LSEEK to ashmem file. Comment From Greg Hackmann: ashmem_llseek() passes the llseek() call through to the backing shmem file. 91360b02ab48 ("ashmem: use vfs_llseek()") changed this from directly calling the file's llseek() op into a VFS layer call. This also adds a check for the FMODE_LSEEK bit, so without that bit ashmem_llseek() now always fails with -ESPIPE. Fixes: 91360b02ab48 ("ashmem: use vfs_llseek()") Signed-off-by: Shuxiao Zhang Tested-by: Greg Hackmann Cc: stable # 3.18+ Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ashmem.c | 1 + 1 file changed, 1 insertion(+) commit 8b65bb57d87a66cd156f856f28f2bd72d7b2395e Merge: 542380a 86e1066 Author: Linus Torvalds Date: Sat Apr 8 01:42:05 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc fixes from David Miller: "Several fixes here, mostly having to due with either build errors or memory corruptions depending upon whether you have THP enabled or not" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: remove unused wp_works_ok macro sparc32: Export vac_cache_size to fix build error sparc64: Fix memory corruption when THP is enabled sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write() arch/sparc: Avoid DCTI Couples sparc64: kern_addr_valid regression sparc64: Add support for 2G hugepages sparc64: Fix size check in huge_pte_alloc commit 542380a208c5eda9c27f9db099daa9d544626960 Merge: 62fedca 8786fa6 Author: Linus Torvalds Date: Sat Apr 8 01:39:43 2017 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "ARM: - Fix a problem with GICv3 userspace save/restore - Clarify GICv2 userspace save/restore ABI - Be more careful in clearing GIC LRs - Add missing synchronization primitive to our MMU handling code PPC: - Check for a NULL return from kzalloc s390: - Prevent translation exception errors on valid page tables for the instruction-exection-protection support x86: - Fix Page-Modification Logging when running a nested guest" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: PPC: Book3S HV: Check for kmalloc errors in ioctl KVM: nVMX: initialize PML fields in vmcs02 KVM: nVMX: do not leak PML full vmexit to L1 KVM: arm/arm64: vgic: Fix GICC_PMR uaccess on GICv3 and clarify ABI KVM: arm64: Ensure LRs are clear when they should be kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd KVM: s390: remove change-recording override support arm/arm64: KVM: Take mmap_sem in kvm_arch_prepare_memory_region arm/arm64: KVM: Take mmap_sem in stage2_unmap_vm commit 62fedca5cefb9a89f9e3c0e631afa505da7417a8 Merge: 56c2997 ab6434a Author: Linus Torvalds Date: Sat Apr 8 01:37:25 2017 -0700 Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit Pull audit cleanup from Paul Moore: "A week later than I had hoped, but as promised, here is the audit uninline-fix we talked about during the last audit pull request. The patch is slightly different than what we originally discussed as it made more sense to keep the audit_signal_info() function in auditsc.c rather than move it and bunch of other related variables/definitions into audit.c/audit.h. At some point in the future I need to look at how the audit code is organized across kernel/audit*, I suspect we could do things a bit better, but it doesn't seem like a -rc release is a good place for that ;) Regardless, this patch passes our tests without problem and looks good for v4.11" * 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit: audit: move audit_signal_info() into kernel/auditsc.c commit 56c29979653f6313b6c47b22f54ed54150fd92ed Merge: cefdc26 ce61287 Author: Linus Torvalds Date: Sat Apr 8 01:35:32 2017 -0700 Merge branch 'akpm' (patches from Andrew) Merge misc fixes from Andrew Morton: "10 fixes" * emailed patches from Andrew Morton : mm: move pcp and lru-pcp draining into single wq mailmap: update Yakir Yang email address mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff() dax: fix radix tree insertion race mm, thp: fix setting of defer+madvise thp defrag mode ptrace: fix PTRACE_LISTEN race corrupting task->state vmlinux.lds: add missing VMLINUX_SYMBOL macros mm/page_alloc.c: fix print order in show_free_areas() userfaultfd: report actual registered features in fdinfo mm: fix page_vma_mapped_walk() for ksm pages commit ce612879ddc78ea7e4de4be80cba4ebf9caa07ee Author: Michal Hocko Date: Fri Apr 7 16:05:05 2017 -0700 mm: move pcp and lru-pcp draining into single wq We currently have 2 specific WQ_RECLAIM workqueues in the mm code. vmstat_wq for updating pcp stats and lru_add_drain_wq dedicated to drain per cpu lru caches. This seems more than necessary because both can run on a single WQ. Both do not block on locks requiring a memory allocation nor perform any allocations themselves. We will save one rescuer thread this way. On the other hand drain_all_pages() queues work on the system wq which doesn't have rescuer and so this depend on memory allocation (when all workers are stuck allocating and new ones cannot be created). Initially we thought this would be more of a theoretical problem but Hugh Dickins has reported: : 4.11-rc has been giving me hangs after hours of swapping load. At : first they looked like memory leaks ("fork: Cannot allocate memory"); : but for no good reason I happened to do "cat /proc/sys/vm/stat_refresh" : before looking at /proc/meminfo one time, and the stat_refresh stuck : in D state, waiting for completion of flush_work like many kworkers. : kthreadd waiting for completion of flush_work in drain_all_pages(). This worker should be using WQ_RECLAIM as well in order to guarantee a forward progress. We can reuse the same one as for lru draining and vmstat. Link: http://lkml.kernel.org/r/20170307131751.24936-1-mhocko@kernel.org Signed-off-by: Michal Hocko Suggested-by: Tetsuo Handa Acked-by: Vlastimil Babka Acked-by: Mel Gorman Tested-by: Yang Li Tested-by: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/internal.h | 7 +++++++ mm/page_alloc.c | 9 ++++++++- mm/swap.c | 27 ++++++++------------------- mm/vmstat.c | 15 +++++++++------ 4 files changed, 32 insertions(+), 26 deletions(-) commit cdcf4330d5660998d06fcd899b443693ab3d652f Author: Jeffy Chen Date: Fri Apr 7 16:05:02 2017 -0700 mailmap: update Yakir Yang email address Set current email address to replace previous employers email addresses. Link: http://lkml.kernel.org/r/1491450722-6633-1-git-send-email-jeffy.chen@rock-chips.com Signed-off-by: Jeffy Chen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds .mailmap | 1 + 1 file changed, 1 insertion(+) commit 460bcec84e11c75122ace5976214abbc596eb91b Author: David Rientjes Date: Fri Apr 7 16:05:00 2017 -0700 mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff() We got need_resched() warnings in swap_cgroup_swapoff() because swap_cgroup_ctrl[type].length is particularly large. Reschedule when needed. Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1704061315270.80559@chino.kir.corp.google.com Signed-off-by: David Rientjes Acked-by: Michal Hocko Cc: Johannes Weiner Cc: Vladimir Davydov Cc: KAMEZAWA Hiroyuki Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/swap_cgroup.c | 2 ++ 1 file changed, 2 insertions(+) commit e11f8b7b6c4ea13bf8af6b8f42b45e15b554a92b Author: Ross Zwisler Date: Fri Apr 7 16:04:57 2017 -0700 dax: fix radix tree insertion race While running generic/340 in my test setup I hit the following race. It can happen with kernels that support FS DAX PMDs, so v4.10 thru v4.11-rc5. Thread 1 Thread 2 -------- -------- dax_iomap_pmd_fault() grab_mapping_entry() spin_lock_irq() get_unlocked_mapping_entry() 'entry' is NULL, can't call lock_slot() spin_unlock_irq() radix_tree_preload() dax_iomap_pmd_fault() grab_mapping_entry() spin_lock_irq() get_unlocked_mapping_entry() ... lock_slot() spin_unlock_irq() dax_pmd_insert_mapping() spin_lock_irq() __radix_tree_insert() fails with -EEXIST The issue is that we have to drop mapping->tree_lock while calling radix_tree_preload(), but since we didn't have a radix tree entry to lock (unlike in the pmd_downgrade case) we have no protection against Thread 2 coming along and inserting a PMD at the same index. For 4k entries we handled this with a special-case response to -EEXIST coming from the __radix_tree_insert(), but this doesn't save us for PMDs because the -EEXIST case can also mean that we collided with a 4k entry in the radix tree at a different index, but one that is covered by our PMD range. So, correctly handle both the 4k and 2M collision cases by explicitly re-checking the radix tree for an entry at our index once we reacquire mapping->tree_lock. This patch has made it through a clean xfstests run with the current v4.11-rc5 based linux/master, and it also ran generic/340 500 times in a loop. It used to fail within the first 10 iterations. Link: http://lkml.kernel.org/r/20170406212944.2866-1-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Cc: "Darrick J. Wong" Cc: Alexander Viro Cc: Christoph Hellwig Cc: Dan Williams Cc: Jan Kara Cc: Matthew Wilcox Cc: [4.10+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) commit 4fad7fb6b0279a85e16e6a63e0f1f7d98cedddf1 Author: David Rientjes Date: Fri Apr 7 16:04:54 2017 -0700 mm, thp: fix setting of defer+madvise thp defrag mode Setting thp defrag mode of "defer+madvise" actually sets "defer" in the kernel due to the name similarity and the out-of-order way the string is checked in defrag_store(). Check the string in the correct order so that TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG is set appropriately for "defer+madvise". Fixes: 21440d7eb904 ("mm, thp: add new defer+madvise defrag option") Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1704051814420.137626@chino.kir.corp.google.com Signed-off-by: David Rientjes Acked-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Mel Gorman Cc: "Kirill A. Shutemov" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 5402e97af667e35e54177af8f6575518bf251d51 Author: bsegall@google.com Date: Fri Apr 7 16:04:51 2017 -0700 ptrace: fix PTRACE_LISTEN race corrupting task->state In PT_SEIZED + LISTEN mode STOP/CONT signals cause a wakeup against __TASK_TRACED. If this races with the ptrace_unfreeze_traced at the end of a PTRACE_LISTEN, this can wake the task /after/ the check against __TASK_TRACED, but before the reset of state to TASK_TRACED. This causes it to instead clobber TASK_WAKING, allowing a subsequent wakeup against TRACED while the task is still on the rq wake_list, corrupting it. Oleg said: "The kernel can crash or this can lead to other hard-to-debug problems. In short, "task->state = TASK_TRACED" in ptrace_unfreeze_traced() assumes that nobody else can wake it up, but PTRACE_LISTEN breaks the contract. Obviusly it is very wrong to manipulate task->state if this task is already running, or WAKING, or it sleeps again" [akpm@linux-foundation.org: coding-style fixes] Fixes: 9899d11f ("ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL") Link: http://lkml.kernel.org/r/xm26y3vfhmkp.fsf_-_@bsegall-linux.mtv.corp.google.com Signed-off-by: Ben Segall Acked-by: Oleg Nesterov Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/ptrace.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit d79bf21e0e02f8ad24219f0587cc599a7e67f6c6 Author: Jessica Yu Date: Fri Apr 7 16:04:48 2017 -0700 vmlinux.lds: add missing VMLINUX_SYMBOL macros When __{start,end}_ro_after_init is referenced from C code, we run into the following build errors on blackfin: kernel/extable.c:169: undefined reference to `__start_ro_after_init' kernel/extable.c:169: undefined reference to `__end_ro_after_init' The build error is due to the fact that blackfin is one of the few arches that prepends an underscore '_' to all symbols defined in C. Fix this by wrapping __{start,end}_ro_after_init in vmlinux.lds.h with VMLINUX_SYMBOL(), which adds the necessary prefix for arches that have HAVE_UNDERSCORE_SYMBOL_PREFIX. Link: http://lkml.kernel.org/r/1491259387-15869-1-git-send-email-jeyu@redhat.com Signed-off-by: Jessica Yu Acked-by: Kees Cook Cc: Arnd Bergmann Cc: Eddie Kovsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/asm-generic/vmlinux.lds.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1f06b81aea5ecba2c1f8afd87e0ba1b9f8f90160 Author: Alexander Polakov Date: Fri Apr 7 16:04:45 2017 -0700 mm/page_alloc.c: fix print order in show_free_areas() Fixes: 11fb998986a72a ("mm: move most file-based accounting to the node") Link: http://lkml.kernel.org/r/1490377730.30219.2.camel@beget.ru Signed-off-by: Alexander Polyakov Acked-by: Michal Hocko Cc: Mel Gorman Cc: Vlastimil Babka Cc: [4.8+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 045098e944959d4cbd56bbf33e2f26045863b7ca Author: Mike Rapoport Date: Fri Apr 7 16:04:42 2017 -0700 userfaultfd: report actual registered features in fdinfo fdinfo for userfault file descriptor reports UFFD_API_FEATURES. Up until recently, the UFFD_API_FEATURES was defined as 0, therefore corresponding field in fdinfo always contained zero. Now, with introduction of several additional features, UFFD_API_FEATURES is not longer 0 and it seems better to report actual features requested for the userfaultfd object described by the fdinfo. First, the applications that were using userfault will still see zero at the features field in fdinfo. Next, reporting actual features rather than available features, gives clear indication of what userfault features are used by an application. Link: http://lkml.kernel.org/r/1491140181-22121-1-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrea Arcangeli Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d75450ff40df0199bf13dfb19f435519ff947138 Author: Hugh Dickins Date: Fri Apr 7 16:04:39 2017 -0700 mm: fix page_vma_mapped_walk() for ksm pages Doug Smythies reports oops with KSM in this backtrace, I've been seeing the same: page_vma_mapped_walk+0xe6/0x5b0 page_referenced_one+0x91/0x1a0 rmap_walk_ksm+0x100/0x190 rmap_walk+0x4f/0x60 page_referenced+0x149/0x170 shrink_active_list+0x1c2/0x430 shrink_node_memcg+0x67a/0x7a0 shrink_node+0xe1/0x320 kswapd+0x34b/0x720 Just as observed in commit 4b0ece6fa016 ("mm: migrate: fix remove_migration_pte() for ksm pages"), you cannot use page->index calculations on ksm pages. page_vma_mapped_walk() is relying on __vma_address(), where a ksm page can lead it off the end of the page table, and into whatever nonsense is in the next page, ending as an oops inside check_pte()'s pte_page(). KSM tells page_vma_mapped_walk() exactly where to look for the page, it does not need any page->index calculation: and that's so also for all the normal and file and anon pages - just not for THPs and their subpages. Get out early in most cases: instead of a PageKsm test, move down the earlier not-THP-page test, as suggested by Kirill. I'm also slightly worried that this loop can stray into other vmas, so added a vm_end test to prevent surprises; though I have not imagined anything worse than a very contrived case, in which a page mlocked in the next vma might be reclaimed because it is not mlocked in this vma. Fixes: ace71a19cec5 ("mm: introduce page_vma_mapped_walk()") Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1704031104400.1118@eggly.anvils Signed-off-by: Hugh Dickins Reported-by: Doug Smythies Tested-by: Doug Smythies Reviewed-by: Kirill A. Shutemov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_vma_mapped.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit 5fa22a6e1a8883fd4100809e0d4fa18c23d08b85 Merge: 12d28f9 d43e85b7 Author: Olof Johansson Date: Fri Apr 7 16:50:16 2017 -0700 Merge tag 'mvebu-fixes-4.11-1' of git://git.infradead.org/linux-mvebu into fixes mvebu fixes for 4.11 (part 1) Fix build of the board code for orion5x when some parts are configured as module. * tag 'mvebu-fixes-4.11-1' of git://git.infradead.org/linux-mvebu: ARM: orion5x: only call into phylib when available Signed-off-by: Olof Johansson commit 12d28f94eb35d6309c8d86dad75ece76ee5c392e Merge: d4ee21e 0d98479 Author: Olof Johansson Date: Fri Apr 7 16:49:43 2017 -0700 Merge tag 'sunxi-fixes-for-4.11-2' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux into fixes Allwinner fixes for 4.11, bis Two fixes for the recent A33 cpufreq support, and one to fix a missing register in the A64 USB PHY node. * tag 'sunxi-fixes-for-4.11-2' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux: arm64: allwinner: a64: add pmu0 regs for USB PHY ARM: sun8i: a33: add operating-points-v2 property to all nodes ARM: sun8i: a33: remove highest OPP to fix CPU crashes Signed-off-by: Olof Johansson commit d4ee21ef61dfcaeba7542cdc1c9242364a8ca5c0 Merge: 0fa974b 62e24c5 Author: Olof Johansson Date: Fri Apr 7 16:49:08 2017 -0700 Merge tag 'reset-fixes-for-4.11-2' of git://git.pengutronix.de/git/pza/linux into fixes Reset controller fixes for v4.11 Fix devm_reset_controller_get_optional to return NULL for non-DT devices, if the RESET_CONTROLLER Kconfig option is enabled. This fixes probe failures of the 8250_dw driver on Intel platforms after commit acbdad8dd1ab ("serial: 8250_dw: simplify optional reset handling"). * tag 'reset-fixes-for-4.11-2' of git://git.pengutronix.de/git/pza/linux: reset: add exported __reset_control_get, return NULL if optional Signed-off-by: Olof Johansson commit 7c856152cb92f8eee2df29ef325a1b1f43161aff Author: Martin K. Petersen Date: Tue Apr 4 10:42:30 2017 -0400 scsi: sd: Fix capacity calculation with 32-bit sector_t We previously made sure that the reported disk capacity was less than 0xffffffff blocks when the kernel was not compiled with large sector_t support (CONFIG_LBDAF). However, this check assumed that the capacity was reported in units of 512 bytes. Add a sanity check function to ensure that we only enable disks if the entire reported capacity can be expressed in terms of sector_t. Cc: Reported-by: Steve Magnani Cc: Bart Van Assche Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen drivers/scsi/sd.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) commit bf6061b17a8d47ef0d9344d3ef576a4ff0edf793 Author: Sawan Chandak Date: Fri Mar 31 14:37:03 2017 -0700 scsi: qla2xxx: Add fix to read correct register value for ISP82xx. Add fix to read correct register value for ISP82xx, during check for register disconnect.ISP82xx has different base register. Fixes: a465537ad1a4 ("qla2xxx: Disable the adapter and skip error recovery in case of register disconnect") Signed-off-by: Sawan Chandak Signed-off-by: Himanshu Madhani Cc: Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 8eaf7dfcfcf222e56f7d1e0a9ffdd7be0f300c2f Author: Chad Dupuis Date: Thu Mar 23 06:58:47 2017 -0700 scsi: qedf: Fix crash due to unsolicited FIP VLAN response. We need to initialize qedf->fipvlan_compl in __qedf_probe so that if we receive an unsolicited FIP VLAN response, the system doesn't crash due to trying to complete an uninitialized completion. Also add a check to see if there are any waiters on the completion so we don't inadvertantly kick start the discovery process due to the unsolicited frame. Fixed the crash: <1>BUG: unable to handle kernel NULL pointer dereference at (null) <1>IP: [] __wake_up_common+0x31/0x90 <4>PGD 0 <4>Oops: 0000 [#1] SMP <4>last sysfs file: /sys/devices/system/cpu/online <4>CPU 7 <4>Modules linked in: autofs4 nfs lockd fscache auth_rpcgss nfs_acl sunrpc target_core_iblock target_core_file target_core_pscsi target_core_mod configfs bnx2fc cnic fcoe 8021q garp stp llc ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 vfat fat uinput ipmi_devintf microcode power_meter acpi_ipmi ipmi_si ipmi_msghandler iTCO_wdt iTCO_vendor_support dcdbas sg joydev sb_edac edac_core lpc_ich mfd_core shpchp tg3 ptp pps_core ext4 jbd2 mbcache sr_mod cdrom sd_mod crc_t10dif qedi(U) iscsi_boot_sysfs libiscsi scsi_transport_iscsi uio qedf(U) libfcoe libfc scsi_transport_fc scsi_tgt qede(U) qed(U) ahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: speedstep_lib] <4> <4>Pid: 1485, comm: qedf_11_ll2 Not tainted 2.6.32-642.el6.x86_64 #1 Dell Inc. PowerEdge R730/0599V5 <4>RIP: 0010:[] [] __wake_up_common+0x31/0x90 <4>RSP: 0018:ffff881068a83d50 EFLAGS: 00010086 <4>RAX: ffffffffffffffe8 RBX: ffff88106bf42de0 RCX: 0000000000000000 <4>RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffff88106bf42de0 <4>RBP: ffff881068a83d90 R08: 0000000000000000 R09: 00000000fffffffe <4>R10: 0000000000000000 R11: 000000000000000b R12: 0000000000000286 <4>R13: ffff88106bf42de8 R14: 0000000000000000 R15: 0000000000000000 <4>FS: 0000000000000000(0000) GS:ffff88089c460000(0000) knlGS:0000000000000000 <4>CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b <4>CR2: 0000000000000000 CR3: 0000000001a8d000 CR4: 00000000001407e0 <4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 <4>Process qedf_11_ll2 (pid: 1485, threadinfo ffff881068a80000, task ffff881068a70040) <4>Stack: <4> ffff88106ef00090 0000000300000001 ffff881068a83d90 ffff88106bf42de0 <4> 0000000000000286 ffff88106bf42dd8 ffff88106bf40a50 0000000000000002 <4> ffff881068a83dc0 ffffffff810634c7 ffff881000000003 000000000000000b <4>Call Trace: <4> [] complete+0x47/0x60 <4> [] qedf_fip_recv+0x1c7/0x450 [qedf] <4> [] qedf_ll2_recv_thread+0x33b/0x510 [qedf] <4> [] ? qedf_ll2_recv_thread+0x0/0x510 [qedf] <4> [] kthread+0x9e/0xc0 <4> [] child_rip+0xa/0x20 <4> [] ? kthread+0x0/0xc0 <4> [] ? child_rip+0x0/0x20 <4>Code: 41 56 41 55 41 54 53 48 83 ec 18 0f 1f 44 00 00 89 75 cc 89 55 c8 4c 8d 6f 08 48 8b 57 08 41 89 cf 4d 89 c6 48 8d 42 e8 49 39 d5 <48> 8b 58 18 74 3f 48 83 eb 18 eb 0a 0f 1f 00 48 89 d8 48 8d 5a <1>RIP [] __wake_up_common+0x31/0x90 <4> RSP <4>CR2: 0000000000000000 Signed-off-by: Chad Dupuis Signed-off-by: Martin K. Petersen drivers/scsi/qedf/qedf_fip.c | 3 ++- drivers/scsi/qedf/qedf_main.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) commit a00a7862513089f17209b732f230922f1942e0b9 Author: Martin K. Petersen Date: Fri Mar 17 08:47:14 2017 -0400 scsi: sr: Sanity check returned mode data Kefeng Wang discovered that old versions of the QEMU CD driver would return mangled mode data causing us to walk off the end of the buffer in an attempt to parse it. Sanity check the returned mode sense data. Cc: Reported-by: Kefeng Wang Tested-by: Kefeng Wang Signed-off-by: Martin K. Petersen drivers/scsi/sr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 6780414519f91c2a84da9baa963a940ac916f803 Author: Fam Zheng Date: Tue Mar 28 12:41:26 2017 +0800 scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable If device reports a small max_xfer_blocks and a zero opt_xfer_blocks, we end up using BLK_DEF_MAX_SECTORS, which is wrong and r/w of that size may get error. [mkp: tweaked to avoid setting rw_max twice and added typecast] Cc: # v4.4+ Fixes: ca369d51b3e ("block/sd: Fix device-imposed transfer length limits") Signed-off-by: Fam Zheng Signed-off-by: Martin K. Petersen drivers/scsi/sd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit cefdc26e86728812aea54248a534fd4a5da2a43d Author: Martin Brandenburg Date: Thu Apr 6 18:11:00 2017 -0400 orangefs: move features validation to fix filesystem hang Without this fix (and another to the userspace component itself described later), the kernel will be unable to process any OrangeFS requests after the userspace component is restarted (due to a crash or at the administrator's behest). The bug here is that inside orangefs_remount, the orangefs_request_mutex is locked. When the userspace component restarts while the filesystem is mounted, it sends a ORANGEFS_DEV_REMOUNT_ALL ioctl to the device, which causes the kernel to send it a few requests aimed at synchronizing the state between the two. While this is happening the orangefs_request_mutex is locked to prevent any other requests going through. This is only half of the bugfix. The other half is in the userspace component which outright ignores(!) requests made before it considers the filesystem remounted, which is after the ioctl returns. Of course the ioctl doesn't return until after the userspace component responds to the request it ignores. The userspace component has been changed to allow ORANGEFS_VFS_OP_FEATURES regardless of the mount status. Mike Marshall says: "I've tested this patch against the fixed userspace part. This patch is real important, I hope it can make it into 4.11... Here's what happens when the userspace daemon is restarted, without the patch: ============================================= [ INFO: possible recursive locking detected ] [ 4.10.0-00007-ge98bdb3 #1 Not tainted ] --------------------------------------------- pvfs2-client-co/29032 is trying to acquire lock: (orangefs_request_mutex){+.+.+.}, at: service_operation+0x3c7/0x7b0 [orangefs] but task is already holding lock: (orangefs_request_mutex){+.+.+.}, at: dispatch_ioctl_command+0x1bf/0x330 [orangefs] CPU: 0 PID: 29032 Comm: pvfs2-client-co Not tainted 4.10.0-00007-ge98bdb3 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-1.fc25 04/01/2014 Call Trace: __lock_acquire+0x7eb/0x1290 lock_acquire+0xe8/0x1d0 mutex_lock_killable_nested+0x6f/0x6e0 service_operation+0x3c7/0x7b0 [orangefs] orangefs_remount+0xea/0x150 [orangefs] dispatch_ioctl_command+0x227/0x330 [orangefs] orangefs_devreq_ioctl+0x29/0x70 [orangefs] do_vfs_ioctl+0xa3/0x6e0 SyS_ioctl+0x79/0x90" Signed-off-by: Martin Brandenburg Acked-by: Mike Marshall Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds fs/orangefs/super.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit c2eb7beac7638566f20f705cee48e0a3cd4e48b7 Merge: 81d4bab 794a860 Author: Linus Torvalds Date: Fri Apr 7 12:26:36 2017 -0700 Merge tag 'pci-v4.11-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: - fix ThunderX legacy firmware resources - fix ARTPEC-6 and DesignWare platform driver NULL pointer dereferences - fix HiSilicon link error * tag 'pci-v4.11-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: dwc: Fix dw_pcie_ops NULL pointer dereference PCI: dwc: Select PCI_HOST_COMMON for hisi PCI: thunder-pem: Fix legacy firmware PEM-specific resources commit cc663f4d4c97b7297fb45135ab23cfd508b35a77 Author: Yuchung Cheng Date: Fri Apr 7 11:42:05 2017 -0700 tcp: restrict F-RTO to work-around broken middle-boxes The recent extension of F-RTO 89fe18e44 ("tcp: extend F-RTO to catch more spurious timeouts") interacts badly with certain broken middle-boxes. These broken boxes modify and falsely raise the receive window on the ACKs. During a timeout induced recovery, F-RTO would send new data packets to probe if the timeout is false or not. Since the receive window is falsely raised, the receiver would silently drop these F-RTO packets. The recovery would take N (exponentially backoff) timeouts to repair N packet losses. A TCP performance killer. Due to this unfortunate situation, this patch removes this extension to revert F-RTO back to the RFC specification. Fixes: 89fe18e44f7e ("tcp: extend F-RTO to catch more spurious timeouts") Signed-off-by: Yuchung Cheng Signed-off-by: Neal Cardwell Signed-off-by: Soheil Hassas Yeganeh Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_input.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) commit 6d8c6c0f97ad8a3517c42b179c1dc8e77397d0e2 Author: Bart Van Assche Date: Fri Apr 7 12:40:09 2017 -0600 blk-mq: Restart a single queue if tag sets are shared To improve scalability, if hardware queues are shared, restart a single hardware queue in round-robin fashion. Rename blk_mq_sched_restart_queues() to reflect the new semantics. Remove blk_mq_sched_mark_restart_queue() because this function has no callers. Remove flag QUEUE_FLAG_RESTART because this patch removes the code that uses this flag. Signed-off-by: Bart Van Assche Cc: Christoph Hellwig Cc: Hannes Reinecke Signed-off-by: Jens Axboe block/blk-mq-sched.c | 63 ++++++++++++++++++++++++++++++++++++++++++-------- block/blk-mq-sched.h | 16 +------------ block/blk-mq.c | 2 +- include/linux/blkdev.h | 1 - 4 files changed, 55 insertions(+), 27 deletions(-) commit 6077c2d706097c00d8f2fed57d3f3c45cd228ee8 Author: Bart Van Assche Date: Fri Apr 7 11:16:54 2017 -0700 dm rq: Avoid that request processing stalls sporadically While running the srp-test software I noticed that request processing stalls sporadically at the beginning of a test, namely when mkfs is run against a dm-mpath device. Every time when that happened the following command was sufficient to resume request processing: echo run >/sys/kernel/debug/block/dm-0/state This patch avoids that such request processing stalls occur. The test I ran is as follows: while srp-test/run_tests -d -r 30 -t 02-mq; do :; done Signed-off-by: Bart Van Assche Cc: Mike Snitzer Cc: dm-devel@redhat.com Signed-off-by: Jens Axboe drivers/md/dm-rq.c | 1 + 1 file changed, 1 insertion(+) commit 36e3cf273977da34a760d513e1bef8431a9abaa0 Author: Bart Van Assche Date: Fri Apr 7 11:16:53 2017 -0700 scsi: Avoid that SCSI queues get stuck If a .queue_rq() function returns BLK_MQ_RQ_QUEUE_BUSY then the block driver that implements that function is responsible for rerunning the hardware queue once requests can be queued again successfully. commit 52d7f1b5c2f3 ("blk-mq: Avoid that requeueing starts stopped queues") removed the blk_mq_stop_hw_queue() call from scsi_queue_rq() for the BLK_MQ_RQ_QUEUE_BUSY case. Hence change all calls to functions that are intended to rerun a busy queue such that these examine all hardware queues instead of only stopped queues. Since no other functions than scsi_internal_device_block() and scsi_internal_device_unblock() should ever stop or restart a SCSI queue, change the blk_mq_delay_queue() call into a blk_mq_delay_run_hw_queue() call. Fixes: commit 52d7f1b5c2f3 ("blk-mq: Avoid that requeueing starts stopped queues") Fixes: commit 7e79dadce222 ("blk-mq: stop hardware queue in blk_mq_delay_queue()") Signed-off-by: Bart Van Assche Cc: Martin K. Petersen Cc: James Bottomley Cc: Christoph Hellwig Cc: Hannes Reinecke Cc: Sagi Grimberg Cc: Long Li Cc: K. Y. Srinivasan Signed-off-by: Jens Axboe drivers/scsi/scsi_lib.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7587a5ae7eef0439f7be31f1b5959af062bbc5ec Author: Bart Van Assche Date: Fri Apr 7 11:16:52 2017 -0700 blk-mq: Introduce blk_mq_delay_run_hw_queue() Introduce a function that runs a hardware queue unconditionally after a delay. Note: there is already a function that stops and restarts a hardware queue after a delay, namely blk_mq_delay_queue(). This function will be used in the next patch in this series. Signed-off-by: Bart Van Assche Cc: Christoph Hellwig Cc: Hannes Reinecke Cc: Long Li Cc: K. Y. Srinivasan Signed-off-by: Jens Axboe block/blk-mq.c | 32 ++++++++++++++++++++++++++++++-- include/linux/blk-mq.h | 2 ++ 2 files changed, 32 insertions(+), 2 deletions(-) commit 81d4bab4ce87228c37ab14a885438544af5c9ce6 Merge: dc25ad3 86e3e83 Author: Linus Torvalds Date: Fri Apr 7 10:47:20 2017 -0700 Merge tag 'dm-4.11-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - two stable fixes for the verity target's FEC support - a stable fix for raid target's raid1 support (when no bitmap is used) - a 4.11 cache metadata v2 format fix to properly test blocks are clean * tag 'dm-4.11-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm verity fec: fix bufio leaks dm raid: fix NULL pointer dereference for raid1 without bitmap dm cache metadata: fix metadata2 format's blocks_are_clean_separate_dirty dm verity fec: limit error correction recursion commit dc25ad3fe1152559d5bbc792c1cb1f080a55f233 Merge: 4f0d14b 6ae979a Author: Linus Torvalds Date: Fri Apr 7 10:43:22 2017 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "We've got a regression fix for the signal raised when userspace makes an unsupported unaligned access and a revert of the contiguous (hugepte) support for hugetlb, which has once again been found to be broken. One day, maybe, we'll get it right. Summary: - restore previous SIGBUS behaviour for unhandled unaligned user accesses - revert broken support for the contiguous bit in hugetlb (again...)" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: Revert "Revert "arm64: hugetlb: partial revert of 66b3923a1a0f"" arm64: mm: unaligned access by user-land should be received as SIGBUS commit 4f0d14b0c93ba0a60079605bdf0d3ecabadc7fde Merge: 7ab6618 b884a19 Author: Linus Torvalds Date: Fri Apr 7 10:11:53 2017 -0700 Merge tag 'metag-for-v4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag Pull metag usercopy fixes from James Hogan: "Metag usercopy fault handling fixes These patches fix a bunch of longstanding (some over a decade old) metag user copy fault handling bugs. Thanks go to Al Viro for spotting some of the questionable code in the first place" * tag 'metag-for-v4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag: metag/usercopy: Add missing fixups metag/usercopy: Fix src fixup in from user rapf loops metag/usercopy: Set flags before ADDZ metag/usercopy: Zero rest of buffer from copy_from_user metag/usercopy: Add early abort to copy_to_user metag/usercopy: Fix alignment error checking metag/usercopy: Drop unused macros commit 7ab661856bd7b30ef9e3b516330df7b5a5ea0c2c Merge: 50bdd7a dc752d54 Author: Linus Torvalds Date: Fri Apr 7 10:01:45 2017 -0700 Merge tag 'acpi-4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fix from Rafael Wysocki: "This fixes a core device enumeration code change made in 4.10, in order to address a reported issue, that went too far. Specifics: - Refine the check for the existence of _HID in find_child_checks() so that it doesn't trigger for device objects with device IDs made up by the kernel (Rafael Wysocki)" * tag 'acpi-4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / scan: Prefer devices without _HID for _ADR matching commit 50bdd7a0c99afc78e8dd9403c10b947efc4af4f5 Merge: 5380e56 ac4cde3 Author: Linus Torvalds Date: Fri Apr 7 09:58:01 2017 -0700 Merge tag 'for-linus-4.11b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull Xen fix from Juergen Gross: "A fix for error path cleanup in the xenbus handler" * tag 'for-linus-4.11b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xenbus: remove transaction holder from list before freeing commit 5380e5644afbba9e3d229c36771134976f05c91e Author: Liping Zhang Date: Fri Apr 7 23:51:06 2017 +0800 sysctl: don't print negative flag for proc_douintvec I saw some very confusing sysctl output on my system: # cat /proc/sys/net/core/xfrm_aevent_rseqth -2 # cat /proc/sys/net/core/xfrm_aevent_etime -10 # cat /proc/sys/net/ipv4/tcp_notsent_lowat -4294967295 Because we forget to set the *negp flag in proc_douintvec, so it will become a garbage value. Since the value related to proc_douintvec is always an unsigned integer, so we can set *negp to false explictily to fix this issue. Fixes: e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields") Signed-off-by: Liping Zhang Cc: Subash Abhinov Kasiviswanathan Cc: Andrew Morton Signed-off-by: Linus Torvalds kernel/sysctl.c | 1 + 1 file changed, 1 insertion(+) commit 1680a3868f00be638a8a213a321e88d11ce7e9f7 Author: Liping Zhang Date: Fri Apr 7 23:51:05 2017 +0800 sysctl: add sanity check for proc_douintvec Commit e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields") introduced the proc_douintvec helper function, but it forgot to add the related sanity check when doing register_sysctl_table. So add it now. Signed-off-by: Liping Zhang Cc: Subash Abhinov Kasiviswanathan Cc: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/proc_sysctl.c | 1 + 1 file changed, 1 insertion(+) commit 3c1a427954399fd1bda1ee7e1b356f47b61cee74 Author: Christian Borntraeger Date: Thu Apr 6 09:51:51 2017 +0200 perf annotate s390: Fix perf annotate error -95 (4.10 regression) since 4.10 perf annotate exits on s390 with an "unknown error -95". Turns out that commit 786c1b51844d ("perf annotate: Start supporting cross arch annotation") added a hard requirement for architecture support when objdump is used but only provided x86 and arm support. Meanwhile power was added so lets add s390 as well. While at it make sure to implement the branch and jump types. Signed-off-by: Christian Borntraeger Cc: Andreas Krebbel Cc: Hendrik Brueckner Cc: Martin Schwidefsky Cc: Peter Zijlstra Cc: linux-s390 Cc: stable@kernel.org # v4.10+ Fixes: 786c1b51844 "perf annotate: Start supporting cross arch annotation" Link: http://lkml.kernel.org/r/1491465112-45819-2-git-send-email-borntraeger@de.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/annotate.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 9121b15b5628b38b4695282dc18c553440e0f79b Author: Juergen Gross Date: Fri Apr 7 17:28:23 2017 +0200 xen, fbfront: fix connecting to backend Connecting to the backend isn't working reliably in xen-fbfront: in case XenbusStateInitWait of the backend has been missed the backend transition to XenbusStateConnected will trigger the connected state only without doing the actions required when the backend has connected. Cc: stable@vger.kernel.org Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Signed-off-by: Bartlomiej Zolnierkiewicz drivers/video/fbdev/xen-fbfront.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit cfc5b2b551d8c089079e754525839101b1b43624 Author: Bastian Stender Date: Fri Apr 7 17:28:23 2017 +0200 fbdev/ssd1307fb: fix optional VBAT support SSD1306 needs VBAT when it is wired in charge pump configuration only. Other controllers of the SSD1307 family do not need it at all. This was introduced by commit ba14301e0356 ("fbdev/ssd1307fb: add support to enable VBAT"). Without VBAT configuration the driver now fails with: failed to get VBAT regulator: -19 This is caused by misinterpretation of devm_regulator_get_optional which "returns a struct regulator corresponding to the regulator producer or IS_ERR() condition". Handle -ENODEV without bailing out and making VBAT support really optional. Signed-off-by: Bastian Stender Cc: Tomi Valkeinen Cc: Jyri Sarha Cc: Roger Quadros [b.zolnierkie: minor fixups] Signed-off-by: Bartlomiej Zolnierkiewicz drivers/video/fbdev/ssd1307fb.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) commit ebe8bddb6e30d7a02775b9972099271fc5910f37 Author: Omar Sandoval Date: Fri Apr 7 08:53:11 2017 -0600 blk-mq: remap queues when adding/removing hardware queues blk_mq_update_nr_hw_queues() used to remap hardware queues, which is the behavior that drivers expect. However, commit 4e68a011428a changed blk_mq_queue_reinit() to not remap queues for the case of CPU hotplugging, inadvertently making blk_mq_update_nr_hw_queues() not remap queues as well. This breaks, for example, NBD's multi-connection mode, leaving the added hardware queues unused. Fix it by making blk_mq_update_nr_hw_queues() explicitly remap the queues. Fixes: 4e68a011428a ("blk-mq: don't redistribute hardware queues on a CPU hotplug event") Reviewed-by: Keith Busch Reviewed-by: Christoph Hellwig Reviewed-by: Sagi Grimberg Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit 54d5329d425650fafaf90660a139c771d2d49cae Author: Omar Sandoval Date: Fri Apr 7 08:52:27 2017 -0600 blk-mq-sched: fix crash in switch error path In elevator_switch(), if blk_mq_init_sched() fails, we attempt to fall back to the original scheduler. However, at this point, we've already torn down the original scheduler's tags, so this causes a crash. Doing the fallback like the legacy elevator path is much harder for mq, so fix it by just falling back to none, instead. Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq-sched.c | 13 +++++-- block/blk-mq-sched.h | 2 +- block/blk-mq.c | 2 -- block/blk-sysfs.c | 2 +- block/elevator.c | 94 +++++++++++++++++++++++++++--------------------- include/linux/elevator.h | 2 +- 6 files changed, 67 insertions(+), 48 deletions(-) commit 93252632e828da3e90241a1c0e766556abf71598 Author: Omar Sandoval Date: Wed Apr 5 12:01:31 2017 -0700 blk-mq-sched: set up scheduler tags when bringing up new queues If a new hardware queue is added at runtime, we don't allocate scheduler tags for it, leading to a crash. This hooks up the scheduler framework to blk_mq_{init,exit}_hctx() to make sure everything gets properly initialized/freed. Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq-sched.c | 22 ++++++++++++++++++++++ block/blk-mq-sched.h | 5 +++++ block/blk-mq.c | 9 ++++++++- 3 files changed, 35 insertions(+), 1 deletion(-) commit 6917ff0b5bd4139e08a3f3146529dcb3b95ba7a6 Author: Omar Sandoval Date: Wed Apr 5 12:01:30 2017 -0700 blk-mq-sched: refactor scheduler initialization Preparation cleanup for the next couple of fixes, push blk_mq_sched_setup() and e->ops.mq.init_sched() into a helper. Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq-sched.c | 82 ++++++++++++++++++++++++++++------------------------ block/blk-mq-sched.h | 2 +- block/elevator.c | 32 ++++++++------------ 3 files changed, 57 insertions(+), 59 deletions(-) commit 81380ca10778b99dce98940cfc993214712df335 Author: Omar Sandoval Date: Fri Apr 7 08:56:26 2017 -0600 blk-mq: use the right hctx when getting a driver tag fails While dispatching requests, if we fail to get a driver tag, we mark the hardware queue as waiting for a tag and put the requests on a hctx->dispatch list to be run later when a driver tag is freed. However, blk_mq_dispatch_rq_list() may dispatch requests from multiple hardware queues if using a single-queue scheduler with a multiqueue device. If blk_mq_get_driver_tag() fails, it doesn't update the hardware queue we are processing. This means we end up using the hardware queue of the previous request, which may or may not be the same as that of the current request. If it isn't, the wrong hardware queue will end up waiting for a tag, and the requests will be on the wrong dispatch list, leading to a hang. The fix is twofold: 1. Make sure we save which hardware queue we were trying to get a request for in blk_mq_get_driver_tag() regardless of whether it succeeds or not. 2. Make blk_mq_dispatch_rq_list() take a request_queue instead of a blk_mq_hw_queue to make it clear that it must handle multiple hardware queues, since I've already messed this up on a couple of occasions. This didn't appear in testing with nvme and mq-deadline because nvme has more driver tags than the default number of scheduler tags. However, with the blk_mq_update_nr_hw_queues() fix, it showed up with nbd. Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq-sched.c | 9 +++++---- block/blk-mq.c | 25 +++++++++++++------------ block/blk-mq.h | 2 +- 3 files changed, 19 insertions(+), 17 deletions(-) commit 404a5c392dccf1ebcfc54bc39d2c200eb30f8fff Author: Cornelia Huck Date: Thu Mar 30 13:13:32 2017 +0200 MAINTAINERS: fix virtio file pattern The pattern did not catch include/linux/virtio.h. Signed-off-by: Cornelia Huck Signed-off-by: Michael S. Tsirkin MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2055997f983c6db7b5c3940ce5f8f822657d5bc3 Author: Michael S. Tsirkin Date: Wed Mar 29 23:22:04 2017 +0300 virtio_console: fix uninitialized variable use We try to disable callbacks on c_ivq even without multiport even though that vq is not initialized in this configuration. Fixes: c743d09dbd01 ("virtio: console: Disable callbacks for virtqueues at start of S4 freeze") Suggested-by: Mike Galbraith Signed-off-by: Michael S. Tsirkin drivers/char/virtio_console.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit fe36cbe0671e868cbd2f534a50ac60273fa5acf2 Author: Michael S. Tsirkin Date: Wed Mar 29 19:09:14 2017 +0300 virtio_net: clear MTU when out of range virtio attempts to clear the MTU feature bit if the value is out of the supported range, but this has no real effect since FEATURES_OK has already been set. Fix this up by checking the MTU in the new validate callback. Fixes: 14de9d114a82 ("virtio-net: Add initial MTU advice feature") Signed-off-by: Michael S. Tsirkin drivers/net/virtio_net.c | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) commit 404123c2db798027e852480ed9c4accef9f1d9e6 Author: Michael S. Tsirkin Date: Wed Mar 29 19:06:20 2017 +0300 virtio: allow drivers to validate features Some drivers can't support all features in all configurations. At the moment we blindly set FEATURES_OK and later FAILED. Support this better by adding a callback drivers can use to do some early checks. Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio.c | 6 ++++++ include/linux/virtio.h | 1 + 2 files changed, 7 insertions(+) commit 2e123b44a3c19de75f40ee0081d6d4fc04adfdc7 Author: Michael S. Tsirkin Date: Wed Mar 8 02:14:25 2017 +0200 virtio_net: enable big packets for large MTU values If one enables e.g. jumbo frames without mergeable buffers, packets won't fit in 1500 byte buffers we use. Switch to big packet mode instead. TODO: make sizing more exact, possibly extend small packet mode to use larger pages. Signed-off-by: Michael S. Tsirkin drivers/net/virtio_net.c | 4 ++++ 1 file changed, 4 insertions(+) commit 806a28efe9b78ffae5e2757e1ee924b8e50c08ab Author: Jan-Marek Glogowski Date: Mon Feb 20 12:25:58 2017 +0100 Reset TreeId to zero on SMB2 TREE_CONNECT Currently the cifs module breaks the CIFS specs on reconnect as described in http://msdn.microsoft.com/en-us/library/cc246529.aspx: "TreeId (4 bytes): Uniquely identifies the tree connect for the command. This MUST be 0 for the SMB2 TREE_CONNECT Request." Signed-off-by: Jan-Marek Glogowski Reviewed-by: Aurelien Aptel Tested-by: Aurelien Aptel Signed-off-by: Steve French CC: Stable fs/cifs/smb2pdu.c | 4 ++++ 1 file changed, 4 insertions(+) commit 4fa8e504e5c0d7db9280ac96a4ac92192f1041f5 Author: Tobias Regnery Date: Thu Mar 30 12:34:14 2017 +0200 CIFS: Fix build failure with smb2 I saw the following build error during a randconfig build: fs/cifs/smb2ops.c: In function 'smb2_new_lease_key': fs/cifs/smb2ops.c:1104:2: error: implicit declaration of function 'generate_random_uuid' [-Werror=implicit-function-declaration] Explicit include the right header to fix this issue. Signed-off-by: Tobias Regnery Reviewed-by: Aurelien Aptel Signed-off-by: Steve French fs/cifs/smb2ops.c | 1 + 1 file changed, 1 insertion(+) commit 620d8745b35daaf507186c26b40c7ea02aed131e Author: Sachin Prabhu Date: Fri Feb 10 16:03:51 2017 +0530 Introduce cifs_copy_file_range() The earlier changes to copy range for cifs unintentionally disabled the more common form of server side copy. The patch introduces the file_operations helper cifs_copy_file_range() which is used by the syscall copy_file_range. The new file operations helper allows us to perform server side copies for SMB2.0 and 2.1 servers as well as SMB 3.0+ servers which do not support the ioctl FSCTL_DUPLICATE_EXTENTS_TO_FILE. The new helper uses the ioctl FSCTL_SRV_COPYCHUNK_WRITE to perform server side copies. The helper is called by vfs_copy_file_range() only once an attempt to clone the file using the ioctl FSCTL_DUPLICATE_EXTENTS_TO_FILE has failed. Signed-off-by: Sachin Prabhu Reviewed-by: Pavel Shilovsky CC: Stable Signed-off-by: Steve French fs/cifs/cifsfs.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ fs/cifs/cifsfs.h | 5 ++++ fs/cifs/cifsglob.h | 6 ++-- fs/cifs/ioctl.c | 60 ++----------------------------------- fs/cifs/smb2ops.c | 20 ++++++++----- 5 files changed, 110 insertions(+), 68 deletions(-) commit 312bbc5946c4b73dfc1d64c1dd5b0f9df8016587 Author: Sachin Prabhu Date: Tue Apr 4 02:12:04 2017 -0500 SMB3: Rename clone_range to copychunk_range Server side copy is one of the most important mechanisms smb2/smb3 supports and it was unintentionally disabled for most use cases. Renaming calls to reflect the underlying smb2 ioctl called. This is similar to the name duplicate_extents used for a similar ioctl which is also used to duplicate files by reusing fs blocks. The name change is to avoid confusion. Signed-off-by: Sachin Prabhu CC: Stable Signed-off-by: Steve French Reviewed-by: Pavel Shilovsky fs/cifs/cifsglob.h | 3 ++- fs/cifs/ioctl.c | 16 ++++++++-------- fs/cifs/smb2ops.c | 12 ++++++------ 3 files changed, 16 insertions(+), 15 deletions(-) commit 38bd49064a1ecb67baad33598e3d824448ab11ec Author: Sachin Prabhu Date: Fri Mar 3 15:41:38 2017 -0800 Handle mismatched open calls A signal can interrupt a SendReceive call which result in incoming responses to the call being ignored. This is a problem for calls such as open which results in the successful response being ignored. This results in an open file resource on the server. The patch looks into responses which were cancelled after being sent and in case of successful open closes the open fids. For this patch, the check is only done in SendReceive2() RH-bz: 1403319 Signed-off-by: Sachin Prabhu Reviewed-by: Pavel Shilovsky Cc: Stable fs/cifs/cifsglob.h | 11 ++++++++++ fs/cifs/cifsproto.h | 3 ++- fs/cifs/cifssmb.c | 11 ++++++---- fs/cifs/connect.c | 13 ++++++++++-- fs/cifs/smb2misc.c | 46 +++++++++++++++++++++++++++++++++++++++++ fs/cifs/smb2ops.c | 8 +++++-- fs/cifs/smb2proto.h | 7 +++++++ fs/cifs/smb2transport.c | 55 +++++++++++++++++++++++++++++++++++++++++++++---- fs/cifs/transport.c | 2 ++ 9 files changed, 143 insertions(+), 13 deletions(-) commit dc752d54fd3a69c882d24133810edeb22dda2d0d Merge: a71c9a1 fdad4e7 Author: Rafael J. Wysocki Date: Fri Apr 7 13:48:26 2017 +0200 Merge branch 'acpi-scan-fixes' * acpi-scan-fixes: ACPI / scan: Prefer devices without _HID for _ADR matching commit 6ae979ab39a368c18ceb0424bf824d172d6ab56f Author: Will Deacon Date: Fri Mar 31 12:23:43 2017 +0100 Revert "Revert "arm64: hugetlb: partial revert of 66b3923a1a0f"" The use of the contiguous bit by our hugetlb implementation violates the break-before-make requirements of the architecture and can lead to silent data corruption or TLB conflict aborts. Once again, disable these hugetlb sizes whilst it gets worked out. This reverts commit ab2e1b89230fa80328262c91d2d0a539a2790d6f. Conflicts: arch/arm64/mm/hugetlbpage.c Signed-off-by: Will Deacon arch/arm64/mm/hugetlbpage.c | 14 -------------- 1 file changed, 14 deletions(-) commit 4749228f022893faf54a3dbc70796f78b7d4f342 Author: Michael Ellerman Date: Thu Apr 6 23:34:38 2017 +1000 powerpc/crypto/crc32c-vpmsum: Fix missing preempt_disable() In crc32c_vpmsum() we call enable_kernel_altivec() without first disabling preemption, which is not allowed: WARNING: CPU: 9 PID: 2949 at ../arch/powerpc/kernel/process.c:277 enable_kernel_altivec+0x100/0x120 Modules linked in: dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio libcrc32c vmx_crypto ... CPU: 9 PID: 2949 Comm: docker Not tainted 4.11.0-rc5-compiler_gcc-6.3.1-00033-g308ac7563944 #381 ... NIP [c00000000001e320] enable_kernel_altivec+0x100/0x120 LR [d000000003df0910] crc32c_vpmsum+0x108/0x150 [crc32c_vpmsum] Call Trace: 0xc138fd09 (unreliable) crc32c_vpmsum+0x108/0x150 [crc32c_vpmsum] crc32c_vpmsum_update+0x3c/0x60 [crc32c_vpmsum] crypto_shash_update+0x88/0x1c0 crc32c+0x64/0x90 [libcrc32c] dm_bm_checksum+0x48/0x80 [dm_persistent_data] sb_check+0x84/0x120 [dm_thin_pool] dm_bm_validate_buffer.isra.0+0xc0/0x1b0 [dm_persistent_data] dm_bm_read_lock+0x80/0xf0 [dm_persistent_data] __create_persistent_data_objects+0x16c/0x810 [dm_thin_pool] dm_pool_metadata_open+0xb0/0x1a0 [dm_thin_pool] pool_ctr+0x4cc/0xb60 [dm_thin_pool] dm_table_add_target+0x16c/0x3c0 table_load+0x184/0x400 ctl_ioctl+0x2f0/0x560 dm_ctl_ioctl+0x38/0x50 do_vfs_ioctl+0xd8/0x920 SyS_ioctl+0x68/0xc0 system_call+0x38/0xfc It used to be sufficient just to call pagefault_disable(), because that also disabled preemption. But the two were decoupled in commit 8222dbe21e79 ("sched/preempt, mm/fault: Decouple preemption from the page fault logic") in mid 2015. So add the missing preempt_disable/enable(). We should also call disable_kernel_fp(), although it does nothing by default, there is a debug switch to make it active and all enables should be paired with disables. Fixes: 6dd7a82cc54e ("crypto: powerpc - Add POWER8 optimised crc32c") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Michael Ellerman arch/powerpc/crypto/crc32c-vpmsum_glue.c | 3 +++ 1 file changed, 3 insertions(+) commit 6118714275f0a313ecc296a87ed1af32d9691bed Author: Tony Lindgren Date: Thu Mar 30 09:16:39 2017 -0700 pinctrl: core: Fix pinctrl_register_and_init() with pinctrl_enable() Recent pinctrl changes to allow dynamic allocation of pins exposed one more issue with the pinctrl pins claimed early by the controller itself. This caused a regression for IMX6 pinctrl hogs. Before enabling the pin controller driver we need to wait until it has been properly initialized, then claim the hogs, and only then enable it. To fix the regression, split the code into pinctrl_claim_hogs() and pinctrl_enable(). And then let's require that pinctrl_enable() is always called by the pin controller driver when ready after calling pinctrl_register_and_init(). Depends-on: 950b0d91dc10 ("pinctrl: core: Fix regression caused by delayed work for hogs") Fixes: df61b366af26 ("pinctrl: core: Use delayed work for hogs") Fixes: e566fc11ea76 ("pinctrl: imx: use generic pinctrl helpers for managing groups") Cc: Haojian Zhuang Cc: Masahiro Yamada Cc: Mika Penttilä Cc: Mika Westerberg Cc: Nishanth Menon Cc: Shawn Guo Cc: Stefan Agner Tested-by: Geert Uytterhoeven Tested-by: Gary Bisson Tested-by: Fabio Estevam Signed-off-by: Tony Lindgren Signed-off-by: Linus Walleij Documentation/pinctrl.txt | 8 ++- drivers/pinctrl/core.c | 97 +++++++++++++++++++++------------ drivers/pinctrl/freescale/pinctrl-imx.c | 2 +- drivers/pinctrl/pinctrl-single.c | 2 +- drivers/pinctrl/sh-pfc/pinctrl.c | 11 +++- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 2 + include/linux/pinctrl/pinctrl.h | 3 +- 7 files changed, 83 insertions(+), 42 deletions(-) commit 269c930e6698e6afa6d4606bfd241f4497597e79 Merge: 977674c bf9216f Author: Linus Torvalds Date: Thu Apr 6 14:42:05 2017 -0700 Merge tag 'xfs-4.11-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull XFS fixes from Darrick Wong: "Here are three more fixes for 4.11. The first one reworks the inline directory verifier to check the working copy of the directory metadata and to avoid triggering a periodic crash in xfs/348. The second patch fixes a regression in hole punching at EOF that corrupts files; and the third patch closes a kernel memory disclosure bug. Summary: - rework the inline directory verifier to avoid crashes on disk corruption - don't change file size when punching holes w/ KEEP_SIZE - close a kernel memory exposure bug" * tag 'xfs-4.11-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: fix kernel memory exposure problems xfs: Honor FALLOC_FL_KEEP_SIZE when punching ends of files xfs: rework the inline directory verifiers commit 16cf72bb085626ae1323e59985d6cbb58a8f71d8 Author: Xin Long Date: Thu Apr 6 13:41:28 2017 +0800 team: call netdev_change_features out of team lock Commit f6988cb63a4e ("team: don't call netdev_change_features under team->lock") fixed the issue calling netdev_change_features under team->lock for team_compute_features. But there are still two places where it calls netdev_change_features under team->lock, team_port_add and team_port_del. It may cause a dead lock when the slave port with LRO enabled is added. This patch is to fix this dead lock by moving netdev_change_features out of team_port_add and team_port_del, and call it after unlocking the team lock. Reported-by: Patrick Talbert Signed-off-by: Xin Long Acked-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/team/team.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) commit 34b2789f1d9bf8dcca9b5cb553d076ca2cd898ee Author: Xin Long Date: Thu Apr 6 13:10:52 2017 +0800 sctp: listen on the sock only when it's state is listening or closed Now sctp doesn't check sock's state before listening on it. It could even cause changing a sock with any state to become a listening sock when doing sctp_listen. This patch is to fix it by checking sock's state in sctp_listen, so that it will listen on the sock with right state. Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/socket.c | 3 +++ 1 file changed, 3 insertions(+) commit 6c22fce07c97f765af1808ec3be007847e0b47d1 Author: Oliver Neukum Date: Wed Apr 5 14:14:39 2017 +0200 usbnet: make sure no NULL pointer is passed through Coverity reports: ** CID 751368: Null pointer dereferences (FORWARD_NULL) /drivers/net/usb/usbnet.c: 1925 in __usbnet_read_cmd() ________________________________________________________________________________________________________ *** CID 751368: Null pointer dereferences (FORWARD_NULL) /drivers/net/usb/usbnet.c: 1925 in __usbnet_read_cmd() 1919 EXPORT_SYMBOL(usbnet_link_change); 1920 1921 /*-------------------------------------------------------------------------*/ 1922 static int __usbnet_read_cmd(struct usbnet *dev, u8 cmd, u8 reqtype, 1923 u16 value, u16 index, void *data, u16 size) 1924 { >>> CID 751368: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "buf" = "NULL". 1925 void *buf = NULL; 1926 int err = -ENOMEM; 1927 1928 netdev_dbg(dev->net, "usbnet_read_cmd cmd=0x%02x reqtype=%02x" 1929 " value=0x%04x index=0x%04x size=%d\n", 1930 cmd, reqtype, value, index, size); ** CID 751370: Null pointer dereferences (FORWARD_NULL) /drivers/net/usb/usbnet.c: 1952 in __usbnet_write_cmd() ________________________________________________________________________________________________________ *** CID 751370: Null pointer dereferences (FORWARD_NULL) /drivers/net/usb/usbnet.c: 1952 in __usbnet_write_cmd() 1946 } 1947 1948 static int __usbnet_write_cmd(struct usbnet *dev, u8 cmd, u8 reqtype, 1949 u16 value, u16 index, const void *data, 1950 u16 size) 1951 { >>> CID 751370: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "buf" = "NULL". 1952 void *buf = NULL; 1953 int err = -ENOMEM; 1954 1955 netdev_dbg(dev->net, "usbnet_write_cmd cmd=0x%02x reqtype=%02x" 1956 " value=0x%04x index=0x%04x size=%d\n", 1957 cmd, reqtype, value, index, size); ** CID 1325026: Null pointer dereferences (FORWARD_NULL) /drivers/net/usb/ch9200.c: 143 in control_write() It is valid to offer commands without a buffer, but then you need a size of zero. This should actually be checked. Signed-off-by: Oliver Neukum Signed-off-by: David S. Miller drivers/net/usb/usbnet.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) commit 977674c06b189dd54729a91331c05761688ad064 Merge: 4691f4a db8466c Author: Linus Torvalds Date: Thu Apr 6 13:16:34 2017 -0700 Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus Pull MIPS fixes from Ralf Baechle: "Lantiq: - Fix adding xbar resoures causing a panic Loongson3: - Some Loongson 3A don't identify themselves as having an FTLB so hardwire that knowledge into CPU probing. - Handle Loongson 3 TLB peculiarities in the fast path of the RDHWR emulation. - Fix invalid FTLB entries with huge page on VTLB+FTLB platforms - Add missing calculation of S-cache and V-cache cache-way size Ralink: - Fix typos in rt3883 pinctrl data Generic: - Force o32 fp64 support on 32bit MIPS64r6 kernels - Yet another build fix after the linux/sched.h changes - Wire up statx system call - Fix stack unwinding after introduction of IRQ stack - Fix spinlock code to build even for microMIPS with recent binutils SMP-CPS: - Fix retrieval of VPE mask on big endian CPUs" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: IRQ Stack: Unwind IRQ stack onto task stack MIPS: c-r4k: Fix Loongson-3's vcache/scache waysize calculation MIPS: Flush wrong invalid FTLB entry for huge page MIPS: Check TLB before handle_ri_rdhwr() for Loongson-3 MIPS: Add MIPS_CPU_FTLB for Loongson-3A R2 MIPS: Lantiq: fix missing xbar kernel panic MIPS: smp-cps: Fix retrieval of VPE mask on big endian CPUs MIPS: Wire up statx system call MIPS: Include asm/ptrace.h now linux/sched.h doesn't MIPS: ralink: Fix typos in rt3883 pinctrl MIPS: End spinlocks with .insn MIPS: Force o32 fp64 support on 32bit MIPS64r6 kernels commit 4691f4a6d4aadb67eab06c6659136bc2b00db851 Merge: ea6b172 62277de Author: Linus Torvalds Date: Thu Apr 6 13:12:12 2017 -0700 Merge tag 'trace-v4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fix from Steven Rostedt: "Wei Yongjun fixed a long standing bug in the ring buffer startup test. If for some unknown reason, the kthread that is created fails to be created, the return from kthread_create() is an PTR_ERR and not a NULL. The test incorrectly checks for NULL instead of an error" * tag 'trace-v4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: ring-buffer: Fix return value check in test_ringbuffer() commit 92f9170621a13e4ba4eda6dfb070318d5405a0cf Author: WANG Cong Date: Tue Apr 4 18:51:30 2017 -0700 net_sched: check noop_qdisc before qdisc_hash_add() Dmitry reported a crash when injecting faults in attach_one_default_qdisc() and dev->qdisc is still a noop_disc, the check before qdisc_hash_add() fails to catch it because it tests NULL. We should test against noop_qdisc since it is the default qdisc at this point. Fixes: 59cc1f61f09c ("net: sched: convert qdisc linked list to hashtable") Reported-by: Dmitry Vyukov Cc: Jiri Kosina Signed-off-by: Cong Wang Acked-by: Jiri Kosina Signed-off-by: David S. Miller net/sched/sch_generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a8801799c6975601fd58ae62f48964caec2eb83f Author: Florian Larysch Date: Mon Apr 3 16:46:09 2017 +0200 net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given inet_rtm_getroute synthesizes a skeletal ICMP skb, which is passed to ip_route_input when iif is given. If a multipath route is present for the designated destination, ip_multipath_icmp_hash ends up being called, which uses the source/destination addresses within the skb to calculate a hash. However, those are not set in the synthetic skb, causing it to return an arbitrary and incorrect result. Instead, use UDP, which gets no such special treatment. Signed-off-by: Florian Larysch Signed-off-by: David S. Miller net/ipv4/route.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 86e1066fe2af51dce4351c2357223e0d902dfc7a Author: Mathias Krause Date: Wed Apr 5 21:24:20 2017 +0200 sparc: remove unused wp_works_ok macro It's unused for ages, used to be required for ksyms.c back in the v1.1 times. Signed-off-by: Mathias Krause Acked-by: David S. Miller Signed-off-by: David S. Miller arch/sparc/include/asm/processor_32.h | 6 ------ arch/sparc/include/asm/processor_64.h | 4 ---- 2 files changed, 10 deletions(-) commit 9d262d95114cf2e2ac5e0ff358347fa2e214eda5 Author: Guenter Roeck Date: Sat Apr 1 13:47:44 2017 -0700 sparc32: Export vac_cache_size to fix build error sparc32:allmodconfig fails to build with the following error. ERROR: "vac_cache_size" [drivers/infiniband/sw/rxe/rdma_rxe.ko] undefined! Fixes: cb8864559631 ("infiniband: Fix alignment of mmap cookies ...") Cc: Jason Gunthorpe Cc: Doug Ledford Signed-off-by: Guenter Roeck Signed-off-by: David S. Miller arch/sparc/mm/srmmu.c | 1 + 1 file changed, 1 insertion(+) commit 76811263b3fa6347699a446cddeb63badf3e6095 Author: Nitin Gupta Date: Fri Mar 31 15:48:53 2017 -0700 sparc64: Fix memory corruption when THP is enabled The memory corruption was happening due to incorrect TLB/TSB flushing of hugepages. Reported-by: David S. Miller Signed-off-by: Nitin Gupta Signed-off-by: David S. Miller arch/sparc/mm/tlb.c | 6 +++--- arch/sparc/mm/tsb.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit 9ae34dbd8afd790cb5f52467e4f816434379eafa Author: Tom Hromatka Date: Fri Mar 31 16:31:42 2017 -0600 sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write() This commit moves sparc64's prototype of pmd_write() outside of the CONFIG_TRANSPARENT_HUGEPAGE ifdef. In 2013, commit a7b9403f0e6d ("sparc64: Encode huge PMDs using PTE encoding.") exposed a path where pmd_write() could be called without CONFIG_TRANSPARENT_HUGEPAGE defined. This can result in the panic below. The diff is awkward to read, but the changes are straightforward. pmd_write() was moved outside of #ifdef CONFIG_TRANSPARENT_HUGEPAGE. Also, __HAVE_ARCH_PMD_WRITE was defined. kernel BUG at include/asm-generic/pgtable.h:576! \|/ ____ \|/ "@'/ .. \`@" /_| \__/ |_\ \__U_/ oracle_8114_cdb(8114): Kernel bad sw trap 5 [#1] CPU: 120 PID: 8114 Comm: oracle_8114_cdb Not tainted 4.1.12-61.7.1.el6uek.rc1.sparc64 #1 task: fff8400700a24d60 ti: fff8400700bc4000 task.ti: fff8400700bc4000 TSTATE: 0000004411e01607 TPC: 00000000004609f8 TNPC: 00000000004609fc Y: 00000005 Not tainted TPC: g0: 000000000001c000 g1: 0000000000ef3954 g2: 0000000000000000 g3: 0000000000000001 g4: fff8400700a24d60 g5: fff8001fa5c10000 g6: fff8400700bc4000 g7: 0000000000000720 o0: 0000000000bc5058 o1: 0000000000000240 o2: 0000000000006000 o3: 0000000000001c00 o4: 0000000000000000 o5: 0000048000080000 sp: fff8400700bc6ab1 ret_pc: 00000000004609f0 RPC: l0: fff8400700bc74fc l1: 0000000000020000 l2: 0000000000002000 l3: 0000000000000000 l4: fff8001f93250950 l5: 000000000113f800 l6: 0000000000000004 l7: 0000000000000000 i0: fff8400700ca46a0 i1: bd0000085e800453 i2: 000000026a0c4000 i3: 000000026a0c6000 i4: 0000000000000001 i5: fff800070c958de8 i6: fff8400700bc6b61 i7: 0000000000460dd0 I7: Call Trace: [0000000000460dd0] gup_pud_range+0x170/0x1a0 [0000000000460e84] get_user_pages_fast+0x84/0x120 [00000000006f5a18] iov_iter_get_pages+0x98/0x240 [00000000005fa744] do_direct_IO+0xf64/0x1e00 [00000000005fbbc0] __blockdev_direct_IO+0x360/0x15a0 [00000000101f74fc] ext4_ind_direct_IO+0xdc/0x400 [ext4] [00000000101af690] ext4_ext_direct_IO+0x1d0/0x2c0 [ext4] [00000000101af86c] ext4_direct_IO+0xec/0x220 [ext4] [0000000000553bd4] generic_file_read_iter+0x114/0x140 [00000000005bdc2c] __vfs_read+0xac/0x100 [00000000005bf254] vfs_read+0x54/0x100 [00000000005bf368] SyS_pread64+0x68/0x80 Signed-off-by: Tom Hromatka Signed-off-by: David S. Miller arch/sparc/include/asm/pgtable_64.h | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit 0e4c0ee580749502e25609b83082ac8d92c13023 Merge: ea6b172 3278682 Author: David S. Miller Date: Thu Apr 6 11:57:04 2017 -0700 Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs commit d05d862ead8eca5e7d4ccf82d39d9189579ee5b1 Author: Arnaud Pouliquen Date: Tue Mar 28 15:04:55 2017 +0200 ASoC: STI: Fix null ptr deference in IRQ handler With RTlinux a race condition has been found that leads to NULL ptr crash: - On CPU 0: uni_player_irq_handler is called to treat XRUN "(player->state == UNIPERIF_STATE_STOPPED)" is FALSE so status is checked, dev_err(player->dev, "FIFO underflow error detected") is printed and then snd_pcm_stream_lock should be called to lock stream for stopping. - On CPU 1: application stop and close the stream. Issue is that the stop and shutdown functions are executed while "FIFO underflow error detected" is printed. So when CPU 0 calls snd_pcm_stream_lock, player->substream is already null. Signed-off-by: Arnaud Pouliquen Signed-off-by: Mark Brown sound/soc/sti/uniperif.h | 1 + sound/soc/sti/uniperif_player.c | 35 ++++++++++++++++++++++++----------- sound/soc/sti/uniperif_reader.c | 24 ++++++++++++++++++++---- 3 files changed, 45 insertions(+), 15 deletions(-) commit a900152b5c29aea8134cc7a4c5db25552b3cd8f7 Author: David Wu Date: Wed Mar 1 19:10:55 2017 +0800 pwm: rockchip: State of PWM clock should synchronize with PWM enabled state If the PWM was not enabled at U-Boot loader, PWM could not work for clock always disabled at PWM driver. The PWM clock is enabled at beginning of pwm_apply(), but disabled at end of pwm_apply(). If the PWM was enabled at U-Boot loader, PWM clock is always enabled unless closed by ATF. The pwm-backlight might turn off the power at early suspend, should disable PWM clock for saving power consume. It is important to provide opportunity to enable/disable clock at PWM driver, the PWM consumer should ensure correct order to call PWM enable and disable, and PWM driver ensure state of PWM clock synchronized with PWM enabled state. Fixes: 2bf1c98aa5a4 ("pwm: rockchip: Add support for atomic update") Cc: stable@vger.kernel.org Signed-off-by: David Wu Reviewed-by: Boris Brezillon Signed-off-by: Thierry Reding drivers/pwm/pwm-rockchip.c | 40 +++++++++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 7 deletions(-) commit fe1a83b43869790501ed82b58dc8229023c69f74 Author: Xiaolei Yu Date: Thu Mar 30 19:43:09 2017 +0800 HID: uclogic: add support for Ugee Tablet EX07S This device has a different vendor id but responds to initialization. Signed-off-by: Xiaolei Yu Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-core.c | 1 + drivers/hid/hid-ids.h | 3 +++ drivers/hid/hid-uclogic.c | 2 ++ 3 files changed, 6 insertions(+) commit b997e3edca4fb4ab7732ab7240c545da0c360a44 Author: Hans de Goede Date: Thu Apr 6 14:54:01 2017 +0300 pwm: lpss: Set enable-bit before waiting for update-bit to go low At least on cherrytrail, the update bit will never go low when the enabled bit is not set. This causes the backlight on my cube iwork8 air tablet to never turn on again after being turned off because in the pwm_lpss_apply enable path pwm_lpss_update will fail causing an error exit and the enable-bit to never get set. Any following pwm_lpss_apply calls will fail the pwm_lpss_is_updating check. Since the docs say that the update bit should be set before the enable-bit, split pwm_lpss_update into setting the update-bit and pwm_lpss_wait_for_update, and move the pwm_lpss_wait_for_update call in the enable path to after setting the enable-bit. Fixes: 10d56a4 ("pwm: lpss: Avoid reconfiguring while UPDATE bit...") Cc: Ilkka Koskinen Signed-off-by: Hans de Goede Signed-off-by: Andy Shevchenko Tested-by: Hans de Goede Signed-off-by: Thierry Reding drivers/pwm/pwm-lpss-pci.c | 1 + drivers/pwm/pwm-lpss-platform.c | 1 + drivers/pwm/pwm-lpss.c | 19 +++++++++++++------ drivers/pwm/pwm-lpss.h | 1 + 4 files changed, 16 insertions(+), 6 deletions(-) commit 3c1460e934f371bf91963b49a2cf173ee73c2cae Author: Andy Shevchenko Date: Thu Apr 6 14:54:00 2017 +0300 pwm: lpss: Split Tangier configuration As a preparation for special treatment for Broxton we split Tangier configuration. Fixes: b89b4b7a3d0a ("pwm: lpss: pci: Enable PWM module on Intel Edison") Signed-off-by: Andy Shevchenko Tested-by: Hans de Goede Signed-off-by: Thierry Reding drivers/pwm/pwm-lpss-pci.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 8786fa667a2b3dd263868dd09142937bd207520f Merge: 6fd6410 abd80dc Author: Radim Krčmář Date: Thu Apr 6 14:41:39 2017 +0200 Merge branch 'kvm-ppc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc From: Paul Mackerras A check for a NULL return from kzalloc in recently-added code. commit 0d98479738b950e30bb4f782d60099d44076ad67 Author: Icenowy Zheng Date: Wed Apr 5 22:30:34 2017 +0800 arm64: allwinner: a64: add pmu0 regs for USB PHY The USB PHY in A64 has a "pmu0" region, which controls the EHCI/OHCI controller pair that can be connected to the PHY0. Add the MMIO region for PHY node. Signed-off-by: Icenowy Zheng Signed-off-by: Maxime Ripard arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi | 2 ++ 1 file changed, 2 insertions(+) commit abd80dcbc400fac878202136645e9acf0e0bfbd9 Author: Dan Carpenter Date: Fri Mar 17 23:41:14 2017 +0300 KVM: PPC: Book3S HV: Check for kmalloc errors in ioctl kzalloc() won't actually fail because sizeof(*resize) is small, but static checkers complain. Signed-off-by: Dan Carpenter Acked-by: David Gibson Signed-off-by: Paul Mackerras arch/powerpc/kvm/book3s_64_mmu_hv.c | 4 ++++ 1 file changed, 4 insertions(+) commit da2ba564a6dcf46df4f828624ff55531ff11d5b0 Author: Ben Skeggs Date: Thu Apr 6 10:35:26 2017 +1000 drm/nouveau: initial support (display-only) for GP107 Forked from GP106 implementation. Split out from commit enabling secboot/gr support so that it can be added to earlier kernels. Cc: stable@vger.kernel.org [4.10+] Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/device/base.c | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) commit 2907e8670b6ef253bffb33bf47fd2182969cf2a0 Author: Ben Skeggs Date: Wed Apr 5 18:16:14 2017 +1000 drm/nouveau/kms/nv50: fix double dma_fence_put() when destroying plane state When the atomic support was added to nouveau, the DRM core did not do this. However, later in the same merge window, a commit (drm/fence: add in-fences support) was merged that added it, leading to use-after-frees of the fence object. Cc: stable@vger.kernel.org [4.10+] Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nv50_display.c | 2 -- 1 file changed, 2 deletions(-) commit d639fbcc102745187f747a21bdcffcf628e174c8 Author: Ben Skeggs Date: Wed Apr 5 09:12:54 2017 +1000 drm/nouveau/kms/nv50: fix setting of HeadSetRasterVertBlankDmi method Cc: stable@vger.kernel.org [4.10+] Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nv50_display.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit f94773b9f5ecd1df7c88c2e921924dd41d2020cc Author: Ilia Mirkin Date: Sat Mar 18 16:23:10 2017 -0400 drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one The NV4A (aka NV44A) is an oddity in the family. It only comes in AGP and PCI varieties, rather than a core PCIE chip with a bridge for AGP/PCI as necessary. As a result, it appears that the MMU is also non-functional. For AGP cards, the vast majority of the NV4A lineup, this worked out since we force AGP cards to use the nv04 mmu. However for PCI variants, this did not work. Switching to the NV04 MMU makes it work like a charm. Thanks to mwk for the suggestion. This should be a no-op for NV4A AGP boards, as they were using it already. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=70388 Signed-off-by: Ilia Mirkin Cc: stable@vger.kernel.org Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/device/base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 83bce9c2baa51e439480a713119a73d3c8b61083 Author: Ilia Mirkin Date: Sat Mar 18 21:53:05 2017 -0400 drm/nouveau/mpeg: mthd returns true on success now Signed-off-by: Ilia Mirkin Fixes: 590801c1a3 ("drm/nouveau/mpeg: remove dependence on namedb/engctx lookup") Cc: stable@vger.kernel.org # v4.3+ Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv31.c | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv44.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit ea6b1720ce25f92f7a17b2e0c2b653d20773d10a Merge: aeb4a57 c383bdd Author: Linus Torvalds Date: Wed Apr 5 20:17:38 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Reject invalid updates to netfilter expectation policies, from Pablo Neira Ayuso. 2) Fix memory leak in nfnl_cthelper, from Jeffy Chen. 3) Don't do stupid things if we get a neigh_probe() on a neigh entry whose ops lack a solicit method. From Eric Dumazet. 4) Don't transmit packets in r8152 driver when the carrier is off, from Hayes Wang. 5) Fix ipv6 packet type detection in aquantia driver, from Pavel Belous. 6) Don't write uninitialized data into hw registers in bna driver, from Arnd Bergmann. 7) Fix locking in ping_unhash(), from Eric Dumazet. 8) Make BPF verifier range checks able to understand certain sequences emitted by LLVM, from Alexei Starovoitov. 9) Fix use after free in ipconfig, from Mark Rutland. 10) Fix refcount leak on force commit in openvswitch, from Jarno Rajahalme. 11) Fix various overflow checks in AF_PACKET, from Andrey Konovalov. 12) Fix endianness bug in be2net driver, from Suresh Reddy. 13) Don't forget to wake TX queues when processing a timeout, from Grygorii Strashko. 14) ARP header on-stack storage is wrong in flow dissector, from Simon Horman. 15) Lost retransmit and reordering SNMP stats in TCP can be underreported. From Yuchung Cheng. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (82 commits) nfp: fix potential use after free on xdp prog tcp: fix reordering SNMP under-counting tcp: fix lost retransmit SNMP under-counting sctp: get sock from transport in sctp_transport_update_pmtu net: ethernet: ti: cpsw: fix race condition during open() l2tp: fix PPP pseudo-wire auto-loading bnx2x: fix spelling mistake in macros HW_INTERRUT_ASSERT_SET_* l2tp: take reference on sessions being dumped tcp: minimize false-positives on TCP/GRO check sctp: check for dst and pathmtu update in sctp_packet_config flow dissector: correct size of storage for ARP net: ethernet: ti: cpsw: wake tx queues on ndo_tx_timeout l2tp: take a reference on sessions used in genetlink handlers l2tp: hold session while sending creation notifications l2tp: fix duplicate session creation l2tp: ensure session can't get removed during pppol2tp_session_ioctl() l2tp: fix race in l2tp_recv_common() sctp: use right in and out stream cnt bpf: add various verifier test cases for self-tests bpf, verifier: fix rejection of unaligned access checks for map_value_adj ... commit a34f83639490a5cc11a9d5c1b3773d4b6eb69a9e Author: Min He Date: Thu Apr 6 11:01:45 2017 +0800 drm/i915/gvt: set the correct default value of CTX STATUS PTR Fix wrong initial csb read pointer value. This fixes the random engine timeout issue in guest when guest boots up. Fixes: 8453d674ae7e ("drm/i915/gvt: vGPU execlist virtualization") Cc: stable@vger.kernel.org # v4.10+ Signed-off-by: Min He Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/execlist.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit c383bdd14f91562babd269aa7c36b46fee7b6c75 Author: Jakub Kicinski Date: Tue Apr 4 15:56:55 2017 -0700 nfp: fix potential use after free on xdp prog We should unregister the net_device first, before we give back our reference on xdp_prog. Otherwise xdp_prog may be freed before .ndo_stop() disabled the datapath. Found by code inspection. Fixes: ecd63a0217d5 ("nfp: add XDP support in the driver") Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2d2517ee314ef1de0517f74d06c2825fbf597ba3 Author: Yuchung Cheng Date: Tue Apr 4 14:15:40 2017 -0700 tcp: fix reordering SNMP under-counting Currently the reordering SNMP counters only increase if a connection sees a higher degree then it has previously seen. It ignores if the reordering degree is not greater than the default system threshold. This significantly under-counts the number of reordering events and falsely convey that reordering is rare on the network. This patch properly and faithfully records the number of reordering events detected by the TCP stack, just like the comment says "this exciting event is worth to be remembered". Note that even so TCP still under-estimate the actual reordering events because TCP requires TS options or certain packet sequences to detect reordering (i.e. ACKing never-retransmitted sequence in recovery or disordered state). Signed-off-by: Yuchung Cheng Signed-off-by: Eric Dumazet Signed-off-by: Neal Cardwell Signed-off-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller net/ipv4/tcp_input.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) commit ecde8f36f8a05a023b9d026e9094571aab421d36 Author: Yuchung Cheng Date: Tue Apr 4 14:15:39 2017 -0700 tcp: fix lost retransmit SNMP under-counting The lost retransmit SNMP stat is under-counting retransmission that uses segment offloading. This patch fixes that so all retransmission related SNMP counters are consistent. Fixes: 10d3be569243 ("tcp-tso: do not split TSO packets at retransmit time") Signed-off-by: Yuchung Cheng Signed-off-by: Eric Dumazet Signed-off-by: Neal Cardwell Signed-off-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller net/ipv4/tcp_recovery.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 3872fe83a2fbb7366daa93ca533a22138e2d483e Merge: 3cc070c 974310d Author: Russell King Date: Wed Apr 5 23:43:03 2017 +0100 Merge branch 'kprobe-fixes' of https://git.linaro.org/people/tixy/kernel into fixes commit 3d016d57fdc5e6caa4cd67896f4b081bccad6e2c Author: Takashi Sakamoto Date: Mon Apr 3 21:13:40 2017 +0900 ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d At a commit 6c29230e2a5f ("ALSA: oxfw: delayed registration of sound card"), ALSA oxfw driver fails to handle SCS.1m/1d, due to -EBUSY at a call of snd_card_register(). The cause is that the driver manages to register two rawmidi instances with the same device number 0. This is a regression introduced since kernel 4.7. This commit fixes the regression, by fixing up device property after discovering stream formats. Fixes: 6c29230e2a5f ("ALSA: oxfw: delayed registration of sound card") Cc: # 4.7+ Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/firewire/oxfw/oxfw.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit aeb4a5768179f525dd7ec9393f34012c147e78cf Merge: 9f0bffa b237640 Author: Linus Torvalds Date: Wed Apr 5 09:04:26 2017 -0700 Merge tag 'mfd-fixes-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD bug fix from Lee Jones: "Increase buffer size om cros-ec to allow for SPI messages" * tag 'mfd-fixes-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: mfd: cros-ec: Fix host command buffer size commit 9f0bffa18cbbe9f88838faa89d85447c4f6120e5 Merge: 308ac75 9be3213 Author: Linus Torvalds Date: Wed Apr 5 08:37:28 2017 -0700 Merge tag 'kbuild-fixes-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - hand-off primary maintainership of Kbuild - fix build warnings - fix build error when GCOV is enabled with old compiler - fix HAVE_ASM_GOTO check when GCC plugin is enabled * tag 'kbuild-fixes-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: gconfig: remove misleading parentheses around a condition jump label: fix passing kbuild_cflags when checking for asm goto support Kbuild: use cc-disable-warning consistently for maybe-uninitialized kbuild: external module build warnings when KBUILD_OUTPUT set and W=1 MAINTAINERS: add Masahiro Yamada as a Kbuild maintainer commit 6fd6410311d618d80748b0a5dd3e8d6cd17662bc Merge: 1fb883b 6d56111 Author: Radim Krčmář Date: Wed Apr 5 16:27:47 2017 +0200 Merge tag 'kvm-arm-for-v4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm From: Christoffer Dall KVM/ARM Fixes for v4.11-rc6 Fixes include: - Fix a problem with GICv3 userspace save/restore - Clarify GICv2 userspace save/restore ABI - Be more careful in clearing GIC LRs - Add missing synchronization primitive to our MMU handling code commit b884a190afcecdbef34ca508ea5ee88bb7c77861 Author: James Hogan Date: Tue Apr 4 08:51:34 2017 +0100 metag/usercopy: Add missing fixups The rapf copy loops in the Meta usercopy code is missing some extable entries for HTP cores with unaligned access checking enabled, where faults occur on the instruction immediately after the faulting access. Add the fixup labels and extable entries for these cases so that corner case user copy failures don't cause kernel crashes. Fixes: 373cd784d0fc ("metag: Memory handling") Signed-off-by: James Hogan Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org arch/metag/lib/usercopy.c | 72 +++++++++++++++++++++++++++++++---------------- 1 file changed, 48 insertions(+), 24 deletions(-) commit 2c0b1df88b987a12d95ea1d6beaf01894f3cc725 Author: James Hogan Date: Mon Apr 3 17:41:40 2017 +0100 metag/usercopy: Fix src fixup in from user rapf loops The fixup code to rewind the source pointer in __asm_copy_from_user_{32,64}bit_rapf_loop() always rewound the source by a single unit (4 or 8 bytes), however this is insufficient if the fault didn't occur on the first load in the loop, as the source pointer will have been incremented but nothing will have been stored until all 4 register [pairs] are loaded. Read the LSM_STEP field of TXSTATUS (which is already loaded into a register), a bit like the copy_to_user versions, to determine how many iterations of MGET[DL] have taken place, all of which need rewinding. Fixes: 373cd784d0fc ("metag: Memory handling") Signed-off-by: James Hogan Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org arch/metag/lib/usercopy.c | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) commit fd40eee1290ad7add7aa665e3ce6b0f9fe9734b4 Author: James Hogan Date: Tue Apr 4 11:43:26 2017 +0100 metag/usercopy: Set flags before ADDZ The fixup code for the copy_to_user rapf loops reads TXStatus.LSM_STEP to decide how far to rewind the source pointer. There is a special case for the last execution of an MGETL/MGETD, since it leaves LSM_STEP=0 even though the number of MGETLs/MGETDs attempted was 4. This uses ADDZ which is conditional upon the Z condition flag, but the AND instruction which masked the TXStatus.LSM_STEP field didn't set the condition flags based on the result. Fix that now by using ANDS which does set the flags, and also marking the condition codes as clobbered by the inline assembly. Fixes: 373cd784d0fc ("metag: Memory handling") Signed-off-by: James Hogan Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org arch/metag/lib/usercopy.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 563ddc1076109f2b3f88e6d355eab7b6fd4662cb Author: James Hogan Date: Fri Mar 31 11:14:02 2017 +0100 metag/usercopy: Zero rest of buffer from copy_from_user Currently we try to zero the destination for a failed read from userland in fixup code in the usercopy.c macros. The rest of the destination buffer is then zeroed from __copy_user_zeroing(), which is used for both copy_from_user() and __copy_from_user(). Unfortunately we fail to zero in the fixup code as D1Ar1 is set to 0 before the fixup code entry labels, and __copy_from_user() shouldn't even be zeroing the rest of the buffer. Move the zeroing out into copy_from_user() and rename __copy_user_zeroing() to raw_copy_from_user() since it no longer does any zeroing. This also conveniently matches the name needed for RAW_COPY_USER support in a later patch. Fixes: 373cd784d0fc ("metag: Memory handling") Reported-by: Al Viro Signed-off-by: James Hogan Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org arch/metag/include/asm/uaccess.h | 15 ++++++----- arch/metag/lib/usercopy.c | 57 +++++++++++++--------------------------- 2 files changed, 26 insertions(+), 46 deletions(-) commit 3ebfdf082184d04f6e73b30cd9446613dc7f8c02 Author: Xin Long Date: Tue Apr 4 13:39:55 2017 +0800 sctp: get sock from transport in sctp_transport_update_pmtu This patch is almost to revert commit 02f3d4ce9e81 ("sctp: Adjust PMTU updates to accomodate route invalidation."). As t->asoc can't be NULL in sctp_transport_update_pmtu, it could get sk from asoc, and no need to pass sk into that function. It is also to remove some duplicated codes from that function. Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller include/net/sctp/sctp.h | 5 ++--- include/net/sctp/structs.h | 6 +++--- net/sctp/associola.c | 6 +++--- net/sctp/input.c | 4 ++-- net/sctp/output.c | 4 ++-- net/sctp/socket.c | 6 +++--- net/sctp/transport.c | 19 +++++++------------ 7 files changed, 22 insertions(+), 28 deletions(-) commit fb8ea062a8f2e85256e13f55696c5c5f0dfdcc8b Author: James Hogan Date: Fri Mar 31 13:35:01 2017 +0100 metag/usercopy: Add early abort to copy_to_user When copying to userland on Meta, if any faults are encountered immediately abort the copy instead of continuing on and repeatedly faulting, and worse potentially copying further bytes successfully to subsequent valid pages. Fixes: 373cd784d0fc ("metag: Memory handling") Reported-by: Al Viro Signed-off-by: James Hogan Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org arch/metag/lib/usercopy.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit 2257211942bbbf6c798ab70b487d7e62f7835a1a Author: James Hogan Date: Fri Mar 31 11:23:18 2017 +0100 metag/usercopy: Fix alignment error checking Fix the error checking of the alignment adjustment code in raw_copy_from_user(), which mistakenly considers it safe to skip the error check when aligning the source buffer on a 2 or 4 byte boundary. If the destination buffer was unaligned it may have started to copy using byte or word accesses, which could well be at the start of a new (valid) source page. This would result in it appearing to have copied 1 or 2 bytes at the end of the first (invalid) page rather than none at all. Fixes: 373cd784d0fc ("metag: Memory handling") Signed-off-by: James Hogan Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org arch/metag/lib/usercopy.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit ef62a2d81f73d9cddef14bc3d9097a57010d551c Author: James Hogan Date: Fri Mar 31 10:37:44 2017 +0100 metag/usercopy: Drop unused macros Metag's lib/usercopy.c has a bunch of copy_from_user macros for larger copies between 5 and 16 bytes which are completely unused. Before fixing zeroing lets drop these macros so there is less to fix. Signed-off-by: James Hogan Cc: Al Viro Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org arch/metag/lib/usercopy.c | 113 ---------------------------------------------- 1 file changed, 113 deletions(-) commit 62277de758b155dc04b78f195a1cb5208c37b2df Author: Wei Yongjun Date: Fri Jun 17 17:33:59 2016 +0000 ring-buffer: Fix return value check in test_ringbuffer() In case of error, the function kthread_run() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Link: http://lkml.kernel.org/r/1466184839-14927-1-git-send-email-weiyj_lk@163.com Cc: stable@vger.kernel.org Fixes: 6c43e554a ("ring-buffer: Add ring buffer startup selftest") Signed-off-by: Wei Yongjun Signed-off-by: Steven Rostedt (VMware) kernel/trace/ring_buffer.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 40c98cb57cdbc377456116ad4582c89e329721b0 Author: Horia Geantă Date: Wed Apr 5 11:41:03 2017 +0300 crypto: caam - fix RNG deinstantiation error checking RNG instantiation was previously fixed by commit 62743a4145bb9 ("crypto: caam - fix RNG init descriptor ret. code checking") while deinstantiation was not addressed. Since the descriptors used are similar, in the sense that they both end with a JUMP HALT command, checking for errors should be similar too, i.e. status code 7000_0000h should be considered successful. Cc: # 3.13+ Fixes: 1005bccd7a4a6 ("crypto: caam - enable instantiation of all RNG4 state handles") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/ctrl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 33fa46d7b310e06d2cb2ab5417c100af120bfb65 Author: Horia Geantă Date: Mon Apr 3 18:30:07 2017 +0300 crypto: caam - fix invalid dereference in caam_rsa_init_tfm() In case caam_jr_alloc() fails, ctx->dev carries the error code, thus accessing it with dev_err() is incorrect. Cc: # 4.8+ Fixes: 8c419778ab57e ("crypto: caam - add support for RSA algorithm") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caampkc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ec360607a25fae97c81eef2f02268ae8ed3649b4 Author: Horia Geantă Date: Mon Apr 3 18:12:04 2017 +0300 crypto: caam - fix JR platform device subsequent (re)creations The way Job Ring platform devices are created and released does not allow for multiple create-release cycles. JR0 Platform device creation error JR0 Platform device creation error caam 2100000.caam: no queues configured, terminating caam: probe of 2100000.caam failed with error -12 The reason is that platform devices are created for each job ring: for_each_available_child_of_node(nprop, np) if (of_device_is_compatible(np, "fsl,sec-v4.0-job-ring") || of_device_is_compatible(np, "fsl,sec4.0-job-ring")) { ctrlpriv->jrpdev[ring] = of_platform_device_create(np, NULL, dev); which sets OF_POPULATED on the device node, but then it cleans these up: /* Remove platform devices for JobRs */ for (ring = 0; ring < ctrlpriv->total_jobrs; ring++) { if (ctrlpriv->jrpdev[ring]) of_device_unregister(ctrlpriv->jrpdev[ring]); } which leaves OF_POPULATED set. Use of_platform_populate / of_platform_depopulate instead. This allows for a bit of driver clean-up, jrpdev is no longer needed. Logic changes a bit too: -exit in case of_platform_populate fails, since currently even QI backend depends on JR; true, we no longer support the case when "some" of the JR DT nodes are incorrect -when cleaning up, caam_remove() would also depopulate RTIC in case it would have been populated somewhere else - not the case for now Cc: Fixes: 313ea293e9c4d ("crypto: caam - Add Platform driver for Job Ring") Reported-by: Russell King Suggested-by: Rob Herring Signed-off-by: Horia Geantă Acked-by: Rob Herring Signed-off-by: Herbert Xu drivers/crypto/caam/ctrl.c | 63 +++++++++++++------------------------------- drivers/crypto/caam/intern.h | 1 - 2 files changed, 19 insertions(+), 45 deletions(-) commit b2376407f98920c9b0c411948675f58a9640be35 Author: Vic Yang Date: Fri Mar 24 18:44:01 2017 +0100 mfd: cros-ec: Fix host command buffer size For SPI, we can get up to 32 additional bytes for response preamble. The current overhead (2 bytes) may cause problems when we try to receive a big response. Update it to 32 bytes. Without this fix we could see a kernel BUG when we receive a big response from the Chrome EC when is connected via SPI. Signed-off-by: Vic Yang Tested-by: Enric Balletbo i Serra Signed-off-by: Lee Jones include/linux/mfd/cros_ec.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 88b1bf7268f56887ca88eb09c6fb0f4fc970121a Author: Frederic Barrat Date: Wed Mar 29 19:19:42 2017 +0200 powerpc/mm: Add missing global TLB invalidate if cxl is active Commit 4c6d9acce1f4 ("powerpc/mm: Add hooks for cxl") converted local TLB invalidates to global if the cxl driver is active. This is necessary because the CAPP snoops invalidations to forward them to the PSL on the cxl adapter. However one path was forgotten. native_flush_hash_range() still does local TLB invalidates, as found out the hard way recently. This patch fixes it by following the same logic as previously: if the cxl driver is active, the local TLB invalidates are 'upgraded' to global. Fixes: 4c6d9acce1f4 ("powerpc/mm: Add hooks for cxl") Cc: stable@vger.kernel.org # v3.18+ Signed-off-by: Frederic Barrat Reviewed-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman arch/powerpc/mm/hash_native_64.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 8f5f525d5b83f7d76a6baf9c4e94d4bf312ea7f6 Author: Oliver O'Halloran Date: Mon Apr 3 13:25:12 2017 +1000 powerpc/64: Fix flush_(d|i)cache_range() called from modules When the kernel is compiled to use 64bit ABIv2 the _GLOBAL() macro does not include a global entry point. A function's global entry point is used when the function is called from a different TOC context and in the kernel this typically means a call from a module into the vmlinux (or vice-versa). There are a few exported asm functions declared with _GLOBAL() and calling them from a module will likely crash the kernel since any TOC relative load will yield garbage. flush_icache_range() and flush_dcache_range() are both exported to modules, and use the TOC, so must use _GLOBAL_TOC(). Fixes: 721aeaa9fdf3 ("powerpc: Build little endian ppc64 kernel with ABIv2") Cc: stable@vger.kernel.org # v3.16+ Signed-off-by: Oliver O'Halloran Signed-off-by: Michael Ellerman arch/powerpc/kernel/misc_64.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 55d728a40d368ba80443be85c02e641fc9082a3f Author: Ard Biesheuvel Date: Tue Apr 4 16:27:44 2017 +0100 efi/fb: Avoid reconfiguration of BAR that covers the framebuffer On UEFI systems, the PCI subsystem is enumerated by the firmware, and if a graphical framebuffer is exposed via a PCI device, its base address and size are exposed to the OS via the Graphics Output Protocol (GOP). On arm64 PCI systems, the entire PCI hierarchy is reconfigured from scratch at boot. This may result in the GOP framebuffer address to become stale, if the BAR covering the framebuffer is modified. This will cause the framebuffer to become unresponsive, and may in some cases result in unpredictable behavior if the range is reassigned to another device. So add a non-x86 quirk to the EFI fb driver to find the BAR associated with the GOP base address, and claim the BAR resource so that the PCI core will not move it. Signed-off-by: Ard Biesheuvel Cc: # v4.7+ Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Jones Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: leif.lindholm@linaro.org Cc: linux-efi@vger.kernel.org Cc: lorenzo.pieralisi@arm.com Fixes: 9822504c1fa5 ("efifb: Enable the efi-framebuffer platform driver ...") Link: http://lkml.kernel.org/r/20170404152744.26687-3-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar drivers/video/fbdev/efifb.c | 66 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) commit cfac6dfa42bddfa9711b20d486e521d1a41ab09f Author: Joerg Roedel Date: Tue Apr 4 18:15:01 2017 +0200 x86/signals: Fix lower/upper bound reporting in compat siginfo Put the right values from the original siginfo into the userspace compat-siginfo. This fixes the 32-bit MPX "tabletest" testcase on 64-bit kernels. Signed-off-by: Joerg Roedel Acked-by: Dave Hansen Cc: # v4.8+ Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: a4455082dc6f0 ('x86/signals: Add missing signal_compat code for x86 features') Link: http://lkml.kernel.org/r/1491322501-5054-1-git-send-email-joro@8bytes.org Signed-off-by: Ingo Molnar arch/x86/kernel/signal_compat.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 540f4c0e894f7e46a66dfa424b16424cbdc12c38 Author: Cohen, Eugene Date: Tue Apr 4 16:27:43 2017 +0100 efi/libstub: Skip GOP with PIXEL_BLT_ONLY format The UEFI Specification permits Graphics Output Protocol (GOP) instances without direct framebuffer access. This is indicated in the Mode structure with a PixelFormat enumeration value of PIXEL_BLT_ONLY. Given that the kernel does not know how to drive a Blt() only framebuffer (which is only permitted before ExitBootServices() anyway), we should disregard such framebuffers when looking for a GOP instance that is suitable for use as the boot console. So modify the EFI GOP initialization to not use a PIXEL_BLT_ONLY instance, preventing attempts later in boot to use an invalid screen_info.lfb_base address. Signed-off-by: Eugene Cohen [ Moved the Blt() only check into the loop and clarified that Blt() only GOPs are unusable by the kernel. ] Signed-off-by: Ard Biesheuvel Cc: # v4.7+ Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: leif.lindholm@linaro.org Cc: linux-efi@vger.kernel.org Cc: lorenzo.pieralisi@arm.com Fixes: 9822504c1fa5 ("efifb: Enable the efi-framebuffer platform driver ...") Link: http://lkml.kernel.org/r/20170404152744.26687-2-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar drivers/firmware/efi/libstub/gop.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit fe514739d8538783749d3ce72f78e5a999ea5668 Author: Dan Williams Date: Tue Apr 4 15:08:36 2017 -0700 libnvdimm: fix blk free space accounting Commit a1f3e4d6a0c3 "libnvdimm, region: update nd_region_available_dpa() for multi-pmem support" reworked blk dpa (DIMM Physical Address) accounting to comprehend multiple pmem namespace allocations aliasing with a given blk-dpa range. The following call trace is a result of failing to account for allocated blk capacity. WARNING: CPU: 1 PID: 2433 at tools/testing/nvdimm/../../../drivers/nvdimm/names 4 size_store+0x6f3/0x930 [libnvdimm] nd_region region5: allocation underrun: 0x0 of 0x1000000 bytes [..] Call Trace: dump_stack+0x86/0xc3 __warn+0xcb/0xf0 warn_slowpath_fmt+0x5f/0x80 size_store+0x6f3/0x930 [libnvdimm] dev_attr_store+0x18/0x30 If a given blk-dpa allocation does not alias with any pmem ranges then the full allocation should be accounted as busy space, not the size of the current pmem contribution to the region. The thinkos that led to this confusion was not realizing that the struct resource management is already guaranteeing no collisions between pmem allocations and blk allocations on the same dimm. Also, we do not try to support blk allocations in aliased pmem holes. This patch also fixes a case where the available blk goes negative. Cc: Fixes: a1f3e4d6a0c3 ("libnvdimm, region: update nd_region_available_dpa() for multi-pmem support"). Reported-by: Dariusz Dokupil Reported-by: Dave Jiang Reported-by: Vishal Verma Tested-by: Dave Jiang Tested-by: Vishal Verma Signed-off-by: Dan Williams drivers/nvdimm/dimm_devs.c | 77 +++++++--------------------------------------- 1 file changed, 11 insertions(+), 66 deletions(-) commit 308ac7563944787f8afc508568a3cda601c35a48 Merge: b824a957 693bdaa Author: Linus Torvalds Date: Tue Apr 4 11:40:20 2017 -0700 Merge tag 'gpio-v4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull late GPIO fixes from Linus Walleij: "Some late coming ACPI fixes for GPIO. We're dealing with ACPI issues here. The first is related to wake IRQs on Bay Trail/Cherry Trail CPUs which are common in laptops. The second is about proper probe deferral when reading _CRS properties. For my untrained eye it seems there was some quarrel between the BIOS and the kernel about who is supposed to deal with wakeups from GPIO lines" * tag 'gpio-v4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: ACPI / gpio: do not fall back to parsing _CRS when we get a deferral gpio: acpi: Call enable_irq_wake for _IAE GpioInts with Wake set commit e90be21b1c1c37964756f0e9fbb18d4026b93b5f Merge: 30c57f0 d77facb Author: David S. Miller Date: Tue Apr 4 11:36:54 2017 -0700 Merge tag 'wireless-drivers-for-davem-2017-04-03' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.11 iwlwifi * an RCU fix * a fix for a potential out-of-bounds access crash * a fix for IBSS which has been broken since DQA was enabled rtlwifi * fix scheduling while atomic regression brcmfmac * fix use-after-free bug found by KASAN ==================== Signed-off-by: David S. Miller commit b824a957bfb3f7f5ab2f7216239882f9092d2c27 Merge: 1a589c0 921d701 Author: Linus Torvalds Date: Tue Apr 4 11:16:52 2017 -0700 Merge tag 'nios2-v4.11-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2 Pull nios2 fix from Ley Foon Tan: - nios2: reserve boot memory for device tree * tag 'nios2-v4.11-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2: nios2: reserve boot memory for device tree commit 30c57f073449e09ae42f908bfff56c08c8751a6f Author: Sekhar Nori Date: Mon Apr 3 17:34:28 2017 +0530 net: ethernet: ti: cpsw: fix race condition during open() TI's cpsw driver handles both OF and non-OF case for phy connect. Unfortunately of_phy_connect() returns NULL on error while phy_connect() returns ERR_PTR(). To handle this, cpsw_slave_open() overrides the return value from phy_connect() to make it NULL or error. This leaves a small window, where cpsw_adjust_link() may be invoked for a slave while slave->phy pointer is temporarily set to -ENODEV (or some other error) before it is finally set to NULL. _cpsw_adjust_link() only handles the NULL case, and an oops results when ERR_PTR() is seen by it. Note that cpsw_adjust_link() checks PHY status for each slave whenever it is invoked. It can so happen that even though phy_connect() for a given slave returns error, _cpsw_adjust_link() is still called for that slave because the link status of another slave changed. Fix this by using a temporary pointer to store return value of {of_}phy_connect() and do a one-time write to slave->phy. Reviewed-by: Grygorii Strashko Reported-by: Yan Liu Signed-off-by: Sekhar Nori Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 1a589c0443e498078f5f2acedef5575bc705dcd7 Merge: 08e4e0d 130e35e Author: Linus Torvalds Date: Tue Apr 4 10:12:15 2017 -0700 Merge tag 'drm-fixes-for-v4.11-rc6' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "This is just mostly stuff that missed rc5, from vmwgfx and msm drivers" * tag 'drm-fixes-for-v4.11-rc6' of git://people.freedesktop.org/~airlied/linux: drm/msm: Make sure to detach the MMU during GPU cleanup drm/msm/hdmi: redefinitions of macros not required drm/msm/mdp5: Update SSPP_MAX value drm/msm/dsi: Fix bug in dsi_mgr_phy_enable drm/msm: Don't allow zero sized buffer objects drm/msm: Fix wrong pointer check in a5xx_destroy drm/msm: adreno: fix build error without debugfs drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() drm/vmwgfx: Remove getparam error message drm/ttm: Avoid calling drm_ht_remove from atomic context drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl() drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() drm/vmwgfx: Type-check lookups of fence objects commit 249ee819e24c180909f43c1173c8ef6724d21faf Author: Guillaume Nault Date: Mon Apr 3 13:23:15 2017 +0200 l2tp: fix PPP pseudo-wire auto-loading PPP pseudo-wire type is 7 (11 is L2TP_PWTYPE_IP). Fixes: f1f39f911027 ("l2tp: auto load type modules") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ppp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a8919661d78b90d747b3514197e49ecf8727d08c Author: Colin Ian King Date: Mon Apr 3 11:19:10 2017 +0100 bnx2x: fix spelling mistake in macros HW_INTERRUT_ASSERT_SET_* Trival fix, rename HW_INTERRUT_ASSERT_SET_* to HW_INTERRUPT_ASSERT_SET_* Signed-off-by: Colin Ian King Acked-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 6 +++--- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 18 +++++++++--------- 2 files changed, 12 insertions(+), 12 deletions(-) commit e08293a4ccbcc993ded0fdc46f1e57926b833d63 Author: Guillaume Nault Date: Mon Apr 3 12:03:13 2017 +0200 l2tp: take reference on sessions being dumped Take a reference on the sessions returned by l2tp_session_find_nth() (and rename it l2tp_session_get_nth() to reflect this change), so that caller is assured that the session isn't going to disappear while processing it. For procfs and debugfs handlers, the session is held in the .start() callback and dropped in .show(). Given that pppol2tp_seq_session_show() dereferences the associated PPPoL2TP socket and that l2tp_dfs_seq_session_show() might call pppol2tp_show(), we also need to call the session's .ref() callback to prevent the socket from going away from under us. Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Fixes: 0ad6614048cf ("l2tp: Add debugfs files for dumping l2tp debug info") Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_core.c | 8 ++++++-- net/l2tp/l2tp_core.h | 3 ++- net/l2tp/l2tp_debugfs.c | 10 +++++++--- net/l2tp/l2tp_netlink.c | 7 +++++-- net/l2tp/l2tp_ppp.c | 10 +++++++--- 5 files changed, 27 insertions(+), 11 deletions(-) commit ca257b9e2d807ab6cb2678ecc7b74aaf4651f597 Author: Geert Uytterhoeven Date: Mon Apr 3 12:11:26 2017 +0200 can: rcar_can: Do not print virtual addresses During probe, the rcar_can driver prints: rcar_can e6e80000.can: device registered (regs @ e08bc000, IRQ76) The "regs" value is a virtual address, exposing internal information, hence stop printing it. The (useful) physical address is already printed as part of the device name. Fixes: fd1159318e55e901 ("can: add Renesas R-Car CAN driver") Signed-off-by: Geert Uytterhoeven Acked-by: Sergei Shtylyov Signed-off-by: Marc Kleine-Budde drivers/net/can/rcar/rcar_can.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 04abaf07f6d5cdf22b7a478a86e706dfeeeef960 Author: Dave Gerlach Date: Thu Mar 30 14:58:18 2017 -0500 ARM: OMAP2+: omap_device: Sync omap_device and pm_runtime after probe defer Starting from commit 5de85b9d57ab ("PM / runtime: Re-init runtime PM states at probe error and driver unbind") pm_runtime core now changes device runtime_status back to after RPM_SUSPENDED after a probe defer. Certain OMAP devices make use of "ti,no-idle-on-init" flag which causes omap_device_enable to be called during the BUS_NOTIFY_ADD_DEVICE event during probe, along with pm_runtime_set_active. This call to pm_runtime_set_active typically will prevent a call to pm_runtime_get in a driver probe function from re-enabling the omap_device. However, in the case of a probe defer that happens before the driver probe function is able to run, such as a missing pinctrl states defer, pm_runtime_reinit will set the device as RPM_SUSPENDED and then once driver probe is actually able to run, pm_runtime_get will see the device as suspended and call through to the omap_device layer, attempting to enable the already enabled omap_device and causing errors like this: omap-gpmc 50000000.gpmc: omap_device: omap_device_enable() called from invalid state 1 omap-gpmc 50000000.gpmc: use pm_runtime_put_sync_suspend() in driver? We can avoid this error by making sure the pm_runtime status of a device matches the omap_device state before a probe attempt. By extending the omap_device bus notifier to act on the BUS_NOTIFY_BIND_DRIVER event we can check if a device is enabled in omap_device but with a pm_runtime status of RPM_SUSPENDED and once again mark the device as RPM_ACTIVE to avoid a second incorrect call to omap_device_enable. Fixes: 5de85b9d57ab ("PM / runtime: Re-init runtime PM states at probe error and driver unbind") Tested-by: Franklin S Cooper Jr. Signed-off-by: Dave Gerlach Signed-off-by: Tony Lindgren arch/arm/mach-omap2/omap_device.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 57c1d4c33e8f7ec90976d79127059c1919cc0651 Author: Markus Marb Date: Fri Mar 17 23:14:47 2017 +0100 can: ifi: use correct register to read rx status The incorrect offset was used when trying to read the RXSTCMD register. Signed-off-by: Markus Marb Cc: linux-stable Signed-off-by: Marc Kleine-Budde drivers/net/can/ifi_canfd/ifi_canfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 62e24c5775ecb387a3eb33701378ccfa6dbc98ee Author: Philipp Zabel Date: Fri Feb 5 13:41:39 2016 +0100 reset: add exported __reset_control_get, return NULL if optional Rename the internal __reset_control_get/put functions to __reset_control_get/put_internal and add an exported __reset_control_get equivalent to __of_reset_control_get that takes a struct device parameter. This avoids the confusing call to __of_reset_control_get in the non-DT case and fixes the devm_reset_control_get_optional function to return NULL if RESET_CONTROLLER is enabled but dev->of_node == NULL. Fixes: bb475230b8e5 ("reset: make optional functions really optional") Reported-by: Andy Shevchenko Tested-by: Andy Shevchenko Cc: Ramiro Oliveira Signed-off-by: Philipp Zabel drivers/reset/core.c | 22 ++++++++++++++++------ include/linux/reset.h | 22 ++++++++++++++-------- 2 files changed, 30 insertions(+), 14 deletions(-) commit 8945927cb7cc5953cc1554053452f50248159c88 Merge: ac77a0c 793c7ed Author: Jens Axboe Date: Tue Apr 4 08:35:01 2017 -0600 Merge branch 'nvme-4.11-rc' of git://git.infradead.org/nvme into for-linus Sagi writes: We have one spec mis-match fix from Roland and several sparse fixes from Christoph. commit 1fb883bb827ee8efc1cc9ea0154f953f8a219d38 Author: Ladi Prosek Date: Tue Apr 4 14:18:53 2017 +0200 KVM: nVMX: initialize PML fields in vmcs02 L2 was running with uninitialized PML fields which led to incomplete dirty bitmap logging. This manifested as all kinds of subtle erratic behavior of the nested guest. Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX") Signed-off-by: Ladi Prosek Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit ac4cde398a96c1d28b1c28a0f69b6efd892a1c8a Author: Jan Beulich Date: Tue Apr 4 06:27:22 2017 -0600 xenbus: remove transaction holder from list before freeing After allocation the item is being placed on the list right away. Consequently it needs to be taken off the list before freeing in the case xenbus_dev_request_and_reply() failed, as in that case the callback (xenbus_dev_queue_reply()) is not being called (and if it was called, it should do both). Fixes: 5584ea250ae44f929feb4c7bd3877d1c5edbf813 Signed-off-by: Jan Beulich Reviewed-by: Juergen Gross Signed-off-by: Boris Ostrovsky drivers/xen/xenbus/xenbus_dev_frontend.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit ab007cc94ff9d82f5a8db8363b3becbd946e58cf Author: Ladi Prosek Date: Fri Mar 31 10:19:26 2017 +0200 KVM: nVMX: do not leak PML full vmexit to L1 The PML feature is not exposed to guests so we should not be forwarding the vmexit either. This commit fixes BSOD 0x20001 (HYPERVISOR_ERROR) when running Hyper-V enabled Windows Server 2016 in L1 on hardware that supports PML. Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX") Signed-off-by: Ladi Prosek Reviewed-by: David Hildenbrand Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 3 +++ 1 file changed, 3 insertions(+) commit 794a8604fe6e4a311373cde57a86ad4aab9d32b8 Author: Niklas Cassel Date: Mon Apr 3 17:35:12 2017 -0500 PCI: dwc: Fix dw_pcie_ops NULL pointer dereference Fix a crash from dereferencing a NULL dw_pcie_ops pointer. For example, on ARTPEC-6: Unable to handle kernel NULL pointer dereference at virtual address 00000004 pgd = c0204000 [00000004] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.11.0-rc3-next-20170321 #1 Hardware name: Axis ARTPEC-6 Platform task: db098000 task.stack: db096000 PC is at dw_pcie_writel_dbi+0x2c/0xd0 Prior to 442ec4c04d12 ("PCI: dwc: all: Split struct pcie_port into host-only and core structures"), every driver had a struct pcie_host_ops with function pointers, typically used as: if (pp->ops->readl_rc) return pp->ops->readl_rc(...); 442ec4c04d12 split struct pcie_host_ops into two pieces: struct dw_pcie_host_ops and struct dw_pcie_ops, so the above became: if (pci->ops->readl_dbi) return pci->ops->readl_dbi(...); But pcie-artpec6.c and pcie-designware-plat.c don't need the dw_pcie_ops pointers and didn't supply a pci->ops struct, which leads to NULL pointer dereferences. Supply an empty struct dw_pcie_ops to avoid the NULL pointer dereferences. [bhelgaas: changelog] Fixes: 442ec4c04d12 ("PCI: dwc: all: Split struct pcie_port into host-only and core structures") Signed-off-by: Niklas Cassel Signed-off-by: Bjorn Helgaas Acked-by: Kishon Vijay Abraham I Acked-by: Joao Pinto drivers/pci/dwc/pcie-artpec6.c | 4 ++++ drivers/pci/dwc/pcie-designware-plat.c | 4 ++++ 2 files changed, 8 insertions(+) commit 48fe9e9488743eec9b7c1addd3c93f12f2123d54 Author: Paul Mackerras Date: Tue Apr 4 14:56:05 2017 +1000 powerpc: Don't try to fix up misaligned load-with-reservation instructions In the past, there was only one load-with-reservation instruction, lwarx, and if a program attempted a lwarx on a misaligned address, it would take an alignment interrupt and the kernel handler would emulate it as though it was lwzx, which was not really correct, but benign since it is loading the right amount of data, and the lwarx should be paired with a stwcx. to the same address, which would also cause an alignment interrupt which would result in a SIGBUS being delivered to the process. We now have 5 different sizes of load-with-reservation instruction. Of those, lharx and ldarx cause an immediate SIGBUS by luck since their entries in aligninfo[] overlap instructions which were not fixed up, but lqarx overlaps with lhz and will be emulated as such. lbarx can never generate an alignment interrupt since it only operates on 1 byte. To straighten this out and fix the lqarx case, this adds code to detect the l[hwdq]arx instructions and return without fixing them up, resulting in a SIGBUS being delivered to the process. Cc: stable@vger.kernel.org Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman arch/powerpc/kernel/align.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) commit 34fcf05b1557f1f8d6801d9dde30ac1d13213ba3 Merge: a71c9a1 232b8e3 Author: Radim Krčmář Date: Tue Apr 4 14:42:51 2017 +0200 Merge tag 'kvm-s390-master-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux From: Christian Borntraeger KVM: s390: Fix instruction-execution-protection/change-recording override This is a fix that prevents translation exception errors on valid page tables for the instruction-exection-protection support. This feature was added during the 4.11 merge window. We have to remove an old check that would trigger if the change-recording override is not available (e.g. edat1 disabled via cpu model). commit 6d56111c92d247bb64301029fe88365aa4caf16e Author: Christoffer Dall Date: Tue Mar 21 22:05:22 2017 +0100 KVM: arm/arm64: vgic: Fix GICC_PMR uaccess on GICv3 and clarify ABI As an oversight, for GICv2, we accidentally export the GICC_PMR register in the format of the GICH_VMCR.VMPriMask field in the lower 5 bits of a word, meaning that userspace must always use the lower 5 bits to communicate with the KVM device and must shift the value left by 3 places to obtain the actual priority mask level. Since GICv3 supports the full 8 bits of priority masking in the ICH_VMCR, we have to fix the value we export when emulating a GICv2 on top of a hardware GICv3 and exporting the emulated GICv2 state to userspace. Take the chance to clarify this aspect of the ABI. Reviewed-by: Marc Zyngier Signed-off-by: Christoffer Dall Documentation/virtual/kvm/devices/arm-vgic.txt | 6 ++++++ include/linux/irqchip/arm-gic.h | 3 +++ virt/kvm/arm/vgic/vgic-mmio-v2.c | 20 ++++++++++++++++++-- virt/kvm/arm/vgic/vgic-v2.c | 8 ++++---- virt/kvm/arm/vgic/vgic.h | 9 ++++++++- 5 files changed, 39 insertions(+), 7 deletions(-) commit 5b0d2cc2805897c14257f6dbb949639c499c3c25 Author: Christoffer Dall Date: Sat Mar 18 13:56:56 2017 +0100 KVM: arm64: Ensure LRs are clear when they should be We currently have some code to clear the list registers on GICv3, but we never call this code, because the caller got nuked when removing the old vgic. We also used to have a similar GICv2 part, but that got lost in the process too. Let's reintroduce the logic for GICv2 and call the logic when we initialize the use of hypervisors on the CPU, for example when first loading KVM or when exiting a low power state. Reviewed-by: Marc Zyngier Signed-off-by: Christoffer Dall Signed-off-by: Marc Zyngier arch/arm/kvm/arm.c | 3 +++ include/kvm/arm_vgic.h | 1 + virt/kvm/arm/vgic/vgic-init.c | 19 +++++++++++++++++++ virt/kvm/arm/vgic/vgic-v2.c | 15 +++++++++++++++ virt/kvm/arm/vgic/vgic.h | 2 ++ 5 files changed, 40 insertions(+) commit 8b3405e345b5a098101b0c31b264c812bba045d9 Author: Suzuki K Poulose Date: Mon Apr 3 15:12:43 2017 +0100 kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd In kvm_free_stage2_pgd() we don't hold the kvm->mmu_lock while calling unmap_stage2_range() on the entire memory range for the guest. This could cause problems with other callers (e.g, munmap on a memslot) trying to unmap a range. And since we have to unmap the entire Guest memory range holding a spinlock, make sure we yield the lock if necessary, after we unmap each PUD range. Fixes: commit d5d8184d35c9 ("KVM: ARM: Memory virtualization setup") Cc: stable@vger.kernel.org # v3.10+ Cc: Paolo Bonzini Cc: Marc Zyngier Cc: Christoffer Dall Cc: Mark Rutland Signed-off-by: Suzuki K Poulose [ Avoid vCPU starvation and lockup detector warnings ] Signed-off-by: Marc Zyngier Signed-off-by: Suzuki K Poulose Signed-off-by: Christoffer Dall arch/arm/kvm/mmu.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 09a6adf53d42ca3088fa3fb41f40b768efc711ed Author: Victor Kamensky Date: Mon Apr 3 22:51:01 2017 -0700 arm64: mm: unaligned access by user-land should be received as SIGBUS After 52d7523 (arm64: mm: allow the kernel to handle alignment faults on user accesses) commit user-land accesses that produce unaligned exceptions like in case of aarch32 ldm/stm/ldrd/strd instructions operating on unaligned memory received by user-land as SIGSEGV. It is wrong, it should be reported as SIGBUS as it was before 52d7523 commit. Changed do_bad_area function to take signal and code parameters out of esr value using fault_info table, so in case of do_alignment_fault fault user-land will receive SIGBUS. Wrapped access to fault_info table into esr_to_fault_info function. Cc: Fixes: 52d7523 (arm64: mm: allow the kernel to handle alignment faults on user accesses) Signed-off-by: Victor Kamensky Signed-off-by: Will Deacon arch/arm64/mm/fault.c | 42 ++++++++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 18 deletions(-) commit 7bf8222b9bd0ba867e18b7f4537b61ef2e92eee8 Author: Keith Busch Date: Mon Apr 3 15:25:53 2017 -0400 irq/affinity: Fix CPU spread for unbalanced nodes The irq_create_affinity_masks routine is responsible for assigning a number of interrupt vectors to CPUs. The optimal assignemnet will spread requested vectors to all CPUs, with the fewest CPUs sharing a vector. The algorithm may fail to assign some vectors to any CPUs if a node's CPU count is lower than the average number of vectors per node. These vectors are unusable and create an un-optimal spread. Recalculate the number of vectors to assign at each node iteration by using the remaining number of vectors and nodes to be assigned, not exceeding the number of CPUs in that node. This will guarantee that every CPU is assigned at least one vector. Signed-off-by: Keith Busch Reviewed-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Cc: linux-nvme@lists.infradead.org Link: http://lkml.kernel.org/r/1491247553-7603-1-git-send-email-keith.busch@intel.com Signed-off-by: Thomas Gleixner kernel/irq/affinity.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit 0b9aefea860063bb39e36bd7fe6c7087fed0ba87 Author: Marcelo Ricardo Leitner Date: Sat Apr 1 11:00:21 2017 -0300 tcp: minimize false-positives on TCP/GRO check Markus Trippelsdorf reported that after commit dcb17d22e1c2 ("tcp: warn on bogus MSS and try to amend it") the kernel started logging the warning for a NIC driver that doesn't even support GRO. It was diagnosed that it was possibly caused on connections that were using TCP Timestamps but some packets lacked the Timestamps option. As we reduce rcv_mss when timestamps are used, the lack of them would cause the packets to be bigger than expected, although this is a valid case. As this warning is more as a hint, getting a clean-cut on the threshold is probably not worth the execution time spent on it. This patch thus alleviates the false-positives with 2 quick checks: by accounting for the entire TCP option space and also checking against the interface MTU if it's available. These changes, specially the MTU one, might mask some real positives, though if they are really happening, it's possible that sooner or later it will be triggered anyway. Reported-by: Markus Trippelsdorf Cc: Eric Dumazet Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/ipv4/tcp_input.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit daffad2123fc3efcc2c70bd6e905960a31886556 Author: Gabriel Fernandez Date: Thu Mar 16 09:16:40 2017 +0100 clk: stm32f4: fix: exclude values 0 and 1 for PLLQ 0000: PLLQ = 0, wrong configuration 0001: PLLQ = 1, wrong configuration ... 0010: PLLQ = 2 0011: PLLQ = 3 0100: PLLQ = 4 ... 1111: PLLQ = 1 Use divider table to exclude 0 and 1 values. Fixes: 83135ad3c517 ("clk: stm32f4: Add PLL_I2S & PLL_SAI for STM32F429/469 boards") Signed-off-by: Gabriel Fernandez Signed-off-by: Stephen Boyd drivers/clk/clk-stm32f4.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 08e4e0d0456d0ca8427b2d1ddffa30f1c3e774d7 Merge: 4ad7255 1493aa6 Author: Linus Torvalds Date: Mon Apr 3 17:56:32 2017 -0700 Merge tag 'xtensa-20170403' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa fixes from Max Filippov: - make __pa work with uncached KSEG addresses, it fixes DMA memory mmapping and DMA debug - fix torn stack dump output - wire up statx syscall * tag 'xtensa-20170403' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: wire up statx system call xtensa: fix stack dump output xtensa: make __pa work with uncached KSEG addresses commit 130e35e4bbceb2c04ff0ad9b1a0bcef7acc11498 Merge: 84c4ba5 028402d Author: Dave Airlie Date: Tue Apr 4 10:13:40 2017 +1000 Merge branch 'msm-fixes-4.11-rc6' of git://people.freedesktop.org/~robclark/linux into drm-fixes misc msm fixes. * 'msm-fixes-4.11-rc6' of git://people.freedesktop.org/~robclark/linux: drm/msm: Make sure to detach the MMU during GPU cleanup drm/msm/hdmi: redefinitions of macros not required drm/msm/mdp5: Update SSPP_MAX value drm/msm/dsi: Fix bug in dsi_mgr_phy_enable drm/msm: Don't allow zero sized buffer objects drm/msm: Fix wrong pointer check in a5xx_destroy drm/msm: adreno: fix build error without debugfs commit df2729c3238ed89fb8ccf850d38c732858a5bade Author: Xin Long Date: Sat Apr 1 17:15:59 2017 +0800 sctp: check for dst and pathmtu update in sctp_packet_config This patch is to move sctp_transport_dst_check into sctp_packet_config from sctp_packet_transmit and add pathmtu check in sctp_packet_config. With this fix, sctp can update dst or pathmtu before appending chunks, which can void dropping packets in sctp_packet_transmit when dst is obsolete or dst's mtu is changed. This patch is also to improve some other codes in sctp_packet_config. It updates packet max_size with gso_max_size, checks for dst and pathmtu, and appends ecne chunk only when packet is empty and asoc is not NULL. It makes sctp flush work better, as we only need to set up them once for one flush schedule. It's also safe, since asoc is NULL only when the packet is created by sctp_ootb_pkt_new in which it just gets the new dst, no need to do more things for it other than set packet with transport's pathmtu. Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Acked-by: Neil Horman Signed-off-by: David S. Miller include/net/sctp/sctp.h | 17 ++++++++++--- net/sctp/output.c | 67 ++++++++++++++++++++++++++----------------------- 2 files changed, 50 insertions(+), 34 deletions(-) commit ac6a3722fed67c658a435187d0254ae119d845d3 Author: Simon Horman Date: Mon Apr 3 15:42:58 2017 -0400 flow dissector: correct size of storage for ARP The last argument to __skb_header_pointer() should be a buffer large enough to store struct arphdr. This can be a pointer to a struct arphdr structure. The code was previously using a pointer to a pointer to struct arphdr. By my counting the storage available both before and after is 8 bytes on x86_64. Fixes: 55733350e5e8 ("flow disector: ARP support") Reported-by: Nicolas Iooss Signed-off-by: Simon Horman Signed-off-by: David S. Miller net/core/flow_dissector.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6665f8a307696a0edd4c1233b4cc0f5ed6083525 Author: Arnd Bergmann Date: Mon Apr 3 16:17:11 2017 -0500 PCI: dwc: Select PCI_HOST_COMMON for hisi Without PCI_HOST_COMMON support enabled, we get a link error: drivers/pci/dwc/built-in.o: In function `hisi_pcie_map_bus': pcie-hisi.c:(.text+0x8860): undefined reference to `pci_ecam_map_bus' drivers/pci/dwc/built-in.o: In function `hisi_pcie_almost_ecam_probe': pcie-hisi.c:(.text+0x88b4): undefined reference to `pci_host_common_probe' Add an explicit 'select', as the other users have. Signed-off-by: Arnd Bergmann Signed-off-by: Bjorn Helgaas Acked-by: Jingoo Han drivers/pci/dwc/Kconfig | 1 + 1 file changed, 1 insertion(+) commit feb199ebef488a9f2c3550fb10524f3dac9d8abe Author: Tomasz Nowicki Date: Fri Mar 31 17:06:44 2017 +0200 PCI: thunder-pem: Fix legacy firmware PEM-specific resources SZ_16M PEM resource size includes PEM-specific register and its children resources. Reservation of the whole SZ_16M range leads to child device driver failure when pcieport driver is requesting resources: pcieport 0004:1f:00.0: can't enable device: BAR 0 [mem 0x87e0c0f00000-0x87e0c0ffffff 64bit] not claimed So we cannot reserve full 16M here and instead we want to reserve PEM-specific register only which is SZ_64K. At the end increase PEM resource to SZ_16M since this is what thunder_pem_init() call expects for proper initialization. Fixes: 9abb27c7594a ("PCI: thunder-pem: Add legacy firmware support for Cavium ThunderX host controller") Signed-off-by: Tomasz Nowicki Signed-off-by: Bjorn Helgaas CC: stable@vger.kernel.org # v4.10+ drivers/pci/host/pci-thunder-pem.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 028402d4bcfd3e99421504674cc41b0cd32768c8 Author: Jordan Crouse Date: Mon Feb 6 10:39:29 2017 -0700 drm/msm: Make sure to detach the MMU during GPU cleanup We should be detaching the MMU before destroying the address space. To do this cleanly, the detach has to happen in adreno_gpu_cleanup() because it needs access to structs in adreno_gpu.c. Plus it is better symmetry to have the attach and detach at the same code level. Signed-off-by: Jordan Crouse Signed-off-by: Rob Clark drivers/gpu/drm/msm/adreno/adreno_gpu.c | 29 +++++++++++++++++++---------- drivers/gpu/drm/msm/msm_gpu.c | 3 --- 2 files changed, 19 insertions(+), 13 deletions(-) commit d322a693f585832130c3d09f2175b8f2b3ae99e1 Author: Vinay Simha BN Date: Tue Mar 14 10:55:56 2017 +0530 drm/msm/hdmi: redefinitions of macros not required 4 macros already defined in hdmi.h, which is not required to redefine in hdmi_audio.c Signed-off-by: Vinay Simha BN Signed-off-by: Rob Clark drivers/gpu/drm/msm/hdmi/hdmi_audio.c | 7 ------- 1 file changed, 7 deletions(-) commit 30512040ed8e1982e5ba16bb3e3a7f000ff65427 Author: Archit Taneja Date: Fri Mar 17 09:09:48 2017 +0530 drm/msm/mdp5: Update SSPP_MAX value 'SSPP_MAX + 1' is the max number of hwpipes that can be present on a MDP5 platform. Recently, 2 new cursor hwpipes were added, which caused overflows in arrays that used SSPP_MAX to represent the number of elements. Update the SSPP_MAX value to incorporate the extra hwpipes. Signed-off-by: Archit Taneja Signed-off-by: Rob Clark drivers/gpu/drm/msm/mdp/mdp5/mdp5_pipe.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a5fef535c529b64b622f9d7eafb3ab86850f5f8f Author: Archit Taneja Date: Thu Feb 16 16:29:04 2017 +0530 drm/msm/dsi: Fix bug in dsi_mgr_phy_enable A recent commit introduces a bug in dsi_mgr_phy_enable. In the non dual DSI mode, we reset the mdsi (master DSI) PHY. This isn't right since master and slave DSI exist only in dual DSI mode. For the normal mode of operation, we should simply reset the PHY of the DSI device (i.e. msm_dsi) corresponding to the current bridge. Usage of the wrong DSI pointer also resulted in a static checker warning. That too is resolved with this fix. Fixes: b62aa70a98c5 (drm/msm/dsi: Move PHY operations out of host) Reported-by: Dan Carpenter Signed-off-by: Archit Taneja Reviewed-by: Rob Clark Signed-off-by: Rob Clark drivers/gpu/drm/msm/dsi/dsi_manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1a5dff5d74e55608a9632a1d030bb79196e0755c Author: Jordan Crouse Date: Tue Mar 7 10:02:51 2017 -0700 drm/msm: Don't allow zero sized buffer objects Zero sized buffer objects tend to make various bits of the GEM infrastructure complain: WARNING: CPU: 1 PID: 2323 at drivers/gpu/drm/drm_mm.c:389 drm_mm_insert_node_generic+0x258/0x2f0 Modules linked in: CPU: 1 PID: 2323 Comm: drm-api-test Tainted: G W 4.9.0-rc4-00906-g693af44 #213 Hardware name: Qualcomm Technologies, Inc. DB820c (DT) task: ffff8000d7353400 task.stack: ffff8000d7720000 PC is at drm_mm_insert_node_generic+0x258/0x2f0 LR is at drm_vma_offset_add+0x4c/0x70 Zero sized buffers serve no appreciable value to the user so disallow them at create time. Signed-off-by: Jordan Crouse Signed-off-by: Rob Clark drivers/gpu/drm/msm/msm_gem.c | 6 ++++++ 1 file changed, 6 insertions(+) commit f456d348b6320a2597a3f1fff3ad0011c5678603 Author: Jordan Crouse Date: Tue Mar 7 09:50:27 2017 -0700 drm/msm: Fix wrong pointer check in a5xx_destroy Instead of checking for a5xx_gpu->gpmu_iova during destroy we accidently check a5xx_gpu->gpmu_bo. Signed-off-by: Jordan Crouse Signed-off-by: Rob Clark drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 280489daa68bd20364b322c11e3f429a0212c611 Author: Arnd Bergmann Date: Mon Mar 13 17:43:48 2017 +0100 drm/msm: adreno: fix build error without debugfs The newly added a5xx support fails to build when debugfs is diabled: drivers/gpu/drm/msm/adreno/a5xx_gpu.c:849:4: error: 'struct msm_gpu_funcs' has no member named 'show' drivers/gpu/drm/msm/adreno/a5xx_gpu.c:849:11: error: 'a5xx_show' undeclared here (not in a function); did you mean 'a5xx_irq'? This adds a missing #ifdef. Fixes: b5f103ab98c7 ("drm/msm: gpu: Add A5XX target support") Cc: stable@vger.kernel.org Signed-off-by: Arnd Bergmann Signed-off-by: Rob Clark drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 2 ++ 1 file changed, 2 insertions(+) commit 84c4ba54f4a52f4d045c956dbc9801f27eb300b7 Merge: a71c9a1 e7e11f9 Author: Dave Airlie Date: Tue Apr 4 05:45:27 2017 +1000 Merge branch 'vmwgfx-fixes-4.11' of git://people.freedesktop.org/~thomash/linux into drm-fixes Set of vmwgfx fixes * 'vmwgfx-fixes-4.11' of git://people.freedesktop.org/~thomash/linux: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() drm/vmwgfx: Remove getparam error message drm/ttm: Avoid calling drm_ht_remove from atomic context drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl() drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() drm/vmwgfx: Type-check lookups of fence objects commit bf9216f922612d2db7666aae01e65064da2ffb3a Author: Darrick J. Wong Date: Mon Apr 3 12:22:39 2017 -0700 xfs: fix kernel memory exposure problems Fix a memory exposure problems in inumbers where we allocate an array of structures with holes, fail to zero the holes, then blindly copy the kernel memory contents (junk and all) into userspace. Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/xfs_itable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3dd09d5a8589c640abb49cfcf92b4ed669eafad1 Author: Calvin Owens Date: Mon Apr 3 12:22:29 2017 -0700 xfs: Honor FALLOC_FL_KEEP_SIZE when punching ends of files When punching past EOF on XFS, fallocate(mode=PUNCH_HOLE|KEEP_SIZE) will round the file size up to the nearest multiple of PAGE_SIZE: calvinow@vm-disks/generic-xfs-1 ~$ dd if=/dev/urandom of=test bs=2048 count=1 calvinow@vm-disks/generic-xfs-1 ~$ stat test Size: 2048 Blocks: 8 IO Block: 4096 regular file calvinow@vm-disks/generic-xfs-1 ~$ fallocate -n -l 2048 -o 2048 -p test calvinow@vm-disks/generic-xfs-1 ~$ stat test Size: 4096 Blocks: 8 IO Block: 4096 regular file Commit 3c2bdc912a1cc050 ("xfs: kill xfs_zero_remaining_bytes") replaced xfs_zero_remaining_bytes() with calls to iomap helpers. The new helpers don't enforce that [pos,offset) lies strictly on [0,i_size) when being called from xfs_free_file_space(), so by "leaking" these ranges into xfs_zero_range() we get this buggy behavior. Fix this by reintroducing the checks xfs_zero_remaining_bytes() did against i_size at the bottom of xfs_free_file_space(). Reported-by: Aaron Gao Fixes: 3c2bdc912a1cc050 ("xfs: kill xfs_zero_remaining_bytes") Cc: Christoph Hellwig Cc: Brian Foster Cc: # 4.8+ Signed-off-by: Calvin Owens Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_bmap_util.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 78420281a9d74014af7616958806c3aba056319e Author: Darrick J. Wong Date: Mon Apr 3 12:22:20 2017 -0700 xfs: rework the inline directory verifiers The inline directory verifiers should be called on the inode fork data, which means after iformat_local on the read side, and prior to ifork_flush on the write side. This makes the fork verifier more consistent with the way buffer verifiers work -- i.e. they will operate on the memory buffer that the code will be reading and writing directly. Furthermore, revise the verifier function to return -EFSCORRUPTED so that we don't flood the logs with corruption messages and assert notices. This has been a particular problem with xfs/348, which triggers the XFS_WANT_CORRUPTED_RETURN assertions, which halts the kernel when CONFIG_XFS_DEBUG=y. Disk corruption isn't supposed to do that, at least not in a verifier. Reviewed-by: Brian Foster Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_dir2_priv.h | 3 +- fs/xfs/libxfs/xfs_dir2_sf.c | 63 +++++++++++++++++++++++++++--------------- fs/xfs/libxfs/xfs_inode_fork.c | 35 +++++++++-------------- fs/xfs/libxfs/xfs_inode_fork.h | 2 +- fs/xfs/xfs_inode.c | 19 +++++++------ 5 files changed, 66 insertions(+), 56 deletions(-) commit 4ad72555b8421a9dceb2085079aeaee871c4888e Merge: 3ccfcdc d09c537 Author: Linus Torvalds Date: Mon Apr 3 08:44:43 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: "Four bug fixes, two of them for stable: - avoid initrd corruptions in the kernel decompressor - prevent inconsistent dumps if the boot CPU does not have address zero - fix the new pkey interface added with the merge window for 4.11 - a fix for a fix, another issue with user copy zero padding" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/uaccess: get_user() should zero on failure (again) s390/pkey: Fix wrong handling of secure key with old MKVP s390/smp: fix ipl from cpu with non-zero address s390/decompressor: fix initrd corruption caused by bss clear commit 3ccfcdc9efe861983d26d56f1f0ecae3f61a3a09 Merge: a71c9a1 cc66afe Author: Linus Torvalds Date: Mon Apr 3 08:36:24 2017 -0700 Merge branch 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RAS fix from Thomas Gleixner: "Prevent dmesg from being spammed when MCE logging is active" * 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mce: Don't print MCEs when mcelog is active commit cf082a4a264d5e0bb79f0055be02d255438836a4 Merge: ecf8e89 aa4ce44 Author: Jani Nikula Date: Mon Apr 3 18:14:06 2017 +0300 Merge tag 'gvt-fixes-2017-04-01' of https://github.com/01org/gvt-linux into drm-intel-fixes gvt-fixes-2017-04-01 - Fix cfg space in failsafe (Changbin) - Fix a race for irq inject with vgpu release (Zhi) - Fix golden state firmware load (Zhi) Link: http://patchwork.freedesktop.org/patch/msgid/20170401080650.6cvqon7nsbziwnyc@zhen-hp.sh.intel.com Signed-off-by: Jani Nikula commit a6d361404d81a03107a3475876afc22e1b84d5de Merge: c02ed2e bba6d9e Author: Greg Kroah-Hartman Date: Mon Apr 3 15:28:14 2017 +0200 Merge tag 'iio-fixes-for-4.11d' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus 4th set of IIO fixes for the 4.12 cycle. core - fix IIO_VAL_FRACTIONAL_LOG2 handling for negative values. bmg160 - reset chip on probe to avoid a failure on some systems cros_ec - return type correctly when reading raw and calibbias data. hid-sensor-accel - fix a duplicate scan index error due to wrong number of channels for gravity sensor. hid-sensors - ensure a get_feature is always done before the first set feature to avoid issues with wrong cached values. st-pressure - initalize lps22hb boot time to avoid giving stale data. commit 232b8e3b1d4946a45e3b9dd4c282b12a085dd39d Author: Heiko Carstens Date: Fri Mar 31 12:50:48 2017 +0200 KVM: s390: remove change-recording override support Change-recording override (CO) was never implemented in any machine. According to the architecture it is unpredictable if a translation-specification exception will be recognized if the bit is set and EDAT1 does not apply. Therefore the easiest solution is to simply ignore the bit. This also fixes commit cd1836f583d7 ("KVM: s390: instruction-execution-protection support"). A guest may enable instruction-execution-protection (IEP) but not EDAT1. In such a case the guest_translate() function (arch/s390/kvm/gaccess.c) will report a specification exception on pages that have the IEP bit set while it should not. It might make sense to add full IEP support to guest_translate() and the GACC_IFETCH case. However, as far as I can tell the GACC_IFETCH case is currently only used after an instruction was executed in order to fetch the failing instruction. So there is no additional problem *currently*. Fixes: cd1836f583d7 ("KVM: s390: instruction-execution-protection support") Signed-off-by: Heiko Carstens Signed-off-by: Christian Borntraeger arch/s390/kvm/gaccess.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit 89e357d83c06b6fac581c3ca7f0ee3ae7e67109e Author: Yuejie Shi Date: Fri Mar 31 15:10:20 2017 +0800 af_key: Add lock to key dump A dump may come in the middle of another dump, modifying its dump structure members. This race condition will result in NULL pointer dereference in kernel. So add a lock to prevent that race. Fixes: 83321d6b9872 ("[AF_KEY]: Dump SA/SP entries non-atomically") Signed-off-by: Yuejie Shi Signed-off-by: Steffen Klassert net/key/af_key.c | 46 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 8 deletions(-) commit a8e28440016bfb23bec266c4c66eacca6ea2d48b Merge: 2b5efc0 3209f68 Author: Al Viro Date: Mon Apr 3 01:06:59 2017 -0400 Merge branch 'work.statx' into for-next commit 2b5efc089769cd2aa583880d29416d00e7441f39 Author: Al Viro Date: Sat Mar 25 00:43:43 2017 -0400 alpha: fix stack smashing in old_adjtimex(2) Signed-off-by: Al Viro arch/alpha/kernel/osf_sys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3209f68b3ca4667069923a325c88b21131bfdf9f Author: David Howells Date: Fri Mar 31 18:32:17 2017 +0100 statx: Include a mask for stx_attributes in struct statx Include a mask in struct stat to indicate which bits of stx_attributes the filesystem actually supports. This would also be useful if we add another system call that allows you to do a 'bulk attribute set' and pass in a statx struct with the masks appropriately set to say what you want to set. Signed-off-by: David Howells Signed-off-by: Al Viro fs/ext4/inode.c | 6 ++++++ fs/stat.c | 1 + include/linux/stat.h | 1 + include/uapi/linux/stat.h | 4 ++-- samples/statx/test-statx.c | 12 ++++++++---- 5 files changed, 18 insertions(+), 6 deletions(-) commit 47071aee6a1956524b9929b3b821f6d2f8cae23c Author: David Howells Date: Fri Mar 31 18:32:10 2017 +0100 statx: Reserve the top bit of the mask for future struct expansion Reserve the top bit of the mask for future expansion of the statx struct and give an error if statx() sees it set. All the other bits are ignored if we see them set but don't support the bit; we just clear the bit in the returned mask. Signed-off-by: David Howells Signed-off-by: Al Viro fs/stat.c | 2 ++ include/uapi/linux/stat.h | 1 + 2 files changed, 3 insertions(+) commit 5f955f26f3d42d04aba65590a32eb70eedb7f37d Author: Darrick J. Wong Date: Fri Mar 31 18:32:03 2017 +0100 xfs: report crtime and attribute flags to statx statx has the ability to report inode creation times and inode flags, so hook up di_crtime and di_flags to that functionality. Signed-off-by: Darrick J. Wong Signed-off-by: David Howells Signed-off-by: Al Viro fs/xfs/xfs_iops.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 99652ea56a4186bc5bf8a3721c5353f41b35ebcb Author: David Howells Date: Fri Mar 31 18:31:56 2017 +0100 ext4: Add statx support Return enhanced file attributes from the Ext4 filesystem. This includes the following: (1) The inode creation time (i_crtime) as stx_btime, setting STATX_BTIME. (2) Certain FS_xxx_FL flags are mapped to stx_attribute flags. This requires that all ext4 inodes have a getattr call, not just some of them, so to this end, split the ext4_getattr() function and only call part of it where appropriate. Example output: [root@andromeda ~]# touch foo [root@andromeda ~]# chattr +ai foo [root@andromeda ~]# /tmp/test-statx foo statx(foo) = 0 results=fff Size: 0 Blocks: 0 IO Block: 4096 regular file Device: 08:12 Inode: 2101950 Links: 1 Access: (0644/-rw-r--r--) Uid: 0 Gid: 0 Access: 2016-02-11 17:08:29.031795451+0000 Modify: 2016-02-11 17:08:29.031795451+0000 Change: 2016-02-11 17:11:11.987790114+0000 Birth: 2016-02-11 17:08:29.031795451+0000 Attributes: 0000000000000030 (-------- -------- -------- -------- -------- -------- -------- --ai----) Signed-off-by: David Howells Signed-off-by: Al Viro fs/ext4/ext4.h | 1 + fs/ext4/file.c | 2 +- fs/ext4/inode.c | 35 ++++++++++++++++++++++++++++++++--- fs/ext4/namei.c | 2 ++ fs/ext4/symlink.c | 3 +++ 5 files changed, 39 insertions(+), 4 deletions(-) commit 64bd72048a2ac07efed70debe606a1c6e5e03554 Author: Eric Biggers Date: Fri Mar 31 18:31:48 2017 +0100 statx: optimize copy of struct statx to userspace I found that statx() was significantly slower than stat(). As a microbenchmark, I compared 10,000,000 invocations of fstat() on a tmpfs file to the same with statx() passed a NULL path: $ time ./stat_benchmark real 0m1.464s user 0m0.275s sys 0m1.187s $ time ./statx_benchmark real 0m5.530s user 0m0.281s sys 0m5.247s statx is expected to be a little slower than stat because struct statx is larger than struct stat, but not by *that* much. It turns out that most of the overhead was in copying struct statx to userspace, mostly in all the stac/clac instructions that got generated for each __put_user() call. (This was on x86_64, but some other architectures, e.g. arm64, have something similar now too.) stat() instead initializes its struct on the stack and copies it to userspace with a single call to copy_to_user(). This turns out to be much faster, and changing statx to do this makes it almost as fast as stat: $ time ./statx_benchmark real 0m1.624s user 0m0.270s sys 0m1.354s For zeroing the reserved fields, start by zeroing the full struct with memset. This makes it clear that every byte copied to userspace is initialized, even implicit padding bytes (though there are none currently). In the scenarios I tested, it also performed the same as a designated initializer. Manually initializing each field was still slightly faster, but would have been more error-prone and less verifiable. Also rename statx_set_result() to cp_statx() for consistency with cp_old_stat() et al., and make it noinline so that struct statx doesn't add to the stack usage during the main portion of the syscall execution. Signed-off-by: Eric Biggers Signed-off-by: David Howells Signed-off-by: Al Viro fs/stat.c | 74 +++++++++++++++++++++++++++------------------------------------ 1 file changed, 32 insertions(+), 42 deletions(-) commit b15fb70b82299f92bb8d591c9d1731cb23fa8290 Author: Eric Biggers Date: Fri Mar 31 18:31:40 2017 +0100 statx: remove incorrect part of vfs_statx() comment request_mask and query_flags are function arguments, not passed in struct kstat. So remove the part of the comment which claims otherwise. This was apparently left over from an earlier version of the statx patch. Signed-off-by: Eric Biggers Signed-off-by: David Howells Reviewed-by: Christoph Hellwig Signed-off-by: Al Viro fs/stat.c | 3 --- 1 file changed, 3 deletions(-) commit 8c7493aa3e9ae90f90196f4d4c1398ad143cba7b Author: Eric Biggers Date: Fri Mar 31 18:31:32 2017 +0100 statx: reject unknown flags when using NULL path The statx() system call currently accepts unknown flags when called with a NULL path to operate on a file descriptor. Left unchanged, this could make it hard to introduce new query flags in the future, since applications may not be able to tell whether a given flag is supported. Fix this by failing the system call with EINVAL if any flags other than KSTAT_QUERY_FLAGS are specified in combination with a NULL path. Arguably, we could still permit known lookup-related flags such as AT_SYMLINK_NOFOLLOW. However, that would be inconsistent with how sys_utimensat() behaves when passed a NULL path, which seems to be the closest precedent. And given that the NULL path case is (I believe) mainly intended to be used to implement a wrapper function like fstatx() that doesn't have a path argument, I think rejecting lookup-related flags too is probably the best choice. Signed-off-by: Eric Biggers Signed-off-by: David Howells Signed-off-by: Al Viro fs/stat.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 75dd7e4bb663c7047c7d1bd4dad26f8c048851be Author: Eric Biggers Date: Fri Mar 31 18:31:25 2017 +0100 Documentation/filesystems: fix documentation for ->getattr() Following the recent merge of statx, correct the documented prototype for the ->getattr() inode operation, and add an entry to the porting file. Signed-off-by: Eric Biggers Signed-off-by: David Howells Signed-off-by: Al Viro Documentation/filesystems/Locking | 3 +-- Documentation/filesystems/porting | 6 ++++++ Documentation/filesystems/vfs.txt | 3 +-- 3 files changed, 8 insertions(+), 4 deletions(-) commit 921d701e6f31e1ffaca3560416af1aa04edb4c4f Author: Tobias Klauser Date: Sun Apr 2 20:08:04 2017 -0700 nios2: reserve boot memory for device tree Make sure to reserve the boot memory for the flattened device tree. Otherwise it might get overwritten, e.g. when initial_boot_params is copied, leading to a corrupted FDT and a boot hang/crash: bootconsole [early0] enabled Early console on uart16650 initialized at 0xf8001600 OF: fdt: Error -11 processing FDT Kernel panic - not syncing: setup_cpuinfo: No CPU found in devicetree! ---[ end Kernel panic - not syncing: setup_cpuinfo: No CPU found in devicetree! Guenter Roeck says: > I think I found the problem. In unflatten_and_copy_device_tree(), with added > debug information: > > OF: fdt: initial_boot_params=c861e400, dt=c861f000 size=28874 (0x70ca) > > ... and then initial_boot_params is copied to dt, which results in corrupted > fdt since the memory overlaps. Looks like the initial_boot_params memory > is not reserved and (re-)allocated by early_init_dt_alloc_memory_arch(). Cc: stable@vger.kernel.org Reported-by: Guenter Roeck Reference: http://lkml.kernel.org/r/20170226210338.GA19476@roeck-us.net Tested-by: Guenter Roeck Signed-off-by: Tobias Klauser Acked-by: Ley Foon Tan arch/nios2/kernel/prom.c | 7 +++++++ arch/nios2/kernel/setup.c | 3 +++ 2 files changed, 10 insertions(+) commit 75514b6654859e0130b512396dc964d2a9e84967 Author: Grygorii Strashko Date: Fri Mar 31 18:41:23 2017 -0500 net: ethernet: ti: cpsw: wake tx queues on ndo_tx_timeout In case, if TX watchdog is fired some or all netdev TX queues will be stopped and as part of recovery it is required not only to drain and reinitailize CPSW TX channeles, but also wake up stoppted TX queues what doesn't happen now and netdevice will stop transmiting data until reopenned. Hence, add netif_tx_wake_all_queues() call in .ndo_tx_timeout() to complete recovery and restore TX path. Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 2 ++ 1 file changed, 2 insertions(+) commit a71c9a1c779f2499fb2afc0553e543f18aff6edf Author: Linus Torvalds Date: Sun Apr 2 17:23:54 2017 -0700 Linux 4.11-rc5 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f49237bfcdfca0ea6e03f8f98d583ee9b7d92875 Merge: 496dcc5 23f963e9 Author: Linus Torvalds Date: Sun Apr 2 16:29:34 2017 -0700 Merge tag 'dmaengine-fix-4.11-rc5' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine fixes from Vinod Koul: "A couple of minor fixes for 4.11: - array bound fix for __get_unmap_pool() - cyclic period splitting for bcm2835" * tag 'dmaengine-fix-4.11-rc5' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: Fix array index out of bounds warning in __get_unmap_pool() dmaengine: bcm2835: Fix cyclic DMA period splitting commit a5d68ba85801a78c892a0eb8efb711e293ed314b Author: Xiubo Li Date: Fri Mar 31 10:35:25 2017 +0800 tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case For the bidirectional case, the Data-Out buffer blocks will always at the head of the tcmu_cmd's bitmap, and before gathering the Data-In buffer, first of all it should skip the Data-Out ones, or the device supporting BIDI commands won't work. Fixed: 26418649eead ("target/user: Introduce data_bitmap, replace data_length/data_head/data_tail") Reported-by: Ilias Tsitsimpis Tested-by: Ilias Tsitsimpis Signed-off-by: Xiubo Li Cc: stable@vger.kernel.org # 4.6+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 48 +++++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 15 deletions(-) commit 1c99de981f30b3e7868b8d20ce5479fa1c0fea46 Author: Nicholas Bellinger Date: Sun Apr 2 13:36:44 2017 -0700 iscsi-target: Drop work-around for legacy GlobalSAN initiator Once upon a time back in 2009, a work-around was added to support the GlobalSAN iSCSI initiator v3.3 for MacOSX, which during login did not propose nor respond to MaxBurstLength, FirstBurstLength, DefaultTime2Wait and DefaultTime2Retain keys. The work-around in iscsi_check_proposer_for_optional_reply() allowed the missing keys to be proposed, but did not require waiting for a response before moving to full feature phase operation. This allowed GlobalSAN v3.3 to work out-of-the box, and for many years we didn't run into login interopt issues with any other initiators.. Until recently, when Martin tried a QLogic 57840S iSCSI Offload HBA on Windows 2016 which completed login, but subsequently failed with: Got unknown iSCSI OpCode: 0x43 The issue was QLogic MSFT side did not propose DefaultTime2Wait + DefaultTime2Retain, so LIO proposes them itself, and immediately transitions to full feature phase because of the GlobalSAN hack. However, the QLogic MSFT side still attempts to respond to DefaultTime2Retain + DefaultTime2Wait, even though LIO has set ISCSI_FLAG_LOGIN_NEXT_STAGE3 + ISCSI_FLAG_LOGIN_TRANSIT in last login response. So while the QLogic MSFT side should have been proposing these two keys to start, it was doing the correct thing per RFC-3720 attempting to respond to proposed keys before transitioning to full feature phase. All that said, recent versions of GlobalSAN iSCSI (v5.3.0.541) does correctly propose the four keys during login, making the original work-around moot. So in order to allow QLogic MSFT to run unmodified as-is, go ahead and drop this long standing work-around. Reported-by: Martin Svec Cc: Martin Svec Cc: Himanshu Madhani Cc: Arun Easi Cc: stable@vger.kernel.org # 3.1+ Signed-off-by: Nicholas Bellinger drivers/target/iscsi/iscsi_target_parameters.c | 16 ---------------- 1 file changed, 16 deletions(-) commit 496dcc5091e4c79f18ebae514e0e79e44a72993a Merge: 128c434 6b1cc94 Author: Linus Torvalds Date: Sun Apr 2 09:27:02 2017 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "This update provides: - prevent KASLR from randomizing EFI regions - restrict the usage of -maccumulate-outgoing-args and document when and why it is required. - make the Global Physical Address calculation for UV4 systems work correctly. - address a copy->paste->forgot-edit problem in the MCE exception table entries. - assign a name to AMD MCA bank 3, so the sysfs file registration works. - add a missing include in the boot code" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot: Include missing header file x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs x86/build: Mostly disable '-maccumulate-outgoing-args' x86/mm/KASLR: Exclude EFI region from KASLR VA space randomization x86/mce: Fix copy/paste error in exception table entries x86/platform/uv: Fix calculation of Global Physical Address commit 128c434a70996a3738c7ca4aa2ee91942e4c48f0 Merge: 0a89b5e 658b299 Author: Linus Torvalds Date: Sun Apr 2 09:25:10 2017 -0700 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Thomas Gleixner: "This update provides: - make the scheduler clock switch to unstable mode smooth so the timestamps stay at microseconds granularity instead of switching to tick granularity. - unbreak perf test tsc by taking the new offset into account which was added in order to proveide better sched clock continuity - switching sched clock to unstable mode runs all clock related computations which affect the sched clock output itself from a work queue. In case of preemption sched clock uses half updated data and provides wrong timestamps. Keep the math in the protected context and delegate only the static key switch to workqueue context. - remove a duplicate header include" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/headers: Remove duplicate #include line sched/clock: Fix broken stable to unstable transfer sched/clock, x86/perf: Fix "perf test tsc" sched/clock: Fix clear_sched_clock_stable() preempt wobbly commit 0a89b5eb818aee2efe8b092bb303aec56486a3d3 Merge: 4a6808f 79a21d5 Author: Linus Torvalds Date: Sun Apr 2 09:23:31 2017 -0700 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI fix from Thomas Gleixner: "Downgrade the missing ESRT header printk to warning level and remove a useless error printk which just generates noise for no value" * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/esrt: Cleanup bad memory map log messages commit 4a6808f347a3f969e56e8e4274e70849ecdc33de Merge: 907977b 8d09617 Author: Linus Torvalds Date: Sun Apr 2 09:22:03 2017 -0700 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fixes from Thomas Gleixner: "Two small fixes for the new CLKEVT_OF infrastructure" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: vmlinux.lds: Add __clkevt_of_table to kernel clockevents: Fix syntax error in clkevt-of macro commit 907977b2a22c5d1f465fbe9657d0003f057f9b1e Merge: ada63c6 a89eae6 Author: Linus Torvalds Date: Sun Apr 2 09:20:34 2017 -0700 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Thomas Gleixner: "Two small fixlets: - select a required Kconfig to make the MVEBU driver compile - add the missing MIPS local GIC interrupts which prevent drivers to probe successfully" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/mips-gic: Fix Local compare interrupt irqchip/mvebu-odmi: Select GENERIC_MSI_IRQ_DOMAIN commit ada63c6159474aeb9d5f420d3378c3d340ceba17 Merge: 346ce1d 854fbd6 Author: Linus Torvalds Date: Sun Apr 2 09:18:59 2017 -0700 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull core fix from Thomas Gleixner: "Prevent leaking kernel memory via /proc/$pid/syscall when the queried task is not in a syscall" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: lib/syscall: Clear return values when no stack commit 3278682123811dd8ef07de5eb701fc4548fcebf2 Author: Al Viro Date: Fri Feb 17 20:16:34 2017 -0500 make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error Fixes the mess observed in e.g. rsync over a noisy link we'd been seeing since last Summer. What happens is that we copy part of a datagram before noticing a checksum mismatch. Datagram will be resent, all right, but we want the next try go into the same place, not after it... All this family of primitives (copy/checksum and copy a datagram into destination) is "all or nothing" sort of interface - either we get 0 (meaning that copy had been successful) or we get an error (and no way to tell how much had been copied before we ran into whatever error it had been). Make all of them leave iterator unadvanced in case of errors - all callers must be able to cope with that (an error might've been caught before the iterator had been advanced), it costs very little to arrange, it's safer for callers and actually fixes at least one bug in said callers. Cc: stable@vger.kernel.org Signed-off-by: Al Viro net/core/datagram.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) commit 27c0e3748e41ca79171ffa3e97415a20af6facd0 Author: Al Viro Date: Fri Feb 17 18:42:24 2017 -0500 [iov_iter] new privimitive: iov_iter_revert() opposite to iov_iter_advance(); the caller is responsible for never using it to move back past the initial position. Cc: stable@vger.kernel.org Signed-off-by: Al Viro include/linux/uio.h | 6 ++++- lib/iov_iter.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 1 deletion(-) commit bba6d9e47f3ea894e501f94b086a59ffe28241ac Author: Song Hongyan Date: Tue Mar 28 22:23:55 2017 +0800 iio: hid-sensor-attributes: Fix sensor property setting failure. When system bootup without get sensor property, set sensor property will be fail. If no get_feature operation done before set_feature, the sensor properties will all be the initialized value, which is not the same with sensor real properties. When set sensor property it will write back to sensor the changed perperty data combines with other sensor properties data, it is not right and may be dangerous. In order to get all sensor properties, choose to read one of the sensor properties(no matter read any sensor peroperty, driver will get all the peroperties and return the requested one). Fixes: 73c6768b710a ("iio: hid-sensors: Common attribute and trigger") Signed-off-by: Song Hongyan Acked-by: Srinivas Pandruvada Cc: Signed-off-by: Jonathan Cameron drivers/iio/common/hid-sensors/hid-sensor-attributes.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 862d1d89ad9e5b117f1fb2a472cef6fc92c0007a Author: Srinivas Pandruvada Date: Wed Mar 29 16:23:35 2017 -0700 iio: accel: hid-sensor-accel-3d: Fix duplicate scan index error When both accel_3d and gravity sensor are present, iio_device_register() fails with "Duplicate scan index" error. The reason for this is setting of indio_dev->num_channels based on accel_3d channel for both gravity and accel-3d sensor. But number of channels are not same, so for gravity it is pointing to some invalid memory and getting scan_index to compare which may match. To fix this issue, set the indio_dev->num_channels correctly based on the sensor type. Fixes: 0e377f3b9ae9 ('iio: Add gravity sensor support') Signed-off-by: Srinivas Pandruvada Signed-off-by: Jonathan Cameron drivers/iio/accel/hid-sensor-accel-3d.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7fd6592d1287046f61bfd3cda3c03cd35be490f7 Author: Nikolaus Schulz Date: Fri Mar 24 13:41:51 2017 +0100 iio: core: Fix IIO_VAL_FRACTIONAL_LOG2 for negative values Fix formatting of negative values of type IIO_VAL_FRACTIONAL_LOG2 by switching from do_div(), which can't handle negative numbers, to div_s64_rem(). Also use shift_right for shifting, which is safe with negative values. Signed-off-by: Nikolaus Schulz Reviewed-by: Lars-Peter Clausen Cc: stable@vger.kernel.org Signed-off-by: Jonathan Cameron drivers/iio/industrialio-core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 51f528a1636f352ad776a912ac86026ac7a89a2a Author: Shrirang Bagul Date: Thu Mar 30 23:47:21 2017 +0800 iio: st_pressure: initialize lps22hb bootime This patch initializes the bootime in struct st_sensor_settings for lps22hb sensor. Without this, sensor channels read from sysfs always report stale values. Signed-off-by: Shrirang Bagul Cc: Signed-off-by: Jonathan Cameron drivers/iio/pressure/st_pressure_core.c | 1 + 1 file changed, 1 insertion(+) commit 793c7ed9d785411a5cd6fe7e998cd7ee2870b38b Author: Christoph Hellwig Date: Fri Mar 31 17:00:08 2017 +0200 nvmet: fix byte swap in nvmet_parse_io_cmd We need to do arithmetics after byte swapping, not before. Signed-off-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/target/io-cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 78ce3daa7d703028c00eff2e03ad22efd116e549 Author: Christoph Hellwig Date: Fri Mar 31 17:00:07 2017 +0200 nvmet: fix byte swap in nvmet_execute_write_zeroes The length field in the Write Zeroes command is a 16-bit field. Signed-off-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/target/io-cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5ac5fcc6c7a2339a34c876a9b6926a7f17225493 Author: Christoph Hellwig Date: Fri Mar 31 17:00:06 2017 +0200 nvmet: add missing byte swap in nvmet_get_smart_log In this case entirely harmless as it's all-ones, but still nice to shut up sparse. Signed-off-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/target/admin-cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f1dd03a84dbf3e5ca91295a3d04c882b8bd86251 Author: Christoph Hellwig Date: Fri Mar 31 17:00:05 2017 +0200 nvme: add missing byte swap in nvme_setup_discard Fixes: b35ba01e ("nvme: support ranged discard requests") Signed-off-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/host/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf17aa36c0f199f5b254262e77eaefda7da0f50b Author: Roland Dreier Date: Wed Mar 1 18:22:01 2017 -0800 nvme: Correct NVMF enum values to match NVMe-oF rev 1.0 The enum values for QPTYPE, PRTYPE and CMS are off by 1 from the values defined in figure 42 of the NVM Express over Fabrics 1.0: http://www.nvmexpress.org/wp-content/uploads/NVMe_over_Fabrics_1_0_Gold_20160605-1.pdf Fix our enums to match the final spec. Signed-off-by: Roland Dreier Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg include/linux/nvme.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit e5c1e5198068ed896a8a80b8ed9e202bbab18851 Merge: afe8996 2777e2a Author: David S. Miller Date: Sat Apr 1 20:16:42 2017 -0700 Merge branch 'l2tp_session_find-fixes' Guillaume Nault says: ==================== l2tp: fix usage of l2tp_session_find() l2tp_session_find() doesn't take a reference on the session returned to its caller. Virtually all l2tp_session_find() users are racy, either because the session can disappear from under them or because they take a reference too late. This leads to bugs like 'use after free' or failure to notice duplicate session creations. In some cases, taking a reference on the session is not enough. The special callbacks .ref() and .deref() also have to be called in cases where the PPP pseudo-wire uses the socket associated with the session. Therefore, when looking up a session, we also have to pass a flag indicating if the .ref() callback has to be called. In the future, we probably could drop the .ref() and .deref() callbacks entirely by protecting the .sock field of struct pppol2tp_session with RCU, thus allowing it to be freed and set to NULL even if the L2TP session is still alive. ==================== Signed-off-by: David S. Miller commit 2777e2ab5a9cf2b4524486c6db1517a6ded25261 Author: Guillaume Nault Date: Fri Mar 31 13:02:30 2017 +0200 l2tp: take a reference on sessions used in genetlink handlers Callers of l2tp_nl_session_find() need to hold a reference on the returned session since there's no guarantee that it isn't going to disappear from under them. Relying on the fact that no l2tp netlink message may be processed concurrently isn't enough: sessions can be deleted by other means (e.g. by closing the PPPOL2TP socket of a ppp pseudowire). l2tp_nl_cmd_session_delete() is a bit special: it runs a callback function that may require a previous call to session->ref(). In particular, for ppp pseudowires, the callback is l2tp_session_delete(), which then calls pppol2tp_session_close() and dereferences the PPPOL2TP socket. The socket might already be gone at the moment l2tp_session_delete() calls session->ref(), so we need to take a reference during the session lookup. So we need to pass the do_ref variable down to l2tp_session_get() and l2tp_session_get_by_ifname(). Since all callers have to be updated, l2tp_session_find_by_ifname() and l2tp_nl_session_find() are renamed to reflect their new behaviour. Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_core.c | 9 +++++++-- net/l2tp/l2tp_core.h | 3 ++- net/l2tp/l2tp_netlink.c | 39 ++++++++++++++++++++++++++------------- 3 files changed, 35 insertions(+), 16 deletions(-) commit 5e6a9e5a3554a5b3db09cdc22253af1849c65dff Author: Guillaume Nault Date: Fri Mar 31 13:02:29 2017 +0200 l2tp: hold session while sending creation notifications l2tp_session_find() doesn't take any reference on the returned session. Therefore, the session may disappear while sending the notification. Use l2tp_session_get() instead and decrement session's refcount once the notification is sent. Fixes: 33f72e6f0c67 ("l2tp : multicast notification to the registered listeners") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_netlink.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit dbdbc73b44782e22b3b4b6e8b51e7a3d245f3086 Author: Guillaume Nault Date: Fri Mar 31 13:02:27 2017 +0200 l2tp: fix duplicate session creation l2tp_session_create() relies on its caller for checking for duplicate sessions. This is racy since a session can be concurrently inserted after the caller's verification. Fix this by letting l2tp_session_create() verify sessions uniqueness upon insertion. Callers need to be adapted to check for l2tp_session_create()'s return code instead of calling l2tp_session_find(). pppol2tp_connect() is a bit special because it has to work on existing sessions (if they're not connected) or to create a new session if none is found. When acting on a preexisting session, a reference must be held or it could go away on us. So we have to use l2tp_session_get() instead of l2tp_session_find() and drop the reference before exiting. Fixes: d9e31d17ceba ("l2tp: Add L2TP ethernet pseudowire support") Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_core.c | 70 +++++++++++++++++++++++++++++++++++++++------------- net/l2tp/l2tp_eth.c | 10 ++------ net/l2tp/l2tp_ppp.c | 60 ++++++++++++++++++++++---------------------- 3 files changed, 84 insertions(+), 56 deletions(-) commit 57377d63547861919ee634b845c7caa38de4a452 Author: Guillaume Nault Date: Fri Mar 31 13:02:26 2017 +0200 l2tp: ensure session can't get removed during pppol2tp_session_ioctl() Holding a reference on session is required before calling pppol2tp_session_ioctl(). The session could get freed while processing the ioctl otherwise. Since pppol2tp_session_ioctl() uses the session's socket, we also need to take a reference on it in l2tp_session_get(). Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ppp.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) commit 61b9a047729bb230978178bca6729689d0c50ca2 Author: Guillaume Nault Date: Fri Mar 31 13:02:25 2017 +0200 l2tp: fix race in l2tp_recv_common() Taking a reference on sessions in l2tp_recv_common() is racy; this has to be done by the callers. To this end, a new function is required (l2tp_session_get()) to atomically lookup a session and take a reference on it. Callers then have to manually drop this reference. Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_core.c | 73 ++++++++++++++++++++++++++++++++++++++++++---------- net/l2tp/l2tp_core.h | 3 +++ net/l2tp/l2tp_ip.c | 17 ++++++++---- net/l2tp/l2tp_ip6.c | 18 +++++++++---- 4 files changed, 88 insertions(+), 23 deletions(-) commit afe89962ee0799955b606cc7637ac86a296923a6 Author: Xin Long Date: Fri Mar 31 17:57:28 2017 +0800 sctp: use right in and out stream cnt Since sctp reconf was added in sctp, the real cnt of in/out stream have not been c.sinit_max_instreams and c.sinit_num_ostreams any more. This patch is to replace them with stream->in/outcnt. Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/outqueue.c | 3 +-- net/sctp/proc.c | 4 ++-- net/sctp/sm_statefuns.c | 6 +++--- net/sctp/socket.c | 10 +++++----- 4 files changed, 11 insertions(+), 12 deletions(-) commit 346ce1d75c20ac74b131c28022ef814453d37564 Merge: 7d34ddb 476e75a Author: Linus Torvalds Date: Sat Apr 1 20:11:35 2017 -0700 Merge branch 'parisc-4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fixes from Helge Deller: "Al Viro reported that - in case of read faults - our copy_from_user() implementation may claim to have copied more bytes than it actually did. In order to fix this bug and because of the way how gcc optimizes register usage for inline assembly in C code, we had to replace our pa_memcpy() function with a pure assembler implementation. While fixing the memcpy bug we noticed some other issues with our get_user() and put_user() functions, e.g. nested faults may return wrong data. This is now fixed by a common fixup handler for get_user/put_user in the exception handler which additionally makes generated code smaller and faster. The third patch is a trivial one-line fix for a patch which went in during 4.11-rc and which avoids stalled CPU warnings after power shutdown (for parisc machines which can't plug power off themselves). Due to the rewrite of pa_memcpy() into assembly this patch got bigger than what I wanted to have sent at this stage. Those patches have been running in production during the last few days on our debian build servers without any further issues" * 'parisc-4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Avoid stalled CPU warnings after system shutdown parisc: Clean up fixup routines for get_user()/put_user() parisc: Fix access fault handling in pa_memcpy() commit 7d34ddbe476e2f00851002bfdec7cafde02b4311 Merge: 978e0f9 0917ac4 Author: Linus Torvalds Date: Sat Apr 1 20:07:31 2017 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Thirteen small fixes: The hopefully final effort to get the lpfc nvme kconfig problems sorted, there's one important sg fix (user can induce read after end of buffer) and one minor enhancement (adding an extra PCI ID to qedi). The rest are a set of minor fixes, which mostly occur as user visible in error legs or on specific devices" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: ufs: remove the duplicated checking for supporting clkscaling scsi: lpfc: fix building without debugfs support scsi: lpfc: Fix PT2PT PRLI reject scsi: hpsa: fix volume offline state scsi: libsas: fix ata xfer length scsi: scsi_dh_alua: Warn if the first argument of alua_rtpg_queue() is NULL scsi: scsi_dh_alua: Ensure that alua_activate() calls the completion function scsi: scsi_dh_alua: Check scsi_device_get() return value scsi: sg: check length passed to SG_NEXT_CMD_LEN scsi: ufshcd-platform: remove the useless cast in ERR_PTR/IS_ERR scsi: qedi: Add PCI device-ID for QL41xxx adapters. scsi: aacraid: Fix potential null access scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr commit 978e0f92cdc2d2148b09eb6082704ae7a10df255 Merge: a9f6b6b 13a6798 Author: Linus Torvalds Date: Sat Apr 1 19:45:05 2017 -0700 Merge branch 'akpm' (patches from Andrew) Merge misc fixes from Andrew Morton: "11 fixes" * emailed patches from Andrew Morton : kasan: do not sanitize kexec purgatory drivers/rapidio/devices/tsi721.c: make module parameter variable name unique mm/hugetlb.c: don't call region_abort if region_chg fails kasan: report only the first error by default hugetlbfs: initialize shared policy as part of inode allocation mm: fix section name for .data..ro_after_init mm, hugetlb: use pte_present() instead of pmd_present() in follow_huge_pmd() mm: workingset: fix premature shadow node shrinking with cgroups mm: rmap: fix huge file mmap accounting in the memcg stats mm: move mm_percpu_wq initialization earlier mm: migrate: fix remove_migration_pte() for ksm pages commit 612307c6bebc0651cf36b6bf76249898f595fd64 Merge: 0989bd0 7d65f82 Author: David S. Miller Date: Sat Apr 1 13:31:15 2017 -0700 Merge tag 'mac80211-for-davem-2017-03-31' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Two fixes: * don't block netdev queues (indefinitely!) if mac80211 manages traffic queueing itself * check wiphy registration before checking for ops on resume, to avoid crash ==================== Signed-off-by: David S. Miller commit 0989bd034a125cef29bd6351514d588fc616b39a Merge: d5b07cc 02ea80b Author: David S. Miller Date: Sat Apr 1 12:36:38 2017 -0700 Merge branch 'bpf-map_value_adj-reg-types-fixes' Daniel Borkmann says: ==================== BPF fixes on map_value_adj reg types This set adds two fixes for map_value_adj register type in the verifier and user space tests along with them for the BPF self test suite. For details, please see individual patches. ==================== Signed-off-by: David S. Miller commit 02ea80b1850e48abbce77878896229d7cc5cb230 Author: Daniel Borkmann Date: Fri Mar 31 02:24:04 2017 +0200 bpf: add various verifier test cases for self-tests Add a couple of test cases, for example, probing for xadd on a spilled pointer to packet and map_value_adj register, various other map_value_adj tests including the unaligned load/store, and trying out pointer arithmetic on map_value_adj register itself. For the unaligned load/store, we need to figure out whether the architecture has efficient unaligned access and need to mark affected tests accordingly. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller tools/include/linux/filter.h | 10 ++ tools/testing/selftests/bpf/Makefile | 9 +- tools/testing/selftests/bpf/test_verifier.c | 270 +++++++++++++++++++++++++++- 3 files changed, 283 insertions(+), 6 deletions(-) commit 79adffcd6489ef43bda2dfded3d637d7fb4fac80 Author: Daniel Borkmann Date: Fri Mar 31 02:24:03 2017 +0200 bpf, verifier: fix rejection of unaligned access checks for map_value_adj Currently, the verifier doesn't reject unaligned access for map_value_adj register types. Commit 484611357c19 ("bpf: allow access into map value arrays") added logic to check_ptr_alignment() extending it from PTR_TO_PACKET to also PTR_TO_MAP_VALUE_ADJ, but for PTR_TO_MAP_VALUE_ADJ no enforcement is in place, because reg->id for PTR_TO_MAP_VALUE_ADJ reg types is never non-zero, meaning, we can cause BPF_H/_W/_DW-based unaligned access for architectures not supporting efficient unaligned access, and thus worst case could raise exceptions on some archs that are unable to correct the unaligned access or perform a different memory access to the actual requested one and such. i) Unaligned load with !CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS on r0 (map_value_adj): 0: (bf) r2 = r10 1: (07) r2 += -8 2: (7a) *(u64 *)(r2 +0) = 0 3: (18) r1 = 0x42533a00 5: (85) call bpf_map_lookup_elem#1 6: (15) if r0 == 0x0 goto pc+11 R0=map_value(ks=8,vs=48,id=0),min_value=0,max_value=0 R10=fp 7: (61) r1 = *(u32 *)(r0 +0) 8: (35) if r1 >= 0xb goto pc+9 R0=map_value(ks=8,vs=48,id=0),min_value=0,max_value=0 R1=inv,min_value=0,max_value=10 R10=fp 9: (07) r0 += 3 10: (79) r7 = *(u64 *)(r0 +0) R0=map_value_adj(ks=8,vs=48,id=0),min_value=3,max_value=3 R1=inv,min_value=0,max_value=10 R10=fp 11: (79) r7 = *(u64 *)(r0 +2) R0=map_value_adj(ks=8,vs=48,id=0),min_value=3,max_value=3 R1=inv,min_value=0,max_value=10 R7=inv R10=fp [...] ii) Unaligned store with !CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS on r0 (map_value_adj): 0: (bf) r2 = r10 1: (07) r2 += -8 2: (7a) *(u64 *)(r2 +0) = 0 3: (18) r1 = 0x4df16a00 5: (85) call bpf_map_lookup_elem#1 6: (15) if r0 == 0x0 goto pc+19 R0=map_value(ks=8,vs=48,id=0),min_value=0,max_value=0 R10=fp 7: (07) r0 += 3 8: (7a) *(u64 *)(r0 +0) = 42 R0=map_value_adj(ks=8,vs=48,id=0),min_value=3,max_value=3 R10=fp 9: (7a) *(u64 *)(r0 +2) = 43 R0=map_value_adj(ks=8,vs=48,id=0),min_value=3,max_value=3 R10=fp 10: (7a) *(u64 *)(r0 -2) = 44 R0=map_value_adj(ks=8,vs=48,id=0),min_value=3,max_value=3 R10=fp [...] For the PTR_TO_PACKET type, reg->id is initially zero when skb->data was fetched, it later receives a reg->id from env->id_gen generator once another register with UNKNOWN_VALUE type was added to it via check_packet_ptr_add(). The purpose of this reg->id is twofold: i) it is used in find_good_pkt_pointers() for setting the allowed access range for regs with PTR_TO_PACKET of same id once verifier matched on data/data_end tests, and ii) for check_ptr_alignment() to determine that when not having efficient unaligned access and register with UNKNOWN_VALUE was added to PTR_TO_PACKET, that we're only allowed to access the content bytewise due to unknown unalignment. reg->id was never intended for PTR_TO_MAP_VALUE{,_ADJ} types and thus is always zero, the only marking is in PTR_TO_MAP_VALUE_OR_NULL that was added after 484611357c19 via 57a09bf0a416 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers"). Above tests will fail for non-root environment due to prohibited pointer arithmetic. The fix splits register-type specific checks into their own helper instead of keeping them combined, so we don't run into a similar issue in future once we extend check_ptr_alignment() further and forget to add reg->type checks for some of the checks. Fixes: 484611357c19 ("bpf: allow access into map value arrays") Signed-off-by: Daniel Borkmann Reviewed-by: Josef Bacik Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/verifier.c | 58 +++++++++++++++++++++++++++++++++------------------ 1 file changed, 38 insertions(+), 20 deletions(-) commit fce366a9dd0ddc47e7ce05611c266e8574a45116 Author: Daniel Borkmann Date: Fri Mar 31 02:24:02 2017 +0200 bpf, verifier: fix alu ops against map_value{, _adj} register types While looking into map_value_adj, I noticed that alu operations directly on the map_value() resp. map_value_adj() register (any alu operation on a map_value() register will turn it into a map_value_adj() typed register) are not sufficiently protected against some of the operations. Two non-exhaustive examples are provided that the verifier needs to reject: i) BPF_AND on r0 (map_value_adj): 0: (bf) r2 = r10 1: (07) r2 += -8 2: (7a) *(u64 *)(r2 +0) = 0 3: (18) r1 = 0xbf842a00 5: (85) call bpf_map_lookup_elem#1 6: (15) if r0 == 0x0 goto pc+2 R0=map_value(ks=8,vs=48,id=0),min_value=0,max_value=0 R10=fp 7: (57) r0 &= 8 8: (7a) *(u64 *)(r0 +0) = 22 R0=map_value_adj(ks=8,vs=48,id=0),min_value=0,max_value=8 R10=fp 9: (95) exit from 6 to 9: R0=inv,min_value=0,max_value=0 R10=fp 9: (95) exit processed 10 insns ii) BPF_ADD in 32 bit mode on r0 (map_value_adj): 0: (bf) r2 = r10 1: (07) r2 += -8 2: (7a) *(u64 *)(r2 +0) = 0 3: (18) r1 = 0xc24eee00 5: (85) call bpf_map_lookup_elem#1 6: (15) if r0 == 0x0 goto pc+2 R0=map_value(ks=8,vs=48,id=0),min_value=0,max_value=0 R10=fp 7: (04) (u32) r0 += (u32) 0 8: (7a) *(u64 *)(r0 +0) = 22 R0=map_value_adj(ks=8,vs=48,id=0),min_value=0,max_value=0 R10=fp 9: (95) exit from 6 to 9: R0=inv,min_value=0,max_value=0 R10=fp 9: (95) exit processed 10 insns Issue is, while min_value / max_value boundaries for the access are adjusted appropriately, we change the pointer value in a way that cannot be sufficiently tracked anymore from its origin. Operations like BPF_{AND,OR,DIV,MUL,etc} on a destination register that is PTR_TO_MAP_VALUE{,_ADJ} was probably unintended, in fact, all the test cases coming with 484611357c19 ("bpf: allow access into map value arrays") perform BPF_ADD only on the destination register that is PTR_TO_MAP_VALUE_ADJ. Only for UNKNOWN_VALUE register types such operations make sense, f.e. with unknown memory content fetched initially from a constant offset from the map value memory into a register. That register is then later tested against lower / upper bounds, so that the verifier can then do the tracking of min_value / max_value, and properly check once that UNKNOWN_VALUE register is added to the destination register with type PTR_TO_MAP_VALUE{,_ADJ}. This is also what the original use-case is solving. Note, tracking on what is being added is done through adjust_reg_min_max_vals() and later access to the map value enforced with these boundaries and the given offset from the insn through check_map_access_adj(). Tests will fail for non-root environment due to prohibited pointer arithmetic, in particular in check_alu_op(), we bail out on the is_pointer_value() check on the dst_reg (which is false in root case as we allow for pointer arithmetic via env->allow_ptr_leaks). Similarly to PTR_TO_PACKET, one way to fix it is to restrict the allowed operations on PTR_TO_MAP_VALUE{,_ADJ} registers to 64 bit mode BPF_ADD. The test_verifier suite runs fine after the patch and it also rejects mentioned test cases. Fixes: 484611357c19 ("bpf: allow access into map value arrays") Signed-off-by: Daniel Borkmann Reviewed-by: Josef Bacik Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/verifier.c | 1 + 1 file changed, 1 insertion(+) commit d5b07ccc1bf5fd2ccc6bf9da5677fc448a972e32 Author: René Rebe Date: Tue Mar 28 07:56:51 2017 +0200 r8152: The Microsoft Surface docks also use R8152 v2 Without this the generic cdc_ether grabs the device, and does not really work. Signed-off-by: René Rebe Signed-off-by: David S. Miller drivers/net/usb/cdc_ether.c | 15 +++++++++++++++ drivers/net/usb/r8152.c | 3 +++ 2 files changed, 18 insertions(+) commit 6f56f6186c18e3fd54122b73da68e870687b8c59 Author: Yi-Hung Wei Date: Thu Mar 30 12:36:03 2017 -0700 openvswitch: Fix ovs_flow_key_update() ovs_flow_key_update() is called when the flow key is invalid, and it is used to update and revalidate the flow key. Commit 329f45bc4f19 ("openvswitch: add mac_proto field to the flow key") introduces mac_proto field to flow key and use it to determine whether the flow key is valid. However, the commit does not update the code path in ovs_flow_key_update() to revalidate the flow key which may cause BUG_ON() on execute_recirc(). This patch addresses the aforementioned issue. Fixes: 329f45bc4f19 ("openvswitch: add mac_proto field to the flow key") Signed-off-by: Yi-Hung Wei Acked-by: Jiri Benc Signed-off-by: David S. Miller net/openvswitch/flow.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 3af887c38f1ae0db66c00c4ee2e8a0b1e99ffc29 Author: Mark Brown Date: Thu Mar 30 17:00:12 2017 +0100 net/faraday: Explicitly include linux/of.h and linux/property.h This driver uses interfaces from linux/of.h and linux/property.h but relies on implict inclusion of those headers which means that changes in other headers could break the build, as happened in -next for arm today. Add a explicit includes. Signed-off-by: Mark Brown Acked-by: Joel Stanley Signed-off-by: David S. Miller drivers/net/ethernet/faraday/ftgmac100.c | 2 ++ 1 file changed, 2 insertions(+) commit b917078c1c107ce34264af893e436e6115eeb9f6 Author: Daode Huang Date: Thu Mar 30 16:37:41 2017 +0100 net: hns: Add ACPI support to check SFP present The current code only supports DT to check SFP present. This patch adds ACPI support as well. Signed-off-by: Daode Huang Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 11 +++++---- drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c | 28 +++++++++++++++++++++- 2 files changed, 34 insertions(+), 5 deletions(-) commit a9f6b6b8cd2f5c935e9cd78b322897c08fe3ad82 Merge: b3ff4fa a7f12a2 Author: Linus Torvalds Date: Sat Apr 1 11:50:25 2017 -0700 Merge tag 'usb-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some small USB fixes for 4.11-rc5. The usual xhci fixes are here, as well as a fix for yet-another-bug- found-by-KASAN, those developers are doing great stuff here. And there's a phy build warning fix that showed up in 4.11-rc1. All of these have been in linux-next with no reported issues" * tag 'usb-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled xhci: Manually give back cancelled URB if we can't queue it for cancel xhci: Set URB actual length for stopped control transfers xhci: plat: Register shutdown for xhci_plat USB: fix linked-list corruption in rh_call_control() commit b3ff4fac96295e0a92bdcee34887fad5cbb63d3b Merge: 7ece03b e53e597 Author: Linus Torvalds Date: Sat Apr 1 11:47:36 2017 -0700 Merge tag 'tty-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are some small fixes for some serial drivers and Kconfig help text for 4.11-rc5. Nothing major here at all, a few things resolving reported bugs in some random serial drivers. I don't think these made the last linux-next due to me getting to them yesterday, but I am not sure, they might have snuck in. The patches only affect drivers that the maintainers of sent me these patches for, so we should be safe here :)" * tag 'tty-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: pl011: fix earlycon work-around for QDF2400 erratum 44 serial: 8250_EXAR: fix duplicate Kconfig text and add missing help text tty/serial: atmel: fix TX path in atmel_console_write() tty/serial: atmel: fix race condition (TX+DMA) serial: mxs-auart: Fix baudrate calculation commit 7ece03b08549f0495e64ddf34034d759af9527d4 Merge: 0d2ceec a079306 Author: Linus Torvalds Date: Sat Apr 1 11:22:05 2017 -0700 Merge tag 'acpi-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These fix two issues related to IOAPIC hotplug, an overzealous build optimization that prevents the function graph tracer from working with the ACPI subsystem correctly and an RCU synchronization issue in the ACPI APEI code. Specifics: - drop the unconditional setting of the '-Os' gcc flag from the ACPI Makefile to make the function graph tracer work correctly with the ACPI subsystem (Josh Poimboeuf). - add missing synchronize_rcu() to ghes_remove() which removes an element from an RCU-protected list, but fails to synchronize it properly afterward (James Morse). - fix two problems related to IOAPIC hotplug, a local variable initialization in setup_res() and the creation of platform device objects for IO(x)APICs which are (a) unused and (b) leaked on hot-removal (Joerg Roedel)" * tag 'acpi-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: Fix incompatibility with mcount-based function graph tracing ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal ACPI: Do not create a platform_device for IOAPIC/IOxAPIC ACPI: ioapic: Clear on-stack resource before using it commit 0d2ceec687cfc0da85f4fe5c39851b1e405a7f85 Merge: 1300dc6 46e1d5e Author: Linus Torvalds Date: Sat Apr 1 11:17:48 2017 -0700 Merge tag 'pm-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix a cpufreq core issue with the initialization of the cpufreq sysfs interface and a cpuidle powernv driver initialization issue. Specifics: - symbolic links from CPU directories to the corresponding cpufreq policy directories in sysfs are not created during initialization in some cases which confuses user space, so prevent that from happening (Rafael Wysocki). - the powernv cpuidle driver fails to pass a correct cpumaks to the cpuidle core in some cases which causes subsequent failures to occur, so fix it (Vaidyanathan Srinivasan)" * tag 'pm-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpuidle: powernv: Pass correct drv->cpumask for registration cpufreq: Fix creation of symbolic links to policy directories commit 1300dc689f66e7fafcbc28e88c0c839161a3507d Merge: dcbcb49 0bf9e12 Author: Linus Torvalds Date: Sat Apr 1 11:13:31 2017 -0700 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Two bugfixes from I2C, specifically the I2C mux section. Thanks to peda for collecting them" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: mux: pca954x: Add missing pca9546 definition to chip_desc Revert "i2c: mux: pca954x: Add ACPI support for pca954x" commit dcbcb49155be1934d13887e50b9b728e153b15c3 Merge: 09c8b3d 4c6fabd Author: Linus Torvalds Date: Sat Apr 1 10:52:19 2017 -0700 Merge tag 'arc-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fixes from Vineet Gupta: "Accumulated fixes for ARC which I've been been sitting on for a while: - reading clk from driver vs device tree [Vlad] - fix support for UIO in VDK platform [Alexey] - SLC busy bit reading workaround - build warning with kprobes header reorg" * tag 'arc-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: fix build warnings with !CONFIG_KPROBES ARCv2: SLC: Make sure busy bit is set properly on SLC flushing ARC: vdk: Fix support of UIO ARCv2: make unimplemented vectors as no-ops rather than halt core ARC: get rate from clk driver instead of reading device tree ARC: [dts] add cpu nodes to ARCHS SMP device tree ARC: [dts] add input clocks for cpu nodes commit 09c8b3d1d6433860e9c51f5fc72f22a9b56ebb52 Merge: fe8e12b 23abec2 Author: Linus Torvalds Date: Sat Apr 1 10:43:37 2017 -0700 Merge tag 'nfsd-4.11-1' of git://linux-nfs.org/~bfields/linux Pull nfsd fixes from Bruce Fields: "The restriction of NFSv4 to TCP went overboard and also broke the backchannel; fix. Also some minor refinements to the nfsd version-setting interface that we'd like to get fixed before release" * tag 'nfsd-4.11-1' of git://linux-nfs.org/~bfields/linux: svcrdma: set XPT_CONG_CTRL flag for bc xprt NFSD: fix nfsd_reset_versions for NFSv4. NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) NFSD: further refinement of content of /proc/fs/nfsd/versions nfsd: map the ENOKEY to nfserr_perm for avoiding warning SUNRPC/backchanel: set XPT_CONG_CTRL flag for bc xprt commit e53e597fd4c4a0b6ae58e57d76a240927fd17eaa Author: Timur Tabi Date: Fri Mar 31 17:05:02 2017 -0500 tty: pl011: fix earlycon work-around for QDF2400 erratum 44 The work-around for the Qualcomm Datacenter Technologies QDF2400 erratum 44 sets the "qdf2400_e44_present" global variable if the work-around is needed. However, this check does not happen until after earlycon is initialized, which means the work-around is not used, and the console hangs as soon as it displays one character. Fixes: d8a4995bcea1 ("tty: pl011: Work around QDF2400 E44 stuck BUSY bit") Signed-off-by: Timur Tabi Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/amba-pl011.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) commit aa4ce4493c88dc324911152d1ccd25469366dba3 Author: Zhi Wang Date: Sat Apr 1 00:00:53 2017 +0800 drm/i915/gvt: Fix firmware loading interface for GVT-g golden HW state Firmware loading interface for GVT-g golden HW state has been broken before. This patch fixes GVT-g firmware loading interface. A user should apply this patch if he wants to load GVT-g golden HW state from firmware interface. Fixes: 579cea5 ("drm/i915/gvt: golden virtual HW state management") Cc: Zhenyu Wang Cc: drm-intel-fixes@lists.freedesktop.org Signed-off-by: Zhi Wang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/firmware.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit fe8e12b5032536d37751c47e1c0446f17e974e5c Merge: f9799ad 41a75a6 Author: Linus Torvalds Date: Fri Mar 31 17:58:48 2017 -0700 Merge branch 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fixes from Chris Mason: "We have three small fixes queued up in my for-linus-4.11 branch" * 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: Btrfs: fix an integer overflow check btrfs: Change qgroup_meta_rsv to 64bit Btrfs: bring back repair during read commit 13a6798e4a03096b11bf402a063786a7be55d426 Author: Mike Galbraith Date: Fri Mar 31 15:12:12 2017 -0700 kasan: do not sanitize kexec purgatory Fixes this: kexec: Undefined symbol: __asan_load8_noabort kexec-bzImage64: Loading purgatory failed Link: http://lkml.kernel.org/r/1489672155.4458.7.camel@gmx.de Signed-off-by: Mike Galbraith Cc: Alexander Potapenko Cc: Andrey Ryabinin Cc: Dmitry Vyukov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/purgatory/Makefile | 1 + 1 file changed, 1 insertion(+) commit 4785603bd05b0b029c647080937674d9991600f9 Author: Randy Dunlap Date: Fri Mar 31 15:12:10 2017 -0700 drivers/rapidio/devices/tsi721.c: make module parameter variable name unique kbuild test robot reported a non-static variable name collision between a staging driver and a RapidIO driver, with a generic variable name of 'dbg_level'. Both drivers should be changed so that they don't use this generic public variable name. This patch fixes the RapidIO driver but does not change the user interface (name) for the module parameter. drivers/staging/built-in.o:(.bss+0x109d0): multiple definition of `dbg_level' drivers/rapidio/built-in.o:(.bss+0x16c): first defined here Link: http://lkml.kernel.org/r/ab527fc5-aa3c-4b07-5d48-eef5de703192@infradead.org Signed-off-by: Randy Dunlap Reported-by: kbuild test robot Cc: Greg Kroah-Hartman Cc: Matt Porter Cc: Alexandre Bounine Cc: Jérémy Lefaure Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/rapidio/devices/tsi721.c | 4 ++-- drivers/rapidio/devices/tsi721.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit ff8c0c53c47530ffea82c22a0a6df6332b56c957 Author: Mike Kravetz Date: Fri Mar 31 15:12:07 2017 -0700 mm/hugetlb.c: don't call region_abort if region_chg fails Changes to hugetlbfs reservation maps is a two step process. The first step is a call to region_chg to determine what needs to be changed, and prepare that change. This should be followed by a call to call to region_add to commit the change, or region_abort to abort the change. The error path in hugetlb_reserve_pages called region_abort after a failed call to region_chg. As a result, the adds_in_progress counter in the reservation map is off by 1. This is caught by a VM_BUG_ON in resv_map_release when the reservation map is freed. syzkaller fuzzer (when using an injected kmalloc failure) found this bug, that resulted in the following: kernel BUG at mm/hugetlb.c:742! Call Trace: hugetlbfs_evict_inode+0x7b/0xa0 fs/hugetlbfs/inode.c:493 evict+0x481/0x920 fs/inode.c:553 iput_final fs/inode.c:1515 [inline] iput+0x62b/0xa20 fs/inode.c:1542 hugetlb_file_setup+0x593/0x9f0 fs/hugetlbfs/inode.c:1306 newseg+0x422/0xd30 ipc/shm.c:575 ipcget_new ipc/util.c:285 [inline] ipcget+0x21e/0x580 ipc/util.c:639 SYSC_shmget ipc/shm.c:673 [inline] SyS_shmget+0x158/0x230 ipc/shm.c:657 entry_SYSCALL_64_fastpath+0x1f/0xc2 RIP: resv_map_release+0x265/0x330 mm/hugetlb.c:742 Link: http://lkml.kernel.org/r/1490821682-23228-1-git-send-email-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Reported-by: Dmitry Vyukov Acked-by: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit b0845ce58379d11dcad4cdb6824a6410de260216 Author: Mark Rutland Date: Fri Mar 31 15:12:04 2017 -0700 kasan: report only the first error by default Disable kasan after the first report. There are several reasons for this: - Single bug quite often has multiple invalid memory accesses causing storm in the dmesg. - Write OOB access might corrupt metadata so the next report will print bogus alloc/free stacktraces. - Reports after the first easily could be not bugs by itself but just side effects of the first one. Given that multiple reports usually only do harm, it makes sense to disable kasan after the first one. If user wants to see all the reports, the boot-time parameter kasan_multi_shot must be used. [aryabinin@virtuozzo.com: wrote changelog and doc, added missing include] Link: http://lkml.kernel.org/r/20170323154416.30257-1-aryabinin@virtuozzo.com Signed-off-by: Mark Rutland Signed-off-by: Andrey Ryabinin Cc: Andrey Konovalov Cc: Alexander Potapenko Cc: Dmitry Vyukov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/admin-guide/kernel-parameters.txt | 6 +++++ include/linux/kasan.h | 3 +++ lib/test_kasan.c | 10 +++++++ mm/kasan/kasan.h | 5 ---- mm/kasan/report.c | 36 +++++++++++++++++++++++++ 5 files changed, 55 insertions(+), 5 deletions(-) commit 4742a35d9de745e867405b4311e1aac412f0ace1 Author: Mike Kravetz Date: Fri Mar 31 15:12:01 2017 -0700 hugetlbfs: initialize shared policy as part of inode allocation Any time after inode allocation, destroy_inode can be called. The hugetlbfs inode contains a shared_policy structure, and mpol_free_shared_policy is unconditionally called as part of hugetlbfs_destroy_inode. Initialize the policy as part of inode allocation so that any quick (error path) calls to destroy_inode will be handed an initialized policy. syzkaller fuzzer found this bug, that resulted in the following: BUG: KASAN: user-memory-access in atomic_inc include/asm-generic/atomic-instrumented.h:87 [inline] at addr 000000131730bd7a BUG: KASAN: user-memory-access in __lock_acquire+0x21a/0x3a80 kernel/locking/lockdep.c:3239 at addr 000000131730bd7a Write of size 4 by task syz-executor6/14086 CPU: 3 PID: 14086 Comm: syz-executor6 Not tainted 4.11.0-rc3+ #364 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: atomic_inc include/asm-generic/atomic-instrumented.h:87 [inline] __lock_acquire+0x21a/0x3a80 kernel/locking/lockdep.c:3239 lock_acquire+0x1ee/0x590 kernel/locking/lockdep.c:3762 __raw_write_lock include/linux/rwlock_api_smp.h:210 [inline] _raw_write_lock+0x33/0x50 kernel/locking/spinlock.c:295 mpol_free_shared_policy+0x43/0xb0 mm/mempolicy.c:2536 hugetlbfs_destroy_inode+0xca/0x120 fs/hugetlbfs/inode.c:952 alloc_inode+0x10d/0x180 fs/inode.c:216 new_inode_pseudo+0x69/0x190 fs/inode.c:889 new_inode+0x1c/0x40 fs/inode.c:918 hugetlbfs_get_inode+0x40/0x420 fs/hugetlbfs/inode.c:734 hugetlb_file_setup+0x329/0x9f0 fs/hugetlbfs/inode.c:1282 newseg+0x422/0xd30 ipc/shm.c:575 ipcget_new ipc/util.c:285 [inline] ipcget+0x21e/0x580 ipc/util.c:639 SYSC_shmget ipc/shm.c:673 [inline] SyS_shmget+0x158/0x230 ipc/shm.c:657 entry_SYSCALL_64_fastpath+0x1f/0xc2 Analysis provided by Tetsuo Handa Link: http://lkml.kernel.org/r/1490477850-7944-1-git-send-email-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Reported-by: Dmitry Vyukov Acked-by: Hillf Danton Cc: Tetsuo Handa Cc: Michal Hocko Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/hugetlbfs/inode.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) commit 906f2a51c941e251ca196d5128953d9899a608ef Author: Kees Cook Date: Fri Mar 31 15:11:58 2017 -0700 mm: fix section name for .data..ro_after_init A section name for .data..ro_after_init was added by both: commit d07a980c1b8d ("s390: add proper __ro_after_init support") and commit d7c19b066dcf ("mm: kmemleak: scan .data.ro_after_init") The latter adds incorrect wrapping around the existing s390 section, and came later. I'd prefer the s390 naming, so this moves the s390-specific name up to the asm-generic/sections.h and renames the section as used by kmemleak (and in the future, kernel/extable.c). Link: http://lkml.kernel.org/r/20170327192213.GA129375@beast Signed-off-by: Kees Cook Acked-by: Heiko Carstens [s390 parts] Acked-by: Jakub Kicinski Cc: Eddie Kovsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/s390/include/asm/sections.h | 1 - arch/s390/kernel/vmlinux.lds.S | 2 -- include/asm-generic/sections.h | 6 +++--- include/asm-generic/vmlinux.lds.h | 4 ++-- mm/kmemleak.c | 2 +- 5 files changed, 6 insertions(+), 9 deletions(-) commit c9d398fa237882ea07167e23bcfc5e6847066518 Author: Naoya Horiguchi Date: Fri Mar 31 15:11:55 2017 -0700 mm, hugetlb: use pte_present() instead of pmd_present() in follow_huge_pmd() I found the race condition which triggers the following bug when move_pages() and soft offline are called on a single hugetlb page concurrently. Soft offlining page 0x119400 at 0x700000000000 BUG: unable to handle kernel paging request at ffffea0011943820 IP: follow_huge_pmd+0x143/0x190 PGD 7ffd2067 PUD 7ffd1067 PMD 0 [61163.582052] Oops: 0000 [#1] SMP Modules linked in: binfmt_misc ppdev virtio_balloon parport_pc pcspkr i2c_piix4 parport i2c_core acpi_cpufreq ip_tables xfs libcrc32c ata_generic pata_acpi virtio_blk 8139too crc32c_intel ata_piix serio_raw libata virtio_pci 8139cp virtio_ring virtio mii floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: cap_check] CPU: 0 PID: 22573 Comm: iterate_numa_mo Tainted: P OE 4.11.0-rc2-mm1+ #2 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:follow_huge_pmd+0x143/0x190 RSP: 0018:ffffc90004bdbcd0 EFLAGS: 00010202 RAX: 0000000465003e80 RBX: ffffea0004e34d30 RCX: 00003ffffffff000 RDX: 0000000011943800 RSI: 0000000000080001 RDI: 0000000465003e80 RBP: ffffc90004bdbd18 R08: 0000000000000000 R09: ffff880138d34000 R10: ffffea0004650000 R11: 0000000000c363b0 R12: ffffea0011943800 R13: ffff8801b8d34000 R14: ffffea0000000000 R15: 000077ff80000000 FS: 00007fc977710740(0000) GS:ffff88007dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffea0011943820 CR3: 000000007a746000 CR4: 00000000001406f0 Call Trace: follow_page_mask+0x270/0x550 SYSC_move_pages+0x4ea/0x8f0 SyS_move_pages+0xe/0x10 do_syscall_64+0x67/0x180 entry_SYSCALL64_slow_path+0x25/0x25 RIP: 0033:0x7fc976e03949 RSP: 002b:00007ffe72221d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc976e03949 RDX: 0000000000c22390 RSI: 0000000000001400 RDI: 0000000000005827 RBP: 00007ffe72221e00 R08: 0000000000c2c3a0 R09: 0000000000000004 R10: 0000000000c363b0 R11: 0000000000000246 R12: 0000000000400650 R13: 00007ffe72221ee0 R14: 0000000000000000 R15: 0000000000000000 Code: 81 e4 ff ff 1f 00 48 21 c2 49 c1 ec 0c 48 c1 ea 0c 4c 01 e2 49 bc 00 00 00 00 00 ea ff ff 48 c1 e2 06 49 01 d4 f6 45 bc 04 74 90 <49> 8b 7c 24 20 40 f6 c7 01 75 2b 4c 89 e7 8b 47 1c 85 c0 7e 2a RIP: follow_huge_pmd+0x143/0x190 RSP: ffffc90004bdbcd0 CR2: ffffea0011943820 ---[ end trace e4f81353a2d23232 ]--- Kernel panic - not syncing: Fatal exception Kernel Offset: disabled This bug is triggered when pmd_present() returns true for non-present hugetlb, so fixing the present check in follow_huge_pmd() prevents it. Using pmd_present() to determine present/non-present for hugetlb is not correct, because pmd_present() checks multiple bits (not only _PAGE_PRESENT) for historical reason and it can misjudge hugetlb state. Fixes: e66f17ff7177 ("mm/hugetlb: take page table lock in follow_huge_pmd()") Link: http://lkml.kernel.org/r/1490149898-20231-1-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi Acked-by: Hillf Danton Cc: Hugh Dickins Cc: Michal Hocko Cc: "Kirill A. Shutemov" Cc: Mike Kravetz Cc: Christian Borntraeger Cc: Gerald Schaefer Cc: [4.0+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 0cefabdaf757a6455d75f00cb76874e62703ed18 Author: Johannes Weiner Date: Fri Mar 31 15:11:52 2017 -0700 mm: workingset: fix premature shadow node shrinking with cgroups Commit 0a6b76dd23fa ("mm: workingset: make shadow node shrinker memcg aware") enabled cgroup-awareness in the shadow node shrinker, but forgot to also enable cgroup-awareness in the list_lru the shadow nodes sit on. Consequently, all shadow nodes are sitting on a global (per-NUMA node) list, while the shrinker applies the limits according to the amount of cache in the cgroup its shrinking. The result is excessive pressure on the shadow nodes from cgroups that have very little cache. Enable memcg-mode on the shadow node LRUs, such that per-cgroup limits are applied to per-cgroup lists. Fixes: 0a6b76dd23fa ("mm: workingset: make shadow node shrinker memcg aware") Link: http://lkml.kernel.org/r/20170322005320.8165-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Vladimir Davydov Cc: Michal Hocko Cc: [4.6+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/workingset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 553af430e7c981e6e8fa5007c5b7b5773acc63dd Author: Johannes Weiner Date: Fri Mar 31 15:11:50 2017 -0700 mm: rmap: fix huge file mmap accounting in the memcg stats Huge pages are accounted as single units in the memcg's "file_mapped" counter. Account the correct number of base pages, like we do in the corresponding node counter. Link: http://lkml.kernel.org/r/20170322005111.3156-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Reviewed-by: Kirill A. Shutemov Acked-by: Michal Hocko Cc: Vladimir Davydov Cc: [4.8+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/memcontrol.h | 6 ++++++ mm/rmap.c | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) commit 597b7305dd8bafdb3aef4957d97128bc90af8e9f Author: Michal Hocko Date: Fri Mar 31 15:11:47 2017 -0700 mm: move mm_percpu_wq initialization earlier Yang Li has reported that drain_all_pages triggers a WARN_ON which means that this function is called earlier than the mm_percpu_wq is initialized on arm64 with CMA configured: WARNING: CPU: 2 PID: 1 at mm/page_alloc.c:2423 drain_all_pages+0x244/0x25c Modules linked in: CPU: 2 PID: 1 Comm: swapper/0 Not tainted 4.11.0-rc1-next-20170310-00027-g64dfbc5 #127 Hardware name: Freescale Layerscape 2088A RDB Board (DT) task: ffffffc07c4a6d00 task.stack: ffffffc07c4a8000 PC is at drain_all_pages+0x244/0x25c LR is at start_isolate_page_range+0x14c/0x1f0 [...] drain_all_pages+0x244/0x25c start_isolate_page_range+0x14c/0x1f0 alloc_contig_range+0xec/0x354 cma_alloc+0x100/0x1fc dma_alloc_from_contiguous+0x3c/0x44 atomic_pool_init+0x7c/0x208 arm64_dma_init+0x44/0x4c do_one_initcall+0x38/0x128 kernel_init_freeable+0x1a0/0x240 kernel_init+0x10/0xfc ret_from_fork+0x10/0x20 Fix this by moving the whole setup_vmstat which is an initcall right now to init_mm_internals which will be called right after the WQ subsystem is initialized. Link: http://lkml.kernel.org/r/20170315164021.28532-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Yang Li Tested-by: Yang Li Tested-by: Xiaolong Ye Cc: Mel Gorman Cc: Vlastimil Babka Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 2 ++ init/main.c | 2 ++ mm/vmstat.c | 4 +--- 3 files changed, 5 insertions(+), 3 deletions(-) commit 4b0ece6fa0167b22c004ff69e137dc94ee2e469e Author: Naoya Horiguchi Date: Fri Mar 31 15:11:44 2017 -0700 mm: migrate: fix remove_migration_pte() for ksm pages I found that calling page migration for ksm pages causes the following bug: page:ffffea0004d51180 count:2 mapcount:2 mapping:ffff88013c785141 index:0x913 flags: 0x57ffffc0040068(uptodate|lru|active|swapbacked) raw: 0057ffffc0040068 ffff88013c785141 0000000000000913 0000000200000001 raw: ffffea0004d5f9e0 ffffea0004d53f60 0000000000000000 ffff88007d81b800 page dumped because: VM_BUG_ON_PAGE(!PageLocked(page)) page->mem_cgroup:ffff88007d81b800 ------------[ cut here ]------------ kernel BUG at /src/linux-dev/mm/rmap.c:1086! invalid opcode: 0000 [#1] SMP Modules linked in: ppdev parport_pc virtio_balloon i2c_piix4 pcspkr parport i2c_core acpi_cpufreq ip_tables xfs libcrc32c ata_generic pata_acpi ata_piix 8139too libata virtio_blk 8139cp crc32c_intel mii virtio_pci virtio_ring serio_raw virtio floppy dm_mirror dm_region_hash dm_log dm_mod CPU: 0 PID: 3162 Comm: bash Not tainted 4.11.0-rc2-mm1+ #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:do_page_add_anon_rmap+0x1ba/0x260 RSP: 0018:ffffc90002473b30 EFLAGS: 00010282 RAX: 0000000000000021 RBX: ffffea0004d51180 RCX: 0000000000000006 RDX: 0000000000000000 RSI: 0000000000000082 RDI: ffff88007dc0dfe0 RBP: ffffc90002473b58 R08: 00000000fffffffe R09: 00000000000001c1 R10: 0000000000000005 R11: 00000000000001c0 R12: ffff880139ab3d80 R13: 0000000000000000 R14: 0000700000000200 R15: 0000160000000000 FS: 00007f5195f50740(0000) GS:ffff88007dc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd450287000 CR3: 000000007a08e000 CR4: 00000000001406f0 Call Trace: page_add_anon_rmap+0x18/0x20 remove_migration_pte+0x220/0x2c0 rmap_walk_ksm+0x143/0x220 rmap_walk+0x55/0x60 remove_migration_ptes+0x53/0x80 migrate_pages+0x8ed/0xb60 soft_offline_page+0x309/0x8d0 store_soft_offline_page+0xaf/0xf0 dev_attr_store+0x18/0x30 sysfs_kf_write+0x3a/0x50 kernfs_fop_write+0xff/0x180 __vfs_write+0x37/0x160 vfs_write+0xb2/0x1b0 SyS_write+0x55/0xc0 do_syscall_64+0x67/0x180 entry_SYSCALL64_slow_path+0x25/0x25 RIP: 0033:0x7f51956339e0 RSP: 002b:00007ffcfa0dffc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f51956339e0 RDX: 000000000000000c RSI: 00007f5195f53000 RDI: 0000000000000001 RBP: 00007f5195f53000 R08: 000000000000000a R09: 00007f5195f50740 R10: 000000000000000b R11: 0000000000000246 R12: 00007f5195907400 R13: 000000000000000c R14: 0000000000000001 R15: 0000000000000000 Code: fe ff ff 48 81 c2 00 02 00 00 48 89 55 d8 e8 2e c3 fd ff 48 8b 55 d8 e9 42 ff ff ff 48 c7 c6 e0 52 a1 81 48 89 df e8 46 ad fe ff <0f> 0b 48 83 e8 01 e9 7f fe ff ff 48 83 e8 01 e9 96 fe ff ff 48 RIP: do_page_add_anon_rmap+0x1ba/0x260 RSP: ffffc90002473b30 ---[ end trace a679d00f4af2df48 ]--- Kernel panic - not syncing: Fatal exception Kernel Offset: disabled ---[ end Kernel panic - not syncing: Fatal exception The problem is in the following lines: new = page - pvmw.page->index + linear_page_index(vma, pvmw.address); The 'new' is calculated with 'page' which is given by the caller as a destination page and some offset adjustment for thp. But this doesn't properly work for ksm pages because pvmw.page->index doesn't change for each address but linear_page_index() changes, which means that 'new' points to different pages for each addresses backed by the ksm page. As a result, we try to set totally unrelated pages as destination pages, and that causes kernel crash. This patch fixes the miscalculation and makes ksm page migration work fine. Fixes: 3fe87967c536 ("mm: convert remove_migration_pte() to use page_vma_mapped_walk()") Link: http://lkml.kernel.org/r/1489717683-29905-1-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi Cc: Kirill A. Shutemov Cc: Michal Hocko Cc: Mel Gorman Cc: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/migrate.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 1493aa65ad076293722908f03bab3d4bf3dc3638 Author: Max Filippov Date: Fri Mar 31 16:26:21 2017 -0700 xtensa: wire up statx system call Signed-off-by: Max Filippov arch/xtensa/include/uapi/asm/unistd.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit e640cc306388b6f9dc8109d5c5d0550d7e69e5f7 Author: Max Filippov Date: Fri Mar 31 15:58:40 2017 -0700 xtensa: fix stack dump output Use %pB in pr_cont format string instead of calling print_symbol separately. It turns [ 19.166249] Call Trace: [ 19.167265] [] [ 19.167843] __warn+0x92/0xa0 [ 19.169656] [] [ 19.170059] warn_slowpath_fmt+0x3c/0x40 [ 19.171934] [] back into [ 18.123240] Call Trace: [ 18.125039] [] __warn+0x92/0xa0 [ 18.126961] [] warn_slowpath_fmt+0x3c/0x40 Signed-off-by: Max Filippov arch/xtensa/kernel/traps.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit fdad4e7a876a2cb3d2c1f04e5418c324e79fffef Author: Rafael J. Wysocki Date: Sat Apr 1 00:45:52 2017 +0200 ACPI / scan: Prefer devices without _HID for _ADR matching Commit c2a6bbaf0c5f (ACPI / scan: Prefer devices without _HID/_CID for _ADR matching) added a list_empty(&adev->pnp.ids) check to find_child_checks() so as to catch situations in which the ACPI core attempts to decode _ADR for a device having a _HID too which is strictly against the spec. However, it overlooked the fact that the adev->pnp.ids list for the devices taken into account by find_child_checks() may contain device IDs set internally by the kernel, like "LNXVIDEO" (thanks to Zhang Rui for that realization), and it broke the enumeration of those devices as a result. To unbreak it, replace the overly coarse grained list_empty() check with a much more precise check against the pnp.type.platform_id flag which is only set for devices having a _HID (that's how it should be done from the start, as having both _ADR and _CID is actually permitted). Fixes: c2a6bbaf0c5f (ACPI / scan: Prefer devices without _HID/_CID for _ADR matching) Link: https://bugzilla.kernel.org/show_bug.cgi?id=194889 Reported-and-tested-by: Mike Tested-by: Hans de Goede Cc: 4.10+ # 4.10+ Signed-off-by: Rafael J. Wysocki drivers/acpi/glue.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 46e1d5e972db830379533f4d2d282cbb812dbb9b Merge: c02ed2e 2f0ba79 293d264 Author: Rafael J. Wysocki Date: Fri Mar 31 23:00:53 2017 +0200 Merge branches 'pm-cpufreq-fixes' and 'pm-cpuidle-fixes' * pm-cpufreq-fixes: cpufreq: Fix creation of symbolic links to policy directories * pm-cpuidle-fixes: cpuidle: powernv: Pass correct drv->cpumask for registration commit a07930662e3097144d6cbbc1b9211867fd1a173e Merge: 08f63d9 61b79e1 7d64f82 Author: Rafael J. Wysocki Date: Fri Mar 31 22:50:14 2017 +0200 Merge branches 'acpi-hotplug-fixes', 'acpi-build-fixes' and 'acpi-apei-fixes' * acpi-hotplug-fixes: ACPI: Do not create a platform_device for IOAPIC/IOxAPIC ACPI: ioapic: Clear on-stack resource before using it * acpi-build-fixes: ACPI: Fix incompatibility with mcount-based function graph tracing * acpi-apei-fixes: ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal commit 86e3e83b443669dd2bcc5c8a83b23e3aa0694c0d Author: Sami Tolvanen Date: Fri Mar 31 12:32:45 2017 -0700 dm verity fec: fix bufio leaks Buffers read through dm_bufio_read() were not released in all code paths. Fixes: a739ff3f543a ("dm verity: add support for forward error correction") Cc: stable@vger.kernel.org # v4.5+ Signed-off-by: Sami Tolvanen Signed-off-by: Mike Snitzer drivers/md/dm-verity-fec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f9799ad21b5e4a41633f54dfab407ebb37abbd8a Merge: e39bccf f17f8a1 Author: Linus Torvalds Date: Fri Mar 31 12:29:03 2017 -0700 Merge tag 'nfs-for-4.11-3' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client fixes from Anna Schumaker: "Here are a few more bugfixes that came in over the last couple of weeks. Most of these fix various hangs and loops that people found, but we also had a few error handling fixes. Stable Bugfixes: - fix infinite loop on BAD_STATEID error Other Bugfixes: - fix old dentry rehash after move - fix pnfs GETDEVINFO hangs - fix pnfs fallback to MDS on commit errors - fix flexfiles kernel oops" * tag 'nfs-for-4.11-3' of git://git.linux-nfs.org/projects/anna/linux-nfs: nfs: flexfiles: fix kernel OOPS if MDS returns unsupported DS type NFSv4.1 fix infinite loop on IO BAD_STATEID error PNFS fix fallback to MDS if got error on commit to DS NFS filelayout:call GETDEVICEINFO after pnfs_layout_process completes NFS store nfs4_deviceid in struct nfs4_filelayout_segment NFS cleanup struct nfs4_filelayout_segment NFS: Fix old dentry rehash after move commit e39bccf20483ce3d6a55da23ab6dc3b7ad4f49e0 Merge: 035f0cd 9b3403a Author: Linus Torvalds Date: Fri Mar 31 12:21:48 2017 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "The main thing is a fix for a NULL dereference on systems that boot using spin-tables or the ACPI parking protocol, but there are also a couple of trivial one-liners too. We're currently debugging a page flags corruption issue under syzkaller, but we're still some way from fixing that as it's proving fiddly to reproduce. Summary: - fix cpu_die() NULL dereference when booting secondary CPUs using spin-table - remove redundant #include - remove obsolete .gitignore entry" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: drop non-existing vdso-offsets.h from .gitignore arm64: remove redundant header file in current.h arm64: fix NULL dereference in have_cpu_die() commit 035f0cd3f8d86db900cde083d8ed8a7b0ce1221a Merge: 728f4b3 9df0eb1 Author: Linus Torvalds Date: Fri Mar 31 12:11:32 2017 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes the following issues: - memory corruption when kmalloc fails in xts/lrw - mark some CCP DMA channels as private - fix reordering race in padata - regression in omap-rng DT description" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: xts,lrw - fix out-of-bounds write after kmalloc failure crypto: ccp - Make some CCP DMA channels private padata: avoid race in reordering dt-bindings: rng: clocks property on omap_rng not always mandatory commit 728f4b3aa6621aba12e9f9c2f006f2912a90463a Merge: 0fc04f91 d091876 Author: Linus Torvalds Date: Fri Mar 31 12:05:05 2017 -0700 Merge tag 'mmc-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "Here are a couple of mmc fixes intended for v4.11 rc5. MMC host: - sdhci: Fix bug when using SDIO IRQ - sdhci-of-at91: Fix eMMC DDR52 card detection" * tag 'mmc-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci-of-at91: fix MMC_DDR_52 timing selection mmc: sdhci: Disable runtime pm when the sdio_irq is enabled commit 0fc04f911374594de1c6b50cde53f5802241e668 Merge: eee551d 2f726ae Author: Linus Torvalds Date: Fri Mar 31 11:53:49 2017 -0700 Merge tag 'sound-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "At this time, most of changes are for ASoC, while we got one fix for yet another race of ALSA sequencer core and a usual HD-audio quirk. The ASoC changes are mostly small and device-specific fixes. A slightly large volume is seen in sun8i-codec, which is a new code in 4.11, and we'd like to fix user-visible stuff before the official 4.1 release" * tag 'sound-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (27 commits) ALSA: hda - fix a problem for lineout on a Dell AIO machine ASoC: simple-card: fix simple_dai clk lookup ASoC: STI: Fix reader substream pointer set ALSA: seq: Fix race during FIFO resize ARM: dts: sun8i: Update audio-routing with renamed widgets ASoC: sun8i-codec: Convert to use SND_SOC_DAPM_AIF_IN ASoC: sun8i-codec: Fix space on audio-routing widget ASoC: sun8i-codec: Update mixer to use SOC_DAPM_DOUBLE ASoC: sun8i-codec: Remove analog "HP" widget ASoC: rt5665: fix wrong shift rt5665_if2_1_adc_in_enum ASoC: rt5665: fix define of RT5665_HP_DRIVER_5X ASoC: rcar: dma: remove unnecessary "volatile" ASoC: rcar: clear DE bit only in PDMACHCR when it stops ASoC: rsnd: fix sound route path when using SRC6/SRC9 ASoC: don't dereference NULL pcm_{new,free} ASoC: rt5665: CLKDET is also a power of ASRC ASoC: rt5665: Vref3 is necessary for Mono Amp ASoC: rt5665: increase LDO level ASoC: rt5665: fix getting wrong work handler container ASoC: atmel-classd: fix audio clock rate ... commit eee551df28b4cf8e1a07d229a2e4c65649f11472 Merge: 5559394 4d20c33 Author: Linus Torvalds Date: Fri Mar 31 11:50:31 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - Wacom regression fixes, from Aaron Armstrong Skomra - new device ID addition by Peter Stein * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: wacom: call _query_tablet_data() for BAMBOO_TOUCH HID: wacom: Don't add ghost interface as shared data HID: xinmo: fix for out of range for THT 2P arcade controller. commit 5559394d18442bb4abce68348de662d222634022 Merge: d456226 3a2d782 Author: Linus Torvalds Date: Fri Mar 31 11:34:06 2017 -0700 Merge tag 'drm-fixes-for-v4.11-rc5' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Seems to be quietening down, which means someone will make a liar of me for rc6. Just one vc4, one etnvaiv, one radeon, and a few i915 GVT fixes, and one i915 normal fixes" * tag 'drm-fixes-for-v4.11-rc5' of git://people.freedesktop.org/~airlied/linux: drm/vc4: Allocate the right amount of space for boot-time CRTC state. drm/etnaviv: (re-)protect fence allocation with GPU mutex drm/radeon: Override fpfn for all VRAM placements in radeon_evict_flags drm/i915: Restore marking context objects as dirty on pinning drm/i915/gvt: Use force single submit flag to distinguish gvt request from i915 request drm/i915/gvt: set shadow entry to scratch page while p2m failed drm/i915/gvt: Fix guest fail to read EDID leading to black guest console issue. drm/i915/gvt: fix wrong offset when loading RCS mocs drm/i915/gvt: add write handler for mmio mbctl drm/i915/kvmgt: Hold struct kvm reference commit f17f8a14e82cdf34cd6473e3644f3c672b3884f6 Author: Tigran Mkrtchyan Date: Thu Mar 30 17:31:18 2017 +0200 nfs: flexfiles: fix kernel OOPS if MDS returns unsupported DS type this fix aims to fix dereferencing of a mirror in an error state when MDS returns unsupported DS type (IOW, not v3), which causes the following oops: [ 220.370709] BUG: unable to handle kernel NULL pointer dereference at 0000000000000065 [ 220.370842] IP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] [ 220.370920] PGD 0 [ 220.370972] Oops: 0000 [#1] SMP [ 220.371013] Modules linked in: nfnetlink_queue nfnetlink_log bluetooth nfs_layout_flexfiles rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables binfmt_misc intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel btrfs kvm arc4 snd_hda_codec_hdmi iwldvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate mac80211 xor uvcvideo [ 220.371814] videobuf2_vmalloc videobuf2_memops snd_hda_codec_idt mei_wdt videobuf2_v4l2 snd_hda_codec_generic iTCO_wdt ppdev videobuf2_core iTCO_vendor_support dell_rbtn dell_wmi iwlwifi sparse_keymap dell_laptop dell_smbios snd_hda_intel dcdbas videodev snd_hda_codec dell_smm_hwmon snd_hda_core media cfg80211 intel_uncore snd_hwdep raid6_pq snd_seq intel_rapl_perf snd_seq_device joydev i2c_i801 rfkill lpc_ich snd_pcm parport_pc mei_me parport snd_timer dell_smo8800 mei snd shpchp soundcore tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 nouveau mxm_wmi ttm i2c_algo_bit drm_kms_helper crc32c_intel e1000e drm sdhci_pci firewire_ohci sdhci serio_raw mmc_core firewire_core ptp crc_itu_t pps_core wmi fjes video [ 220.372568] CPU: 7 PID: 4988 Comm: cat Not tainted 4.10.5-200.fc25.x86_64 #1 [ 220.372647] Hardware name: Dell Inc. Latitude E6520/0J4TFW, BIOS A06 07/11/2011 [ 220.372729] task: ffff94791f6ea580 task.stack: ffffb72b88c0c000 [ 220.372802] RIP: 0010:ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] [ 220.372883] RSP: 0018:ffffb72b88c0f970 EFLAGS: 00010246 [ 220.372945] RAX: 0000000000000000 RBX: ffff9479015ca600 RCX: ffffffffffffffed [ 220.373025] RDX: ffffffffffffffed RSI: ffff9479753dc980 RDI: 0000000000000000 [ 220.373104] RBP: ffffb72b88c0f988 R08: 000000000001c980 R09: ffffffffc0ea6112 [ 220.373184] R10: ffffef17477d9640 R11: ffff9479753dd6c0 R12: ffff9479211c7440 [ 220.373264] R13: ffff9478f45b7790 R14: 0000000000000001 R15: ffff9479015ca600 [ 220.373345] FS: 00007f555fa3e700(0000) GS:ffff9479753c0000(0000) knlGS:0000000000000000 [ 220.373435] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 220.373506] CR2: 0000000000000065 CR3: 0000000196044000 CR4: 00000000000406e0 [ 220.373586] Call Trace: [ 220.373627] nfs4_ff_layout_prepare_ds+0x5e/0x200 [nfs_layout_flexfiles] [ 220.373708] ff_layout_pg_init_read+0x81/0x160 [nfs_layout_flexfiles] [ 220.373806] __nfs_pageio_add_request+0x11f/0x4a0 [nfs] [ 220.373886] ? nfs_create_request.part.14+0x37/0x330 [nfs] [ 220.373967] nfs_pageio_add_request+0xb2/0x260 [nfs] [ 220.374042] readpage_async_filler+0xaf/0x280 [nfs] [ 220.374103] read_cache_pages+0xef/0x1b0 [ 220.374166] ? nfs_read_completion+0x210/0x210 [nfs] [ 220.374239] nfs_readpages+0x129/0x200 [nfs] [ 220.374293] __do_page_cache_readahead+0x1d0/0x2f0 [ 220.374352] ondemand_readahead+0x17d/0x2a0 [ 220.374403] page_cache_sync_readahead+0x2e/0x50 [ 220.374460] generic_file_read_iter+0x6c8/0x950 [ 220.374532] ? nfs_mapping_need_revalidate_inode+0x17/0x40 [nfs] [ 220.374617] nfs_file_read+0x6e/0xc0 [nfs] [ 220.374670] __vfs_read+0xe2/0x150 [ 220.374715] vfs_read+0x96/0x130 [ 220.374758] SyS_read+0x55/0xc0 [ 220.374801] entry_SYSCALL_64_fastpath+0x1a/0xa9 [ 220.374856] RIP: 0033:0x7f555f570bd0 [ 220.374900] RSP: 002b:00007ffeb73e1b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 220.374986] RAX: ffffffffffffffda RBX: 00007f555f839ae0 RCX: 00007f555f570bd0 [ 220.375066] RDX: 0000000000020000 RSI: 00007f555fa41000 RDI: 0000000000000003 [ 220.375145] RBP: 0000000000021010 R08: ffffffffffffffff R09: 0000000000000000 [ 220.375226] R10: 00007f555fa40010 R11: 0000000000000246 R12: 0000000000022000 [ 220.375305] R13: 0000000000021010 R14: 0000000000001000 R15: 0000000000002710 [ 220.375386] Code: 66 66 90 55 48 89 e5 41 54 53 49 89 fc 48 83 ec 08 48 85 f6 74 2e 48 8b 4e 30 48 89 f3 48 81 f9 00 f0 ff ff 77 1e 48 85 c9 74 15 <48> 83 79 78 00 b8 01 00 00 00 74 2c 48 83 c4 08 5b 41 5c 5d c3 [ 220.375653] RIP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] RSP: ffffb72b88c0f970 [ 220.375748] CR2: 0000000000000065 [ 220.403538] ---[ end trace bcdca752211b7da9 ]--- Signed-off-by: Tigran Mkrtchyan Signed-off-by: Anna Schumaker fs/nfs/flexfilelayout/flexfilelayoutdev.c | 4 ++++ 1 file changed, 4 insertions(+) commit 0e3d3e5df07dcf8a50d96e0ecd6ab9a888f55dfc Author: Olga Kornievskaia Date: Thu Mar 30 13:49:03 2017 -0400 NFSv4.1 fix infinite loop on IO BAD_STATEID error Commit 63d63cbf5e03 "NFSv4.1: Don't recheck delegations that have already been checked" introduced a regression where when a client received BAD_STATEID error it would not send any TEST_STATEID and instead go into an infinite loop of resending the IO that caused the BAD_STATEID. Fixes: 63d63cbf5e03 ("NFSv4.1: Don't recheck delegations that have already been checked") Signed-off-by: Olga Kornievskaia Cc: stable@vger.kernel.org # 4.9+ Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 49e1590c2ead870f4ae5568816241c4cb9bc1606 Author: Paul Gortmaker Date: Mon Mar 27 19:39:10 2017 -0400 serial: 8250_EXAR: fix duplicate Kconfig text and add missing help text In commit d0aeaa83f0b0f7a92615bbdd6b1f96812f7dcfd2 ("serial: exar: split out the exar code from 8250_pci") the exar driver got its own Kconfig. However the text for the new option was never changed from the original 8250_PCI text, and hence it appears confusing when you get asked the same question twice: 8250/16550 PCI device support (SERIAL_8250_PCI) [Y/n/m/?] (NEW) 8250/16550 PCI device support (SERIAL_8250_EXAR) [Y/n/m] (NEW) Adding to the confusion, is that there is no help text for this new option to indicate it is specific to a certain family of cards. Fix both issues at the same time, as well as the space vs. tab issues introduced in the same commit. Fixes: d0aeaa83f0b0 ("serial: exar: split out the exar code from 8250_pci") Cc: Jiri Slaby Cc: linux-serial@vger.kernel.org Signed-off-by: Paul Gortmaker Acked-by: Sudip Mukherjee Reviewed-by: Andy Shevchenko Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/Kconfig | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 497e1e16f45c70574dc9922c7f75c642c2162119 Author: Nicolas Ferre Date: Mon Mar 20 16:38:57 2017 +0100 tty/serial: atmel: fix TX path in atmel_console_write() A side effect of 89d8232411a8 ("tty/serial: atmel_serial: BUG: stop DMA from transmitting in stop_tx") is that the console can be called with TX path disabled. Then the system would hang trying to push charecters out in atmel_console_putchar(). Signed-off-by: Nicolas Ferre Fixes: 89d8232411a8 ("tty/serial: atmel_serial: BUG: stop DMA from transmitting in stop_tx") Cc: stable #4.4+ Acked-by: Richard Genoud Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/atmel_serial.c | 3 +++ 1 file changed, 3 insertions(+) commit 31ca2c63fdc0aee725cbd4f207c1256f5deaabde Author: Richard Genoud Date: Mon Mar 20 11:52:41 2017 +0100 tty/serial: atmel: fix race condition (TX+DMA) If uart_flush_buffer() is called between atmel_tx_dma() and atmel_complete_tx_dma(), the circular buffer has been cleared, but not atmel_port->tx_len. That leads to a circular buffer overflow (dumping (UART_XMIT_SIZE - atmel_port->tx_len) bytes). Tested-by: Nicolas Ferre Signed-off-by: Richard Genoud Cc: stable # 3.12+ Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/atmel_serial.c | 5 +++++ 1 file changed, 5 insertions(+) commit a6040bc610554c66088fda3608ae5d6307c548e4 Author: Uwe Kleine-König Date: Mon Mar 20 10:05:38 2017 +0100 serial: mxs-auart: Fix baudrate calculation The reference manual for the i.MX28 recommends to calculate the divisor as divisor = (UARTCLK * 32) / baud rate, rounded to the nearest integer , so let's do this. For a typical setup of UARTCLK = 24 MHz and baud rate = 115200 this changes the divisor from 6666 to 6667 and so the actual baud rate improves from 115211.521 Bd (error ≅ 0.01 %) to 115194.240 Bd (error ≅ 0.005 %). Signed-off-by: Uwe Kleine-König Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/mxs-auart.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7a0c5c5b834fb60764b494b0e39c239da3b0774b Author: Dmitry Bilunov Date: Thu Mar 30 18:14:26 2017 +0300 dm raid: fix NULL pointer dereference for raid1 without bitmap Commit 4257e08 ("dm raid: support to change bitmap region size") introduced a bitmap resize call during preresume phase. User can create a DM device with "raid" target configured as raid1 with no metadata devices to hold superblock/bitmap info. It can be achieved using the following sequence: truncate -s 32M /dev/shm/raid-test LOOP=$(losetup --show -f /dev/shm/raid-test) dmsetup create raid-test-linear0 --table "0 1024 linear $LOOP 0" dmsetup create raid-test-linear1 --table "0 1024 linear $LOOP 1024" dmsetup create raid-test --table "0 1024 raid raid1 1 2048 2 - /dev/mapper/raid-test-linear0 - /dev/mapper/raid-test-linear1" This results in the following crash: [ 4029.110216] device-mapper: raid: Ignoring chunk size parameter for RAID 1 [ 4029.110217] device-mapper: raid: Choosing default region size of 4MiB [ 4029.111349] md/raid1:mdX: active with 2 out of 2 mirrors [ 4029.114770] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030 [ 4029.114802] IP: bitmap_resize+0x25/0x7c0 [md_mod] [ 4029.114816] PGD 0 … [ 4029.115059] Hardware name: Aquarius Pro P30 S85 BUY-866/B85M-E, BIOS 2304 05/25/2015 [ 4029.115079] task: ffff88015cc29a80 task.stack: ffffc90001a5c000 [ 4029.115097] RIP: 0010:bitmap_resize+0x25/0x7c0 [md_mod] [ 4029.115112] RSP: 0018:ffffc90001a5fb68 EFLAGS: 00010246 [ 4029.115127] RAX: 0000000000000005 RBX: 0000000000000000 RCX: 0000000000000000 [ 4029.115146] RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000000 [ 4029.115166] RBP: ffffc90001a5fc28 R08: 0000000800000000 R09: 00000008ffffffff [ 4029.115185] R10: ffffea0005661600 R11: ffff88015cc29a80 R12: ffff88021231f058 [ 4029.115204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 4029.115223] FS: 00007fe73a6b4740(0000) GS:ffff88021ea80000(0000) knlGS:0000000000000000 [ 4029.115245] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4029.115261] CR2: 0000000000000030 CR3: 0000000159a74000 CR4: 00000000001426e0 [ 4029.115281] Call Trace: [ 4029.115291] ? raid_iterate_devices+0x63/0x80 [dm_raid] [ 4029.115309] ? dm_table_all_devices_attribute.isra.23+0x41/0x70 [dm_mod] [ 4029.115329] ? dm_table_set_restrictions+0x225/0x2d0 [dm_mod] [ 4029.115346] raid_preresume+0x81/0x2e0 [dm_raid] [ 4029.115361] dm_table_resume_targets+0x47/0xe0 [dm_mod] [ 4029.115378] dm_resume+0xa8/0xd0 [dm_mod] [ 4029.115391] dev_suspend+0x123/0x250 [dm_mod] [ 4029.115405] ? table_load+0x350/0x350 [dm_mod] [ 4029.115419] ctl_ioctl+0x1c2/0x490 [dm_mod] [ 4029.115433] dm_ctl_ioctl+0xe/0x20 [dm_mod] [ 4029.115447] do_vfs_ioctl+0x8d/0x5a0 [ 4029.115459] ? ____fput+0x9/0x10 [ 4029.115470] ? task_work_run+0x79/0xa0 [ 4029.115481] SyS_ioctl+0x3c/0x70 [ 4029.115493] entry_SYSCALL_64_fastpath+0x13/0x94 The raid_preresume() function incorrectly assumes that the raid_set has a bitmap enabled if RT_FLAG_RS_BITMAP_LOADED is set. But RT_FLAG_RS_BITMAP_LOADED is getting set in __load_dirty_region_bitmap() even if there is no bitmap present (and bitmap_load() happily returns 0 even if a bitmap isn't present). So the only way forward in the near-term is to check if the bitmap is present by seeing if mddev->bitmap is not NULL after bitmap_load() has been called. By doing so the above NULL pointer is avoided. Fixes: 4257e08 ("dm raid: support to change bitmap region size") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Dmitry Bilunov Signed-off-by: Andrey Smetanin Acked-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer drivers/md/dm-raid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a89eae62254e56f4987ed920d4e1637ff86e7873 Merge: 920c634 4296989 Author: Thomas Gleixner Date: Fri Mar 31 16:54:48 2017 +0200 Merge tag 'irq-fixes-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent Pull irqchip fixes from Marc Zyngier - Fix mvebu-odmi dependency selection - Fix mips-gic virtual/hw mapping commit 42969893b45a7a1864192f5634a8d2626e546a7b Author: Matt Redfearn Date: Fri Mar 31 12:05:32 2017 +0100 irqchip/mips-gic: Fix Local compare interrupt Commit 4cfffcfa5106 ("irqchip/mips-gic: Fix local interrupts") added mapping of several local interrupts during initialisation of the gic driver. This associates virq numbers with these interrupts. Unfortunately, as not all of the interrupts are mapped in hardware order, when drivers subsequently request these interrupts they conflict with the mappings that have already been set up. For example, this manifests itself in the gic clocksource driver, which fails to probe with the message: clocksource: GIC: mask: 0xffffffffffffffff max_cycles: 0x7350c9738, max_idle_ns: 440795203769 ns GIC timer IRQ 25 setup failed: -22 This is because virq 25 (the correct IRQ number specified via device tree) was allocated to the PERFCTR interrupt (and 24 to the timer, 26 to the FDC). To fix this, map all of these local interrupts in the hardware order so as to associate their virq numbers with the correct hw interrupts. Fixes: 4cfffcfa5106 ("irqchip/mips-gic: Fix local interrupts") Acked-by: Ralf Baechle Signed-off-by: Matt Redfearn Signed-off-by: Marc Zyngier drivers/irqchip/irq-mips-gic.c | 4 ++++ 1 file changed, 4 insertions(+) commit ecf8e89917d600fe846ebda911a9e690c6babfd0 Author: Chris Wilson Date: Thu Mar 30 12:16:14 2017 +0100 drm/i915: Use a dummy timeline name for a signaled fence Michał Winiarski pointed out that the debugging infrastructure (such as trace_dma_fence_release) likes to pretty print the timeline name, long after we have freed the timeline. Our timelines currently live as part of the GTT (due to the strict ordering we currently use through each) which belong to the context. We aim to free the context and release its hardware resources as soon as we able to (i.e. when the last fence/request using it has been signaled and retired). As the .get_timeline_name is purely a debug feature, rather than extending the lifetime of the context, or splitting it into many different release phases just to keep the name around, replace the timeline name with a constant after the fence has been signaled. This avoids the potential use-after-free. Reported-by: Krzysztof Olinski Fixes: 80b204bce8f2 ("drm/i915: Enable multiple timelines") Signed-off-by: Chris Wilson Cc: Michał Winiarski Cc: Joonas Lahtinen Cc: # v4.10+ Link: http://patchwork.freedesktop.org/patch/msgid/20170330111614.29757-1-chris@chris-wilson.co.uk Reviewed-by: Joonas Lahtinen Reviewed-by: Michał Winiarski (cherry picked from commit 05506b5be081b728353f1612b05c8ff689772832) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_request.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 1383aeca92b72f4179420820c3a64dfb5909cc97 Author: Chris Wilson Date: Thu Mar 30 09:53:41 2017 +0100 drm/i915: Ironlake do_idle_maps w/a may be called w/o struct_mutex Since commit 1233e2db199d ("drm/i915: Move object backing storage manipulation to its own locking"), i915_gem_object_put_pages() and specifically the i915_gem_gtt_finish_pages() may be called from outside of the struct_mutex and so we can no longer pass I915_WAIT_LOCKED to i915_gem_wait_for_idle. Fixes: 1233e2db199d ("drm/i915: Move object backing storage manipulation to its own locking") Signed-off-by: Chris Wilson Cc: Chris Wilson Cc: Joonas Lahtinen Cc: Daniel Vetter Cc: Jani Nikula Cc: intel-gfx@lists.freedesktop.org Cc: # v4.10+ Link: http://patchwork.freedesktop.org/patch/msgid/20170330085341.20311-1-chris@chris-wilson.co.uk Reviewed-by: Joonas Lahtinen (cherry picked from commit 228ec87ccd040b620c467cd61d594bfaa4f8a12e) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_gtt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9ba2a6261de49588714a25f49db80bbe961b870a Author: Tina Zhang Date: Fri Mar 24 01:56:54 2017 -0400 drm/i915/gvt: remove the redundant info NULL check The variable info is never NULL, which is checked by the caller. This patch removes the redundant info NULL check logic. Fixes: 695fbc08d80f ("drm/i915/gvt: replace the gvt_err with gvt_vgpu_err") Signed-off-by: Tina Zhang Signed-off-by: Zhenyu Wang (cherry picked from commit 865f03d42ed0c90c9faf3301775176834ba13eba) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/gvt/kvmgt.c | 7 ------- 1 file changed, 7 deletions(-) commit 729a0cd45c886a8d1ae0b3063b20d525fc729523 Author: Zhenyu Wang Date: Mon Mar 27 17:41:02 2017 +0800 drm/i915/gvt: adjust mem size for low resolution type From commit d1a513be1f0a ("drm/i915/gvt: add resolution definition for vGPU type"), small type has been restricted to small resolution, so not require larger high GM size any more. Change to smaller 384M for more VM creation with vGPU enabled which still perform reasonable workload. Fixes: d1a513be1f0a ("drm/i915/gvt: add resolution definition for vGPU type") Signed-off-by: Zhenyu Wang (cherry picked from commit bf39ec335eb8cc51b4e1c9303ef92b380d204bb1) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/gvt/vgpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6c9a8cdad48a04795dbc35ac3370afa3180045ae Author: Chris Wilson Date: Mon Mar 27 21:21:43 2017 +0100 drm/i915: Avoid lock dropping between rescheduling Unlocking is dangerous. In this case we combine an early update to the out-of-queue request, because we know that it will be inserted into the correct FIFO priority-ordered slot when it becomes ready in the future. However, given sufficient enthusiasm, it may become ready as we are continuing to reschedule, and so may gazump the FIFO if we have since dropped its spinlock. The result is that it may be executed too early, before its dependencies. v2: Move all work into the second phase over the topological sort. This removes the shortcut on the out-of-rbtree request to ensure that we only adjust its priority after adjusting all of its dependencies. Fixes: 20311bd35060 ("drm/i915/scheduler: Execute requests in order of priorities") Testcase: igt/gem_exec_whisper Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: # v4.10+ Link: http://patchwork.freedesktop.org/patch/msgid/20170327202143.7972-1-chris@chris-wilson.co.uk Reviewed-by: Tvrtko Ursulin (cherry picked from commit a79a524e9260d4ffaff88348615e70fb3d393692) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_lrc.c | 53 ++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 29 deletions(-) commit 2f726aec19a9d2c63bec9a8a53a3910ffdcd09f8 Author: Hui Wang Date: Fri Mar 31 10:31:40 2017 +0800 ALSA: hda - fix a problem for lineout on a Dell AIO machine On this Dell AIO machine, the lineout jack does not work. We found the pin 0x1a is assigned to lineout on this machine, and in the past, we applied ALC298_FIXUP_DELL1_MIC_NO_PRESENCE to fix the heaset-set mic problem for this machine, this fixup will redefine the pin 0x1a to headphone-mic, as a result the lineout doesn't work anymore. After consulting with Dell, they told us this machine doesn't support microphone via headset jack, so we add a new fixup which only defines the pin 0x18 as the headset-mic. [rearranged the fixup insertion position by tiwai in order to make the merge with other branches easier -- tiwai] Fixes: 59ec4b57bcae ("ALSA: hda - Fix headset mic detection problem for two dell machines") Cc: Signed-off-by: Hui Wang Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 6b1cc946ddfcfc17d66c7d02eafa14deeb183437 Author: Zhengyi Shen Date: Wed Mar 29 15:00:20 2017 +0800 x86/boot: Include missing header file Sparse complains about missing forward declarations: arch/x86/boot/compressed/error.c:8:6: warning: symbol 'warn' was not declared. Should it be static? arch/x86/boot/compressed/error.c:15:6: warning: symbol 'error' was not declared. Should it be static? Include the missing header file. Signed-off-by: Zhengyi Shen Acked-by: Kess Cook Link: http://lkml.kernel.org/r/1490770820-24472-1-git-send-email-shenzhengyi@gmail.com Signed-off-by: Thomas Gleixner arch/x86/boot/compressed/error.c | 1 + 1 file changed, 1 insertion(+) commit 29f72ce3e4d18066ec75c79c857bee0618a3504b Author: Yazen Ghannam Date: Thu Mar 30 13:17:14 2017 +0200 x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs MCA bank 3 is reserved on systems pre-Fam17h, so it didn't have a name. However, MCA bank 3 is defined on Fam17h systems and can be accessed using legacy MSRs. Without a name we get a stack trace on Fam17h systems when trying to register sysfs files for bank 3 on kernels that don't recognize Scalable MCA. Call MCA bank 3 "decode_unit" since this is what it represents on Fam17h. This will allow kernels without SMCA support to see this bank on Fam17h+ and prevent the stack trace. This will not affect older systems since this bank is reserved on them, i.e. it'll be ignored. Tested on AMD Fam15h and Fam17h systems. WARNING: CPU: 26 PID: 1 at lib/kobject.c:210 kobject_add_internal kobject: (ffff88085bb256c0): attempted to be registered with empty name! ... Call Trace: kobject_add_internal kobject_add kobject_create_and_add threshold_create_device threshold_init_device Signed-off-by: Yazen Ghannam Signed-off-by: Borislav Petkov Link: http://lkml.kernel.org/r/1490102285-3659-1-git-send-email-Yazen.Ghannam@amd.com Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/mcheck/mce_amd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a2d78228a4fd3dadff2b528528aa8901f724a87 Merge: b61d607 6d6e500 Author: Dave Airlie Date: Fri Mar 31 17:29:26 2017 +1000 Merge tag 'drm-misc-fixes-2017-03-31' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes Just one vc4 fix from Eric, cc: stable * tag 'drm-misc-fixes-2017-03-31' of git://anongit.freedesktop.org/git/drm-misc: drm/vc4: Allocate the right amount of space for boot-time CRTC state. commit d19c4643a52f0a56a7ccc86b145f207a57f40116 Author: Mike Christie Date: Wed Mar 29 00:19:24 2017 -0500 target: Fix ALUA transition state race between multiple initiators Multiple threads could be writing to alua_access_state at the same time, or there could be multiple STPGs in flight (different initiators sending them or one initiator sending them to different ports), or a combo of both and the core_alua_do_transition_tg_pt calls will race with each other. Because from the last patches we no longer delay running core_alua_do_transition_tg_pt_work, there does not seem to be any point in running that in a workqueue. And, we always wait for it to complete one way or another, so we can sleep in this code path. So, this patch made over target-pending just adds a mutex and does the work core_alua_do_transition_tg_pt_work was doing in core_alua_do_transition_tg_pt. There is also no need to use an atomic for the tg_pt_gp_alua_access_state. In core_alua_do_transition_tg_pt we will test and set it under the transition mutex. And, it is a int/32 bits so in the other places where it is read, we will never see it partially updated. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_alua.c | 136 ++++++++++++---------------------- drivers/target/target_core_configfs.c | 2 +- include/target/target_core_base.h | 8 +- 3 files changed, 51 insertions(+), 95 deletions(-) commit 7a56dc8888be23f44158a85b92da45d545cbf548 Author: Sagi Grimberg Date: Wed Mar 22 17:07:30 2017 +0200 iser-target: avoid posting a recv buffer twice We pre-allocate our send-queues and might overflow them in case we have multi work-request operations which tend to occur for large RDMA transfers over devices with limited allowed sg elements. When we get to a queue-full condition we might retry again later, so track our receive buffers so we don't repost them for a retry case. Reported-by: Potnuri Bharat Teja Tested-by: Potnuri Bharat Teja Reviewed-by: Potnuri Bharat Teja Signed-off-by: Sagi Grimberg Signed-off-by: Nicholas Bellinger drivers/infiniband/ulp/isert/ib_isert.c | 12 ++++++++++++ drivers/infiniband/ulp/isert/ib_isert.h | 3 ++- 2 files changed, 14 insertions(+), 1 deletion(-) commit 555a65f66c3c4d9dd46a565418b0b655d861a723 Author: Nicholas Bellinger Date: Sun Oct 30 18:58:39 2016 -0700 iser-target: Fix queue-full response handling This patch addresses two queue-full handling bugs in iser-target. The first is propagating isert_rdma_rw_ctx_post() return back to target-core via isert_put_datain() + isert_get_dataout() callbacks, in order to trigger queue-full logic in target-core. Note target-core expects -EAGAIN or -ENOMEM error to signal RDMA WRITE/READ data-transfer callbacks should be retried, after queue-full logic been invoked. Other types of errors propagated up from RDMA RW API will result in target-core generating internal CHECK_CONDITION status, avoiding subsequent isert_put_datain() and isert_get_dataout() iscsit_transport callback retry attempts. The second is to use transport_generic_request_failure() during T10-PI hw-offload errors in isert_rdma_write_done() and isert_rdma_read_done(), so CHECK_CONDITION queue-full is handled internally by target-core. Also add isert_put_response() T10-PI failure case fixme in isert_rdma_write_done(), which is currently not internally retried or released until session reinstatement. Reported-by: Potnuri Bharat Teja Reviewed-by: Potnuri Bharat Teja Tested-by: Potnuri Bharat Teja Cc: Potnuri Bharat Teja Reported-by: Steve Wise Cc: Steve Wise Cc: Sagi Grimberg Signed-off-by: Nicholas Bellinger drivers/infiniband/ulp/isert/ib_isert.c | 53 ++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 18 deletions(-) commit a4467018c2a7228f4ef58051f0511bd037bff264 Author: Nicholas Bellinger Date: Sun Oct 30 17:30:08 2016 -0700 iscsi-target: Propigate queue_data_in + queue_status errors This patch changes iscsi-target to propagate iscsit_transport ->iscsit_queue_data_in() and ->iscsit_queue_status() callback errors, back up into target-core. This allows target-core to retry failed iscsit_transport callbacks using internal queue-full logic. Reported-by: Potnuri Bharat Teja Reviewed-by: Potnuri Bharat Teja Tested-by: Potnuri Bharat Teja Cc: Potnuri Bharat Teja Reported-by: Steve Wise Cc: Steve Wise Cc: Sagi Grimberg Signed-off-by: Nicholas Bellinger drivers/target/iscsi/iscsi_target.c | 3 +-- drivers/target/iscsi/iscsi_target_configfs.c | 13 +++++-------- drivers/target/iscsi/iscsi_target_util.c | 5 +++-- drivers/target/iscsi/iscsi_target_util.h | 2 +- 4 files changed, 10 insertions(+), 13 deletions(-) commit fa7e25cf13a6d0b82b5ed1008246f44d42e8422c Author: Nicholas Bellinger Date: Sun Oct 30 17:28:16 2016 -0700 target: Fix unknown fabric callback queue-full errors This patch fixes a set of queue-full response handling bugs, where outgoing responses are leaked when a fabric driver is propagating non -EAGAIN or -ENOMEM errors to target-core. It introduces TRANSPORT_COMPLETE_QF_ERR state used to signal when CHECK_CONDITION status should be generated, when fabric driver ->write_pending(), ->queue_data_in(), or ->queue_status() callbacks fail with non -EAGAIN or -ENOMEM errors, and data-transfer should not be retried. Note all fabric driver -EAGAIN and -ENOMEM errors are still retried indefinately with associated data-transfer callbacks, following existing queue-full logic. Also fix two missing ->queue_status() queue-full cases related to CMD_T_ABORTED w/ TAS status handling. Reported-by: Potnuri Bharat Teja Reviewed-by: Potnuri Bharat Teja Tested-by: Potnuri Bharat Teja Cc: Potnuri Bharat Teja Reported-by: Steve Wise Cc: Steve Wise Cc: Sagi Grimberg Signed-off-by: Nicholas Bellinger drivers/target/target_core_transport.c | 102 ++++++++++++++++++++++----------- include/target/target_core_base.h | 1 + 2 files changed, 69 insertions(+), 34 deletions(-) commit b61d60753dc6c7c62669ebb9cacd7dfa5313cd1e Merge: 4adf043 0abfe7e Author: Dave Airlie Date: Fri Mar 31 11:50:56 2017 +1000 Merge tag 'drm-intel-fixes-2017-03-29' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes drm/i915 fixes for v4.11-rc5 * tag 'drm-intel-fixes-2017-03-29' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: Restore marking context objects as dirty on pinning drm/i915/gvt: Use force single submit flag to distinguish gvt request from i915 request drm/i915/gvt: set shadow entry to scratch page while p2m failed drm/i915/gvt: Fix guest fail to read EDID leading to black guest console issue. drm/i915/gvt: fix wrong offset when loading RCS mocs drm/i915/gvt: add write handler for mmio mbctl drm/i915/kvmgt: Hold struct kvm reference commit 4adf04361b97ae198394cf44839e481aac317023 Merge: 7502add ce4b4f2 Author: Dave Airlie Date: Fri Mar 31 11:50:30 2017 +1000 Merge branch 'drm-fixes-4.11' of git://people.freedesktop.org/~agd5f/linux into drm-fixes One small fix for radeon. * 'drm-fixes-4.11' of git://people.freedesktop.org/~agd5f/linux: drm/radeon: Override fpfn for all VRAM placements in radeon_evict_flags commit 7502add2210f8cd9f761c9f25c46f566d1b7305e Merge: c02ed2e f3cd1b0 Author: Dave Airlie Date: Fri Mar 31 11:50:04 2017 +1000 Merge branch 'etnaviv/fixes' of https://git.pengutronix.de/git/lst/linux into drm-fixes a single fix to keep fence seqnos of completed jobs monotonically increasing, as expected in various locations of the driver code. Also tagged for stable. * 'etnaviv/fixes' of https://git.pengutronix.de/git/lst/linux: drm/etnaviv: (re-)protect fence allocation with GPU mutex commit 4c6fabda1ad1dec6d274c098ef0a91809c74f2e3 Author: Vineet Gupta Date: Thu Mar 30 10:02:57 2017 -0700 ARC: fix build warnings with !CONFIG_KPROBES | CC lib/nmi_backtrace.o | In file included from ../include/linux/kprobes.h:43:0, | from ../lib/nmi_backtrace.c:17: | ../arch/arc/include/asm/kprobes.h:57:13: warning: 'trap_is_kprobe' defined but not used [-Wunused-function] | static void trap_is_kprobe(unsigned long address, struct pt_regs *regs) | ^~~~~~~~~~~~~~ The warning started with 7d134b2ce6 ("kprobes: move kprobe declarations to asm-generic/kprobes.h") which started including unconditionally into exposing a stub function for !CONFIG_KPROBES to rest of world. Fix that by making the stub a macro Signed-off-by: Vineet Gupta arch/arc/include/asm/kprobes.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit c70c473396cbdec1168a6eff60e13029c0916854 Author: Alexey Brodkin Date: Wed Mar 29 17:15:11 2017 +0300 ARCv2: SLC: Make sure busy bit is set properly on SLC flushing As reported in STAR 9001165532, an SLC control reg read (for checking busy state) right after SLC invalidate command may incorrectly return NOT busy causing software to NOT spin-wait while operation is underway. (and for some reason this only happens if L1 cache is also disabled - as required by IOC programming model) Suggested workaround is to do an additional Control Reg read, which ensures the 2nd read gets the right status. Cc: stable@vger.kernel.org #4.10 Signed-off-by: Alexey Brodkin [vgupta: reworte changelog a bit] Signed-off-by: Vineet Gupta arch/arc/mm/cache.c | 3 +++ 1 file changed, 3 insertions(+) commit 0b98ca2a45e35dfe02f4512fa30b9f5a9900cb29 Author: Suresh Reddy Date: Thu Mar 30 00:58:32 2017 -0400 be2net: Fix endian issue in logical link config command Use cpu_to_le32() for link_config variable in set_logical_link_config command as this variable is of type u32. Signed-off-by: Suresh Reddy Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_cmds.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit d4562267b995fa3917717cc7773dad9c1f1ca658 Merge: 89970a0 9abb27c Author: Linus Torvalds Date: Thu Mar 30 15:08:38 2017 -0700 Merge tag 'pci-v4.11-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: - fix iProc memory corruption - fix ThunderX usage of unregistered PNP/ACPI ID - fix ThunderX resource reservation on early firmware * tag 'pci-v4.11-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: thunder-pem: Add legacy firmware support for Cavium ThunderX host controller PCI: thunder-pem: Use Cavium assigned hardware ID for ThunderX host controller PCI: iproc: Save host bridge window resource in struct iproc_pcie commit 2b83878dd74a7c73bedcb6600663c1c46836e8af Author: Max Filippov Date: Wed Mar 29 15:44:47 2017 -0700 xtensa: make __pa work with uncached KSEG addresses When __pa is applied to virtual address in uncached KSEG region the result is incorrect. Fix it by checking if the original address is in the uncached KSEG and adjusting the result. It looks better than masking off bits because pfn_valid would correctly work with new __pa results and it may be made working in noMMU case, once we get definition for uncached memory view. This is required for the dma_common_mmap and DMA debug code to work correctly: they both indirectly use __pa with coherent DMA addresses. In case of DMA debug the visible effect is false reports that an address mapped for DMA is accessed by CPU. Cc: stable@vger.kernel.org Tested-by: Boris Brezillon Reviewed-by: Boris Brezillon Signed-off-by: Max Filippov arch/xtensa/include/asm/page.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit d0918764c17b94c30bbb2619929b1719ff52707a Author: Ludovic Desroches Date: Tue Mar 28 11:00:45 2017 +0200 mmc: sdhci-of-at91: fix MMC_DDR_52 timing selection The controller has different timings for MMC_TIMING_UHS_DDR50 and MMC_TIMING_MMC_DDR52. Configuring the controller with SDHCI_CTRL_UHS_DDR50, when MMC_TIMING_MMC_DDR52 timings are requested, is not correct and can lead to unexpected behavior. Signed-off-by: Ludovic Desroches Fixes: bb5f8ea4d514 ("mmc: sdhci-of-at91: introduce driver for the Atmel SDMMC") Cc: # 4.4+ Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-at91.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 923713b357455cfb9aca2cd3429cb0806a724ed2 Author: Hans de Goede Date: Sun Mar 26 13:14:45 2017 +0200 mmc: sdhci: Disable runtime pm when the sdio_irq is enabled SDIO cards may need clock to send the card interrupt to the host. On a cherrytrail tablet with a RTL8723BS wifi chip, without this patch pinging the tablet results in: PING 192.168.1.14 (192.168.1.14) 56(84) bytes of data. 64 bytes from 192.168.1.14: icmp_seq=1 ttl=64 time=78.6 ms 64 bytes from 192.168.1.14: icmp_seq=2 ttl=64 time=1760 ms 64 bytes from 192.168.1.14: icmp_seq=3 ttl=64 time=753 ms 64 bytes from 192.168.1.14: icmp_seq=4 ttl=64 time=3.88 ms 64 bytes from 192.168.1.14: icmp_seq=5 ttl=64 time=795 ms 64 bytes from 192.168.1.14: icmp_seq=6 ttl=64 time=1841 ms 64 bytes from 192.168.1.14: icmp_seq=7 ttl=64 time=810 ms 64 bytes from 192.168.1.14: icmp_seq=8 ttl=64 time=1860 ms 64 bytes from 192.168.1.14: icmp_seq=9 ttl=64 time=812 ms 64 bytes from 192.168.1.14: icmp_seq=10 ttl=64 time=48.6 ms Where as with this patch I get: PING 192.168.1.14 (192.168.1.14) 56(84) bytes of data. 64 bytes from 192.168.1.14: icmp_seq=1 ttl=64 time=3.96 ms 64 bytes from 192.168.1.14: icmp_seq=2 ttl=64 time=1.97 ms 64 bytes from 192.168.1.14: icmp_seq=3 ttl=64 time=17.2 ms 64 bytes from 192.168.1.14: icmp_seq=4 ttl=64 time=2.46 ms 64 bytes from 192.168.1.14: icmp_seq=5 ttl=64 time=2.83 ms 64 bytes from 192.168.1.14: icmp_seq=6 ttl=64 time=1.40 ms 64 bytes from 192.168.1.14: icmp_seq=7 ttl=64 time=2.10 ms 64 bytes from 192.168.1.14: icmp_seq=8 ttl=64 time=1.40 ms 64 bytes from 192.168.1.14: icmp_seq=9 ttl=64 time=2.04 ms 64 bytes from 192.168.1.14: icmp_seq=10 ttl=64 time=1.40 ms Cc: Dong Aisheng Cc: Ian W MORRISON Signed-off-by: Hans de Goede Acked-by: Adrian Hunter Acked-by: Dong Aisheng Cc: stable@vger.kernel.org Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 9b3403ae56e13cdf45252f34db196a8f5f52b6ac Author: Masahiro Yamada Date: Fri Mar 31 02:44:17 2017 +0900 arm64: drop non-existing vdso-offsets.h from .gitignore Since commit a66649dab350 ("arm64: fix vdso-offsets.h dependency"), include/generated/vdso-offsets.h is directly generated without arch/arm64/kernel/vdso/vdso-offsets.h. Signed-off-by: Masahiro Yamada Signed-off-by: Will Deacon arch/arm64/kernel/vdso/.gitignore | 1 - 1 file changed, 1 deletion(-) commit 34d04f25a98cbc1065e87f10d94798bbe9a8af94 Author: Shaokun Zhang Date: Thu Mar 30 20:41:49 2017 +0800 arm64: remove redundant header file in current.h Commint 9d84fb27fa1 ("arm64: restore get_current() optimisation") has removed read_sysreg() and asm/sysreg.h is redundant. This patch removes asm/sysreg.h header file. Acked-by: Mark Rutland Signed-off-by: Shaokun Zhang Signed-off-by: Will Deacon arch/arm64/include/asm/current.h | 2 -- 1 file changed, 2 deletions(-) commit 3dbcc105d5561e18ccd0842c7baab1c835562a37 Author: Xin Long Date: Thu Mar 30 01:00:53 2017 +0800 sctp: alloc stream info when initializing asoc When sending a msg without asoc established, sctp will send INIT packet first and then enqueue chunks. Before receiving INIT_ACK, stream info is not yet alloced. But enqueuing chunks needs to access stream info, like out stream state and out stream cnt. This patch is to fix it by allocing out stream info when initializing an asoc, allocing in stream and re-allocing out stream when processing init. Signed-off-by: Xin Long Signed-off-by: David S. Miller include/net/sctp/structs.h | 3 ++- net/sctp/associola.c | 7 ++++++- net/sctp/sm_make_chunk.c | 9 ++------- net/sctp/stream.c | 43 +++++++++++++++++++++++++++++++++++-------- 4 files changed, 45 insertions(+), 17 deletions(-) commit bcc5364bdcfe131e6379363f089e7b4108d35b70 Author: Andrey Konovalov Date: Wed Mar 29 16:11:22 2017 +0200 net/packet: fix overflow in check for tp_reserve When calculating po->tp_hdrlen + po->tp_reserve the result can overflow. Fix by checking that tp_reserve <= INT_MAX on assign. Signed-off-by: Andrey Konovalov Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/packet/af_packet.c | 2 ++ 1 file changed, 2 insertions(+) commit 8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b Author: Andrey Konovalov Date: Wed Mar 29 16:11:21 2017 +0200 net/packet: fix overflow in check for tp_frame_nr When calculating rb->frames_per_block * req->tp_block_nr the result can overflow. Add a check that tp_block_size * tp_block_nr <= UINT_MAX. Since frames_per_block <= tp_block_size, the expression would never overflow. Signed-off-by: Andrey Konovalov Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/packet/af_packet.c | 2 ++ 1 file changed, 2 insertions(+) commit 2b6867c2ce76c596676bec7d2d525af525fdc6e2 Author: Andrey Konovalov Date: Wed Mar 29 16:11:20 2017 +0200 net/packet: fix overflow in check for priv area size Subtracting tp_sizeof_priv from tp_block_size and casting to int to check whether one is less then the other doesn't always work (both of them are unsigned ints). Compare them as is instead. Also cast tp_sizeof_priv to u64 before using BLK_PLUS_PRIV, as it can overflow inside BLK_PLUS_PRIV otherwise. Signed-off-by: Andrey Konovalov Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/packet/af_packet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9dfcce42b09cde01b2b1f5527ed91112a04a8ab0 Merge: 2d7d540 2ddaa676 Author: Takashi Iwai Date: Thu Mar 30 20:03:25 2017 +0200 Merge tag 'asoc-fix-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v4.11 A relatively large pile of fixes for mainline, the first since the merge window. The biggest block of changes here by volume is the sun8i-codec set, the driver was newly added in the merge window but it was realized that renaming some of the user visible controls was required so these are being pushed for v4.11 to avoid the original code appearing in a release. Otherwise it's all fairly standard bugfix stuff. commit fabbbee0eb0f4b763576ac1e2db4fc3bf6dcc0cc Author: Olga Kornievskaia Date: Thu Mar 30 10:10:55 2017 -0400 PNFS fix fallback to MDS if got error on commit to DS Upong receiving some errors (EACCES) on commit to the DS the code doesn't fallback to MDS and intead retrieds to the same DS again. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker fs/nfs/filelayout/filelayout.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d77facb88448cdeaaa3adba5b9704a48ac2ac8d6 Author: Arend Van Spriel Date: Tue Mar 28 09:11:30 2017 +0100 brcmfmac: use local iftype avoiding use-after-free of virtual interface A use-after-free was found using KASAN. In brcmf_p2p_del_if() the virtual interface is removed using call to brcmf_remove_interface(). After that the virtual interface instance has been freed and should not be referenced. Solve this by storing the nl80211 iftype in local variable, which is used in a couple of places anyway. Cc: stable@vger.kernel.org # 4.10.x, 4.9.x Reported-by: Daniel J Blueman Reviewed-by: Hante Meuleman Reviewed-by: Pieter-Paul Giesberts Reviewed-by: Franky Lin Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 893dc68f1b18451e6d550b1884fc6be76e1bb90c Author: Larry Finger Date: Tue Mar 21 09:24:11 2017 -0500 rtlwifi: Fix scheduling while atomic splat Following commit cceb0a597320 ("rtlwifi: Add work queue for c2h cmd."), the following BUG is reported when rtl8723be is used: BUG: sleeping function called from invalid context at mm/slab.h:432 in_atomic(): 1, irqs_disabled(): 1, pid: 0, name: swapper/0 CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W O 4.11.0-rc3-wl+ #276 Hardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.50 09/29/2014 Call Trace: dump_stack+0x63/0x89 ___might_sleep+0xe9/0x130 __might_sleep+0x4a/0x90 kmem_cache_alloc_trace+0x19f/0x200 ? rtl_c2hcmd_enqueue+0x3e/0x110 [rtlwifi] rtl_c2hcmd_enqueue+0x3e/0x110 [rtlwifi] rtl8723be_c2h_packet_handler+0xac/0xc0 [rtl8723be] rtl8723be_rx_command_packet+0x37/0x5c [rtl8723be] _rtl_pci_rx_interrupt+0x200/0x6b0 [rtl_pci] _rtl_pci_interrupt+0x20c/0x5d0 [rtl_pci] __handle_irq_event_percpu+0x3f/0x1d0 handle_irq_event_percpu+0x23/0x60 handle_irq_event+0x3c/0x60 handle_fasteoi_irq+0xa2/0x170 handle_irq+0x20/0x30 do_IRQ+0x48/0xd0 common_interrupt+0x89/0x89 ... Although commit cceb0a597320 converted most c2h commands to use a work queue, the Bluetooth coexistence routines can be in atomic mode when they execute such a call. Fixes: cceb0a597320 ("rtlwifi: Add work queue for c2h cmd.") Signed-off-by: Larry Finger Cc: Ping-Ke Shih Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtlwifi/base.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit d8a531cf79df5bf3b0fc2e6559cfeee9c1238152 Merge: 6be3b6c 4d33998 Author: Kalle Valo Date: Thu Mar 30 19:38:15 2017 +0300 Merge tag 'iwlwifi-for-kalle-2017-03-29' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes iwlwifi fixes for 4.11 Here are three patches intended for 4.11. The first one is an RCU fix by Sari. The second one is a fix for a potential out-of-bounds access crash by Dan. And finally, the third and bigger one, is a fix for IBSS, which has been broken since DQA was enabled in the driver. commit 335d2c2d192266358c5dfa64953a4c162f46e464 Author: Mark Salter Date: Fri Mar 24 09:53:56 2017 -0400 arm64: fix NULL dereference in have_cpu_die() Commit 5c492c3f5255 ("arm64: smp: Add function to determine if cpus are stuck in the kernel") added a helper function to determine if die() is supported in cpu_ops. This function assumes a cpu will have a valid cpu_ops entry, but that may not be the case for cpu0 is spin-table or parking protocol is used to boot secondary cpus. In that case, there is a NULL dereference if have_cpu_die() is called by cpu0. So add a check for a valid cpu_ops before dereferencing it. Fixes: 5c492c3f5255 ("arm64: smp: Add function to determine if cpus are stuck in the kernel") Signed-off-by: Mark Salter Signed-off-by: Will Deacon arch/arm64/kernel/smp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6d6e500391875cc372336c88e9a8af377be19c36 Author: Eric Anholt Date: Tue Mar 28 13:13:43 2017 -0700 drm/vc4: Allocate the right amount of space for boot-time CRTC state. Without this, the first modeset would dereference past the allocation when trying to free the mm node. Signed-off-by: Eric Anholt Tested-by: Stefan Wahren Link: http://patchwork.freedesktop.org/patch/msgid/20170328201343.4884-1-eric@anholt.net Fixes: d8dbf44f13b9 ("drm/vc4: Make the CRTCs cooperate on allocating display lists.") Cc: # v4.6+ Reviewed-by: Daniel Vetter drivers/gpu/drm/vc4/vc4_crtc.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit d43e85b7d7c759a01f92fa09bba5d6eb6e406795 Author: Arnd Bergmann Date: Tue Mar 28 12:15:41 2017 +0200 ARM: orion5x: only call into phylib when available Board code cannot call mdiobus_register_board_info() when phylib or mdio_device is a loadable module: arch/arm/plat-orion/common.o: In function `orion_ge00_switch_init': :(.init.text+0x474): undefined reference to `mdiobus_register_board_info' I had a number of ideas for how this could be solved, but after the MDIO code got split out from PHYLIB it has gotten too hard, so I'm basically giving up, and only call the mdiobus_register_board_info() function if the MDIO layer is built-in to avoid the link error. This is similar to how we handle PHY registration on other ARM platforms. Fixes: 90eff9096c01 ("net: phy: Allow splitting MDIO bus/device support from PHYs") Fixes: 648ea0134069 ("net: phy: Allow pre-declaration of MDIO devices") Signed-off-by: Arnd Bergmann Signed-off-by: Gregory CLEMENT arch/arm/mach-orion5x/Kconfig | 1 + arch/arm/plat-orion/common.c | 5 +++++ 2 files changed, 6 insertions(+) commit 0bf9e1270b56b2376ba3b16d951cd0ed7c573f54 Merge: 97da385 dbe4d69 Author: Wolfram Sang Date: Thu Mar 30 16:53:48 2017 +0200 Merge branch 'i2c-mux/for-current' of https://github.com/peda-r/i2c-mux into i2c/for-current Pull in changes for 4.11 from the i2c-mux subsubsystem: "Here are some changes for the pca954x driver. It's a revert of the un-endorsed ACPI support and a fixup in the handling of PCA9546." commit ac77a0c463c1d7d659861f7b6d1261970dd3282a Author: Minchan Kim Date: Thu Mar 30 14:20:45 2017 +0900 block: do not put mq context in blk_mq_alloc_request_hctx In blk_mq_alloc_request_hctx, blk_mq_sched_get_request doesn't get sw context so we don't need to put the context with blk_mq_put_ctx. Unless, we will see preempt counter underflow. Cc: Omar Sandoval Signed-off-by: Minchan Kim Reviewed-by: Sagi Grimberg Signed-off-by: Jens Axboe block/blk-mq.c | 1 - 1 file changed, 1 deletion(-) commit 3f135e57a4f76d24ae8d8a490314331f0ced40c5 Author: Josh Poimboeuf Date: Thu Mar 16 14:31:33 2017 -0500 x86/build: Mostly disable '-maccumulate-outgoing-args' The GCC '-maccumulate-outgoing-args' flag is enabled for most configs, mostly because of issues which are no longer relevant. For most configs, and with most recent versions of GCC, it's no longer needed. Clarify which cases need it, and only enable it for those cases. Also produce a compile-time error for the ftrace graph + mcount + '-Os' case, which will otherwise cause runtime failures. The main benefit of '-maccumulate-outgoing-args' is that it prevents an ugly prologue for functions which have aligned stacks. But removing the option also has some benefits: more readable argument saves, smaller text size, and (presumably) slightly improved performance. Here are the object size savings for 32-bit and 64-bit defconfig kernels: text data bss dec hex filename 10006710 3543328 1773568 15323606 e9d1d6 vmlinux.x86-32.before 9706358 3547424 1773568 15027350 e54c96 vmlinux.x86-32.after text data bss dec hex filename 10652105 4537576 843776 16033457 f4a6b1 vmlinux.x86-64.before 10639629 4537576 843776 16020981 f475f5 vmlinux.x86-64.after That comes out to a 3% text size improvement on x86-32 and a 0.1% text size improvement on x86-64. Signed-off-by: Josh Poimboeuf Cc: Andrew Lutomirski Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: Linus Torvalds Cc: Pavel Machek Cc: Peter Zijlstra Cc: Steven Rostedt Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170316193133.zrj6gug53766m6nn@treble Signed-off-by: Ingo Molnar arch/x86/Makefile | 35 +++++++++++++++++++++++++++++++---- arch/x86/Makefile_32.cpu | 18 ------------------ arch/x86/kernel/ftrace.c | 6 ++++++ scripts/Kbuild.include | 4 ++++ 4 files changed, 41 insertions(+), 22 deletions(-) commit f85726905745fb4f6e15c68e2ade9da5390f8d89 Author: Changbin Du Date: Thu Mar 30 11:32:05 2017 +0800 drm/i915/gvt: exclude cfg space from failsafe mode When test GVTg as below scenario: VM boot --> failsafe --> kill qemu --> VM boot. Qemu report error at the second boot: ERROR: PCI region size must be pow2 type=0x0, size=0x1fa1000 Qemu need access PCI_ROM_ADDRESS reg to determine the size of expansion PCI rom. The mechanism just like the BAR reg (write-read) and we should return the size 0 since we have no rom. If we reject the write to PCI_ROM_ADDRESS, Qemu cannot get the correct size of rom. Essentially, GVTg failsafe mode should not break PCI function. So we exclude cfg space from failsafe mode. This can fix above issue. v2: add Fixes and Bugzilla link. Fixes: fd64be636708d ("drm/i915/gvt: introduced failsafe mode into vgpu") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=100296 Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cfg_space.c | 3 --- 1 file changed, 3 deletions(-) commit e7e11f99564222d82f0ce84bd521e57d78a6b678 Author: Li Qiang Date: Mon Mar 27 20:10:53 2017 -0700 drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() In vmw_surface_define_ioctl(), the 'num_sizes' is the sum of the 'req->mip_levels' array. This array can be assigned any value from the user space. As both the 'num_sizes' and the array is uint32_t, it is easy to make 'num_sizes' overflow. The later 'mip_levels' is used as the loop count. This can lead an oob write. Add the check of 'req->mip_levels' to avoid this. Cc: Signed-off-by: Li Qiang Reviewed-by: Thomas Hellstrom drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 53e16798b0864464c5444a204e1bb93ae246c429 Author: Thomas Hellstrom Date: Mon Mar 27 13:06:05 2017 +0200 drm/vmwgfx: Remove getparam error message The mesa winsys sometimes uses unimplemented parameter requests to check for features. Remove the error message to avoid bloating the kernel log. Cc: Signed-off-by: Thomas Hellstrom Reviewed-by: Brian Paul Reviewed-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c | 2 -- 1 file changed, 2 deletions(-) commit 3ce7803cf3a7bc52c0eb9f516de8b72a0305ad57 Author: Thomas Hellstrom Date: Mon Mar 27 12:38:25 2017 +0200 drm/ttm: Avoid calling drm_ht_remove from atomic context On recent kernels, calling drm_ht_remove triggers a might_sleep() warning from within vfree(). So avoid calling it from atomic context. The use-cases we fix here are both from destructors so there should be no concurrent use of the hash tables. Signed-off-by: Thomas Hellstrom Reviewed-by: Brian Paul Reviewed-by: Sinclair Yeh drivers/gpu/drm/ttm/ttm_object.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit fe25deb7737ce6c0879ccf79c99fa1221d428bf2 Author: Thomas Hellstrom Date: Mon Mar 27 11:21:25 2017 +0200 drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces Previously, when a surface was opened using a legacy (non prime) handle, it was verified to have been created by a client in the same master realm. Relax this so that opening is also allowed recursively if the client already has the surface open. This works around a regression in svga mesa where opening of a shared surface is used recursively to obtain surface information. Cc: Signed-off-by: Thomas Hellstrom Reviewed-by: Sinclair Yeh drivers/gpu/drm/ttm/ttm_object.c | 10 +++++++--- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 6 ++---- drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 4 ++-- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 22 +++++++++------------- include/drm/ttm/ttm_object.h | 5 ++++- 5 files changed, 24 insertions(+), 23 deletions(-) commit 63774069d9527a1aeaa4aa20e929ef5e8e9ecc38 Author: Murray McAllister Date: Mon Mar 27 11:15:12 2017 +0200 drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl() In vmw_get_cap_3d_ioctl(), a user can supply 0 for a size that is used in vzalloc(). This eventually calls dump_stack() (in warn_alloc()), which can leak useful addresses to dmesg. Add check to avoid a size of 0. Cc: Signed-off-by: Murray McAllister Reviewed-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 36274ab8c596f1240c606bb514da329add2a1bcd Author: Murray McAllister Date: Mon Mar 27 11:12:53 2017 +0200 drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() Before memory allocations vmw_surface_define_ioctl() checks the upper-bounds of a user-supplied size, but does not check if the supplied size is 0. Add check to avoid NULL pointer dereferences. Cc: Signed-off-by: Murray McAllister Reviewed-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f7652afa8eadb416b23eb57dec6f158529942041 Author: Thomas Hellstrom Date: Mon Mar 27 11:09:08 2017 +0200 drm/vmwgfx: Type-check lookups of fence objects A malicious caller could otherwise hand over handles to other objects causing all sorts of interesting problems. Testing done: Ran a Fedora 25 desktop using both Xorg and gnome-shell/Wayland. Cc: Signed-off-by: Thomas Hellstrom Reviewed-by: Sinclair Yeh drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 77 +++++++++++++++++++++++------------ 1 file changed, 50 insertions(+), 27 deletions(-) commit 4d20c332de377fa5b06c46f6f34174c10dd998e4 Author: Aaron Armstrong Skomra Date: Wed Mar 29 11:41:28 2017 -0700 HID: wacom: call _query_tablet_data() for BAMBOO_TOUCH Commit a544c619a54b ("HID: wacom: do not attempt to switch mode while in probe") introduces delayed work for querying (setting the mode) on all tablets. Bamboo Touch (056a:00d0) has a ghost interface which claims to be a pen device. Though this device can be removed, we have to set the mode on the ghost pen interface before we remove it. After the aforementioned delay was introduced the device was being removed before the mode setting could be executed. Signed-off-by: Aaron Armstrong Skomra Signed-off-by: Jiri Kosina drivers/hid/wacom_sys.c | 2 ++ 1 file changed, 2 insertions(+) commit 8b4073596997f2ccbf68d8e72e07b827388a4536 Author: Aaron Armstrong Skomra Date: Wed Mar 29 10:35:39 2017 -0700 HID: wacom: Don't add ghost interface as shared data A previous commit (below) adds a check for already probed interfaces to Wacom's matching heuristic. Unfortunately this causes the Bamboo Pen (CTL-460) to match itself to its 'ghost' touch interface. After subsequent changes to the driver this match to the ghost causes the kernel to crash. This patch avoids calling wacom_add_shared_data() for the BAMBOO_PEN's ghost touch interface. Fixes: 41372d5d40e7 ("HID: wacom: Augment 'oVid' and 'oPid' with heuristics for HID_GENERIC") Cc: stable # 4.9 Signed-off-by: Aaron Armstrong Skomra Signed-off-by: Jiri Kosina drivers/hid/wacom_sys.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 693bdaa164b40b7aa6018b98af6f7e40dbd52457 Author: Dmitry Torokhov Date: Thu Mar 23 13:21:38 2017 -0700 ACPI / gpio: do not fall back to parsing _CRS when we get a deferral If, while locating GPIOs by name, we get probe deferral, we should immediately report it to caller rather than trying to fall back to parsing unnamed GPIOs from _CRS block. Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov Acked-by: Mika Westerberg Acked-and-Tested-by: Hans de Goede Signed-off-by: Linus Walleij drivers/gpio/gpiolib-acpi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8a146fbe1f1461aebc9b8f06a0f22e1a8a4f0dd1 Author: Hans de Goede Date: Fri Mar 24 11:08:47 2017 +0100 gpio: acpi: Call enable_irq_wake for _IAE GpioInts with Wake set On Bay Trail / Cherry Trail systems with a LID switch, the LID switch is often connect to a gpioint handled by an _IAE event handler. Before this commit such systems would not wake up when opening the lid, requiring the powerbutton to be pressed after opening the lid to wakeup. Note that Bay Trail / Cherry Trail systems use suspend-to-idle, so the interrupts are generated anyway on those lines on lid switch changes, but they are treated by the IRQ subsystem as spurious while suspended if not marked as wakeup IRQs. This commit calls enable_irq_wake() for _IAE GpioInts with a valid event handler which have their Wake flag set. This fixes such systems not waking up when opening the lid. Signed-off-by: Hans de Goede Acked-by: Mika Westerberg Reviewed-by: Andy Shevchenko Signed-off-by: Linus Walleij drivers/gpio/gpiolib-acpi.c | 6 ++++++ 1 file changed, 6 insertions(+) commit abe342a5b4b5aa579f6bf40ba73447c699e6b579 Author: Xiubo Li Date: Mon Mar 27 17:07:41 2017 +0800 tcmu: Fix wrongly calculating of the base_command_size The t_data_nents and t_bidi_data_nents are the numbers of the segments, but it couldn't be sure the block size equals to size of the segment. For the worst case, all the blocks are discontiguous and there will need the same number of iovecs, that's to say: blocks == iovs. So here just set the number of iovs to block count needed by tcmu cmd. Tested-by: Ilias Tsitsimpis Reviewed-by: Mike Christie Signed-off-by: Xiubo Li Cc: stable@vger.kernel.org # 3.18+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit ab22d2604c86ceb01bb2725c9860b88a7dd383bb Author: Xiubo Li Date: Mon Mar 27 17:07:40 2017 +0800 tcmu: Fix possible overwrite of t_data_sg's last iov[] If there has BIDI data, its first iov[] will overwrite the last iov[] for se_cmd->t_data_sg. To fix this, we can just increase the iov pointer, but this may introuduce a new memory leakage bug: If the se_cmd->data_length and se_cmd->t_bidi_data_sg->length are all not aligned up to the DATA_BLOCK_SIZE, the actual length needed maybe larger than just sum of them. So, this could be avoided by rounding all the data lengthes up to DATA_BLOCK_SIZE. Reviewed-by: Mike Christie Tested-by: Ilias Tsitsimpis Reviewed-by: Bryant G. Ly Signed-off-by: Xiubo Li Cc: stable@vger.kernel.org # 3.18+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) commit 49cb77e297dc611a1b795cfeb79452b3002bd331 Author: Nicholas Bellinger Date: Mon Mar 27 16:12:43 2017 -0700 target: Avoid mappedlun symlink creation during lun shutdown This patch closes a race between se_lun deletion during configfs unlink in target_fabric_port_unlink() -> core_dev_del_lun() -> core_tpg_remove_lun(), when transport_clear_lun_ref() blocks waiting for percpu_ref RCU grace period to finish, but a new NodeACL mappedlun is added before the RCU grace period has completed. This can happen in target_fabric_mappedlun_link() because it only checks for se_lun->lun_se_dev, which is not cleared until after transport_clear_lun_ref() percpu_ref RCU grace period finishes. This bug originally manifested as NULL pointer dereference OOPsen in target_stat_scsi_att_intr_port_show_attr_dev() on v4.1.y code, because it dereferences lun->lun_se_dev without a explicit NULL pointer check. In post v4.1 code with target-core RCU conversion, the code in target_stat_scsi_att_intr_port_show_attr_dev() no longer uses se_lun->lun_se_dev, but the same race still exists. To address the bug, go ahead and set se_lun>lun_shutdown as early as possible in core_tpg_remove_lun(), and ensure new NodeACL mappedlun creation in target_fabric_mappedlun_link() fails during se_lun shutdown. Reported-by: James Shen Cc: James Shen Tested-by: James Shen Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_fabric_configfs.c | 5 +++++ drivers/target/target_core_tpg.c | 4 ++++ include/target/target_core_base.h | 1 + 3 files changed, 10 insertions(+) commit efb2ea770bb3b0f40007530bc8b0c22f36e1c5eb Author: Nicholas Bellinger Date: Thu Mar 23 17:19:24 2017 -0700 iscsi-target: Fix TMR reference leak during session shutdown This patch fixes a iscsi-target specific TMR reference leak during session shutdown, that could occur when a TMR was quiesced before the hand-off back to iscsi-target code via transport_cmd_check_stop_to_fabric(). The reference leak happens because iscsit_free_cmd() was incorrectly skipping the final target_put_sess_cmd() for TMRs when transport_generic_free_cmd() returned zero because the se_cmd->cmd_kref did not reach zero, due to the missing se_cmd assignment in original code. The result was iscsi_cmd and it's associated se_cmd memory would be freed once se_sess->sess_cmd_map where released, but the associated se_tmr_req was leaked and remained part of se_device->dev_tmr_list. This bug would manfiest itself as kernel paging request OOPsen in core_tmr_lun_reset(), when a left-over se_tmr_req attempted to dereference it's se_cmd pointer that had already been released during normal session shutdown. To address this bug, go ahead and treat ISCSI_OP_SCSI_CMD and ISCSI_OP_SCSI_TMFUNC the same when there is an extra se_cmd->cmd_kref to drop in iscsit_free_cmd(), and use op_scsi to signal __iscsit_free_cmd() when the former needs to clear any further iscsi related I/O state. Reported-by: Rob Millner Cc: Rob Millner Reported-by: Chu Yuan Lin Cc: Chu Yuan Lin Tested-by: Chu Yuan Lin Cc: stable@vger.kernel.org # 3.10+ Signed-off-by: Nicholas Bellinger drivers/target/iscsi/iscsi_target_util.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit afea03fcf3d5db8a968f4b97797b8b83ada0dba3 Author: Manish Narani Date: Mon Mar 20 15:05:29 2017 +0530 usb: gadget: Correct usb EP argument for BOT status request This patch corrects the argument in usb_ep_free_request as it is mistakenly set to ep_out. It should be ep_in for status request. Signed-off-by: Manish Narani Acked-by: Felipe Balbi Signed-off-by: Nicholas Bellinger drivers/usb/gadget/function/f_tcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 740372b76e7966604e0f4dd0de13135513024f0d Author: Nicholas Bellinger Date: Mon Mar 20 21:04:05 2017 -0700 tcmu: Allow cmd_time_out to be set to zero (disabled) The new cmd_time_out configfs attribute for TCMU is allowed to be disabled, so go ahead and drop the tcmu_cmd_time_out_store() check. Reported-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 5 ----- 1 file changed, 5 deletions(-) commit c3d9fda688742c06e89aa1f0f8fd943fc11468cb Author: Felix Fietkau Date: Mon Mar 6 10:04:25 2017 +0100 ubifs: Fix RENAME_WHITEOUT support Remove faulty leftover check in do_rename(), apparently introduced in a merge that combined whiteout support changes with commit f03b8ad8d386 ("fs: support RENAME_NOREPLACE for local filesystems") Fixes: f03b8ad8d386 ("fs: support RENAME_NOREPLACE for local filesystems") Fixes: 9e0a1fff8db5 ("ubifs: Implement RENAME_WHITEOUT") Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 3 --- 1 file changed, 3 deletions(-) commit 33fda9fa9fb081fae165348f32e3244414991fad Author: Hyunchul Lee Date: Wed Mar 15 10:31:05 2017 +0900 ubifs: Fix debug messages for an invalid filename in ubifs_dump_inode instead of filenames, print inode numbers, file types, and length. Signed-off-by: Hyunchul Lee Signed-off-by: Richard Weinberger fs/ubifs/debug.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit e328379a18c5293c123bc56c32f19f9365384686 Author: Hyunchul Lee Date: Wed Mar 15 10:31:04 2017 +0900 ubifs: Fix debug messages for an invalid filename in ubifs_dump_node if a character is not printable, print '?' instead of that. Signed-off-by: Hyunchul Lee Signed-off-by: Richard Weinberger fs/ubifs/debug.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit b20e2d9999506bb445e9958efa407e84d1a579cc Author: Hyunchul Lee Date: Wed Mar 15 10:31:03 2017 +0900 ubifs: Remove filename from debug messages in ubifs_readdir if filename is encrypted, filename could have no printable characters. so remove it. Signed-off-by: Hyunchul Lee Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 63ed657362509b54635fe17af980fba722a008d8 Author: Richard Weinberger Date: Fri Feb 10 17:46:01 2017 +0100 ubifs: Fix memory leak in error path in ubifs_mknod When fscrypt_setup_filename() fails we have to free dev. Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 9cd9a21ce070be8a918ffd3381468315a7a76ba6 Author: Sebastian Siewior Date: Wed Feb 22 17:15:21 2017 +0100 ubi/upd: Always flush after prepared for an update In commit 6afaf8a484cb ("UBI: flush wl before clearing update marker") I managed to trigger and fix a similar bug. Now here is another version of which I assumed it wouldn't matter back then but it turns out UBI has a check for it and will error out like this: |ubi0 warning: validate_vid_hdr: inconsistent used_ebs |ubi0 error: validate_vid_hdr: inconsistent VID header at PEB 592 All you need to trigger this is? "ubiupdatevol /dev/ubi0_0 file" + a powercut in the middle of the operation. ubi_start_update() sets the update-marker and puts all EBs on the erase list. After that userland can proceed to write new data while the old EB aren't erased completely. A powercut at this point is usually not that much of a tragedy. UBI won't give read access to the static volume because it has the update marker. It will most likely set the corrupted flag because it misses some EBs. So we are all good. Unless the size of the image that has been written differs from the old image in the magnitude of at least one EB. In that case UBI will find two different values for `used_ebs' and refuse to attach the image with the error message mentioned above. So in order not to get in the situation, the patch will ensure that we wait until everything is removed before it tries to write any data. The alternative would be to detect such a case and remove all EBs at the attached time after we processed the volume-table and see the update-marker set. The patch looks bigger and I doubt it is worth it since usually the write() will wait from time to time for a new EB since usually there not that many spare EB that can be used. Cc: stable@vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Richard Weinberger drivers/mtd/ubi/upd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit d09c5373e8e4eaaa09233552cbf75dc4c4f21203 Author: Heiko Carstens Date: Mon Mar 27 09:48:04 2017 +0200 s390/uaccess: get_user() should zero on failure (again) Commit fd2d2b191fe7 ("s390: get_user() should zero on failure") intended to fix s390's get_user() implementation which did not zero the target operand if the read from user space faulted. Unfortunately the patch has no effect: the corresponding inline assembly specifies that the operand is only written to ("=") and the previous value is discarded. Therefore the compiler is free to and actually does omit the zero initialization. To fix this simply change the contraint modifier to "+", so the compiler cannot omit the initialization anymore. Fixes: c9ca78415ac1 ("s390/uaccess: provide inline variants of get_user/put_user") Fixes: fd2d2b191fe7 ("s390: get_user() should zero on failure") Cc: stable@vger.kernel.org Cc: Al Viro Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/uaccess.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b79c52aef3cdee903017c1e9834b53996d70010e Author: Zhi Wang Date: Thu Mar 30 01:48:39 2017 +0800 drm/i915/gvt: Activate/de-activate vGPU in mdev ops. This patch introduces two functions for activating/de-activating vGPU in mdev ops. A racing condition was found between virtual vblank emulation and KVGMT mdev release path. V-blank emulation will emulate and inject V-blank interrupt for every active vGPU with holding gvt->lock, while in mdev release path, it will directly release hypervisor handle without changing vGPU status or taking gvt->lock, so a kernel oops is encountered when vblank emulation is injecting a interrupt with a invalid hypervisor handle. (Reported by Terrence) To solve this problem, we factor out vGPU activation/de-activation from vGPU creation/destruction path and let KVMGT mdev release ops de-activate the vGPU before release hypervisor handle. Once a vGPU is de-activated, GVT-g will not emulate v-blank for it or touch the hypervisor handle. Fixes: 659643f ("drm/i915/gvt/kvmgt: add vfio/mdev support to KVMGT") Signed-off-by: Zhi Wang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gvt.c | 2 ++ drivers/gpu/drm/i915/gvt/gvt.h | 5 ++++- drivers/gpu/drm/i915/gvt/kvmgt.c | 4 ++++ drivers/gpu/drm/i915/gvt/vgpu.c | 43 +++++++++++++++++++++++++++++++++++----- 4 files changed, 48 insertions(+), 6 deletions(-) commit 89970a04d70c6c9e5e4492fd4096c0b5630a478c Merge: 806276b 3ea3217 Author: Linus Torvalds Date: Wed Mar 29 19:59:49 2017 -0700 Merge branch 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal management fixes from Zhang Rui: - Fix a potential deadlock in cpu_cooling driver, which was introduced in 4.11-rc1. (Matthew Wilcox) - Fix the cpu_cooling and devfreq_cooling code to handle possible error return value from OPP calls, together with three minor fixes in the same patch series. (Viresh Kumar) * 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: thermal: cpu_cooling: Check OPP for errors thermal: cpu_cooling: Replace dev_warn with dev_err thermal: devfreq: Check OPP for errors thermal: devfreq_cooling: Replace dev_warn with dev_err thermal: devfreq: Simplify expression thermal: Fix potential deadlock in cpu_cooling commit 8f1f7eeb22c16a197159cf7b35d1350695193ead Merge: 358e78b 77c1c03 Author: David S. Miller Date: Wed Mar 29 14:35:25 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains a rather large update with Netfilter fixes, specifically targeted to incorrect RCU usage in several spots and the userspace conntrack helper infrastructure (nfnetlink_cthelper), more specifically they are: 1) expect_class_max is incorrect set via cthelper, as in kernel semantics mandate that this represents the array of expectation classes minus 1. Patch from Liping Zhang. 2) Expectation policy updates via cthelper are currently broken for several reasons: This code allows illegal changes in the policy such as changing the number of expeciation classes, it is leaking the updated policy and such update occurs with no RCU protection at all. Fix this by adding a new nfnl_cthelper_update_policy() that describes what is really legal on the update path. 3) Fix several memory leaks in cthelper, from Jeffy Chen. 4) synchronize_rcu() is missing in the removal path of several modules, this may lead to races since CPU may still be running on code that has just gone. Also from Liping Zhang. 5) Don't use the helper hashtable from cthelper, it is not safe to walk over those bits without the helper mutex. Fix this by introducing a new independent list for userspace helpers. From Liping Zhang. 6) nf_ct_extend_unregister() needs synchronize_rcu() to make sure no packets are walking on any conntrack extension that is gone after module removal, again from Liping. 7) nf_nat_snmp may crash if we fail to unregister the helper due to accidental leftover code, from Gao Feng. 8) Fix leak in nfnetlink_queue with secctx support, from Liping Zhang. ==================== Signed-off-by: David S. Miller commit 806276b7f07a39a1cc3f38bb1ef5c573d4594a38 Merge: 52b9c81 abbbdf1 Author: Linus Torvalds Date: Wed Mar 29 14:30:19 2017 -0700 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Five fixes for this series: - a fix from me to ensure that blk-mq drivers that terminate IO in their ->queue_rq() handler by returning QUEUE_ERROR don't stall with a scheduler enabled. - four nbd fixes from Josef and Ratna, fixing various problems that are critical enough to go in for this cycle. They have been well tested" * 'for-linus' of git://git.kernel.dk/linux-block: nbd: replace kill_bdev() with __invalidate_device() nbd: set queue timeout properly nbd: set rq->errors to actual error code nbd: handle ERESTARTSYS properly blk-mq: include errors in did_work calculation commit 358e78b5f445c35f5b7f9241425fb499ee9fe3e2 Author: Zakharov Vlad Date: Wed Mar 29 13:41:46 2017 +0300 ezchip: nps_enet: check if napi has been completed After a new NAPI_STATE_MISSED state was added to NAPI we can get into this state and in such case we have to reschedule NAPI as some work is still pending and we have to process it. napi_complete_done() function returns false if we have to reschedule something (e.g. in case we were in MISSED state) as current polling have not been completed yet. nps_enet driver hasn't been verifying the return value of napi_complete_done() and has been forcibly enabling interrupts. That is not correct as we should not enable interrupts before we have processed all scheduled work. As a result we were getting trapped in interrupt hanlder chain as we had never been able to disabale ethernet interrupts again. So this patch makes nps_enet_poll() func verify return value of napi_complete_done() and enable interrupts only in case all scheduled work has been completed. Signed-off-by: Vlad Zakharov Signed-off-by: David S. Miller drivers/net/ethernet/ezchip/nps_enet.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit a1801cc83f351bc12c6acebf1164be2de6810379 Merge: e91793b 3ed3a83 Author: David S. Miller Date: Wed Mar 29 14:05:34 2017 -0700 Merge branch 'bnxt_en-fixes' Michael Chan says: ==================== bnxt_en: Small misc. fixes. Fix a NULL pointer crash in open failure path, wrong arguments when printing error messages, and a DMA unmap bug in XDP shutdown path. ==================== Signed-off-by: David S. Miller commit 3ed3a83e3f3871c57b18cef09b148e96921236ed Author: Michael Chan Date: Tue Mar 28 19:47:31 2017 -0400 bnxt_en: Fix DMA unmapping of the RX buffers in XDP mode during shutdown. In bnxt_free_rx_skbs(), which is called to free up all RX buffers during shutdown, we need to unmap the page if we are running in XDP mode. Fixes: c61fb99cae51 ("bnxt_en: Add RX page mode support.") Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit 23e12c893489ed12ecfccbf866fc62af1bead4b0 Author: Sankar Patchineelam Date: Tue Mar 28 19:47:30 2017 -0400 bnxt_en: Correct the order of arguments to netdev_err() in bnxt_set_tpa() Signed-off-by: Sankar Patchineelam Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2247925f0942dc4e7c09b1cde45ca18461d94c5f Author: Sankar Patchineelam Date: Tue Mar 28 19:47:29 2017 -0400 bnxt_en: Fix NULL pointer dereference in reopen failure path Net device reset can fail when the h/w or f/w is in a bad state. Subsequent netdevice open fails in bnxt_hwrm_stat_ctx_alloc(). The cleanup invokes bnxt_hwrm_resource_free() which inturn calls bnxt_disable_int(). In this routine, the code segment if (ring->fw_ring_id != INVALID_HW_RING_ID) BNXT_CP_DB(cpr->cp_doorbell, cpr->cp_raw_cons); results in NULL pointer dereference as cpr->cp_doorbell is not yet initialized, and fw_ring_id is zero. The fix is to initialize cpr fw_ring_id to INVALID_HW_RING_ID before bnxt_init_chip() is invoked. Signed-off-by: Sankar Patchineelam Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 293d264f13cbde328d5477f49e3103edbc1dc191 Author: Vaidyanathan Srinivasan Date: Thu Mar 23 20:52:46 2017 +0530 cpuidle: powernv: Pass correct drv->cpumask for registration drv->cpumask defaults to cpu_possible_mask in __cpuidle_driver_init(). On PowerNV platform cpu_present could be less than cpu_possible in cases where firmware detects the cpu, but it is not available to the OS. When CONFIG_HOTPLUG_CPU=n, such cpus are not hotplugable at runtime and hence we skip creating cpu_device. This breaks cpuidle on powernv where register_cpu() is not called for cpus in cpu_possible_mask that cannot be hot-added at runtime. Trying cpuidle_register_device() on cpu without cpu_device will cause crash like this: cpu 0xf: Vector: 380 (Data SLB Access) at [c000000ff1503490] pc: c00000000022c8bc: string+0x34/0x60 lr: c00000000022ed78: vsnprintf+0x284/0x42c sp: c000000ff1503710 msr: 9000000000009033 dar: 6000000060000000 current = 0xc000000ff1480000 paca = 0xc00000000fe82d00 softe: 0 irq_happened: 0x01 pid = 1, comm = swapper/8 Linux version 4.11.0-rc2 (sv@sagarika) (gcc version 4.9.4 (Buildroot 2017.02-00004-gc28573e) ) #15 SMP Fri Mar 17 19:32:02 IST 2017 enter ? for help [link register ] c00000000022ed78 vsnprintf+0x284/0x42c [c000000ff1503710] c00000000022ebb8 vsnprintf+0xc4/0x42c (unreliable) [c000000ff1503800] c00000000022ef40 vscnprintf+0x20/0x44 [c000000ff1503830] c0000000000ab61c vprintk_emit+0x94/0x2cc [c000000ff15038a0] c0000000000acc9c vprintk_func+0x60/0x74 [c000000ff15038c0] c000000000619694 printk+0x38/0x4c [c000000ff15038e0] c000000000224950 kobject_get+0x40/0x60 [c000000ff1503950] c00000000022507c kobject_add_internal+0x60/0x2c4 [c000000ff15039e0] c000000000225350 kobject_init_and_add+0x70/0x78 [c000000ff1503a60] c00000000053c288 cpuidle_add_sysfs+0x9c/0xe0 [c000000ff1503ae0] c00000000053aeac cpuidle_register_device+0xd4/0x12c [c000000ff1503b30] c00000000053b108 cpuidle_register+0x98/0xcc [c000000ff1503bc0] c00000000085eaf0 powernv_processor_idle_init+0x140/0x1e0 [c000000ff1503c60] c00000000000cd60 do_one_initcall+0xc0/0x15c [c000000ff1503d20] c000000000833e84 kernel_init_freeable+0x1a0/0x25c [c000000ff1503dc0] c00000000000d478 kernel_init+0x24/0x12c [c000000ff1503e30] c00000000000b564 ret_from_kernel_thread+0x5c/0x78 This patch fixes the bug by passing correct cpumask from powernv-cpuidle driver. Signed-off-by: Vaidyanathan Srinivasan Reviewed-by: Gautham R. Shenoy Acked-by: Michael Ellerman [ rjw: Comment massage ] Signed-off-by: Rafael J. Wysocki drivers/cpuidle/cpuidle-powernv.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 52b9c816807abd46c285cd8ab183fe93194bfb3f Merge: 72c3373 f843ee6 Author: Linus Torvalds Date: Wed Mar 29 13:26:22 2017 -0700 Merge branch 'apw' (xfrm_user fixes) Merge xfrm_user validation fixes from Andy Whitcroft: "Two patches we are applying to Ubuntu for XFRM_MSG_NEWAE validation issue reported by ZDI. The first of these is the primary fix, and the second is for a more theoretical issue that Kees pointed out when reviewing the first" * emailed patches from Andy Whitcroft : xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window commit 41a75a6eb2bf4e75e0d93862171bebb3ca4efec7 Merge: e1699d2 457ae72 Author: Chris Mason Date: Wed Mar 29 13:10:25 2017 -0700 Merge branch 'for-chris-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.11 commit 476e75a44b56038bee9207242d4bc718f6b4de06 Author: Helge Deller Date: Wed Mar 29 08:25:30 2017 +0200 parisc: Avoid stalled CPU warnings after system shutdown Commit 73580dac7618 ("parisc: Fix system shutdown halt") introduced an endless loop for systems which don't provide a software power off function. But the soft lockup detector will detect this and report stalled CPUs after some time. Avoid those unwanted warnings by disabling the soft lockup detector. Fixes: 73580dac7618 ("parisc: Fix system shutdown halt") Signed-off-by: Helge Deller Cc: stable@vger.kernel.org # 4.9+ arch/parisc/kernel/process.c | 2 ++ 1 file changed, 2 insertions(+) commit d19f5e41b344a057bb2450024a807476f30978d2 Author: Helge Deller Date: Sat Mar 25 11:59:15 2017 +0100 parisc: Clean up fixup routines for get_user()/put_user() Al Viro noticed that userspace accesses via get_user()/put_user() can be simplified a lot with regard to usage of the exception handling. This patch implements a fixup routine for get_user() and put_user() in such that the exception handler will automatically load -EFAULT into the register %r8 (the error value) in case on a fault on userspace. Additionally the fixup routine will zero the target register on fault in case of a get_user() call. The target register is extracted out of the faulting assembly instruction. This patch brings a few benefits over the old implementation: 1. Exception handling gets much cleaner, easier and smaller in size. 2. Helper functions like fixup_get_user_skip_1 (all of fixup.S) can be dropped. 3. No need to hardcode %r9 as target register for get_user() any longer. This helps the compiler register allocator and thus creates less assembler statements. 4. No dependency on the exception_data contents any longer. 5. Nested faults will be handled cleanly. Reported-by: Al Viro Cc: # v4.9+ Signed-off-by: Helge Deller arch/parisc/include/asm/uaccess.h | 59 +++++++++++++---------- arch/parisc/kernel/parisc_ksyms.c | 10 ---- arch/parisc/lib/Makefile | 2 +- arch/parisc/lib/fixup.S | 98 --------------------------------------- arch/parisc/mm/fault.c | 17 +++++++ 5 files changed, 52 insertions(+), 134 deletions(-) commit 554bfeceb8a22d448cd986fc9efce25e833278a1 Author: Helge Deller Date: Wed Mar 29 21:41:05 2017 +0200 parisc: Fix access fault handling in pa_memcpy() pa_memcpy() is the major memcpy implementation in the parisc kernel which is used to do any kind of userspace/kernel memory copies. Al Viro noticed various bugs in the implementation of pa_mempcy(), most notably that in case of faults it may report back to have copied more bytes than it actually did. Fixing those bugs is quite hard in the C-implementation, because the compiler is messing around with the registers and we are not guaranteed that specific variables are always in the same processor registers. This makes proper fault handling complicated. This patch implements pa_memcpy() in assembler. That way we have correct fault handling and adding a 64-bit copy routine was quite easy. Runtime tested with 32- and 64bit kernels. Reported-by: Al Viro Cc: # v4.9+ Signed-off-by: John David Anglin Signed-off-by: Helge Deller arch/parisc/lib/lusercopy.S | 318 ++++++++++++++++++++++++++++++ arch/parisc/lib/memcpy.c | 461 +------------------------------------------- 2 files changed, 321 insertions(+), 458 deletions(-) commit 3cc070c1c81948b33ebe2ea68cd39307ce2b312d Author: afzal mohammed Date: Thu Mar 23 13:49:32 2017 +0100 ARM: 8665/1: nommu: access ID_PFR1 only if CPUID scheme Greg upon trying to boot no-MMU Kernel on ARM926EJ reported boot failure. He root caused it to ID_PFR1 access introduced by the commit mentioned in the fixes tag below. All CP15 processors need not have processor feature registers, only for architectures defined by CPUID scheme would have it. Hence check for it before accessing processor feature register, ID_PFR1. Fixes: f8300a0b5de0 ("ARM: 8647/2: nommu: dynamic exception base address setting") Reported-by: Greg Ungerer Signed-off-by: afzal mohammed Tested-by: Greg Ungerer Signed-off-by: Russell King arch/arm/mm/nommu.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 916a008b4b8ecc02fbd035cfb133773dba1ff3d7 Author: Russell King Date: Wed Mar 29 17:12:47 2017 +0100 ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory dma_get_sgtable() tries to create a scatterlist table containing valid struct page pointers for the coherent memory allocation passed in to it. However, memory can be declared via dma_declare_coherent_memory(), or via other reservation schemes which means that coherent memory is not guaranteed to be backed by struct pages. In such cases, the resulting scatterlist table contains pointers to invalid pages, which causes kernel oops later. This patch adds detection of such memory, and refuses to create a scatterlist table for such memory. Reported-by: Shuah Khan Signed-off-by: Russell King arch/arm/mm/dma-mapping.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit e91793bb615cf6cdd59c0b6749fe173687bb0947 Author: Guillaume Nault Date: Wed Mar 29 08:45:29 2017 +0200 l2tp: purge socket queues in the .destruct() callback The Rx path may grab the socket right before pppol2tp_release(), but nothing guarantees that it will enqueue packets before skb_queue_purge(). Therefore, the socket can be destroyed without its queues fully purged. Fix this by purging queues in pppol2tp_session_destruct() where we're guaranteed nothing is still referencing the socket. Fixes: 9e9cb6221aa7 ("l2tp: fix userspace reception on plain L2TP sockets") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ppp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 94d7ee0baa8b764cf64ad91ed69464c1a6a0066b Author: Guillaume Nault Date: Wed Mar 29 08:44:59 2017 +0200 l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 The code following l2tp_tunnel_find() expects that a new reference is held on sk. Either sk_receive_skb() or the discard_put error path will drop a reference from the tunnel's socket. This issue exists in both l2tp_ip and l2tp_ip6. Fixes: a3c18422a4b4 ("l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ip.c | 5 +++-- net/l2tp/l2tp_ip6.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) commit 72c33734b5fa8a788734ad2312a89b944589c5a0 Merge: fe82203 d3805c5 Author: Linus Torvalds Date: Wed Mar 29 08:55:25 2017 -0700 Merge branch 'regset' (PTRACE_SETREGSET data leakage) Merge PTRACE_SETREGSET leakage fixes from Dave Martin: "This series is the collection of fixes I proposed on this topic, that have not yet appeared upstream or in the stable branches, The issue can leak kernel stack, but doesn't appear to allow userspace to attack the kernel directly. The affected architectures are c6x, h8300, metag, mips and sparc. [ Mark Salter points out that c6x has no MMU or other mechanism to prevent userspace access to kernel code or data on c6x, but it doesn't hurt to clean that case up too. ] The bugs arise from use of user_regset_copyin(). Users of user_regset_copyin() can work in one of two ways: 1) Copy directly to thread_struct or equivalent. (This seems to be the design assumption of the regset API, and is the most common approach.) 2) Copy to a local variable and then transfer to thread_struct. (A significant minority of cases.) Buggy code typically involves approach 2" * emailed patches from Dave Martin : sparc/ptrace: Preserve previous registers for short regset write mips/ptrace: Preserve previous registers for short regset write metag/ptrace: Reject partial NT_METAG_RPIPE writes metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS metag/ptrace: Preserve previous registers for short regset write h8300/ptrace: Fix incorrect register transfer count c6x/ptrace: Remove useless PTRACE_SETREGSET implementation commit d3805c546b275c8cc7d40f759d029ae92c7175f2 Author: Dave Martin Date: Mon Mar 27 15:10:59 2017 +0100 sparc/ptrace: Preserve previous registers for short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Signed-off-by: Dave Martin Acked-by: David S. Miller Signed-off-by: Linus Torvalds arch/sparc/kernel/ptrace_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d614fd58a2834cfe4efa472c33c8f3ce2338b09b Author: Dave Martin Date: Mon Mar 27 15:10:58 2017 +0100 mips/ptrace: Preserve previous registers for short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Signed-off-by: Dave Martin Signed-off-by: Linus Torvalds arch/mips/kernel/ptrace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7195ee3120d878259e8d94a5d9f808116f34d5ea Author: Dave Martin Date: Mon Mar 27 15:10:57 2017 +0100 metag/ptrace: Reject partial NT_METAG_RPIPE writes It's not clear what behaviour is sensible when doing partial write of NT_METAG_RPIPE, so just don't bother. This patch assumes that userspace will never rely on a partial SETREGSET in this case, since it's not clear what should happen anyway. Signed-off-by: Dave Martin Acked-by: James Hogan Signed-off-by: Linus Torvalds arch/metag/kernel/ptrace.c | 2 ++ 1 file changed, 2 insertions(+) commit 5fe81fe98123ce41265c65e95d34418d30d005d1 Author: Dave Martin Date: Mon Mar 27 15:10:56 2017 +0100 metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill TXSTATUS, a well-defined default value is used, based on the task's current value. Suggested-by: James Hogan Signed-off-by: Dave Martin Signed-off-by: Linus Torvalds arch/metag/kernel/ptrace.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit a78ce80d2c9178351b34d78fec805140c29c193e Author: Dave Martin Date: Mon Mar 27 15:10:55 2017 +0100 metag/ptrace: Preserve previous registers for short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Signed-off-by: Dave Martin Acked-by: James Hogan Signed-off-by: Linus Torvalds arch/metag/kernel/ptrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 502585c7555083d4a949c08350306b9ec196779e Author: Dave Martin Date: Mon Mar 27 15:10:54 2017 +0100 h8300/ptrace: Fix incorrect register transfer count regs_set() and regs_get() are vulnerable to an off-by-1 buffer overrun if CONFIG_CPU_H8S is set, since this adds an extra entry to register_offset[] but not to user_regs_struct. So, iterate over user_regs_struct based on its actual size, not based on the length of register_offset[]. Signed-off-by: Dave Martin Signed-off-by: Linus Torvalds arch/h8300/kernel/ptrace.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit fb411b837b587a32046dc4f369acb93a10b1def8 Author: Dave Martin Date: Mon Mar 27 15:10:53 2017 +0100 c6x/ptrace: Remove useless PTRACE_SETREGSET implementation gpr_set won't work correctly and can never have been tested, and the correct behaviour is not clear due to the endianness-dependent task layout. So, just remove it. The core code will now return -EOPNOTSUPPORT when trying to set NT_PRSTATUS on this architecture until/unless a correct implementation is supplied. Signed-off-by: Dave Martin Signed-off-by: Linus Torvalds arch/c6x/kernel/ptrace.c | 41 ----------------------------------------- 1 file changed, 41 deletions(-) commit f843ee6dd019bcece3e74e76ad9df0155655d0df Author: Andy Whitcroft Date: Thu Mar 23 07:45:44 2017 +0000 xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder Kees Cook has pointed out that xfrm_replay_state_esn_len() is subject to wrapping issues. To ensure we are correctly ensuring that the two ESN structures are the same size compare both the overall size as reported by xfrm_replay_state_esn_len() and the internal length are the same. CVE-2017-7184 Signed-off-by: Andy Whitcroft Acked-by: Steffen Klassert Signed-off-by: Linus Torvalds net/xfrm/xfrm_user.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 677e806da4d916052585301785d847c3b3e6186a Author: Andy Whitcroft Date: Wed Mar 22 07:29:31 2017 +0000 xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window When a new xfrm state is created during an XFRM_MSG_NEWSA call we validate the user supplied replay_esn to ensure that the size is valid and to ensure that the replay_window size is within the allocated buffer. However later it is possible to update this replay_esn via a XFRM_MSG_NEWAE call. There we again validate the size of the supplied buffer matches the existing state and if so inject the contents. We do not at this point check that the replay_window is within the allocated memory. This leads to out-of-bounds reads and writes triggered by netlink packets. This leads to memory corruption and the potential for priviledge escalation. We already attempt to validate the incoming replay information in xfrm_new_ae() via xfrm_replay_verify_len(). This confirms that the user is not trying to change the size of the replay state buffer which includes the replay_esn. It however does not check the replay_window remains within that buffer. Add validation of the contained replay_window. CVE-2017-7184 Signed-off-by: Andy Whitcroft Acked-by: Steffen Klassert Signed-off-by: Linus Torvalds net/xfrm/xfrm_user.c | 3 +++ 1 file changed, 3 insertions(+) commit 0917ac4f5346d01cee1d568ff5dc0b99be02829e Merge: ca4a213 a3902ee9 Author: James Bottomley Date: Wed Mar 29 10:10:30 2017 -0400 Merge remote-tracking branch 'mkp-scsi/4.11/scsi-fixes' into fixes commit f3cd1b064f1179d9e6188c6d67297a2360880e10 Author: Lucas Stach Date: Wed Mar 22 12:07:23 2017 +0100 drm/etnaviv: (re-)protect fence allocation with GPU mutex The fence allocation needs to be protected by the GPU mutex, otherwise the fence seqnos of concurrent submits might not match the insertion order of the jobs in the kernel ring. This breaks the assumption that jobs complete with monotonically increasing fence seqnos. Fixes: d9853490176c (drm/etnaviv: take GPU lock later in the submit process) CC: stable@vger.kernel.org #4.9+ Signed-off-by: Lucas Stach drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit dd68f2ba0720e76c3a5bfa3f639c546f926792f5 Author: Chris Wilson Date: Wed Mar 29 13:13:15 2017 +0100 drm/i915/execlists: Wrap tail pointer after reset tweaking If the request->wa_tail is 0 (because it landed exactly on the end of the ringbuffer), when we reconstruct request->tail following a reset we fill in an illegal value (-8 or 0x001ffff8). As a result, RING_HEAD is never able to catch up with RING_TAIL and the GPU spins endlessly. If the ring contains a couple of breadcrumbs, even our hangcheck is unable to catch the busy-looping as the ACTHD and seqno continually advance. v2: Move the wrap into a common intel_ring_wrap(). Fixes: a3aabe86a340 ("drm/i915/execlists: Reinitialise context image after GPU hang") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: # v4.10+ Link: http://patchwork.freedesktop.org/patch/msgid/20170327130009.4678-1-chris@chris-wilson.co.uk Reviewed-by: Mika Kuoppala (cherry picked from commit 450362d3fe866b14304f309b5fffba0c33fbfbc3) Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/20170329121315.1290-1-chris@chris-wilson.co.uk drivers/gpu/drm/i915/intel_lrc.c | 4 +++- drivers/gpu/drm/i915/intel_ringbuffer.h | 8 +++++++- 2 files changed, 10 insertions(+), 2 deletions(-) commit 457ae7268b29c33dee1c0feb143a15f6029d177b Author: Dan Carpenter Date: Fri Mar 17 23:51:20 2017 +0300 Btrfs: fix an integer overflow check This isn't super serious because you need CAP_ADMIN to run this code. I added this integer overflow check last year but apparently I am rubbish at writing integer overflow checks... There are two issues. First, access_ok() works on unsigned long type and not u64 so on 32 bit systems the access_ok() could be checking a truncated size. The other issue is that we should be using a stricter limit so we don't overflow the kzalloc() setting ctx->clone_roots later in the function after the access_ok(): alloc_size = sizeof(struct clone_root) * (arg->clone_sources_count + 1); sctx->clone_roots = kzalloc(alloc_size, GFP_KERNEL | __GFP_NOWARN); Fixes: f5ecec3ce21f ("btrfs: send: silence an integer overflow warning") Signed-off-by: Dan Carpenter Reviewed-by: David Sterba [ added comment ] Signed-off-by: David Sterba fs/btrfs/send.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit ce0dcee626c482183b42d45b6ea43198c7223fc7 Author: Goldwyn Rodrigues Date: Tue Mar 14 05:25:09 2017 -0500 btrfs: Change qgroup_meta_rsv to 64bit Using an int value is causing qg->reserved to become negative and exclusive -EDQUOT to be reached prematurely. This affects exclusive qgroups only. TEST CASE: DEVICE=/dev/vdb MOUNTPOINT=/mnt SUBVOL=$MOUNTPOINT/tmp umount $SUBVOL umount $MOUNTPOINT mkfs.btrfs -f $DEVICE mount /dev/vdb $MOUNTPOINT btrfs quota enable $MOUNTPOINT btrfs subvol create $SUBVOL umount $MOUNTPOINT mount /dev/vdb $MOUNTPOINT mount -o subvol=tmp $DEVICE $SUBVOL btrfs qgroup limit -e 3G $SUBVOL btrfs quota rescan /mnt -w for i in `seq 1 44000`; do dd if=/dev/zero of=/mnt/tmp/test_$i bs=10k count=1 if [[ $? > 0 ]]; then btrfs qgroup show -pcref $SUBVOL exit 1 fi done Signed-off-by: Goldwyn Rodrigues [ add reproducer to changelog ] Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/qgroup.c | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) commit 9d0d1c8b1c9d80b17cfa86ecd50c8933a742585c Author: Liu Bo Date: Fri Mar 24 15:04:50 2017 -0700 Btrfs: bring back repair during read Commit 20a7db8ab3f2 ("btrfs: add dummy callback for readpage_io_failed and drop checks") made a cleanup around readpage_io_failed_hook, and it was supposed to keep the original sematics, but it also unexpectedly disabled repair during read for dup, raid1 and raid10. This fixes the problem by letting data's inode call the generic readpage_io_failed callback by returning -EAGAIN from its readpage_io_failed_hook in order to notify end_bio_extent_readpage to do the rest. We don't call it directly because the generic one takes an offset from end_bio_extent_readpage() to calculate the index in the checksum array and inode's readpage_io_failed_hook doesn't offer that offset. Cc: David Sterba Signed-off-by: Liu Bo Reviewed-by: David Sterba [ keep the const function attribute ] Signed-off-by: David Sterba fs/btrfs/extent_io.c | 46 ++++++++++++++++++++++++++++------------------ fs/btrfs/inode.c | 6 +++--- 2 files changed, 31 insertions(+), 21 deletions(-) commit 7d65f82954dadbbe7b6e1aec7e07ad17bc6d958b Author: Johannes Berg Date: Wed Mar 29 14:15:24 2017 +0200 mac80211: unconditionally start new netdev queues with iTXQ support When internal mac80211 TXQs aren't supported, netdev queues must always started out started even when driver queues are stopped while the interface is added. This is necessary because with the internal TXQ support netdev queues are never stopped and packet scheduling/dropping is done in mac80211. Cc: stable@vger.kernel.org # 4.9+ Fixes: 80a83cfc434b1 ("mac80211: skip netdev queue control with software queuing") Reported-and-tested-by: Sven Eckelmann Signed-off-by: Johannes Berg net/mac80211/iface.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2ddaa6762696db4bb35726063b421782a9e0436f Merge: 367b130 83749ab 971edb0 3c9d3f1 eb3abae Author: Mark Brown Date: Wed Mar 29 12:55:08 2017 +0100 Merge remote-tracking branches 'asoc/fix/rt5665', 'asoc/fix/simple', 'asoc/fix/sti' and 'asoc/fix/sun8i' into asoc-linus commit 367b1301ccbeae11adc4134182a055e7728aa9fe Merge: 0cb3a12 7b4af79 cd3ac9a 2fe42dd 72cedf5 Author: Mark Brown Date: Wed Mar 29 12:55:06 2017 +0100 Merge remote-tracking branches 'asoc/fix/adsp', 'asoc/fix/atmel', 'asoc/fix/hdac-hdmi' and 'asoc/fix/mtk' into asoc-linus commit 0cb3a12f2a5827ff8692ff247538683b1b1f979d Merge: 4368c27 9986943 Author: Mark Brown Date: Wed Mar 29 12:55:05 2017 +0100 Merge remote-tracking branch 'asoc/fix/rcar' into asoc-linus commit 4368c27666df1f1e80aa525baf49d29073c28ce7 Merge: d6c098a d1a6fe4 Author: Mark Brown Date: Wed Mar 29 12:55:05 2017 +0100 Merge remote-tracking branch 'asoc/fix/intel' into asoc-linus commit aa62acfd63e7367872291c15290cb9c29d140926 Author: Matthew Auld Date: Mon Mar 27 21:32:36 2017 +0100 drm/i915/perf: remove user triggerable warn Don't throw a warning if we are given an invalid property id. While here let's also bring back Robert' original idea of catching unhandled enumeration values at compile time. Fixes: eec688e1420d ("drm/i915: Add i915 perf infrastructure") Signed-off-by: Matthew Auld Cc: Robert Bragg Reviewed-by: Robert Bragg Signed-off-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20170327203236.18276-1-matthew.auld@intel.com (cherry picked from commit 0a309f9e3dfaa4f5db0bf1b0cab54571744b491a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_perf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 4e5f713ffc202c49a4374897cb0d2b218b391ff7 Author: Matthew Auld Date: Mon Mar 27 21:34:59 2017 +0100 drm/i915/perf: destroy stream on sample_flags mismatch If we were to ever encounter a sample_flags mismatch we need to ensure we destroy the stream when we bail. Fixes: d79651522e89 ("drm/i915: Enable i915 perf stream for Haswell OA unit") Signed-off-by: Matthew Auld Cc: Robert Bragg Reviewed-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20170327203459.18398-1-matthew.auld@intel.com (cherry picked from commit 22f880ca8246c6c80c4f48731c6a7d5d15042f56) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_perf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9e1764309f577a88a0d5250fea6a080a6ad43556 Author: Chris Wilson Date: Sat Mar 25 11:32:43 2017 +0000 drm/i915: Align "unfenced" tiled access on gen2, early gen3 Old devices have quite severe restrictions for using fences, and unlike more recent device (anything from Pineview onwards) we need to enforce those restrictions even for unfenced tiled access from the render pipeline. Fixes: 944397f04f24 ("drm/i915: Store required fence size/alignment for GGTT vma") Reported-by: Ville Syrjälä Signed-off-by: Chris Wilson Cc: Ville Syrjälä Cc: Joonas Lahtinen Cc: # v4.11-rc1+ Link: http://patchwork.freedesktop.org/patch/msgid/20170325113243.16438-1-chris@chris-wilson.co.uk Reviewed-by: Daniel Vetter Reviewed-by: Joonas Lahtinen Tested-by: Ville Syrjälä (cherry picked from commit f4ce766f28cd0efa0cb4d869a84905d573ef7e70) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.h | 1 + drivers/gpu/drm/i915/i915_gem_execbuffer.c | 4 +++- drivers/gpu/drm/i915/i915_pci.c | 5 +++++ 3 files changed, 9 insertions(+), 1 deletion(-) commit 77c1c03c5b8ef28e55bb0aff29b1e006037ca645 Author: Liping Zhang Date: Tue Mar 28 22:59:25 2017 +0800 netfilter: nfnetlink_queue: fix secctx memory leak We must call security_release_secctx to free the memory returned by security_secid_to_secctx, otherwise memory may be leaked forever. Fixes: ef493bd930ae ("netfilter: nfnetlink_queue: add security context information") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nfnetlink_queue.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit a7f12a21f6b32bdd8d76d3af81eef9e72ce41ec0 Author: Javier Martinez Canillas Date: Tue Mar 28 15:07:38 2017 -0400 usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled Commit fd567653bdb9 ("usb: phy: isp1301: Add OF device ID table") added an OF device ID table, but used the of_match_ptr() macro that will lead to a build warning if CONFIG_OF symbol is disabled: drivers/usb/phy//phy-isp1301.c:36:34: warning: ‘isp1301_of_match’ defined but not used [-Wunused-const-variable=] static const struct of_device_id isp1301_of_match[] = { ^~~~~~~~~~~~~~~~ Fixes: fd567653bdb9 ("usb: phy: isp1301: Add OF device ID table") Reported-by: Arnd Bergmann Signed-off-by: Javier Martinez Canillas Signed-off-by: Greg Kroah-Hartman drivers/usb/phy/phy-isp1301.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d3519b9d9606991a1305596348b6d690bfa3eb27 Author: Mathias Nyman Date: Tue Mar 28 15:55:30 2017 +0300 xhci: Manually give back cancelled URB if we can't queue it for cancel xhci needs to take care of four scenarios when asked to cancel a URB. 1 URB is not queued or already given back. usb_hcd_check_unlink_urb() will return an error, we pass the error on 2 We fail to find xhci internal structures from urb private data such as virtual device and endpoint ring. Give back URB immediately, can't do anything about internal structures. 3 URB private data has valid pointers to xhci internal data, but host is not responding. give back URB immedately and remove the URB from the endpoint lists. 4 Everyting is working add URB to cancel list, queue a command to stop the endpoint, after which the URB can be turned to no-op or skipped, removed from lists, and given back. We failed to give back the urb in case 2 where the correct device and endpoint pointers could not be retrieved from URB private data. This caused a hang on Dell Inspiron 5558/0VNM2T at resume from suspend as urb was never returned. [ 245.270505] INFO: task rtsx_usb_ms_1:254 blocked for more than 120 seconds. [ 245.272244] Tainted: G W 4.11.0-rc3-ARCH #2 [ 245.273983] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 245.275737] rtsx_usb_ms_1 D 0 254 2 0x00000000 [ 245.277524] Call Trace: [ 245.279278] __schedule+0x2d3/0x8a0 [ 245.281077] schedule+0x3d/0x90 [ 245.281961] usb_kill_urb.part.3+0x6c/0xa0 [usbcore] [ 245.282861] ? wake_atomic_t_function+0x60/0x60 [ 245.283760] usb_kill_urb+0x21/0x30 [usbcore] [ 245.284649] usb_start_wait_urb+0xe5/0x170 [usbcore] [ 245.285541] ? try_to_del_timer_sync+0x53/0x80 [ 245.286434] usb_bulk_msg+0xbd/0x160 [usbcore] [ 245.287326] rtsx_usb_send_cmd+0x63/0x90 [rtsx_usb] Reported-by: diego.viola@gmail.com Tested-by: diego.viola@gmail.com Cc: stable@vger.kernel.org Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci.c | 43 +++++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 18 deletions(-) commit 0ab2881a406b9fd46224a3e8253bbc0141b4f844 Author: Mathias Nyman Date: Tue Mar 28 15:55:29 2017 +0300 xhci: Set URB actual length for stopped control transfers A control transfer that stopped at the status stage incorrectly warned about a "unexpected TRB Type 4", and did not set the transferred actual_length for the URB. The URB actual_length for control transfers should contain the bytes transferred in the data stage. Bytes of a partially sent setup stage and missing bytes from status stage should be left out. Cc: Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-ring.c | 3 +++ 1 file changed, 3 insertions(+) commit b07c12517f2aed0add8ce18146bb426b14099392 Author: Adam Wallis Date: Tue Mar 28 15:55:28 2017 +0300 xhci: plat: Register shutdown for xhci_plat Shutdown should be called for xhci_plat devices especially for situations where kexec might be used by stopping DMA transactions. Signed-off-by: Adam Wallis Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-plat.c | 1 + 1 file changed, 1 insertion(+) commit b3ef5520c1eabb56064474043c7c55a1a65b8708 Author: Arend Van Spriel Date: Tue Mar 28 09:11:31 2017 +0100 cfg80211: check rdev resume callback only for registered wiphy We got the following use-after-free KASAN report: BUG: KASAN: use-after-free in wiphy_resume+0x591/0x5a0 [cfg80211] at addr ffff8803fc244090 Read of size 8 by task kworker/u16:24/2587 CPU: 6 PID: 2587 Comm: kworker/u16:24 Tainted: G B 4.9.13-debug+ Hardware name: Dell Inc. XPS 15 9550/0N7TVV, BIOS 1.2.19 12/22/2016 Workqueue: events_unbound async_run_entry_fn ffff880425d4f9d8 ffffffffaeedb541 ffff88042b80ef00 ffff8803fc244088 ffff880425d4fa00 ffffffffae84d7a1 ffff880425d4fa98 ffff8803fc244080 ffff88042b80ef00 ffff880425d4fa88 ffffffffae84da3a ffffffffc141f7d9 Call Trace: [] dump_stack+0x85/0xc4 [] kasan_object_err+0x21/0x70 [] kasan_report_error+0x1fa/0x500 [] ? cfg80211_bss_age+0x39/0xc0 [cfg80211] [] ? cfg80211_bss_age+0x9a/0xc0 [cfg80211] [] ? trace_hardirqs_on+0xd/0x10 [] ? wiphy_suspend+0xc70/0xc70 [cfg80211] [] __asan_report_load8_noabort+0x61/0x70 [] ? wiphy_suspend+0xbb0/0xc70 [cfg80211] [] ? wiphy_resume+0x591/0x5a0 [cfg80211] [] wiphy_resume+0x591/0x5a0 [cfg80211] [] ? wiphy_suspend+0xc70/0xc70 [cfg80211] [] dpm_run_callback+0x6e/0x4f0 [] device_resume+0x1c2/0x670 [] async_resume+0x1d/0x50 [] async_run_entry_fn+0xfe/0x610 [] process_one_work+0x716/0x1a50 [] ? process_one_work+0x679/0x1a50 [] ? _raw_spin_unlock_irq+0x3d/0x60 [] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [] worker_thread+0xe0/0x1460 [] ? process_one_work+0x1a50/0x1a50 [] kthread+0x222/0x2e0 [] ? kthread_park+0x80/0x80 [] ? kthread_park+0x80/0x80 [] ? kthread_park+0x80/0x80 [] ret_from_fork+0x2a/0x40 Object at ffff8803fc244088, in cache kmalloc-1024 size: 1024 Allocated: PID = 71 save_stack_trace+0x1b/0x20 save_stack+0x46/0xd0 kasan_kmalloc+0xad/0xe0 kasan_slab_alloc+0x12/0x20 __kmalloc_track_caller+0x134/0x360 kmemdup+0x20/0x50 brcmf_cfg80211_attach+0x10b/0x3a90 [brcmfmac] brcmf_bus_start+0x19a/0x9a0 [brcmfmac] brcmf_pcie_setup+0x1f1a/0x3680 [brcmfmac] brcmf_fw_request_nvram_done+0x44c/0x11b0 [brcmfmac] request_firmware_work_func+0x135/0x280 process_one_work+0x716/0x1a50 worker_thread+0xe0/0x1460 kthread+0x222/0x2e0 ret_from_fork+0x2a/0x40 Freed: PID = 2568 save_stack_trace+0x1b/0x20 save_stack+0x46/0xd0 kasan_slab_free+0x71/0xb0 kfree+0xe8/0x2e0 brcmf_cfg80211_detach+0x62/0xf0 [brcmfmac] brcmf_detach+0x14a/0x2b0 [brcmfmac] brcmf_pcie_remove+0x140/0x5d0 [brcmfmac] brcmf_pcie_pm_leave_D3+0x198/0x2e0 [brcmfmac] pci_pm_resume+0x186/0x220 dpm_run_callback+0x6e/0x4f0 device_resume+0x1c2/0x670 async_resume+0x1d/0x50 async_run_entry_fn+0xfe/0x610 process_one_work+0x716/0x1a50 worker_thread+0xe0/0x1460 kthread+0x222/0x2e0 ret_from_fork+0x2a/0x40 Memory state around the buggy address: ffff8803fc243f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8803fc244000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8803fc244080: fc fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8803fc244100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8803fc244180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb What is happening is that brcmf_pcie_resume() detects a device that is no longer responsive and it decides to unbind resulting in a wiphy_unregister() and wiphy_free() call. Now the wiphy instance remains allocated, because PM needs to call wiphy_resume() for it. However, brcmfmac already does a kfree() for the struct cfg80211_registered_device::ops field. Change the checks in wiphy_resume() to only access the struct cfg80211_registered_device::ops if the wiphy instance is still registered at this time. Cc: stable@vger.kernel.org # 4.10.x, 4.9.x Reported-by: Daniel J Blueman Reviewed-by: Hante Meuleman Reviewed-by: Pieter-Paul Giesberts Reviewed-by: Franky Lin Signed-off-by: Arend van Spriel Signed-off-by: Johannes Berg net/wireless/sysfs.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit b768b16de58d5e0b1d7c3f936825b25327ced20c Author: Jarno Rajahalme Date: Tue Mar 28 11:25:26 2017 -0700 openvswitch: Fix refcount leak on force commit. The reference count held for skb needs to be released when the skb's nfct pointer is cleared regardless of if nf_ct_delete() is called or not. Failing to release the skb's reference cound led to deferred conntrack cleanup spinning forever within nf_conntrack_cleanup_net_list() when cleaning up a network namespace:    kworker/u16:0-19025 [004] 45981067.173642: sched_switch: kworker/u16:0:19025 [120] R ==> rcu_preempt:7 [120]    kworker/u16:0-19025 [004] 45981067.173651: kernel_stack: => ___preempt_schedule (ffffffffa001ed36) => _raw_spin_unlock_bh (ffffffffa0713290) => nf_ct_iterate_cleanup (ffffffffc00a4454) => nf_conntrack_cleanup_net_list (ffffffffc00a5e1e) => nf_conntrack_pernet_exit (ffffffffc00a63dd) => ops_exit_list.isra.1 (ffffffffa06075f3) => cleanup_net (ffffffffa0607df0) => process_one_work (ffffffffa0084c31) => worker_thread (ffffffffa008592b) => kthread (ffffffffa008bee2) => ret_from_fork (ffffffffa071b67c) Fixes: dd41d33f0b03 ("openvswitch: Add force commit.") Reported-by: Yang Song Signed-off-by: Jarno Rajahalme Acked-by: Joe Stringer Signed-off-by: David S. Miller net/openvswitch/conntrack.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 16b8b6de32572207abeb4dfb74ab7bd8409a5690 Author: Arnd Bergmann Date: Tue Mar 28 16:11:18 2017 +0200 rocker: fix Wmaybe-uninitialized false-positive gcc-7 reports a warning that earlier versions did not have: drivers/net/ethernet/rocker/rocker_ofdpa.c: In function 'ofdpa_port_stp_update': arch/x86/include/asm/string_32.h:79:22: error: '*((void *)&prev_ctrls+4)' may be used uninitialized in this function [-Werror=maybe-uninitialized] *((short *)to + 2) = *((short *)from + 2); ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/rocker/rocker_ofdpa.c:2218:7: note: '*((void *)&prev_ctrls+4)' was declared here This is clearly a variation of the warning about 'prev_state' that was shut up using uninitialized_var(). We can slightly simplify the code and get rid of the warning by unconditionally saving the prev_state and prev_ctrls variables. The inlined memcpy is not particularly expensive here, as it just has to read five bytes from one or two cache lines. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/rocker/rocker_ofdpa.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit 23abec20aa7034c5d49b62c0a668f7291c819fab Author: Chuck Lever Date: Sun Mar 26 19:27:35 2017 -0400 svcrdma: set XPT_CONG_CTRL flag for bc xprt Same change as Kinglong Mee's fix for the TCP backchannel service. Fixes: 5283b03ee5cd ("nfs/nfsd/sunrpc: enforce transport...") Signed-off-by: Chuck Lever Signed-off-by: J. Bruce Fields net/sunrpc/xprtrdma/svc_rdma_transport.c | 1 + 1 file changed, 1 insertion(+) commit e497ec680c4cd51e76bfcdd49363d9ab8d32a757 Author: Talat Batheesh Date: Tue Mar 28 16:13:41 2017 +0300 net/mlx5: Avoid dereferencing uninitialized pointer In NETDEV_CHANGEUPPER event the upper_info field is valid only when linking is true. Otherwise it should be ignored. Fixes: 7907f23adc18 (net/mlx5: Implement RoCE LAG feature) Signed-off-by: Talat Batheesh Reviewed-by: Aviv Heller Reviewed-by: Moni Shoua Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/lag.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit c2b341a620018d4eaeb0e85c16274ac4e5f153d4 Author: Jonas Jensen Date: Tue Mar 28 12:12:38 2017 +0200 net: moxa: fix TX overrun memory leak moxart_mac_start_xmit() doesn't care where tx_tail is, tx_head can catch and pass tx_tail, which is bad because moxart_tx_finished() isn't guaranteed to catch up on freeing resources from tx_tail. Add a check in moxart_mac_start_xmit() stopping the queue at the end of the circular buffer. Also add a check in moxart_tx_finished() waking the queue if the buffer has TX_WAKE_THRESHOLD or more free descriptors. While we're at it, move spin_lock_irq() to happen before our descriptor pointer is assigned in moxart_mac_start_xmit(). Addresses https://bugzilla.kernel.org/show_bug.cgi?id=99451 Signed-off-by: Jonas Jensen Signed-off-by: David S. Miller drivers/net/ethernet/moxa/moxart_ether.c | 20 ++++++++++++++++++-- drivers/net/ethernet/moxa/moxart_ether.h | 1 + 2 files changed, 19 insertions(+), 2 deletions(-) commit af109a2cf6a9a6271fa420ae2d64d72d86c92b7d Author: Arnd Bergmann Date: Tue Mar 28 12:11:07 2017 +0200 isdn: kcapi: avoid uninitialized data gcc-7 points out that the AVMB1_ADDCARD ioctl results in an unintialized value ending up in the cardnr parameter: drivers/isdn/capi/kcapi.c: In function 'old_capi_manufacturer': drivers/isdn/capi/kcapi.c:1042:24: error: 'cdef.cardnr' may be used uninitialized in this function [-Werror=maybe-uninitialized] cparams.cardnr = cdef.cardnr; This has been broken since before the start of the git history, so either the value is not used for anything important, or the ioctl command doesn't get called in practice. Setting the cardnr to zero avoids the warning and makes sure we have consistent behavior. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/isdn/capi/kcapi.c | 1 + 1 file changed, 1 insertion(+) commit f9ba3501d50317697811ff3c48f623f08d616fc8 Author: Xin Long Date: Mon Mar 27 00:21:15 2017 +0800 sctp: change to save MSG_MORE flag into assoc David Laight noticed the support for MSG_MORE with datamsg->force_delay didn't really work as we expected, as the first msg with MSG_MORE set would always block the following chunks' dequeuing. This Patch is to rewrite it by saving the MSG_MORE flag into assoc as David Laight suggested. asoc->force_delay is used to save MSG_MORE flag before a msg is sent. All chunks in queue would not be sent out if asoc->force_delay is set by the msg with MSG_MORE flag, until a new msg without MSG_MORE flag clears asoc->force_delay. Note that this change would not affect the flush is generated by other triggers, like asoc->state != ESTABLISHED, queue size > pmtu etc. v1->v2: Not clear asoc->force_delay after sending the msg with MSG_MORE flag. Fixes: 4ea0c32f5f42 ("sctp: add support for MSG_MORE") Signed-off-by: Xin Long Acked-by: David Laight Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller include/net/sctp/structs.h | 2 +- net/sctp/output.c | 2 +- net/sctp/socket.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit 61b79e16c68d703dde58c25d3935d67210b7d71b Author: Josh Poimboeuf Date: Thu Mar 16 08:56:28 2017 -0500 ACPI: Fix incompatibility with mcount-based function graph tracing Paul Menzel reported a warning: WARNING: CPU: 0 PID: 774 at /build/linux-ROBWaj/linux-4.9.13/kernel/trace/trace_functions_graph.c:233 ftrace_return_to_handler+0x1aa/0x1e0 Bad frame pointer: expected f6919d98, received f6919db0 from func acpi_pm_device_sleep_wake return to c43b6f9d The warning means that function graph tracing is broken for the acpi_pm_device_sleep_wake() function. That's because the ACPI Makefile unconditionally sets the '-Os' gcc flag to optimize for size. That's an issue because mcount-based function graph tracing is incompatible with '-Os' on x86, thanks to the following gcc bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=42109 I have another patch pending which will ensure that mcount-based function graph tracing is never used with CONFIG_CC_OPTIMIZE_FOR_SIZE on x86. But this patch is needed in addition to that one because the ACPI Makefile overrides that config option for no apparent reason. It has had this flag since the beginning of git history, and there's no related comment, so I don't know why it's there. As far as I can tell, there's no reason for it to be there. The appropriate behavior is for it to honor CONFIG_CC_OPTIMIZE_FOR_{SIZE,PERFORMANCE} like the rest of the kernel. Reported-by: Paul Menzel Signed-off-by: Josh Poimboeuf Acked-by: Steven Rostedt (VMware) Signed-off-by: Rafael J. Wysocki Cc: All applicable drivers/acpi/Makefile | 1 - 1 file changed, 1 deletion(-) commit 7d64f82cceb21e6d95db312d284f5f195e120154 Author: James Morse Date: Thu Mar 16 14:30:39 2017 +0000 ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal When removing a GHES device notified by SCI, list_del_rcu() is used, ghes_remove() should call synchronize_rcu() before it goes on to call kfree(ghes), otherwise concurrent RCU readers may still hold this list entry after it has been freed. Signed-off-by: James Morse Reviewed-by: "Huang, Ying" Fixes: 81e88fdc432a (ACPI, APEI, Generic Hardware Error Source POLL/IRQ/NMI notification type support) Signed-off-by: Rafael J. Wysocki drivers/acpi/apei/ghes.c | 1 + 1 file changed, 1 insertion(+) commit 08f63d97749185fab942a3a47ed80f5bd89b8b7d Author: Joerg Roedel Date: Wed Mar 22 18:33:25 2017 +0100 ACPI: Do not create a platform_device for IOAPIC/IOxAPIC No platform-device is required for IO(x)APICs, so don't even create them. [ rjw: This fixes a problem with leaking platform device objects after IOAPIC/IOxAPIC hot-removal events.] Signed-off-by: Joerg Roedel Cc: All applicable Signed-off-by: Rafael J. Wysocki drivers/acpi/acpi_platform.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit e3d5092b6756b9e0b08f94bbeafcc7afe19f0996 Author: Joerg Roedel Date: Wed Mar 22 18:33:23 2017 +0100 ACPI: ioapic: Clear on-stack resource before using it The on-stack resource-window 'win' in setup_res() is not properly initialized. This causes the pointers in the embedded 'struct resource' to contain stale addresses. These pointers (in my case the ->child pointer) later get propagated to the global iomem_resources list, causing a #GP exception when the list is traversed in iomem_map_sanity_check(). Fixes: c183619b63ec (x86/irq, ACPI: Implement ACPI driver to support IOAPIC hotplug) Signed-off-by: Joerg Roedel Signed-off-by: Rafael J. Wysocki drivers/acpi/ioapic.c | 6 ++++++ 1 file changed, 6 insertions(+) commit fe82203b63e598c34d96e846dea49679a726fc7a Merge: 050fc52 f0bb2d5 Author: Linus Torvalds Date: Tue Mar 28 11:43:35 2017 -0700 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio fixes from Michael Tsirkin: "Fixes to multiple issues in virtio. Most notably a regression fix for crashes reported by Fedora users. Hibernate is still reportedly broken, working on it" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio_balloon: prevent uninitialized variable use virtio-balloon: use actual number of stats for stats queue buffers virtio_balloon: init 1st buffer in stats vq virtio_pci: fix out of bound access for msix_names commit 050fc52d83c47279ddc115636741105ec1d4886a Merge: ad0376e 2beb6dad Author: Linus Torvalds Date: Tue Mar 28 11:33:34 2017 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Paolo Bonzini: "All x86-specific, apart from some arch-independent syzkaller fixes" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: cleanup the page tracking SRCU instance KVM: nVMX: fix nested EPT detection KVM: pci-assign: do not map smm memory slot pages in vt-d page tables KVM: kvm_io_bus_unregister_dev() should never fail KVM: VMX: Fix enable VPID conditions KVM: nVMX: Fix nested VPID vmx exec control KVM: x86: correct async page present tracepoint kvm: vmx: Flush TLB when the APIC-access address changes KVM: x86: use pic/ioapic destructor when destroy vm KVM: x86: check existance before destroy KVM: x86: clear bus pointer when destroyed KVM: Documentation: document MCE ioctls KVM: nVMX: don't reset kvm mmu twice PTP: fix ptr_ret.cocci warnings kvm: fix usage of uninit spinlock in avic_vm_destroy() KVM: VMX: downgrade warning on unexpected exit code commit f0bb2d50dfcc519f06f901aac88502be6ff1df2c Author: Arnd Bergmann Date: Tue Mar 28 18:46:59 2017 +0200 virtio_balloon: prevent uninitialized variable use The latest gcc-7.0.1 snapshot reports a new warning: virtio/virtio_balloon.c: In function 'update_balloon_stats': virtio/virtio_balloon.c:258:26: error: 'events[2]' is used uninitialized in this function [-Werror=uninitialized] virtio/virtio_balloon.c:260:26: error: 'events[3]' is used uninitialized in this function [-Werror=uninitialized] virtio/virtio_balloon.c:261:56: error: 'events[18]' is used uninitialized in this function [-Werror=uninitialized] virtio/virtio_balloon.c:262:56: error: 'events[17]' is used uninitialized in this function [-Werror=uninitialized] This seems absolutely right, so we should add an extra check to prevent copying uninitialized stack data into the statistics. >From all I can tell, this has been broken since the statistics code was originally added in 2.6.34. Fixes: 9564e138b1f6 ("virtio: Add memory statistics reporting to the balloon driver (V4)") Signed-off-by: Arnd Bergmann Signed-off-by: Ladi Prosek Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_balloon.c | 2 ++ 1 file changed, 2 insertions(+) commit 9646b26e85896ef0256e66649f7937f774dc18a6 Author: Ladi Prosek Date: Tue Mar 28 18:46:58 2017 +0200 virtio-balloon: use actual number of stats for stats queue buffers The virtio balloon driver contained a not-so-obvious invariant that update_balloon_stats has to update exactly VIRTIO_BALLOON_S_NR counters in order to send valid stats to the host. This commit fixes it by having update_balloon_stats return the actual number of counters, and its callers use it when pushing buffers to the stats virtqueue. Note that it is still out of spec to change the number of counters at run-time. "Driver MUST supply the same subset of statistics in all buffers submitted to the statsq." Suggested-by: Arnd Bergmann Signed-off-by: Ladi Prosek Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_balloon.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit fc8653228c8588a120f6b5dad6983b7b61ff669e Author: Ladi Prosek Date: Thu Mar 23 08:04:18 2017 +0100 virtio_balloon: init 1st buffer in stats vq When init_vqs runs, virtio_balloon.stats is either uninitialized or contains stale values. The host updates its state with garbage data because it has no way of knowing that this is just a marker buffer used for signaling. This patch updates the stats before pushing the initial buffer. Alternative fixes: * Push an empty buffer in init_vqs. Not easily done with the current virtio implementation and violates the spec "Driver MUST supply the same subset of statistics in all buffers submitted to the statsq". * Push a buffer with invalid tags in init_vqs. Violates the same spec clause, plus "invalid tag" is not really defined. Note: the spec says: When using the legacy interface, the device SHOULD ignore all values in the first buffer in the statsq supplied by the driver after device initialization. Note: Historically, drivers supplied an uninitialized buffer in the first buffer. Unfortunately QEMU does not seem to implement the recommendation even for the legacy interface. Cc: stable@vger.kernel.org Signed-off-by: Ladi Prosek Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_balloon.c | 2 ++ 1 file changed, 2 insertions(+) commit de85ec8b07f82c8c84de7687f769e74bf4c26a1e Author: Jason Wang Date: Thu Mar 23 13:07:16 2017 +0800 virtio_pci: fix out of bound access for msix_names Fedora has received multiple reports of crashes when running 4.11 as a guest https://bugzilla.redhat.com/show_bug.cgi?id=1430297 https://bugzilla.redhat.com/show_bug.cgi?id=1434462 https://bugzilla.kernel.org/show_bug.cgi?id=194911 https://bugzilla.redhat.com/show_bug.cgi?id=1433899 The crashes are not always consistent but they are generally some flavor of oops or GPF in virtio related code. Multiple people have done bisections (Thank you Thorsten Leemhuis and Richard W.M. Jones) and found this commit to be at fault 07ec51480b5eb1233f8c1b0f5d7a7c8d1247c507 is the first bad commit commit 07ec51480b5eb1233f8c1b0f5d7a7c8d1247c507 Author: Christoph Hellwig Date: Sun Feb 5 18:15:19 2017 +0100 virtio_pci: use shared interrupts for virtqueues The issue seems to be an out of bounds access to the msix_names array corrupting kernel memory. Fixes: 07ec51480b5e ("virtio_pci: use shared interrupts for virtqueues") Reported-by: Laura Abbott Signed-off-by: Jason Wang Signed-off-by: Michael S. Tsirkin Reviewed-by: Christoph Hellwig Tested-by: Richard W.M. Jones Tested-by: Thorsten Leemhuis drivers/virtio/virtio_pci_common.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 8d40b0f14846f7d45c7c72d343fe62cb866dda34 Author: Andy Adamson Date: Mon Mar 20 18:07:02 2017 -0400 NFS filelayout:call GETDEVICEINFO after pnfs_layout_process completes Fix a filelayout GETDEVICEINFO call hang triggered from the LAYOUTGET pnfs_layout_process where the GETDEVICEINFO call is waiting for a session slot, and the LAYOUGET call is waiting for pnfs_layout_process to complete before freeing the slot GETDEVICEINFO is waiting for.. This occurs in testing against the pynfs pNFS server where the the on-wire reply highest_slotid and slot id are zero, and the target high slot id is 8 (negotiated in CREATE_SESSION). The internal fore channel slot table max_slotid, the maximum allowed table slotid value, has been reduced via nfs41_set_max_slotid_locked from 8 to 1. Thus there is one slot (slotid 0) available for use but it has not been freed by LAYOUTGET proir to the GETDEVICEINFO request. In order to ensure that layoutrecall callbacks are processed in the correct order, nfs4_proc_layoutget processing needs to be finished e.g. pnfs_layout_process) before giving up the slot that identifies the layoutget (see referring_call_exists). Move the filelayout_check_layout nfs4_find_get_device call outside of the pnfs_layout_process call tree. Signed-off-by: Andy Adamson Signed-off-by: Anna Schumaker fs/nfs/filelayout/filelayout.c | 138 +++++++++++++++++++++++++++-------------- 1 file changed, 91 insertions(+), 47 deletions(-) commit 629dc8704b922f0c46f3025bd3486c2bc51eb7a6 Author: Andy Adamson Date: Mon Mar 20 18:07:01 2017 -0400 NFS store nfs4_deviceid in struct nfs4_filelayout_segment In preparation for moving the filelayout getdeviceinfo call from filelayout_alloc_lseg called by pnfs_process_layout Signed-off-by: Andy Adamson Signed-off-by: Anna Schumaker fs/nfs/filelayout/filelayout.c | 13 +++++-------- fs/nfs/filelayout/filelayout.h | 1 + 2 files changed, 6 insertions(+), 8 deletions(-) commit 2beb6dad2e8f95d710159d5befb390e4f62ab5cf Author: Paolo Bonzini Date: Mon Mar 27 17:53:50 2017 +0200 KVM: x86: cleanup the page tracking SRCU instance SRCU uses a delayed work item. Skip cleaning it up, and the result is use-after-free in the work item callbacks. Reported-by: Dmitry Vyukov Suggested-by: Dmitry Vyukov Cc: stable@vger.kernel.org Fixes: 0eb05bf290cfe8610d9680b49abef37febd1c38a Reviewed-by: Xiao Guangrong Signed-off-by: Paolo Bonzini arch/x86/include/asm/kvm_page_track.h | 1 + arch/x86/kvm/page_track.c | 8 ++++++++ arch/x86/kvm/x86.c | 1 + 3 files changed, 10 insertions(+) commit 7ed23e1bae8bf7e37fd555066550a00b95a3a98b Author: Benjamin Herrenschmidt Date: Mon Mar 20 17:49:03 2017 +1100 powerpc: Disable HFSCR[TM] if TM is not supported On Power8 & Power9 the early CPU inititialisation in __init_HFSCR() turns on HFSCR[TM] (Hypervisor Facility Status and Control Register [Transactional Memory]), but that doesn't take into account that TM might be disabled by CPU features, or disabled by the kernel being built with CONFIG_PPC_TRANSACTIONAL_MEM=n. So later in boot, when we have setup the CPU features, clear HSCR[TM] if the TM CPU feature has been disabled. We use CPU_FTR_TM_COMP to account for the CONFIG_PPC_TRANSACTIONAL_MEM=n case. Without this a KVM guest might try use TM, even if told not to, and cause an oops in the host kernel. Typically the oops is seen in __kvmppc_vcore_entry() and may or may not be fatal to the host, but is always bad news. In practice all shipping CPU revisions do support TM, and all host kernels we are aware of build with TM support enabled, so no one should actually be able to hit this in the wild. Fixes: 2a3563b023e5 ("powerpc: Setup in HFSCR for POWER8") Cc: stable@vger.kernel.org # v3.10+ Signed-off-by: Benjamin Herrenschmidt Tested-by: Sam Bobroff [mpe: Rewrite change log with input from Sam, add Fixes/stable] Signed-off-by: Michael Ellerman arch/powerpc/kernel/setup_64.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 7ad658b693536741c37b16aeb07840a2ce75f5b9 Author: Ladi Prosek Date: Thu Mar 23 07:18:08 2017 +0100 KVM: nVMX: fix nested EPT detection The nested_ept_enabled flag introduced in commit 7ca29de2136 was not computed correctly. We are interested only in L1's EPT state, not the the combined L0+L1 value. In particular, if L0 uses EPT but L1 does not, nested_ept_enabled must be false to make sure that PDPSTRs are loaded based on CR3 as usual, because the special case described in 26.3.2.4 Loading Page-Directory- Pointer-Table Entries does not apply. Fixes: 7ca29de21362 ("KVM: nVMX: fix CR3 load if L2 uses PAE paging and EPT") Cc: qemu-stable@nongnu.org Reported-by: Wanpeng Li Reviewed-by: David Hildenbrand Signed-off-by: Ladi Prosek Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 0292e169b2d9c8377a168778f0b16eadb1f578fd Author: Herongguang (Stephen) Date: Mon Mar 27 15:21:17 2017 +0800 KVM: pci-assign: do not map smm memory slot pages in vt-d page tables or VM memory are not put thus leaked in kvm_iommu_unmap_memslots() when destroy VM. This is consistent with current vfio implementation. Signed-off-by: herongguang Signed-off-by: Paolo Bonzini virt/kvm/kvm_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 658b299580da2830a69eea44a8b6da1c2579a32e Author: Ingo Molnar Date: Tue Mar 28 09:53:00 2017 +0200 sched/headers: Remove duplicate #include line Vito Caputo reported that the sched.h split-up series introduced a duplicate #include line in drivers/tty/vt/keyboard.c. Remove it. Reported-by: Vito Caputo Cc: Greg Kroah-Hartman Cc: Jiri Slaby Cc: Alan Cox Cc: Greg Kroah-Hartman Cc: Linus Torvalds Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar drivers/tty/vt/keyboard.c | 1 - 1 file changed, 1 deletion(-) commit 8d09617b076fd03ee9ae124abce94dda17bf3723 Author: Alexander Kochetkov Date: Wed Mar 22 17:29:06 2017 +0300 vmlinux.lds: Add __clkevt_of_table to kernel The code introduced by commit 0c8893c9095d ("clockevents: Add a clkevt-of mechanism like clksrc-of") refer to __clkevt_of_table what doesn't exist in the vmlinux. As a result kernel build failed with error: "clkevt-probe.c:63: undefined reference to `__clkevt_of_table’" Fixes: 0c8893c9095d ("clockevents: Add a clkevt-of mechanism like clksrc-of") Signed-off-by: Alexander Kochetkov Signed-off-by: Daniel Lezcano include/asm-generic/vmlinux.lds.h | 2 ++ 1 file changed, 2 insertions(+) commit 07de36b378a58f1d1426829acf0ab7cf86f651f3 Author: Alexander Kochetkov Date: Wed Mar 22 17:32:49 2017 +0300 clockevents: Fix syntax error in clkevt-of macro The patch fix syntax errors introduced by commit 0c8893c9095d ("clockevents: Add a clkevt-of mechanism like clksrc-of"). Fixes: 0c8893c9095d ("clockevents: Add a clkevt-of mechanism like clksrc-of") Signed-off-by: Alexander Kochetkov Signed-off-by: Daniel Lezcano drivers/clocksource/clkevt-probe.c | 2 +- include/linux/clockchips.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit cc66afea58f858ff6da7f79b8a595a67bbb4f9a9 Author: Andi Kleen Date: Mon Mar 27 11:32:59 2017 +0200 x86/mce: Don't print MCEs when mcelog is active Since: cd9c57cad3fe ("x86/MCE: Dump MCE to dmesg if no consumers") all MCEs are printed even when mcelog is running. Fix the regression to not print to dmesg when mcelog is running as it is a consumer too. Signed-off-by: Andi Kleen [ Massage commit message. ] Signed-off-by: Borislav Petkov Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Tony Luck Cc: linux-edac Cc: stable@vger.kernel.org # 4.10.. Fixes: cd9c57cad3fe ("x86/MCE: Dump MCE to dmesg if no consumers") Link: http://lkml.kernel.org/r/20170327093304.10683-2-bp@alien8.de Signed-off-by: Ingo Molnar Signed-off-by: Ingo Molnar arch/x86/kernel/cpu/mcheck/mce.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit b03b99a329a14b7302f37c3ea6da3848db41c8c5 Author: Dan Williams Date: Mon Mar 27 21:53:38 2017 -0700 acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison) While reviewing the -stable patch for commit 86ef58a4e35e "nfit, libnvdimm: fix interleave set cookie calculation" Ben noted: "This is returning an int, thus it's effectively doing a 32-bit comparison and not the 64-bit comparison you say is needed." Update the compare operation to be immune to this integer demotion problem. Cc: Cc: Nicholas Moulin Fixes: 86ef58a4e35e ("nfit, libnvdimm: fix interleave set cookie calculation") Reported-by: Ben Hutchings Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 0ae2d26ffe70c32d4a7fe77593f0a55ce416c09e Author: Babu Moger Date: Fri Mar 17 14:52:21 2017 -0600 arch/sparc: Avoid DCTI Couples Avoid un-intended DCTI Couples. Use of DCTI couples is deprecated. Also address the "Programming Note" for optimal performance. Here is the complete text from Oracle SPARC Architecture Specs. 6.3.4.7 DCTI Couples "A delayed control transfer instruction (DCTI) in the delay slot of another DCTI is referred to as a “DCTI couple”. The use of DCTI couples is deprecated in the Oracle SPARC Architecture; no new software should place a DCTI in the delay slot of another DCTI, because on future Oracle SPARC Architecture implementations DCTI couples may execute either slowly or differently than the programmer assumes it will. SPARC V8 and SPARC V9 Compatibility Note The SPARC V8 architecture left behavior undefined for a DCTI couple. The SPARC V9 architecture defined behavior in that case, but as of UltraSPARC Architecture 2005, use of DCTI couples was deprecated. Software should not expect high performance from DCTI couples, and performance of DCTI couples should be expected to decline further in future processors. Programming Note As noted in TABLE 6-5 on page 115, an annulled branch-always (branch-always with a = 1) instruction is not architecturally a DCTI. However, since not all implementations make that distinction, for optimal performance, a DCTI should not be placed in the instruction word immediately following an annulled branch-always instruction (BA,A or BPA,A)." Signed-off-by: Babu Moger Reviewed-by: Rob Gardner Signed-off-by: David S. Miller arch/sparc/kernel/head_64.S | 4 ++++ arch/sparc/kernel/misctrap.S | 1 + arch/sparc/kernel/rtrap_64.S | 1 + arch/sparc/kernel/spiterrs.S | 1 + arch/sparc/kernel/sun4v_tlb_miss.S | 1 + arch/sparc/kernel/urtt_fill.S | 1 + arch/sparc/kernel/winfixup.S | 2 ++ arch/sparc/lib/NG2memcpy.S | 4 ++++ arch/sparc/lib/NG4memcpy.S | 1 + arch/sparc/lib/NG4memset.S | 1 + arch/sparc/lib/NGmemcpy.S | 1 + 11 files changed, 18 insertions(+) commit adfae8a5d833fa2b46577a8081f350e408851f5b Author: bob picco Date: Fri Mar 10 14:31:19 2017 -0500 sparc64: kern_addr_valid regression I encountered this bug when using /proc/kcore to examine the kernel. Plus a coworker inquired about debugging tools. We computed pa but did not use it during the maximum physical address bits test. Instead we used the identity mapped virtual address which will always fail this test. I believe the defect came in here: [bpicco@zareason linus.git]$ git describe --contains bb4e6e85daa52 v3.18-rc1~87^2~4 . Signed-off-by: Bob Picco Signed-off-by: David S. Miller arch/sparc/mm/init_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 85b1da7c47052330af9485a5f5c7e54ede882e65 Author: Nitin Gupta Date: Thu Mar 9 14:22:23 2017 -0800 sparc64: Add support for 2G hugepages Signed-off-by: Nitin Gupta Signed-off-by: David S. Miller arch/sparc/include/asm/page_64.h | 3 ++- arch/sparc/mm/hugetlbpage.c | 7 +++++++ arch/sparc/mm/init_64.c | 4 ++++ 3 files changed, 13 insertions(+), 1 deletion(-) commit 59f1183dd368f12c0a80da3c91a4a42afa4e1d38 Author: Nitin Gupta Date: Fri Mar 3 14:40:44 2017 -0800 sparc64: Fix size check in huge_pte_alloc Signed-off-by: Nitin Gupta Signed-off-by: David S. Miller arch/sparc/mm/hugetlbpage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ffefb6f4d6ad699a2b5484241bc46745a53235d0 Author: Mark Rutland Date: Mon Mar 27 18:00:14 2017 +0100 net: ipconfig: fix ic_close_devs() use-after-free Our chosen ic_dev may be anywhere in our list of ic_devs, and we may free it before attempting to close others. When we compare d->dev and ic_dev->dev, we're potentially dereferencing memory returned to the allocator. This causes KASAN to scream for each subsequent ic_dev we check. As there's a 1-1 mapping between ic_devs and netdevs, we can instead compare d and ic_dev directly, which implicitly handles the !ic_dev case, and avoids the use-after-free. The ic_dev pointer may be stale, but we will not dereference it. Original splat: [ 6.487446] ================================================================== [ 6.494693] BUG: KASAN: use-after-free in ic_close_devs+0xc4/0x154 at addr ffff800367efa708 [ 6.503013] Read of size 8 by task swapper/0/1 [ 6.507452] CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.11.0-rc3-00002-gda42158 #8 [ 6.514993] Hardware name: AppliedMicro Mustang/Mustang, BIOS 3.05.05-beta_rc Jan 27 2016 [ 6.523138] Call trace: [ 6.525590] [] dump_backtrace+0x0/0x570 [ 6.530976] [] show_stack+0x20/0x30 [ 6.536017] [] dump_stack+0x120/0x188 [ 6.541231] [] kasan_object_err+0x24/0xa0 [ 6.546790] [] kasan_report_error+0x244/0x738 [ 6.552695] [] __asan_report_load8_noabort+0x54/0x80 [ 6.559204] [] ic_close_devs+0xc4/0x154 [ 6.564590] [] ip_auto_config+0x2ed4/0x2f1c [ 6.570321] [] do_one_initcall+0xcc/0x370 [ 6.575882] [] kernel_init_freeable+0x5f8/0x6c4 [ 6.581959] [] kernel_init+0x18/0x190 [ 6.587171] [] ret_from_fork+0x10/0x40 [ 6.592468] Object at ffff800367efa700, in cache kmalloc-128 size: 128 [ 6.598969] Allocated: [ 6.601324] PID = 1 [ 6.603427] save_stack_trace_tsk+0x0/0x418 [ 6.607603] save_stack_trace+0x20/0x30 [ 6.611430] kasan_kmalloc+0xd8/0x188 [ 6.615087] ip_auto_config+0x8c4/0x2f1c [ 6.619002] do_one_initcall+0xcc/0x370 [ 6.622832] kernel_init_freeable+0x5f8/0x6c4 [ 6.627178] kernel_init+0x18/0x190 [ 6.630660] ret_from_fork+0x10/0x40 [ 6.634223] Freed: [ 6.636233] PID = 1 [ 6.638334] save_stack_trace_tsk+0x0/0x418 [ 6.642510] save_stack_trace+0x20/0x30 [ 6.646337] kasan_slab_free+0x88/0x178 [ 6.650167] kfree+0xb8/0x478 [ 6.653131] ic_close_devs+0x130/0x154 [ 6.656875] ip_auto_config+0x2ed4/0x2f1c [ 6.660875] do_one_initcall+0xcc/0x370 [ 6.664705] kernel_init_freeable+0x5f8/0x6c4 [ 6.669051] kernel_init+0x18/0x190 [ 6.672534] ret_from_fork+0x10/0x40 [ 6.676098] Memory state around the buggy address: [ 6.680880] ffff800367efa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 6.688078] ffff800367efa680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 6.695276] >ffff800367efa700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 6.702469] ^ [ 6.705952] ffff800367efa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 6.713149] ffff800367efa800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 6.720343] ================================================================== [ 6.727536] Disabling lock debugging due to kernel taint Signed-off-by: Mark Rutland Cc: Alexey Kuznetsov Cc: David S. Miller Cc: Hideaki YOSHIFUJI Cc: James Morris Cc: Patrick McHardy Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller net/ipv4/ipconfig.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a3902ee98304324f681088203391b5c0353ce977 Author: Jaehoon Chung Date: Tue Mar 21 21:19:57 2017 +0900 scsi: ufs: remove the duplicated checking for supporting clkscaling There are same conditions for checking whether supporting clkscaling or not. When ufshcd is supporting clkscaling, active_reqs should be decreased by one. [mkp: addressed comment from Bartlomiej] Signed-off-by: Jaehoon Chung Reviewed-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufshcd.c | 2 -- 1 file changed, 2 deletions(-) commit 248ccd5ee644fcf68984d945cffcdc364992ddbf Author: Florian Fainelli Date: Mon Mar 27 10:48:11 2017 -0700 MAINTAINERS: Add Andrew Lunn as co-maintainer of PHYLIB Andrew has been contributing a lot to PHYLIB over the past months and his feedback on patches is more than welcome. Signed-off-by: Florian Fainelli Acked-by: Andrew Lunn Signed-off-by: David S. Miller MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 551afbb85b3898e78068405d78708245999c19c0 Author: Andy Adamson Date: Mon Mar 20 18:07:00 2017 -0400 NFS cleanup struct nfs4_filelayout_segment Signed-off-by: Andy Adamson Signed-off-by: Anna Schumaker fs/nfs/filelayout/filelayout.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit ce4b4f228e51219b0b79588caf73225b08b5b779 Author: Michel Dänzer Date: Fri Mar 24 19:01:09 2017 +0900 drm/radeon: Override fpfn for all VRAM placements in radeon_evict_flags We were accidentally only overriding the first VRAM placement. For BOs with the RADEON_GEM_NO_CPU_ACCESS flag set, radeon_ttm_placement_from_domain creates a second VRAM placment with fpfn == 0. If VRAM is almost full, the first VRAM placement with fpfn > 0 may not work, but the second one with fpfn == 0 always will (the BO's current location trivially satisfies it). Because "moving" the BO to its current location puts it back on the LRU list, this results in an infinite loop. Fixes: 2a85aedd117c ("drm/radeon: Try evicting from CPU accessible to inaccessible VRAM first") Reported-by: Zachary Michaels Reported-and-Tested-by: Julien Isorce Reviewed-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Michel Dänzer Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/radeon_ttm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ab6434a1377a768a1e6d3e6cf819eb21724a99c2 Author: Paul Moore Date: Mon Mar 27 14:30:06 2017 -0400 audit: move audit_signal_info() into kernel/auditsc.c Commit 5b52330bbfe6 ("audit: fix auditd/kernel connection state tracking") made inlining audit_signal_info() a bit pointless as it was always calling into auditd_test_task() so let's remove the inline function in kernel/audit.h and convert __audit_signal_info() in kernel/auditsc.c into audit_signal_info(). Reviewed-by: Richard Guy Briggs Signed-off-by: Paul Moore kernel/audit.h | 8 +------- kernel/auditsc.c | 25 +++++++++++++------------ 2 files changed, 14 insertions(+), 19 deletions(-) commit ad0376eb1483bd9880770b346f6592aece669e4c Merge: 85f91d5 819f60f Author: Linus Torvalds Date: Mon Mar 27 11:09:00 2017 -0700 Merge tag 'edac_for_4.11_2' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp Pull EDAC updates from Borislav Petkov: "A new EDAC driver for the Pondicherry2 memory controller IP found in the Intel Apollo Lake platform and the Denverton microserver. Plus small fixlets. Normally I had this queued for 4.12 but Tony requested for the pnd2_edac driver to possibly land in 4.11 therefore I'm sending it to you now. It is a driver for new hardware which people don't have yet so it shouldn't cause any regressions. The couple of patches ontop of it show that Qiuxu actually did test it on the hardware he has access to :)" * tag 'edac_for_4.11_2' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp: EDAC, pnd2_edac: Fix reported DIMM number EDAC, pnd2_edac: Fix !EDAC_DEBUG build EDAC: Select DEBUG_FS EDAC, pnd2_edac: Add new EDAC driver for Intel SoC platforms EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro EDAC, xgene: Fix wrongly spelled "procesing" commit 85f91d5c51efd7d68969dccc06c64fbb9fd439a1 Merge: d3e68ce d7402de Author: Linus Torvalds Date: Mon Mar 27 10:58:02 2017 -0700 Merge tag 'pinctrl-v4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull more pin control fixes from Linus Walleij: "Here is a bunch of pin control fixes again A bit more than I'd like for this subsystem at this point, but what can I do. They are all driver fixes for hardware issues, as like "we forgot", "we didn't think of the fact that this could happen", "oops that one goes there" etc - Kconfig fixup for the TI IOdelay pinctrl-single add-on - fix up a typo in the meson i2c ao groups - switch a remapping back to use devm_ioremap() as devm_ioremap_resource() does not allow for sharing memory regions - do not clear the Qualcomm irq status bit in irq_unmask(), as this can lead to missing interrupts while the irq handler is executing - add irq_request/release_resources() on the ST driver - add a bunch of mysteriously missing pingroups for high numbered pins in the Qualcomm ipq4019 driver" * tag 'pinctrl-v4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: qcom: ipq4019: add missing pingroups for pins > 70 pinctrl: st: add irq_request/release_resources callbacks pinctrl: qcom: Don't clear status bit on irq_unmask pinctrl: samsung: Fix memory mapping code pinctrl: meson-gxbb: Fix typo in i2c ao groups pinctrl: ti: The IODelay driver is a DRA7xxx feature so depend on that SoC commit a431ecd2d459da3c91a612061f09eb422ffe78e2 Author: Tejun Heo Date: Mon Mar 27 13:52:00 2017 -0400 Revert "pata_atiixp: Don't use unconnected secondary port on SB600/SB700" This reverts commit 5946fdaee4ba449e8fbb5d403e1ed69437f916e8. The original commit's assumption that the secondary port is unconnected turns out to be false. Signed-off-by: Tejun Heo Reported-by: Markku Pesonen Fixes: 5946fdaee4ba ("pata_atiixp: Don't use unconnected secondary port on SB600/SB700") Cc: Darren Stevens drivers/ata/pata_atiixp.c | 5 ----- 1 file changed, 5 deletions(-) commit d3e68cef893c5582a1d54db4126d81245b8382f9 Merge: c02ed2e e3b1ebd Author: Linus Torvalds Date: Mon Mar 27 10:44:51 2017 -0700 Merge tag 'm68k-for-v4.11-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k updates from Geert Uytterhoeven: - build warning fix - defconfig updates - wire up new statx syscall * tag 'm68k-for-v4.11-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k: Wire up statx m68k/defconfig: Update defconfigs for v4.11-rc1 m68k/bitops: Correct signature of test_bit() commit 2f0ba790df51721794c11abc7a076d407392f648 Author: Rafael J. Wysocki Date: Mon Mar 27 19:33:09 2017 +0200 cpufreq: Fix creation of symbolic links to policy directories The cpufreq core only tries to create symbolic links from CPU directories in sysfs to policy directories in cpufreq_add_dev(), either when a given CPU is registered or when the cpufreq driver is registered, whichever happens first. That is not sufficient, however, because cpufreq_add_dev() may be called for an offline CPU whose policy object has not been created yet and, quite obviously, the symbolic cannot be added in that case. Fix that by making cpufreq_online() attempt to add symbolic links to policy objects for the CPUs in the related_cpus mask of every new policy object created by it. The cpufreq_driver_lock locking around the for_each_cpu() loop in cpufreq_online() is dropped, because it is not necessary and the code is somewhat simpler without it. Moreover, failures to create a symbolic link will not be regarded as hard errors any more and the CPUs without those links will not be taken offline automatically, but that should not be problematic in practice. Reported-and-tested-by: Prashanth Prakash Signed-off-by: Rafael J. Wysocki Cc: 4.9+ # 4.9+ drivers/cpufreq/cpufreq.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) commit d4ea7e3c5c0e341c15b073016dbf3ab6c65f12f3 Author: Benjamin Coddington Date: Wed Mar 15 21:50:09 2017 -0400 NFS: Fix old dentry rehash after move Now that nfs_rename()'s d_move has moved within the RPC task's rpc_call_done callback, rehashing new_dentry will actually rehash the old dentry's name in nfs_rename(). d_move() is going to rehash the new dentry for us anyway, so doing it again here is unnecessary. Reported-by: Chuck Lever Fixes: 920b4530fb80 ("NFS: nfs_rename() handle -ERESTARTSYS dentry left behind") Signed-off-by: Benjamin Coddington Tested-by: Chuck Lever Signed-off-by: Anna Schumaker fs/nfs/dir.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit 351b7c490700747d1dba1b0a10fbfe3448d11c35 Author: Tony Lindgren Date: Wed Mar 22 11:01:48 2017 -0700 ARM: omap2+: Revert omap-smp.c changes resetting CPU1 during boot Commit 3251885285e1 ("ARM: OMAP4+: Reset CPU1 properly for kexec") started unconditionally resetting CPU1 because of a kexec boot issue I was seeing earlier on omap4 when doing kexec boot between two different kernel versions. This caused issues on some systems. We should only reset CPU1 as a last resort option, and try to avoid it where possible. Doing an unconditional CPU1 reset causes issues for example when booting a bootloader configured secure OS running on CPU1 as reported by Andrew F. Davis . We can't completely remove the reset of CPU1 as it would break kexec booting from older kernels. But we can limit the CPU1 reset to cases where CPU1 is wrongly parked within the memory area used by the booting kernel. Then later on we can add support for parking CPU1 for kexec out of the SDRAM back to bootrom. So let's first fix the regression reported by Andrew by making CPU1 reset conditional. To do this, we need to: 1. Save configured AUX_CORE_BOOT_1 for later 2. Modify AUX_CORE_BOOT_0 reading code to for HS SoCs to return the whole register instead of the CPU mask 3. Check if CPU1 is wrongly parked into the booting kernel by the previous kernel and reset if needed Fixes: 3251885285e1 ("ARM: OMAP4+: Reset CPU1 properly for kexec") Reported-by: Andrew F. Davis Cc: Andrew F. Davis Cc: Keerthy Cc: Russell King Cc: Santosh Shilimkar Cc: Tero Kristo Tested-by: Keerthy Tested-by: Andrew F. Davis Signed-off-by: Tony Lindgren arch/arm/mach-omap2/common.h | 1 + arch/arm/mach-omap2/omap-hotplug.c | 2 +- arch/arm/mach-omap2/omap-mpuss-lowpower.c | 22 ++++++-- arch/arm/mach-omap2/omap-smc.S | 1 - arch/arm/mach-omap2/omap-smp.c | 90 ++++++++++++++++++++++++++----- 5 files changed, 96 insertions(+), 20 deletions(-) commit 9bcf53f34a2c1cebc45cc12e273dcd5f51fbc099 Author: Reizer, Eyal Date: Sun Mar 26 08:53:10 2017 +0000 ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend mmc2 used for wl12xx was missing the keep-power-in suspend parameter. As a result the board couldn't reach suspend state. Signed-off-by: Eyal Reizer Signed-off-by: Tony Lindgren arch/arm/boot/dts/am335x-evmsk.dts | 1 + 1 file changed, 1 insertion(+) commit 75c689dca98851d65ef5a27e5ce26b625b68751c Author: Gao Feng Date: Sat Mar 25 18:24:36 2017 +0800 netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register In the commit 93557f53e1fb ("netfilter: nf_conntrack: nf_conntrack snmp helper"), the snmp_helper is replaced by nf_nat_snmp_hook. So the snmp_helper is never registered. But it still tries to unregister the snmp_helper, it could cause the panic. Now remove the useless snmp_helper and the unregister call in the error handler. Fixes: 93557f53e1fb ("netfilter: nf_conntrack: nf_conntrack snmp helper") Signed-off-by: Gao Feng Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/nf_nat_snmp_basic.c | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) commit 9c3f3794926a997b1cab6c42480ff300efa2d162 Author: Liping Zhang Date: Sat Mar 25 16:35:29 2017 +0800 netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister If one cpu is doing nf_ct_extend_unregister while another cpu is doing __nf_ct_ext_add_length, then we may hit BUG_ON(t == NULL). Moreover, there's no synchronize_rcu invocation after set nf_ct_ext_types[id] to NULL, so it's possible that we may access invalid pointer. But actually, most of the ct extends are built-in, so the problem listed above will not happen. However, there are two exceptions: NF_CT_EXT_NAT and NF_CT_EXT_SYNPROXY. For _EXT_NAT, the panic will not happen, since adding the nat extend and unregistering the nat extend are located in the same file(nf_nat_core.c), this means that after the nat module is removed, we cannot add the nat extend too. For _EXT_SYNPROXY, synproxy extend may be added by init_conntrack, while synproxy extend unregister will be done by synproxy_core_exit. So after nf_synproxy_core.ko is removed, we may still try to add the synproxy extend, then kernel panic may happen. I know it's very hard to reproduce this issue, but I can play a tricky game to make it happen very easily :) Step 1. Enable SYNPROXY for tcp dport 1234 at FORWARD hook: # iptables -I FORWARD -p tcp --dport 1234 -j SYNPROXY Step 2. Queue the syn packet to the userspace at raw table OUTPUT hook. Also note, in the userspace we only add a 20s' delay, then reinject the syn packet to the kernel: # iptables -t raw -I OUTPUT -p tcp --syn -j NFQUEUE --queue-num 1 Step 3. Using "nc 2.2.2.2 1234" to connect the server. Step 4. Now remove the nf_synproxy_core.ko quickly: # iptables -F FORWARD # rmmod ipt_SYNPROXY # rmmod nf_synproxy_core Step 5. After 20s' delay, the syn packet is reinjected to the kernel. Now you will see the panic like this: kernel BUG at net/netfilter/nf_conntrack_extend.c:91! Call Trace: ? __nf_ct_ext_add_length+0x53/0x3c0 [nf_conntrack] init_conntrack+0x12b/0x600 [nf_conntrack] nf_conntrack_in+0x4cc/0x580 [nf_conntrack] ipv4_conntrack_local+0x48/0x50 [nf_conntrack_ipv4] nf_reinject+0x104/0x270 nfqnl_recv_verdict+0x3e1/0x5f9 [nfnetlink_queue] ? nfqnl_recv_verdict+0x5/0x5f9 [nfnetlink_queue] ? nla_parse+0xa0/0x100 nfnetlink_rcv_msg+0x175/0x6a9 [nfnetlink] [...] One possible solution is to make NF_CT_EXT_SYNPROXY extend built-in, i.e. introduce nf_conntrack_synproxy.c and only do ct extend register and unregister in it, similar to nf_conntrack_timeout.c. But having such a obscure restriction of nf_ct_extend_unregister is not a good idea, so we should invoke synchronize_rcu after set nf_ct_ext_types to NULL, and check the NULL pointer when do __nf_ct_ext_add_length. Then it will be easier if we add new ct extend in the future. Last, we use kfree_rcu to free nf_ct_ext, so rcu_barrier() is unnecessary anymore, remove it too. Signed-off-by: Liping Zhang Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_extend.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 83d90219a5df8d950855ce73229a97b63605c317 Author: Liping Zhang Date: Sat Mar 25 12:09:15 2017 +0800 netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table The nf_ct_helper_hash table is protected by nf_ct_helper_mutex, while nfct_helper operation is protected by nfnl_lock(NFNL_SUBSYS_CTHELPER). So it's possible that one CPU is walking the nf_ct_helper_hash for cthelper add/get/del, another cpu is doing nf_conntrack_helpers_unregister at the same time. This is dangrous, and may cause use after free error. Note, delete operation will flush all cthelpers added via nfnetlink, so using rcu to do protect is not easy. Now introduce a dummy list to record all the cthelpers added via nfnetlink, then we can walk the dummy list instead of walking the nf_ct_helper_hash. Also, keep nfnl_cthelper_dump_table unchanged, it may be invoked without nfnl_lock(NFNL_SUBSYS_CTHELPER) held. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nfnetlink_cthelper.c | 177 +++++++++++++++++-------------------- 1 file changed, 81 insertions(+), 96 deletions(-) commit 3b7dabf029478bb80507a6c4500ca94132a2bc0b Author: Liping Zhang Date: Sat Mar 25 08:53:12 2017 +0800 netfilter: invoke synchronize_rcu after set the _hook_ to NULL Otherwise, another CPU may access the invalid pointer. For example: CPU0 CPU1 - rcu_read_lock(); - pfunc = _hook_; _hook_ = NULL; - mod unload - - pfunc(); // invalid, panic - rcu_read_unlock(); So we must call synchronize_rcu() to wait the rcu reader to finish. Also note, in nf_nat_snmp_basic_fini, synchronize_rcu() will be invoked by later nf_conntrack_helper_unregister, but I'm inclined to add a explicit synchronize_rcu after set the nf_nat_snmp_hook to NULL. Depend on such obscure assumptions is not a good idea. Last, in nfnetlink_cttimeout, we use kfree_rcu to free the time object, so in cttimeout_exit, invoking rcu_barrier() is not necessary at all, remove it too. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/nf_nat_snmp_basic.c | 1 + net/netfilter/nf_conntrack_ecache.c | 2 ++ net/netfilter/nf_conntrack_netlink.c | 1 + net/netfilter/nf_nat_core.c | 2 ++ net/netfilter/nfnetlink_cttimeout.c | 2 +- 5 files changed, 7 insertions(+), 1 deletion(-) commit 0abfe7e2570d7c729a7662e82c09a23f00f29346 Author: Chris Wilson Date: Wed Mar 22 20:59:30 2017 +0000 drm/i915: Restore marking context objects as dirty on pinning Commit e8a9c58fcd9a ("drm/i915: Unify active context tracking between legacy/execlists/guc") converted the legacy intel_ringbuffer submission to the same context pinning mechanism as execlists - that is to pin the context until the subsequent request is retired. Previously it used the vma retirement of the context object to keep itself pinned until the next request (after i915_vma_move_to_active()). In the conversion, I missed that the vma retirement was also responsible for marking the object as dirty. Mark the context object as dirty when pinning (equivalent to execlists) which ensures that if the context is swapped out due to mempressure or suspend/hibernation, when it is loaded back in it does so with the previous state (and not all zero). Fixes: e8a9c58fcd9a ("drm/i915: Unify active context tracking between legacy/execlists/guc") Reported-by: Dennis Gilmore Reported-by: Mathieu Marquer Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99993 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=100181 Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: # v4.11-rc1 Link: http://patchwork.freedesktop.org/patch/msgid/20170322205930.12762-1-chris@chris-wilson.co.uk Reviewed-by: Tvrtko Ursulin (cherry picked from commit 5d4bac5503fcc67dd7999571e243cee49371aef7) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_ringbuffer.c | 2 ++ 1 file changed, 2 insertions(+) commit 7b09cc5a9debc86c903c2eff8f8a1fdef773c649 Author: Pavel Tatashin Date: Wed Mar 22 16:24:17 2017 -0400 sched/clock: Fix broken stable to unstable transfer When it is determined that the clock is actually unstable, and we switch from stable to unstable, the __clear_sched_clock_stable() function is eventually called. In this function we set gtod_offset so the following holds true: sched_clock() + raw_offset == ktime_get_ns() + gtod_offset But instead of getting the latest timestamps, we use the last values from scd, so instead of sched_clock() we use scd->tick_raw, and instead of ktime_get_ns() we use scd->tick_gtod. However, later, when we use gtod_offset sched_clock_local() we do not add it to scd->tick_gtod to calculate the correct clock value when we determine the boundaries for min/max clocks. This can result in tick granularity sched_clock() values, so fix it. Signed-off-by: Pavel Tatashin Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: hpa@zytor.com Fixes: 5680d8094ffa ("sched/clock: Provide better clock continuity") Link: http://lkml.kernel.org/r/1490214265-899964-2-git-send-email-pasha.tatashin@oracle.com Signed-off-by: Ingo Molnar kernel/sched/clock.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 69653f626ef31107878c14883a603c1afca5edb9 Merge: c02ed2e bc2d4b6 Author: Jani Nikula Date: Mon Mar 27 11:01:16 2017 +0300 Merge tag 'gvt-fixes-2017-03-23' of https://github.com/01org/gvt-linux into drm-intel-fixes gvt-fixes-2017-03-23 - KVM reference fix from Alex - shadow gtt entry partial update fix from Xiaoguang - gvt context notification check (Changbin) - other misc fixes. Signed-off-by: Jani Nikula commit 1633682053a7ee8058e10c76722b9b28e97fb73f Author: Alan Stern Date: Fri Mar 24 13:38:28 2017 -0400 USB: fix linked-list corruption in rh_call_control() Using KASAN, Dmitry found a bug in the rh_call_control() routine: If buffer allocation fails, the routine returns immediately without unlinking its URB from the control endpoint, eventually leading to linked-list corruption. This patch fixes the problem by jumping to the end of the routine (where the URB is unlinked) when an allocation failure occurs. Signed-off-by: Alan Stern Reported-and-tested-by: Dmitry Vyukov CC: Signed-off-by: Greg Kroah-Hartman drivers/usb/core/hcd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 2db2c250dd3d1e74a50d4ab5f44c44ca5cb4e42b Author: Michael Ellerman Date: Mon Mar 27 15:11:44 2017 +1100 selftests/powerpc: Fix standalone powerpc build The changes to enable building with a separate output directory, in commit a8ba798bc8ec ("selftests: enable O and KBUILD_OUTPUT") broke building the powerpc selftests on their own, eg: $ cd tools/testing/selftests/powerpc; make It was partially fixed in commit e53aff45c490 ("selftests: lib.mk Fix individual test builds"), which defined OUTPUT for standalone tests. But that only defines OUTPUT within the Makefile, the value is not exported so sub-shells can't see it. We could export OUTPUT, but it's actually cleaner to just expand the value of OUTPUT before we invoke the shell. Fixes: a8ba798bc8ec ("selftests: enable O and KBUILD_OUTPUT") Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit c02ed2e75ef4c74e41e421acb4ef1494671585e8 Author: Linus Torvalds Date: Sun Mar 26 14:15:16 2017 -0700 Linux 4.11-rc4 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0dc82fa59b9d82469799c354d3307d48e13d5d5e Merge: 9e54ef9 5c1724c Author: Linus Torvalds Date: Sun Mar 26 11:15:54 2017 -0700 Merge tag 'char-misc-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "A smattering of different small fixes for some random driver subsystems. Nothing all that major, just resolutions for reported issues and bugs. All have been in linux-next with no reported issues" * tag 'char-misc-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits) extcon: int3496: Set the id pin to direction-input if necessary extcon: int3496: Use gpiod_get instead of gpiod_get_index extcon: int3496: Add dependency on X86 as it's Intel specific extcon: int3496: Add GPIO ACPI mapping table extcon: int3496: Rename GPIO pins in accordance with binding vmw_vmci: handle the return value from pci_alloc_irq_vectors correctly ppdev: fix registering same device name parport: fix attempt to write duplicate procfiles auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches Drivers: hv: vmbus: Don't leak memory when a channel is rescinded Drivers: hv: vmbus: Don't leak channel ids Drivers: hv: util: don't forget to init host_ts.lock Drivers: hv: util: move waiting for release to hv_utils_transport itself vmbus: remove hv_event_tasklet_disable/enable vmbus: use rcu for per-cpu channel list mei: don't wait for os version message reply mei: fix deadlock on mei reset intel_th: pci: Add Gemini Lake support intel_th: pci: Add Denverton SOC support intel_th: Don't leak module refcount on failure to activate ... commit 9e54ef9da519d9febfa61fa9392276fbfa6ce79c Merge: f1638fc 966fa72 Author: Linus Torvalds Date: Sun Mar 26 11:05:42 2017 -0700 Merge tag 'driver-core-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fix from Greg KH: "Here is a single kernfs fix for 4.11-rc4 that resolves a reported issue. It has been in linux-next with no reported issues" * tag 'driver-core-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: kernfs: Check KERNFS_HAS_RELEASE before calling kernfs_release_file() commit f1638fc65ee23875cf4021e342e8a564debe33e4 Merge: 53b4d59 a4a3e06 Author: Linus Torvalds Date: Sun Mar 26 11:03:42 2017 -0700 Merge tag 'tty-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial driver fixes from Greg KH: "Here are some tty and serial driver fixes for 4.11-rc4. One of these fix a long-standing issue in the ldisc code that was found by Dmitry Vyukov with his great fuzzing work. The other fixes resolve other reported issues, and there is one revert of a patch in 4.11-rc1 that wasn't correct. All of these have been in linux-next for a while with no reported issues" * tag 'tty-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: fix data race in tty_ldisc_ref_wait() tty: don't panic on OOM in tty_set_ldisc() Revert "tty: serial: pl011: add ttyAMA for matching pl011 console" tty: acpi/spcr: QDF2400 E44 checks for wrong OEM revision serial: 8250_dw: Fix breakage when HAVE_CLK=n serial: 8250_dw: Honor clk_round_rate errors in dw8250_set_termios commit 53b4d5911d6adef3f543e1ad23643068c5c343ac Merge: e431e0e 43c4993 Author: Linus Torvalds Date: Sun Mar 26 11:02:00 2017 -0700 Merge tag 'staging-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull IIO driver fixes from Greg KH: "Here are some small IIO driver fixes for 4.11-rc4 that resolve a number of tiny reported issues. All of these have been in linux-next for a while with no reported issues" * tag 'staging-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: iio: imu: st_lsm6dsx: fix FIFO_CTRL2 overwrite during watermark configuration iio: adc: ti_am335x_adc: fix fifo overrun recovery iio: sw-device: Fix config group initialization iio: magnetometer: ak8974: remove incorrect __exit markups iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3 commit e431e0e427799805461390df1db1e3478d4c475c Merge: 42234bf fd290e7 Author: Linus Torvalds Date: Sun Mar 26 10:52:52 2017 -0700 Merge tag 'usb-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB/PHY fixes from Greg KH: "Here are a number of small USB and PHY driver fixes for 4.11-rc4. Nothing major here, just an bunch of small fixes, and a handfull of good fixes from Johan for devices with crazy descriptors. There are a few new device ids in here as well. All of these have been in linux-next with no reported issues" * tag 'usb-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (26 commits) usb: gadget: f_hid: fix: Don't access hidg->req without spinlock held usb: gadget: udc: remove pointer dereference after free usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval usb: gadget: acm: fix endianness in notifications usb: dwc3: gadget: delay unmap of bounced requests USB: serial: qcserial: add Dell DW5811e usb: hub: Fix crash after failure to read BOS descriptor ACM gadget: fix endianness in notifications USB: usbtmc: fix probe error path USB: usbtmc: add missing endpoint sanity check USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems usb: musb: fix possible spinlock deadlock usb: musb: dsps: fix iounmap in error and exit paths usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk uwb: i1480-dfu: fix NULL-deref at probe uwb: hwa-rc: fix NULL-deref at probe USB: wusbcore: fix NULL-deref at probe USB: uss720: fix NULL-deref at probe ... commit 42234bf8320aeedaf0bff81e38a7020582c93a6f Merge: 1c23de6 cc638a4 Author: Linus Torvalds Date: Sun Mar 26 10:34:10 2017 -0700 Merge tag 'powerpc-4.11-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull more powerpc fixes from Michael Ellerman: "These are all pretty minor. The fix for idle wakeup would be a bad bug but has not been observed in practice. The update to the gcc-plugins docs was Cc'ed to Kees and Jon, Kees OK'ed it going via powerpc and I didn't hear from Jon. - cxl: Route eeh events to all slices for pci_channel_io_perm_failure state - powerpc/64s: Fix idle wakeup potential to clobber registers - Revert "powerpc/64: Disable use of radix under a hypervisor" - gcc-plugins: update architecture list in documentation Thanks to: Andrew Donnellan, Nicholas Piggin, Paul Mackerras, Vaibhav Jain" * tag 'powerpc-4.11-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: gcc-plugins: update architecture list in documentation Revert "powerpc/64: Disable use of radix under a hypervisor" powerpc/64s: Fix idle wakeup potential to clobber registers cxl: Route eeh events to all slices for pci_channel_io_perm_failure state commit 1c23de630886e423ab298bce32a71486577bda5d Merge: a643f90 d67d64f Author: Linus Torvalds Date: Sun Mar 26 10:29:21 2017 -0700 Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 fixes from Ted Ts'o: "Fix a memory leak on an error path, and two races when modifying inodes relating to the inline_data and metadata checksum features" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: fix two spelling nits ext4: lock the xattr block before checksuming it jbd2: don't leak memory if setting up journal fails ext4: mark inode dirty after converting inline directory commit 819f60fb7db169d851186d04e571e9bca27321e8 Author: Qiuxu Zhuo Date: Sat Mar 25 19:29:01 2017 +0800 EDAC, pnd2_edac: Fix reported DIMM number DIMM number passed to edac_mc_handle_error() was accidentally hardcoded to zero. Pass in the correct daddr->dimm value. Signed-off-by: Qiuxu Zhuo Signed-off-by: Borislav Petkov drivers/edac/pnd2_edac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6ac3b77a6ffff7513ff86b684aa256ea01c0e5b5 Author: Alexey Khoroshilov Date: Sat Mar 25 01:48:08 2017 +0300 irda: vlsi_ir: fix check for DMA mapping errors vlsi_alloc_ring() checks for DMA mapping errors by comparing returned address with zero, while pci_dma_mapping_error() should be used. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: David S. Miller drivers/net/irda/vlsi_ir.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 834a61d455ff8069552f44140b2c1de85e6bc84d Author: Arnd Bergmann Date: Fri Mar 24 23:02:50 2017 +0100 net: hns: avoid gcc-7.0.1 warning for uninitialized data hns_dsaf_set_mac_key() calls dsaf_set_field() on an uninitialized field, which will then change only a few of its bits, causing a warning with the latest gcc: hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_set_mac_uc_entry': hisilicon/hns/hns_dsaf_reg.h:1046:12: error: 'mac_key.low.bits.port_vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized] (origin) &= (~(mask)); \ ^~ hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_set_mac_mc_entry': hisilicon/hns/hns_dsaf_reg.h:1046:12: error: 'mac_key.low.bits.port_vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized] hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_add_mac_mc_port': hisilicon/hns/hns_dsaf_reg.h:1046:12: error: 'mac_key.low.bits.port_vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized] hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_del_mac_entry': hisilicon/hns/hns_dsaf_reg.h:1046:12: error: 'mac_key.low.bits.port_vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized] hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_rm_mac_addr': hisilicon/hns/hns_dsaf_reg.h:1046:12: error: 'mac_key.low.bits.port_vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized] hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_del_mac_mc_port': hisilicon/hns/hns_dsaf_reg.h:1046:12: error: 'mac_key.low.bits.port_vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized] hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_get_mac_uc_entry': hisilicon/hns/hns_dsaf_reg.h:1046:12: error: 'mac_key.low.bits.port_vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized] hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_get_mac_mc_entry': hisilicon/hns/hns_dsaf_reg.h:1046:12: error: 'mac_key.low.bits.port_vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized] The code is actually correct since we always set all 16 bits of the port_vlan field, but gcc correctly points out that the first access does contain uninitialized data. This initializes the field to zero first before setting the individual bits. Fixes: 5483bfcb169c ("net: hns: modify tcam table and set mac key") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 1 + 1 file changed, 1 insertion(+) commit a17f1861b5ea4327f9f35e9edb3c5fadceaa7c64 Author: Arnd Bergmann Date: Fri Mar 24 23:02:49 2017 +0100 net: hns: fix uninitialized data use When dev_dbg() is enabled, we print uninitialized data, as gcc-7.0.1 now points out: ethernet/hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_set_promisc_tcam': ethernet/hisilicon/hns/hns_dsaf_main.c:2947:75: error: 'tbl_tcam_data.low.val' may be used uninitialized in this function [-Werror=maybe-uninitialized] ethernet/hisilicon/hns/hns_dsaf_main.c:2947:75: error: 'tbl_tcam_data.high.val' may be used uninitialized in this function [-Werror=maybe-uninitialized] We also pass the data into hns_dsaf_tcam_mc_cfg(), which might later use it (not sure about that), so it seems safer to just always initialize the tbl_tcam_data structure. Fixes: 1f5fa2dd1cfa ("net: hns: fix for promisc mode in HNS driver") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit a643f9054c21f4fae0fbb4add663462fea7a47f0 Merge: a00da40 94840e3 Author: Linus Torvalds Date: Sat Mar 25 15:36:56 2017 -0700 Merge tag 'fscrypt-for-linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt Pull fscrypto fixes from Ted Ts'o: "A code cleanup and bugfix for fs/crypto" * tag 'fscrypt-for-linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt: fscrypt: eliminate ->prepare_context() operation fscrypt: remove broken support for detecting keyring key revocation commit a00da40fc7a4f5000302d003dd469f132f7dfa55 Merge: 4a01fa5 a2125d0 Author: Linus Torvalds Date: Sat Mar 25 15:31:50 2017 -0700 Merge tag 'hwmon-for-linus-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: - bug fixes in asus_atk0110, it87 and max31790 drivers - added missing API definition to hwmon core * tag 'hwmon-for-linus-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (asus_atk0110) fix uninitialized data access hwmon: Add missing HWMON_T_ALARM hwmon: (it87) Avoid registering the same chip on both SIO addresses hwmon: (max31790) Set correct PWM value commit 4a01fa5e7506ec5e9537fbd0fb87faa14f4bded3 Merge: 4c3de7e f6aafac Author: Linus Torvalds Date: Sat Mar 25 15:25:58 2017 -0700 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rdma fixes from Doug Ledford: "This has been a slow -rc cycle for the RDMA subsystem. We really haven't had a lot of rc fixes come in. This pull request is the first of this entire rc cycle and it has all of the suitable fixes so far and it's still only about 20 patches. The fix for the minor breakage cause by the dma mapping patchset is in here, as well as a couple other potential oops fixes, but the rest is more minor. Summary: - fix for dma_ops change in this kernel, resolving the s390, powerpc, and IOMMU operation - a few other oops fixes - the rest are all minor fixes" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: IB/qib: fix false-postive maybe-uninitialized warning RDMA/iser: Fix possible mr leak on device removal event IB/device: Convert ib-comp-wq to be CPU-bound IB/cq: Don't process more than the given budget IB/rxe: increment msn only when completing a request uapi: fix rdma/mlx5-abi.h userspace compilation errors IB/core: Restore I/O MMU, s390 and powerpc support IB/rxe: Update documentation link RDMA/ocrdma: fix a type issue in ocrdma_put_pd_num() IB/rxe: double free on error RDMA/vmw_pvrdma: Activate device on ethernet link up RDMA/vmw_pvrdma: Dont hardcode QP header page RDMA/vmw_pvrdma: Cleanup unused variables infiniband: Fix alignment of mmap cookies to support VIPT caching IB/core: Protect against self-requeue of a cq work item i40iw: Receive netdev events post INET_NOTIFIER state commit 4c3de7e5bfbeb0ac1f702d1903ef69ad3a7f590c Merge: 424b689 5b52330 Author: Linus Torvalds Date: Sat Mar 25 15:13:55 2017 -0700 Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit Pull audit fix from Paul Moore: "We've got an audit fix, and unfortunately it is big. While I'm not excited that we need to be sending you something this large during the -rcX phase, it does fix some very real, and very tangled, problems relating to locking, backlog queues, and the audit daemon connection. This code has passed our testsuite without problem and it has held up to my ad-hoc stress tests (arguably better than the existing code), please consider pulling this as fix for the next v4.11-rcX tag" * 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit: audit: fix auditd/kernel connection state tracking commit d67d64f423147cf4fe8212658255e1160a4ef02c Author: Theodore Ts'o Date: Sat Mar 25 17:33:31 2017 -0400 ext4: fix two spelling nits Signed-off-by: Theodore Ts'o fs/ext4/inode.c | 2 +- fs/ext4/move_extent.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit dac7a4b4b1f664934e8b713f529b629f67db313c Author: Theodore Ts'o Date: Sat Mar 25 17:22:47 2017 -0400 ext4: lock the xattr block before checksuming it We must lock the xattr block before calculating or verifying the checksum in order to avoid spurious checksum failures. https://bugzilla.kernel.org/show_bug.cgi?id=193661 Reported-by: Colin Ian King Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org fs/ext4/xattr.c | 65 +++++++++++++++++++++++++++------------------------------ 1 file changed, 31 insertions(+), 34 deletions(-) commit 424b6898c8b24f7e89d2c13a141914984ce0f886 Merge: d07c6f4 7f0b97d Author: Linus Torvalds Date: Sat Mar 25 10:34:56 2017 -0700 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "A handful of Sunxi and Rockchip clk driver fixes and a core framework one where we need to copy a string because we can't guarantee it isn't freed sometime later" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: sunxi-ng: fix recalc_rate formula of NKMP clocks clk: sunxi-ng: Fix div/mult settings for osc12M on A64 clk: rockchip: Make uartpll a child of the gpll on rk3036 clk: rockchip: add "," to mux_pll_src_apll_dpll_gpll_usb480m_p on rk3036 clk: core: Copy connection id dt-bindings: arm: update Armada CP110 system controller binding clk: sunxi-ng: sun6i: Fix enable bit offset for hdmi-ddc module clock clk: sunxi: ccu-sun5i needs nkmp clk: sunxi-ng: mp: Adjust parent rate for pre-dividers commit 4bdc9029685ac03be50b320b29691766d2326c2b Author: Quentin Schulz Date: Tue Mar 21 16:52:14 2017 +0100 iio: bmg160: reset chip when probing The gyroscope chip might need to be reset to be used. Without the chip being reset, the driver stopped at the first regmap_read (to get the CHIP_ID) and failed to probe. The datasheet of the gyroscope says that a minimum wait of 30ms after the reset has to be done. This patch has been checked on a BMX055 and the datasheet of the BMG160 and the BMI055 give the same reset register and bits. Signed-off-by: Quentin Schulz Cc: Signed-off-by: Jonathan Cameron drivers/iio/gyro/bmg160_core.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit a096926ed4532eac38d4ec92aaba8c7f2149d89a Author: Enric Balletbo i Serra Date: Fri Mar 24 18:44:02 2017 +0100 iio: cros_ec_sensors: Fix return value to get raw and calibbias data. The cros_ec_sensors_read function must return the type of value on all cases. This was always true except for RAW and CALIBBIAS data which returned an error or 0. This patch just fixes the mistake I introduced when submitting the series. Fixes: commit c14dca07a31d (iio: cros_ec_sensors: add ChromeOS EC Contiguous Sensors driver) Signed-off-by: Enric Balletbo i Serra Signed-off-by: Jonathan Cameron drivers/iio/common/cros_ec_sensors/cros_ec_sensors.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5659495a7a1455665ce1466d156597ad1bda8772 Author: Naohiro Aota Date: Fri Mar 24 23:04:44 2017 -0700 uapi: add missing install of userio.h While commit 5523662edd4f ("Input: add userio module") added userio.h under the uapi/ directory, it forgot to add the header file to Kbuild. Thus, the file was missing from header installation. Signed-off-by: Naohiro Aota Reviewed-by: Lyude Paul Signed-off-by: Dmitry Torokhov include/uapi/linux/Kbuild | 1 + 1 file changed, 1 insertion(+) commit b1977682a3858b5584ffea7cfb7bd863f68db18d Author: Alexei Starovoitov Date: Fri Mar 24 15:57:33 2017 -0700 bpf: improve verifier packet range checks llvm can optimize the 'if (ptr > data_end)' checks to be in the order slightly different than the original C code which will confuse verifier. Like: if (ptr + 16 > data_end) return TC_ACT_SHOT; // may be followed by if (ptr + 14 > data_end) return TC_ACT_SHOT; while llvm can see that 'ptr' is valid for all 16 bytes, the verifier could not. Fix verifier logic to account for such case and add a test. Reported-by: Huapeng Zhou Fixes: 969bf05eb3ce ("bpf: direct packet access") Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: David S. Miller kernel/bpf/verifier.c | 5 +++-- tools/testing/selftests/bpf/test_verifier.c | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) commit 43a6684519ab0a6c52024b5e25322476cabad893 Author: Eric Dumazet Date: Fri Mar 24 19:36:13 2017 -0700 ping: implement proper locking We got a report of yet another bug in ping http://www.openwall.com/lists/oss-security/2017/03/24/6 ->disconnect() is not called with socket lock held. Fix this by acquiring ping rwlock earlier. Thanks to Daniel, Alexander and Andrey for letting us know this problem. Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") Signed-off-by: Eric Dumazet Reported-by: Daniel Jiang Reported-by: Solar Designer Reported-by: Andrey Konovalov Signed-off-by: David S. Miller net/ipv4/ping.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit f6aafac184a3e46e919769dd4faa8bf0dc436534 Author: Arnd Bergmann Date: Tue Mar 14 13:18:45 2017 +0100 IB/qib: fix false-postive maybe-uninitialized warning aarch64-linux-gcc-7 complains about code it doesn't fully understand: drivers/infiniband/hw/qib/qib_iba7322.c: In function 'qib_7322_txchk_change': include/asm-generic/bitops/non-atomic.h:105:35: error: 'shadow' may be used uninitialized in this function [-Werror=maybe-uninitialized] The code is right, and despite trying hard, I could not come up with a version that I liked better than just adding a fake initialization here to shut up the warning. Fixes: f931551bafe1 ("IB/qib: Add new qib driver for QLogic PCIe InfiniBand adapters") Signed-off-by: Arnd Bergmann Acked-by: Ira Weiny Signed-off-by: Doug Ledford drivers/infiniband/hw/qib/qib_iba7322.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ea174c9573b0e0c8bc1a7a90fe9360ccb7aa9cbb Author: Sagi Grimberg Date: Mon Feb 27 20:16:33 2017 +0200 RDMA/iser: Fix possible mr leak on device removal event When the rdma device is removed, we must cleanup all the rdma resources within the DEVICE_REMOVAL event handler to let the device teardown gracefully. When this happens with live I/O, some memory regions are occupied. Thus, track them too and dereg all the mr's. We are safe with mr access by iscsi_iser_cleanup_task. Reported-by: Raju Rangoju Signed-off-by: Sagi Grimberg Reviewed-by: Max Gurtovoy Reviewed-by: Max Gurtovoy Signed-off-by: Doug Ledford drivers/infiniband/ulp/iser/iscsi_iser.h | 2 ++ drivers/infiniband/ulp/iser/iser_verbs.c | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) commit 13a8cd191a2b470cfd435b3b57dbd21aa65ff78c Author: Alexander Duyck Date: Fri Mar 24 15:01:42 2017 -0700 i40e: Do not enable NAPI on q_vectors that have no rings When testing the epoll w/ busy poll code I found that I could get into a state where the i40e driver had q_vectors w/ active NAPI that had no rings. This was resulting in a divide by zero error. To correct it I am updating the driver code so that we only support NAPI on q_vectors that have 1 or more rings allocated to them. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: David S. Miller drivers/net/ethernet/intel/i40e/i40e_main.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit 28ee1b746f493b7c62347d714f58fbf4f70df4f0 Author: Florian Westphal Date: Fri Mar 24 19:42:37 2017 +0100 secure_seq: downgrade to per-host timestamp offsets Unfortunately too many devices (not under our control) use tcp_tw_recycle=1, which depends on timestamps being identical of the same saddr. Although tcp_tw_recycle got removed in net-next we can't make such end hosts disappear so downgrade to per-host timestamp offsets. Cc: Soheil Hassas Yeganeh Cc: Eric Dumazet Cc: Neal Cardwell Cc: Yuchung Cheng Reported-by: Yvan Vanrossomme Fixes: 95a22caee396c ("tcp: randomize tcp timestamp offsets for each connection") Signed-off-by: Florian Westphal Signed-off-by: David S. Miller net/core/secure_seq.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) commit b7363e67b23e04c23c2a99437feefac7292a88bc Author: Sagi Grimberg Date: Wed Mar 8 22:03:17 2017 +0200 IB/device: Convert ib-comp-wq to be CPU-bound This workqueue is used by our storage target mode ULPs via the new CQ API. Recent observations when working with very high-end flash storage devices reveal that UNBOUND workqueue threads can migrate between cpu cores and even numa nodes (although some numa locality is accounted for). While this attribute can be useful in some workloads, it does not fit in very nicely with the normal run-to-completion model we usually use in our target-mode ULPs and the block-mq irq<->cpu affinity facilities. The whole block-mq concept is that the completion will land on the same cpu where the submission was performed. The fact that our submitter thread is migrating cpus can break this locality. We assume that as a target mode ULP, we will serve multiple initiators/clients and we can spread the load enough without having to use unbound kworkers. Also, while we're at it, expose this workqueue via sysfs which is harmless and can be useful for debug. Signed-off-by: Sagi Grimberg Reviewed-by: Bart Van Assche -- Signed-off-by: Doug Ledford drivers/infiniband/core/device.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit fedd9e1f75828992ace5833379116f38c66ad7bb Author: Sagi Grimberg Date: Thu Mar 16 18:57:00 2017 +0200 IB/cq: Don't process more than the given budget The caller might not want this overhead. Reviewed-by: Bart Van Assche Reviewed-by: Leon Romanovsky Signed-off-by: Sagi Grimberg Reviewed-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/core/cq.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 9fcd67d1772c43d2f23e8fca56acc7219e991676 Author: David Marchand Date: Fri Feb 24 15:38:26 2017 +0100 IB/rxe: increment msn only when completing a request According to C9-147, MSN should only be incremented when the last packet of a multi packet request has been received. "Logically, the requester associates a sequential Send Sequence Number (SSN) with each WQE posted to the send queue. The SSN bears a one- to-one relationship to the MSN returned by the responder in each re- sponse packet. Therefore, when the requester receives a response, it in- terprets the MSN as representing the SSN of the most recent request completed by the responder to determine which send WQE(s) can be completed." Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: David Marchand Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_resp.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 812755d69efcf7c12fded57983d456647a0bbadd Author: Dmitry V. Levin Date: Fri Feb 24 03:28:13 2017 +0300 uapi: fix rdma/mlx5-abi.h userspace compilation errors Consistently use types from linux/types.h to fix the following rdma/mlx5-abi.h userspace compilation errors: /usr/include/rdma/mlx5-abi.h:69:25: error: 'u64' undeclared here (not in a function) MLX5_LIB_CAP_4K_UAR = (u64)1 << 0, /usr/include/rdma/mlx5-abi.h:69:29: error: expected ',' or '}' before numeric constant MLX5_LIB_CAP_4K_UAR = (u64)1 << 0, Include to fix the following rdma/mlx5-abi.h userspace compilation error: /usr/include/rdma/mlx5-abi.h:286:12: error: 'ETH_ALEN' undeclared here (not in a function) __u8 dmac[ETH_ALEN]; Signed-off-by: Dmitry V. Levin Signed-off-by: Doug Ledford include/uapi/rdma/mlx5-abi.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0957c29f78af7d890c4ac506eda8f76bfc5a137a Author: Bart Van Assche Date: Tue Mar 7 22:56:53 2017 +0000 IB/core: Restore I/O MMU, s390 and powerpc support Avoid that the following error message is reported on the console while loading an RDMA driver with I/O MMU support enabled: DMAR: Allocating domain for mlx5_0 failed Ensure that DMA mapping operations that use to_pci_dev() to access to struct pci_dev see the correct PCI device. E.g. the s390 and powerpc DMA mapping operations use to_pci_dev() even with I/O MMU support disabled. This patch preserves the following changes of the DMA mapping updates patch series: - Introduction of dma_virt_ops. - Removal of ib_device.dma_ops. - Removal of struct ib_dma_mapping_ops. - Removal of an if-statement from each ib_dma_*() operation. - IB HW drivers no longer set dma_device directly. Reported-by: Sebastian Ott Reported-by: Parav Pandit Fixes: commit 99db9494035f ("IB/core: Remove ib_device.dma_device") Signed-off-by: Bart Van Assche Reviewed-by: parav@mellanox.com Tested-by: parav@mellanox.com Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/device.c | 26 ++++++++++++++++++++------ include/rdma/ib_verbs.h | 30 +++++++++++++++++------------- 2 files changed, 37 insertions(+), 19 deletions(-) commit a1c5dd13228a1f9e5087375f9702422dfc2adbf1 Author: Leon Romanovsky Date: Tue Feb 28 21:42:53 2017 +0200 IB/rxe: Update documentation link All Soft-RoCE (rxe) is handled now in rdma-core user space library, so the documentation. The patch below updates the documentation link to that new location. Reported-by: Josh Beavers Signed-off-by: Leon Romanovsky Reviewed-by: Ira Weiny Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 004d18ea99b0f3b7b3d5790e4dc5ca7d5238706d Author: Dan Carpenter Date: Thu Feb 23 13:40:16 2017 +0300 RDMA/ocrdma: fix a type issue in ocrdma_put_pd_num() We want to return zero on success or negative error codes. The type should be int and not u8. Signed-off-by: Dan Carpenter Reviewed-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/hw/ocrdma/ocrdma_verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ded260235308f340b979258a4c736e06ba12c747 Author: Dan Carpenter Date: Wed Mar 8 08:21:52 2017 +0300 IB/rxe: double free on error "goto err;" has it's own kfree_skb() call so it's a double free. We only need to free on the "goto exit;" path. Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: Dan Carpenter Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_req.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b172679b0d3b93a6197b2ff892794e7178e3c448 Author: Aditya Sarwade Date: Wed Feb 22 17:22:58 2017 -0800 RDMA/vmw_pvrdma: Activate device on ethernet link up Restore device state when ethernet link changes to active. Acked-by: George Zhang Acked-by: Jorgen Hansen Acked-by: Bryan Tan Signed-off-by: Aditya Sarwade Signed-off-by: Adit Ranadive Signed-off-by: Doug Ledford drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 2 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) commit e51c2fb0331cb3440d7dc83ee78019ee8c7bb366 Author: Adit Ranadive Date: Wed Feb 22 17:22:57 2017 -0800 RDMA/vmw_pvrdma: Dont hardcode QP header page Moved the header page count to a macro. Reported-by: Yuval Shaia Signed-off-by: Adit Ranadive Reviewed-by: Aditya Sarwade Tested-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/hw/vmw_pvrdma/pvrdma.h | 1 + drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c | 9 +++++---- 2 files changed, 6 insertions(+), 4 deletions(-) commit 6332dee83d8eab80d6d502cc51135b998fe6df79 Author: Adit Ranadive Date: Wed Feb 22 17:22:56 2017 -0800 RDMA/vmw_pvrdma: Cleanup unused variables Removed the unused nreq and redundant index variables. Moved hardcoded async and cq ring pages number to macro. Reported-by: Yuval Shaia Signed-off-by: Adit Ranadive Reviewed-by: Aditya Sarwade Tested-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/hw/vmw_pvrdma/pvrdma.h | 2 ++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 4 ++-- drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c | 33 ++++++++++---------------- 3 files changed, 17 insertions(+), 22 deletions(-) commit 95f255211396958c718aef8c45e3923b5211ea7b Author: Alexander Duyck Date: Fri Mar 24 09:38:03 2017 -0700 net: Do not allow negative values for busy_read and busy_poll sysctl interfaces This change basically codifies what I think was already the limitations on the busy_poll and busy_read sysctl interfaces. We weren't checking the lower bounds and as such could input negative values. The behavior when that was used was dependent on the architecture. In order to prevent any issues with that I am just disabling support for values less than 0 since this way we don't have to worry about any odd behaviors. By limiting the sysctl values this way it also makes it consistent with how we handle the SO_BUSY_POLL socket option since the value appears to be reported as a signed integer value and negative values are rejected. Signed-off-by: Alexander Duyck Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/core/sysctl_net_core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit abbbdf12497d36b001e0865bc5bc6cc363f3a5e1 Author: Ratna Manoj Bolla Date: Fri Mar 24 14:08:29 2017 -0400 nbd: replace kill_bdev() with __invalidate_device() When a filesystem is mounted on a nbd device and on a disconnect, because of kill_bdev(), and resetting bdev size to zero, buffer_head mappings are getting destroyed under mounted filesystem. After a bdev size reset(i.e bdev->bd_inode->i_size = 0) on a disconnect, followed by a sys_umount(), generic_shutdown_super()->... ->__sync_blockdev()->... -blkdev_writepages()->... ->do_invalidatepage()->... -discard_buffer() is discarding superblock buffer_head assumed to be in mapped state by ext4_commit_super(). [mlin: ported to 4.11-rc2] Signed-off-by: Ratna Manoj Bolla Signed-off-by: Jens Axboe drivers/block/nbd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit f8586855031a1d6b243f013c3082631346fddfad Author: Josef Bacik Date: Fri Mar 24 14:08:28 2017 -0400 nbd: set queue timeout properly We can't just set the timeout on the tagset, we have to set it on the queue as it would have been setup already at this point. Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit c103b4dac8f69ca55196afcd57c4cdd6d3ab88eb Author: Josef Bacik Date: Fri Mar 24 14:08:27 2017 -0400 nbd: set rq->errors to actual error code We've been relying on the block layer to assume rq->errors being set translates into -EIO. I noticed in testing that sometimes this isn't true, and really there's not much of a reason to have a counter instead of just using -EIO. So set it properly so we don't leak random numbers to unsuspecting victims. Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9dd5d3ab49f74e1a3fab92c432a7600bd9081ccc Author: Josef Bacik Date: Fri Mar 24 14:08:26 2017 -0400 nbd: handle ERESTARTSYS properly We can submit IO in a processes context, which means there can be pending signals. This isn't a fatal error for NBD, but it does require some finesse. If the signal happens before we transmit anything then we are ok, just requeue the request and carry on. However if we've done a partial transmit we can't allow anything else to be transmitted on this socket until we transmit the remaining part of the request. Deal with this by keeping track of how much we've sent for the current request, and if we get an ERESTARTSYS during any part of our transmission save the state of that request and requeue the IO. If anybody tries to submit a request that isn't our pending request then requeue that request until we are able to service the one that is pending. Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 115 ++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 89 insertions(+), 26 deletions(-) commit 93efe9817e651607d83e5f100076ae62d0ce0b93 Author: Jens Axboe Date: Fri Mar 24 12:04:19 2017 -0600 blk-mq: include errors in did_work calculation Currently we return true in blk_mq_dispatch_rq_list() if we queued IO successfully, but we really want to return whether or not the we made progress. Progress includes if we got an error return. If we don't, this can lead to a hang in blk_mq_sched_dispatch_requests() when a driver is draining IO by returning BLK_MQ_QUEUE_ERROR instead of manually ending the IO in error and return BLK_MQ_QUEUE_OK. Tested-by: Josef Bacik Reviewed-by: Bart Van Assche Reviewed-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit d07c6f46c441c32c55076a45479530707170c55c Merge: 04e904a 65b1ade Author: Linus Torvalds Date: Fri Mar 24 14:39:36 2017 -0700 Merge tag 'vfio-v4.11-rc4' of git://github.com/awilliam/linux-vfio Pull VFIO fix from Alex Williamson: "Rework sanity check for mdev driver group notifier de-registration (Alex Williamson)" * tag 'vfio-v4.11-rc4' of git://github.com/awilliam/linux-vfio: vfio: Rework group release notifier warning commit 04e904aa79ccdeede66d58e72e4c5402e4b9bd70 Merge: 59d9cb9 95a4960 Author: Linus Torvalds Date: Fri Mar 24 14:37:12 2017 -0700 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "A few fixes for the current series that should go into -rc4. This contains: - a fix for a potential corruption of un-started requests from Ming. - a blk-stat fix from Omar, ensuring we flush the stat batch before checking nr_samples. - a set of fixes from Sagi for the nvmeof family" * 'for-linus' of git://git.kernel.dk/linux-block: blk-mq: don't complete un-started request in timeout handler nvme-loop: handle cpu unplug when re-establishing the controller nvme-rdma: handle cpu unplug when re-establishing the controller nvmet-rdma: Fix a possible uninitialized variable dereference nvmet: confirm sq percpu has scheduled and switched to atomic nvme-loop: fix a possible use-after-free when destroying the admin queue blk-stat: fix blk_stat_sum() if all samples are batched commit 59d9cb91d07236b5255a3b1999f6f2d9985b3657 Merge: 2056b7c 633ee407 Author: Linus Torvalds Date: Fri Mar 24 14:35:39 2017 -0700 Merge tag 'ceph-for-4.11-rc4' of git://github.com/ceph/ceph-client Pull ceph fix from Ilya Dryomov: "A fix for a writeback deadlock caused by a GFP_KERNEL allocation on the reclaim path, tagged for stable" * tag 'ceph-for-4.11-rc4' of git://github.com/ceph/ceph-client: libceph: force GFP_NOIO for socket allocations commit 2056b7c7df94d9c3e81bcee7430fe2417158e455 Merge: 42ea16f 0fa974b Author: Linus Torvalds Date: Fri Mar 24 14:32:21 2017 -0700 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Arnd Bergmann: - a couple of OMAP 4.11 regression fixes, including a boot regression for SmartReflex, hypervisor mode in thumb2 mode, and reference counting of device nodes - a fix for cpu_idle on at91 - minor DT fixes on across several platforms: sunxi, bcm53xx, at91, nsp, ns2, ux500, omap - a fix to correct an API change in the reset controllers * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (22 commits) arm64: dts: NS2: Add dma-coherent to relevant DT entries reset: fix optional reset_control_get stubs to return NULL ARM: sun8i: a23/a33: drop bl_en_pin GPIO pinmux in reference design DTSI ARM: dts: sun7i: lamobo-r1: Fix CPU port RGMII settings ARM: dts: NSP: GPIO reboot open-source ARM: at91: pm: cpu_idle: switch DDR to power-down mode ARM: dts: add the AB8500 clocks to the device tree ARM: dts: imx6sx-udoo-neo: Fix reboot hang ARM: sun8i: Fix the mali clock rate ARM: dts: BCM5301X: Correct GIC_PPI interrupt flags ARM: dts: BCM5301X: Fix memory start address ARM: dts: BCM5301X: Fix UARTs on bcm953012k Revert "ARM: at91/dt: sama5d2: Use new compatible for ohci node" ARM: OMAP2+: Release device node after it is no longer needed. ARM: OMAP2+: Fix device node reference counts ARM: OMAP2+: Remove legacy gpmc-nand.c ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure ARM: dts: am335x-pcm953: Fix legacy wakeup source binding ARM: omap2plus_defconfig: Enable INPUT_MOUSEDEV as loadable modules ARM: dts: am57xx-idk: tpic2810 is on I2C bus, not SPI ... commit 42ea16f815e7adb155557eb3017510e635edbcfe Merge: 69917da 1914f0c Author: Linus Torvalds Date: Fri Mar 24 14:29:23 2017 -0700 Merge tag 'for-linus-4.11b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes from Juergen Gross: "Fixes for PM under Xen" * tag 'for-linus-4.11b-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/acpi: upload PM state from init-domain to Xen xen/acpi: Replace hard coded "ACPI0007" commit 69917da73a4fa03b2c13fde976ba1aad950d9181 Merge: e8fe23f afd0e5a Author: Linus Torvalds Date: Fri Mar 24 14:21:09 2017 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "There's a kaslr fix and then two patches to update our native and compat syscall tables. Arnd asked that we take the addition of statx to the asm-generic unistd.h via arm64, as he didn't have anything queued in the asm-generic tree. Summary: - Fix mapping of kernel image under certain kaslr offsets - Hook up new statx syscall in asm-generic syscall table - Update compat syscall table to match arch/arm/ (pkeys and statx)" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: kaslr: Fix up the kernel image alignment arm64: compat: Update compat syscalls generic syscalls: Wire up statx syscall commit e8fe23ffc9bb43cbaade86dfb0701fb35b785d06 Merge: 213e4eb 8c75704 Author: Linus Torvalds Date: Fri Mar 24 14:11:36 2017 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes regressions in the crypto ccp driver and the hwrng drivers for amd and geode" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: hwrng: geode - Revert managed API changes hwrng: amd - Revert managed API changes crypto: ccp - Assign DMA commands to the channel's CCP commit cb8864559631754ac93d5734b165ccd0cad4728c Author: Jason Gunthorpe Date: Fri Mar 10 11:34:20 2017 -0700 infiniband: Fix alignment of mmap cookies to support VIPT caching When vmalloc_user is used to create memory that is supposed to be mmap'd to user space, it is necessary for the mmap cookie (eg the offset) to be aligned to SHMLBA. This creates a situation where all virtual mappings of the same physical page share the same virtual cache index and guarantees VIPT coherence. Otherwise the cache is non-coherent and the kernel will not see writes by userspace when reading the shared page (or vice-versa). Reported-by: Josh Beavers Signed-off-by: Jason Gunthorpe Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/mmap.c | 4 ++-- drivers/infiniband/sw/rxe/rxe_mmap.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 9f47a48e6eb97d793db85373e3ef4c55d876d334 Author: Jeff Kirsher Date: Thu Mar 23 20:47:15 2017 -0700 Revert "e1000e: driver trying to free already-free irq" This reverts commit 7e54d9d063fa239c95c21548c5267f0ef419ff56. After additional regression testing, several users are experiencing kernel panics during shutdown on e1000e devices. Reverting this change resolves the issue. Signed-off-by: Jeff Kirsher Signed-off-by: David S. Miller drivers/net/ethernet/intel/e1000e/netdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 213e4eb2da7e4fa716560b20752b05b80b5b0da9 Merge: 9a31328 11cd338 Author: Linus Torvalds Date: Fri Mar 24 13:42:17 2017 -0700 Merge tag 'iommu-fixes-v4.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU fixes from Joerg Roedel: "A few fixes piled up: - fix a NULL-ptr dereference that happens in VT-d on some platforms - a fix for ARM MSI region reporting, so that a sane interface makes it to a released kernel - fixes for leaf-checking in ARM io-page-table code - two fixes for IO/TLB flushing code on ARM Exynos platforms" * tag 'iommu-fixes-v4.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu: Disambiguate MSI region types iommu/exynos: Workaround FLPD cache flush issues for SYSMMU v5 iommu/exynos: Block SYSMMU while invalidating FLPD cache iommu/vt-d: Fix NULL pointer dereference in device_to_iommu iommu/io-pgtable-arm-v7s: Check for leaf entry before dereferencing it iommu/io-pgtable-arm: Check for leaf entry before dereferencing it commit 86f46aba8d1ac3ed0904542158a9b9cb9c7a143c Author: Sagi Grimberg Date: Wed Mar 8 22:00:52 2017 +0200 IB/core: Protect against self-requeue of a cq work item We need to make sure that the cq work item does not run when we are destroying the cq. Unlike flush_work, cancel_work_sync protects against self-requeue of the work item (which we can do in ib_cq_poll_work). Signed-off-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Reviewed-by: Bart Van Assche -- Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/cq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9a31328f310d6281a8afbcf9e15832aef8e0695e Merge: e887118 027fb89 Author: Linus Torvalds Date: Fri Mar 24 13:37:40 2017 -0700 Merge tag 'mmc-v4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull mmc fixes from Ulf Hansson: "Here are a couple of mmc fixes intended for v4.11 rc4. MMC core: - Fix initialization of HS400-ES eMMC cards - A couple of fixes for the mmc block device driver - Resolved a compiler warning MMC host: - sdhci: Do not disable IRQs while waiting for clock - sdhci-pci: Do not disable IRQs in sdhci_intel_set_power - sdhci-of-arasan: Fix incorrect timeout clock - mediatek: Fix bug for setting wrong clock frequency - sdhci-of-at91: Use regulator to fix cmd timeout errors - ushc: Fix NULL-deref at probe - rockchip-dw-mshc: Rename RK1108 to RV1108 in DT" * tag 'mmc-v4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci-pci: Do not disable interrupts in sdhci_intel_set_power mmc: sdhci: Do not disable interrupts while waiting for clock mmc: ushc: fix NULL-deref at probe mmc: sdhci-of-at91: Support external regulators mmc: core: mmc_blk_rw_cmd_err - remove unused variable mmc: mediatek: Fixed bug where clock frequency could be set wrong mmc: block: Fix cmd error reset failure path mmc: block: Fix is_waiting_last_req set incorrectly mmc: core: Fix access to HS400-ES devices mmc: sdhci-of-arasan: fix incorrect timeout clock dt-bindings: rockchip-dw-mshc: rename RK1108 to RV1108 commit ae9955aeb8e47c4f60a02add47acf9850ca0ead7 Author: Alexey Brodkin Date: Thu Mar 23 20:34:45 2017 +0300 ARC: vdk: Fix support of UIO MotherBoard section has its "ranges" set to 0xE000_0000-0xF000_0000. But UIO node maps 4 different areas in different memory locations and all outside MB's ranges. That obviously breaks UIO mappings in runtime. Cc: Ruud Derwig Cc: stable@vger.kernel.org Signed-off-by: Alexey Brodkin Signed-off-by: Vineet Gupta arch/arc/boot/dts/vdk_axs10x_mb.dtsi | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit e88711860dee6ce0dba459abf6be446ccfc64443 Merge: 86b7eab 24a47426 Author: Linus Torvalds Date: Fri Mar 24 13:34:16 2017 -0700 Merge tag 'media/v4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: - dvb-usb-firmware: don't do DMA on stack - coda/imx-vdoa: platform_driver should not be const - bdisp: Clean up file handle in open() error path - exynos-gsc: Do not swap cb/cr for semi planar formats * tag 'media/v4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: [media] exynos-gsc: Do not swap cb/cr for semi planar formats [media] bdisp: Clean up file handle in open() error path [media] coda/imx-vdoa: platform_driver should not be const [media] dvb-usb-firmware: don't do DMA on stack commit 871a8623d3b40221ad1103aff715dfee0aa4dacf Author: Shiraz Saleem Date: Fri Mar 17 18:30:07 2017 -0500 i40iw: Receive netdev events post INET_NOTIFIER state Netdev notification events are de-registered only when all client iwdev instances are removed. If a single client is closed and re-opened, netdev events could arrive even before the Control Queue-Pair (CQP) is created, causing a NULL pointer dereference crash in i40iw_get_cqp_request. Fix this by allowing netdev event notification only after we have reached the INET_NOTIFIER state with respect to device initialization. Reported-by: Stefan Assmann Signed-off-by: Shiraz Saleem Reviewed-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_utils.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 86b7eab29dbe27acd5b67a7f110e244a0c3f4b96 Merge: ebe6482 d64a047 Author: Linus Torvalds Date: Fri Mar 24 13:15:52 2017 -0700 Merge tag 'drm-fixes-for-v4.11-rc4' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: - one core drm/fbdev regression fix - a set of i915 fixes including a few GVT related fixes, along with some reset fixes - one new PCI id for amdgpu, and some minor workaround regression fixes - .. and a set of exynos fixes, dropping support for an old unsupported SoC, some vblank timing fixes, and an info leak fix * tag 'drm-fixes-for-v4.11-rc4' of git://people.freedesktop.org/~airlied/linux: (34 commits) drm/fb-helper: Allow var->x/yres(_virtual) < fb->width/height again drm/i915: make context status notifier head be per engine drm/i915: Avoid rcu_barrier() from reclaim paths (shrinker) drm/exynos/dsi: make te-gpios optional drm/exynos: Print kernel pointers in a restricted form drm/exynos/decon5433: fix software trigger mask drm/exynos/fimd: signal frame done interrupt at front porch drm/exynos/decon5433: signal frame done interrupt at front porch drm/exynos/decon5433: fix vblank event handling drm/exynos: move crtc event handling to drivers callbacks drm/exynos: Remove support for Exynos4415 (SoC not supported anymore) drm/exynos/decon5433: & vs | typo drm/amd/amdgpu: add POLARIS12 PCI ID drm/i915/gvt: Fix gvt scheduler interval time drm/i915/gvt: GVT pin/unpin shadow context drm/i915/gvt: scan shadow indirect context image when valid drm/i915/kvmgt: fix suspicious rcu dereference usage drm/i915/gvt: add enable_execlists check before enable gvt drm/i915/gvt: Remove bogus retry around i915_wait_request drm/i915/gvt: correct the ggtt valid bit check in pipe control command ... commit a80db69e47d764bbcaf2fec54b1f308925e7c490 Author: WANG Cong Date: Thu Mar 23 11:03:31 2017 -0700 kcm: return immediately after copy_from_user() failure There is no reason to continue after a copy_from_user() failure. Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Cc: Tom Herbert Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/kcm/kcmsock.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a5af83925363eb85d467933e3d6ec5a87001eb7c Author: Arnd Bergmann Date: Thu Mar 23 17:07:26 2017 +0100 bna: avoid writing uninitialized data into hw registers The latest gcc-7 snapshot warns about bfa_ioc_send_enable/bfa_ioc_send_disable writing undefined values into the hardware registers: drivers/net/ethernet/brocade/bna/bfa_ioc.c: In function 'bfa_iocpf_sm_disabling_entry': arch/arm/include/asm/io.h:109:22: error: '*((void *)&disable_req+4)' is used uninitialized in this function [-Werror=uninitialized] arch/arm/include/asm/io.h:109:22: error: '*((void *)&disable_req+8)' is used uninitialized in this function [-Werror=uninitialized] The two functions look like they should do the same thing, but only one of them initializes the time stamp and clscode field. The fact that we only get a warning for one of the two functions seems to be arbitrary, based on the inlining decisions in the compiler. To address this, I'm making both functions do the same thing: - set the clscode from the ioc structure in both - set the time stamp from ktime_get_real_seconds (which also avoids the signed-integer overflow in 2038 and extends the well-defined behavior until 2106). - zero-fill the reserved field Fixes: 8b230ed8ec96 ("bna: Brocade 10Gb Ethernet device driver") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/brocade/bna/bfa_ioc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 1f3466a0538cde69b03f2aba13e6da72208e56cd Merge: 031b8c6 90b14dc Author: David S. Miller Date: Fri Mar 24 12:40:00 2017 -0700 Merge branch 's390-net' Ursula Braun says: ==================== s390/qeth patches for net here are 2 s390/qeth patches built for net fixing a problem with AF_IUCV traffic through HiperSockets. And we come up with an update for the MAINTAINERS file to establish Julian as Co-Maintainer for drivers/s390/net and net/iucv. ==================== Signed-off-by: David S. Miller commit 90b14dc731b1b4aac8ba01850b530bf7ba26462f Author: Ursula Braun Date: Thu Mar 23 14:55:10 2017 +0100 MAINTAINERS: add Julian Wiedmann Add Julian Wiedmann as additional maintainer for drivers/s390/net and net/iucv. Signed-off-by: Ursula Braun Signed-off-by: David S. Miller MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) commit acd9776b5c45ef02d1a210969a6fcc058afb76e3 Author: Julian Wiedmann Date: Thu Mar 23 14:55:09 2017 +0100 s390/qeth: no ETH header for outbound AF_IUCV With AF_IUCV traffic, the skb passed to hard_start_xmit() has a 14 byte slot at skb->data, intended for an ETH header. qeth_l3_fill_af_iucv_hdr() fills this ETH header... and then immediately moves it to the skb's headroom, where it disappears and is never seen again. But it's still possible for us to return NETDEV_TX_BUSY after the skb has been modified. Since we didn't get a private copy of the skb, the next time the skb is delivered to hard_start_xmit() it no longer has the expected layout (we moved the ETH header to the headroom, so skb->data now starts at the IUCV_TRANS header). So when qeth_l3_fill_af_iucv_hdr() does another round of rebuilding, the resulting qeth header ends up all wrong. On transmission, the buffer is then rejected by the HiperSockets device with SBALF15 = x'04'. When this error is passed back to af_iucv as TX_NOTIFY_UNREACHABLE, it tears down the offending socket. As the ETH header for AF_IUCV serves no purpose, just align the code to what we do for IP traffic on L3 HiperSockets: keep the ETH header at skb->data, and pass down data_offset = ETH_HLEN to qeth_fill_buffer(). When mapping the payload into the SBAL elements, the ETH header is then stripped off. This avoids the skb manipulations in qeth_l3_fill_af_iucv_hdr(), and any buffer re-entering hard_start_xmit() after NETDEV_TX_BUSY is now processed properly. Signed-off-by: Julian Wiedmann Signed-off-by: Ursula Braun Signed-off-by: David S. Miller drivers/s390/net/qeth_l3_main.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) commit 7d969d2e8890f546c8cec634b3aa5f57d4eef883 Author: Julian Wiedmann Date: Thu Mar 23 14:55:08 2017 +0100 s390/qeth: size calculation outbound buffers Depending on the device type, hard_start_xmit() builds different output buffer formats. For instance with HiperSockets, on both L2 and L3 we strip the ETH header from the skb - L3 doesn't need it, and L2 carries it in the buffer's header element. For this, we pass data_offset = ETH_HLEN all the way down to __qeth_fill_buffer(), where skb->data is then adjusted accordingly. But the initial size calculation still considers the *full* skb length (including the ETH header). So qeth_get_elements_no() can erroneously reject a skb as too big, even though it would actually fit into an output buffer once the ETH header has been trimmed off later. Fix this by passing an additional offset to qeth_get_elements_no(), that indicates where in the skb the on-wire data actually begins. Since the current code uses data_offset=-1 for some special handling on OSA, we need to clamp data_offset to 0... On HiperSockets this helps when sending ~MTU-size skbs with weird page alignment. No change for OSA or AF_IUCV. Signed-off-by: Julian Wiedmann Signed-off-by: Ursula Braun Signed-off-by: David S. Miller drivers/s390/net/qeth_core.h | 3 ++- drivers/s390/net/qeth_core_main.c | 5 +++-- drivers/s390/net/qeth_l2_main.c | 5 +++-- drivers/s390/net/qeth_l3_main.c | 5 +++-- 4 files changed, 11 insertions(+), 7 deletions(-) commit 031b8c6d1d1c9555ebb4d14fe07fef45ef804947 Merge: 2f25abe 5d73bb8 Author: David S. Miller Date: Fri Mar 24 12:32:20 2017 -0700 Merge branch 'aquantia-fixes' Pavel Belous says: ==================== net:ethernet:aquantia: Misc fixes for atlantic driver. The following patchset containg several fixes for aQuantia AQtion driver for net tree: A couple fixes for IPv6 and other fixes. v1->v2: Fix compilation error (using HW_ATL_A0_TXD_CTL_CMD_IPV6 instead HW_ATL_B0_TXD_CTL_CMD_IPV6). v2->v3: Added "Fixes" tags. ==================== Signed-off-by: David S. Miller commit 5d73bb863c2ef3aa1a28b5885c85ede7307df8ea Author: Pavel Belous Date: Thu Mar 23 14:19:45 2017 +0300 net:ethernet:aquantia: Reset is_gso flag when EOP reached. We need to reset is_gso flag when EOP reached (entire LSO packet processed). Fixes: bab6de8fd180 ("net: ethernet: aquantia: Atlantic A0 and B0 specific functions.") Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c | 1 + drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 1 + 2 files changed, 2 insertions(+) commit 386aff88e32ec3f82e3f032217bad0c8c8846349 Author: Pavel Belous Date: Thu Mar 23 14:19:44 2017 +0300 net:ethernet:aquantia: Fix for LSO with IPv6. Fix Context Command bit: L3 type = "0" for IPv4, "1" for IPv6. Fixes: bab6de8fd180 ("net: ethernet: aquantia: Atlantic A0 and B0 specific functions.") Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 3 +++ drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 3 ++- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c | 3 +++ drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 3 +++ 4 files changed, 11 insertions(+), 1 deletion(-) commit 9f0dd8c322e89f137c44b437d6fbecc9dea12204 Author: Pavel Belous Date: Thu Mar 23 14:19:43 2017 +0300 net:ethernet:aquantia: Missing spinlock initialization. Fix for missing initialization aq_ring header.lock spinlock. Fixes: 018423e90bee ("net: ethernet: aquantia: Add ring support code") Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 1 + 1 file changed, 1 insertion(+) commit ea0504f554c8f989eab58549300d15582d36f039 Author: Pavel Belous Date: Thu Mar 23 14:19:42 2017 +0300 net:ethernet:aquantia: Fix packet type detection (TCP/UDP) for IPv6. In order for the checksum offloads to work correctly we need to set the packet type bit (TCP/UDP) in the TX context buffer. Fixes: 97bde5c4f909 ("net: ethernet: aquantia: Support for NIC-specific code") Signed-off-by: Pavel Belous Tested-by: David Arcari Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) commit 1adbddef118ae8bf6409c13208645d28c29731c1 Author: Pavel Belous Date: Thu Mar 23 14:19:41 2017 +0300 net:ethernet:aquantia: Remove adapter re-opening when MTU changed. Closing/opening the adapter is not needed at all. The new MTU settings take effect immediately. Fixes: 97bde5c4f909 ("net: ethernet: aquantia: Support for NIC-specific code") Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_main.c | 5 ----- 1 file changed, 5 deletions(-) commit 2f25abe6bac573928a990ccbdac75873add8127e Author: hayeswang Date: Thu Mar 23 19:14:19 2017 +0800 r8152: prevent the driver from transmitting packets with carrier off The linking status may be changed when autosuspend. And, after autoresume, the driver may try to transmit packets when the device is carrier off, because the interrupt transfer doesn't update the linking status, yet. And, if the device is in ALDPS mode, the device would stop working. The another similar case is 1. unplug the cable. 2. interrupt transfer queue a work_queue for linking change. 3. device enters the ALDPS mode. 4. a tx occurs before the work_queue is called. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit 49d52e8108a21749dc2114b924c907db43358984 Author: Nathan Sullivan Date: Wed Mar 22 15:27:01 2017 -0500 net: phy: handle state correctly in phy_stop_machine If the PHY is halted on stop, then do not set the state to PHY_UP. This ensures the phy will be restarted later in phy_start when the machine is started again. Fixes: 00db8189d984 ("This patch adds a PHY Abstraction Layer to the Linux Kernel, enabling ethernet drivers to remain as ignorant as is reasonable of the connected PHY's design and operation details.") Signed-off-by: Nathan Sullivan Signed-off-by: Brad Mouring Acked-by: Xander Huff Acked-by: Kyle Roeschley Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 971edb0a0087b65bd3726d23b2dffff405d48f72 Author: Lucas Stach Date: Thu Mar 23 15:05:26 2017 +0100 ASoC: simple-card: fix simple_dai clk lookup The clock needs to be stored in the simple_dai structure, so it can be enabled later on. This has been broken during the conversion to use devm_* functions for the clk lookup. Fixes: e984fd61e860 (ASoC: simple-card: use devm_get_clk_from_child()) Signed-off-by: Lucas Stach Acked-by: Kuninori Morimoto Signed-off-by: Mark Brown sound/soc/generic/simple-card-utils.c | 1 + 1 file changed, 1 insertion(+) commit 3c9d3f1bc2defd418b5933bbc928096c9c686d3b Author: Arnaud Pouliquen Date: Thu Mar 23 19:39:54 2017 +0100 ASoC: STI: Fix reader substream pointer set reader->substream is used in IRQ handler for error case but is never set. Set value to pcm substream on DAI startup and clean it on dai shutdown. Signed-off-by: Arnaud Pouliquen Signed-off-by: Mark Brown sound/soc/sti/uniperif_reader.c | 3 +++ 1 file changed, 3 insertions(+) commit 0fa974b8b6106e053595e5481ef6fdbf5c60b457 Merge: bf3f530 f0c0cb9 Author: Arnd Bergmann Date: Fri Mar 24 17:51:50 2017 +0100 Merge tag 'arm-soc/for-4.11/devicetree-arm64-fixes' of http://github.com/Broadcom/stblinux into fixes Pull "Broadcom arm64 Device Tree fixes for 4.11" from Florian Fainelli: This pull request contains Broadcom ARM64-based SoCs Device Tree fixes for 4.11, please pull the following: - Jon adds missing "dma-coherent" property to the Northstar 2 DTS include file in order to fix both performance and cache problems for: PCIe, Ethernet, PDC/mailbox, SATA3 and SDHCI * tag 'arm-soc/for-4.11/devicetree-arm64-fixes' of http://github.com/Broadcom/stblinux: arm64: dts: NS2: Add dma-coherent to relevant DT entries commit bf3f53089c2f51d8907398051f9a7dcf2788c4b5 Merge: 6479ca8 acfa28b Author: Arnd Bergmann Date: Fri Mar 24 17:49:40 2017 +0100 Merge tag 'arm-soc/for-4.11/devicetree-fixes-2' of http://github.com/Broadcom/stblinux into fixes Pull "Broadcom arm Device Tree fixes for 4.11 (part 2)" from Florian Fainelli: This pull request contains Broadcom ARM-based SoCs Device Tree fixes for 4.11, please pull the following: - Jon fixes a reboot issue on most Northstar Plus platforms by adding the "open-source" property to the "gpio-restart" Device Tree nodes * tag 'arm-soc/for-4.11/devicetree-fixes-2' of http://github.com/Broadcom/stblinux: ARM: dts: NSP: GPIO reboot open-source commit 2d7d54002e396c180db0c800c1046f0a3c471597 Author: Takashi Iwai Date: Fri Mar 24 17:07:57 2017 +0100 ALSA: seq: Fix race during FIFO resize When a new event is queued while processing to resize the FIFO in snd_seq_fifo_clear(), it may lead to a use-after-free, as the old pool that is being queued gets removed. For avoiding this race, we need to close the pool to be deleted and sync its usage before actually deleting it. The issue was spotted by syzkaller. Reported-by: Dmitry Vyukov Cc: Signed-off-by: Takashi Iwai sound/core/seq/seq_fifo.c | 4 ++++ 1 file changed, 4 insertions(+) commit 4d339989acd730f17bc814b5ddb9c54e405766b6 Author: Liad Kaufman Date: Tue Mar 21 17:13:16 2017 +0200 iwlwifi: mvm: support ibss in dqa mode Allow working IBSS also when working in DQA mode. This is done by setting it to treat the queues the same as a BSS AP treats the queues. Fixes: 7948b87308a4 ("iwlwifi: mvm: enable dynamic queue allocation mode") Signed-off-by: Liad Kaufman Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 3 ++- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 9 ++++++--- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 7 +++++-- 3 files changed, 13 insertions(+), 6 deletions(-) commit 251fe09f13bfb54c1ede66ee8bf8ddd0061c4f7c Author: Dan Carpenter Date: Thu Mar 23 13:40:00 2017 +0300 iwlwifi: mvm: writing zero bytes to debugfs causes a crash This is a static analysis fix. The warning is: drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c:912 iwl_mvm_fw_dbg_collect() warn: integer overflows 'sizeof(*desc) + len' I guess this code is supposed to take a NUL character, but if we write zero bytes then it tries to write -1 characters and crashes. Fixes: c91b865cb14d ("iwlwifi: mvm: support description for user triggered fw dbg collection") Signed-off-by: Dan Carpenter Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 2 ++ 1 file changed, 2 insertions(+) commit a95600294157ca7527ee7c70249fb53e09d8c566 Author: Sara Sharon Date: Thu Jan 26 14:43:32 2017 +0200 iwlwifi: mvm: fix accessing fw_id_to_mac_id Access should be by rcu_dereference. Issue was found by sparse. Fixes: 65e254821cee ("iwlwifi: mvm: use firmware station PM notification for AP_LINK_PS") Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9257821c5a1dc57ef3a37f7cbcebaf548395c964 Author: Peter Stein Date: Fri Feb 17 00:00:50 2017 -0800 HID: xinmo: fix for out of range for THT 2P arcade controller. There is a new clone of the XIN MO arcade controller which has same issue with out of range like the original. This fix will solve the issue where 2 directions on the joystick are not recognized by the new THT 2P arcade controller with device ID 0x75e1. In details the new device ID is added the hid-id list and the hid-xinmo source code. Signed-off-by: Peter Stein Signed-off-by: Jiri Kosina drivers/hid/hid-core.c | 1 + drivers/hid/hid-ids.h | 1 + drivers/hid/hid-xinmo.c | 1 + 3 files changed, 3 insertions(+) commit 9df0eb180c2074451f25556eb566d89c7057c2ac Author: Eric Biggers Date: Thu Mar 23 13:39:46 2017 -0700 crypto: xts,lrw - fix out-of-bounds write after kmalloc failure In the generic XTS and LRW algorithms, for input data > 128 bytes, a temporary buffer is allocated to hold the values to be XOR'ed with the data before and after encryption or decryption. If the allocation fails, the fixed-size buffer embedded in the request buffer is meant to be used as a fallback --- resulting in more calls to the ECB algorithm, but still producing the correct result. However, we weren't correctly limiting subreq->cryptlen in this case, resulting in pre_crypt() overrunning the embedded buffer. Fix this by setting subreq->cryptlen correctly. Fixes: f1c131b45410 ("crypto: xts - Convert to skcipher") Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher") Cc: stable@vger.kernel.org # v4.10+ Reported-by: Dmitry Vyukov Signed-off-by: Eric Biggers Acked-by: David S. Miller Signed-off-by: Herbert Xu crypto/lrw.c | 7 +++++-- crypto/xts.c | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) commit efc989fce8703914bac091dcc4b8ff7a72ccf987 Author: Gary R Hook Date: Thu Mar 23 12:53:30 2017 -0500 crypto: ccp - Make some CCP DMA channels private The CCP registers its queues as channels capable of handling general DMA operations. The NTB driver will use DMA if directed, but as public channels can be reserved for use in asynchronous operations some channels should be held back as private. Since the public/private determination is handled at a device level, reserve the "other" (secondary) CCP channels as private. Add a module parameter that allows for override, to be applied to all channels on all devices. CC: # 4.10.x- Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-dev-v5.c | 1 + drivers/crypto/ccp/ccp-dev.h | 5 +++++ drivers/crypto/ccp/ccp-dmaengine.c | 41 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+) commit de5540d088fe97ad583cc7d396586437b32149a5 Author: Jason A. Donenfeld Date: Thu Mar 23 12:24:43 2017 +0100 padata: avoid race in reordering Under extremely heavy uses of padata, crashes occur, and with list debugging turned on, this happens instead: [87487.298728] WARNING: CPU: 1 PID: 882 at lib/list_debug.c:33 __list_add+0xae/0x130 [87487.301868] list_add corruption. prev->next should be next (ffffb17abfc043d0), but was ffff8dba70872c80. (prev=ffff8dba70872b00). [87487.339011] [] dump_stack+0x68/0xa3 [87487.342198] [] ? console_unlock+0x281/0x6d0 [87487.345364] [] __warn+0xff/0x140 [87487.348513] [] warn_slowpath_fmt+0x4a/0x50 [87487.351659] [] __list_add+0xae/0x130 [87487.354772] [] ? _raw_spin_lock+0x64/0x70 [87487.357915] [] padata_reorder+0x1e6/0x420 [87487.361084] [] padata_do_serial+0xa5/0x120 padata_reorder calls list_add_tail with the list to which its adding locked, which seems correct: spin_lock(&squeue->serial.lock); list_add_tail(&padata->list, &squeue->serial.list); spin_unlock(&squeue->serial.lock); This therefore leaves only place where such inconsistency could occur: if padata->list is added at the same time on two different threads. This pdata pointer comes from the function call to padata_get_next(pd), which has in it the following block: next_queue = per_cpu_ptr(pd->pqueue, cpu); padata = NULL; reorder = &next_queue->reorder; if (!list_empty(&reorder->list)) { padata = list_entry(reorder->list.next, struct padata_priv, list); spin_lock(&reorder->lock); list_del_init(&padata->list); atomic_dec(&pd->reorder_objects); spin_unlock(&reorder->lock); pd->processed++; goto out; } out: return padata; I strongly suspect that the problem here is that two threads can race on reorder list. Even though the deletion is locked, call to list_entry is not locked, which means it's feasible that two threads pick up the same padata object and subsequently call list_add_tail on them at the same time. The fix is thus be hoist that lock outside of that block. Signed-off-by: Jason A. Donenfeld Acked-by: Steffen Klassert Signed-off-by: Herbert Xu kernel/padata.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 74d1cf4897f919837efc4e34d800b996936eb38e Author: Thomas Petazzoni Date: Fri Mar 17 13:58:39 2017 +0100 dt-bindings: rng: clocks property on omap_rng not always mandatory Commit 52060836f79 ("dt-bindings: omap-rng: Document SafeXcel IP-76 device variant") update the omap_rng Device Tree binding to add support for the IP-76 variation of the IP. As part of this change, a "clocks" property was added, but is indicated as "Required", without indicated it's actually only required for some compatible strings. This commit fixes that, by explicitly stating that the clocks property is only required with the inside-secure,safexcel-eip76 compatible string. Fixes: 52060836f79 ("dt-bindings: omap-rng: Document SafeXcel IP-76 device variant") Cc: Signed-off-by: Thomas Petazzoni Signed-off-by: Herbert Xu Documentation/devicetree/bindings/rng/omap_rng.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit dbe4d69d252e9e65c6c46826980b77b11a142065 Author: Mike Looijmans Date: Thu Mar 23 10:00:36 2017 +0100 i2c: mux: pca954x: Add missing pca9546 definition to chip_desc The spec for the pca9546 was missing. This chip is the same as the pca9545 except that it lacks interrupt lines. While the i2c_device_id table mapped the pca9546 to the pca9545 definition the compatible table did not. Signed-off-by: Mike Looijmans Signed-off-by: Peter Rosin drivers/i2c/muxes/i2c-mux-pca954x.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit a46f60d76004965e5669dbf3fc21ef3bc3632eb4 Author: Baoquan He Date: Fri Mar 24 12:59:52 2017 +0800 x86/mm/KASLR: Exclude EFI region from KASLR VA space randomization Currently KASLR is enabled on three regions: the direct mapping of physical memory, vamlloc and vmemmap. However the EFI region is also mistakenly included for VA space randomization because of misusing EFI_VA_START macro and assuming EFI_VA_START < EFI_VA_END. (This breaks kexec and possibly other things that rely on stable addresses.) The EFI region is reserved for EFI runtime services virtual mapping which should not be included in KASLR ranges. In Documentation/x86/x86_64/mm.txt, we can see: ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space EFI uses the space from -4G to -64G thus EFI_VA_START > EFI_VA_END, Here EFI_VA_START = -4G, and EFI_VA_END = -64G. Changing EFI_VA_START to EFI_VA_END in mm/kaslr.c fixes this problem. Signed-off-by: Baoquan He Reviewed-by: Bhupesh Sharma Acked-by: Dave Young Acked-by: Thomas Garnier Cc: #4.8+ Cc: Andrew Morton Cc: Andy Lutomirski Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Kees Cook Cc: Linus Torvalds Cc: Masahiro Yamada Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1490331592-31860-1-git-send-email-bhe@redhat.com Signed-off-by: Ingo Molnar arch/x86/mm/kaslr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 854fbd6e5f60fe99e8e3a569865409fca378f143 Author: Kees Cook Date: Thu Mar 23 15:46:16 2017 -0700 lib/syscall: Clear return values when no stack Commit: aa1f1a639621 ("lib/syscall: Pin the task stack in collect_syscall()") ... added logic to handle a process stack not existing, but left sp and pc uninitialized, which can be later reported via /proc/$pid/syscall for zombie processes, potentially exposing kernel memory to userspace. Zombie /proc/$pid/syscall before: -1 0xffffffff9a060100 0xffff92f42d6ad900 Zombie /proc/$pid/syscall after: -1 0x0 0x0 Reported-by: Robert Święcki Signed-off-by: Kees Cook Reviewed-by: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: stable@vger.kernel.org # v4.9+ Fixes: aa1f1a639621 ("lib/syscall: Pin the task stack in collect_syscall()") Link: http://lkml.kernel.org/r/20170323224616.GA92694@beast Signed-off-by: Ingo Molnar lib/syscall.c | 1 + 1 file changed, 1 insertion(+) commit 48481c8fa16410ffa45939b13b6c53c2ca609e5f Author: Eric Dumazet Date: Thu Mar 23 12:39:21 2017 -0700 net: neigh: guard against NULL solicit() method Dmitry posted a nice reproducer of a bug triggering in neigh_probe() when dereferencing a NULL neigh->ops->solicit method. This can happen for arp_direct_ops/ndisc_direct_ops and similar, which can be used for NUD_NOARP neighbours (created when dev->header_ops is NULL). Admin can then force changing nud_state to some other state that would fire neigh timer. Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Signed-off-by: David S. Miller net/core/neighbour.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit ebe64824e9de4b3ab3bd3928312b4b2bc57b4b7e Merge: 02a2cad 90ff2b7 Author: Linus Torvalds Date: Thu Mar 23 20:00:39 2017 -0700 Merge tag 'pm-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "One of these is an intel_pstate regression fix and it is not a small change, but it mostly removes code that shouldn't be there. That code was acquired by mistake and has been a source of constant pain since then, so the time has come to get rid of it finally. We have not seen problems with this change in the lab, so fingers crossed. The rest is more usual: one more intel_pstate commit removing useless code, a cpufreq core fix to make it restore policy limits on CPU online (which prevents the limits from being reset over system suspend/resume), a schedutil cpufreq governor initialization fix to make it actually work as advertised on all systems and an extra sanity check in the cpuidle core to prevent crashes from happening if the arch code messes things up. Specifics: - Make intel_pstate use one set of global P-state limits in the active mode regardless of the scaling_governor settings for individual CPUs instead of switching back and forth between two of them in a way that is hard to control (Rafael Wysocki). - Drop a useless function from intel_pstate to prevent it from modifying the maximum supported frequency value unexpectedly which may confuse the cpufreq core (Rafael Wysocki). - Fix the cpufreq core to restore policy limits on CPU online so that the limits are not reset over system suspend/resume, among other things (Viresh Kumar). - Fix the initialization of the schedutil cpufreq governor to make the IO-wait boosting mechanism in it actually work on systems with one CPU per cpufreq policy (Rafael Wysocki). - Add a sanity check to the cpuidle core to prevent crashes from happening if the architecture code initialization fails to set up things as expected (Vaidyanathan Srinivasan)" * tag 'pm-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: Restore policy min/max limits on CPU online cpuidle: Validate cpu_dev in cpuidle_add_sysfs() cpufreq: intel_pstate: Fix policy data management in passive mode cpufreq: schedutil: Fix per-CPU structure initialization in sugov_start() cpufreq: intel_pstate: One set of global limits in active mode commit 02a2cad8e83817524cd4e14fc1c68c8c94768723 Merge: d038e3d 47e6fb4 Author: Linus Torvalds Date: Thu Mar 23 19:51:06 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fixes from Dmitry Torokhov: "Fixes to various USB drivers to validate existence of endpoints before trying to use them, fixes to APLS v8 protocol, and a couple of i8042 quirks" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: ALPS - fix trackstick button handling on V8 devices Input: ALPS - fix V8+ protocol handling (73 03 28) Input: sur40 - validate number of endpoints before using them Input: kbtab - validate number of endpoints before using them Input: hanwang - validate number of endpoints before using them Input: yealink - validate number of endpoints before using them Input: ims-pcu - validate number of endpoints before using them Input: cm109 - validate number of endpoints before using them Input: iforce - validate number of endpoints before using them Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list Input: synaptics-rmi4 - prevent null pointer dereference in f30 Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000 commit d64a04720b0e64c1cd0726a3a27b360822fbee22 Merge: f505a5c cf8c73a Author: Dave Airlie Date: Fri Mar 24 11:05:06 2017 +1000 Merge branch 'drm-fixes-4.11' of git://people.freedesktop.org/~agd5f/linux into drm-fixes A few small fixes for 4.11 * 'drm-fixes-4.11' of git://people.freedesktop.org/~agd5f/linux: drm/amd/amdgpu: add POLARIS12 PCI ID drm/amdgpu: fix the clearing wb size drm/amdgpu: reinstate oland workaround for sclk drm/radeon: reinstate oland workaround for sclk commit f505a5c0ec9b8c19632cd572ed58feb178f45fbf Merge: 8201f1e 12ffed9 Author: Dave Airlie Date: Fri Mar 24 11:04:52 2017 +1000 Merge tag 'drm-misc-fixes-2017-03-23' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes One fbdev regression fix from Michel * tag 'drm-misc-fixes-2017-03-23' of git://anongit.freedesktop.org/git/drm-misc: drm/fb-helper: Allow var->x/yres(_virtual) < fb->width/height again commit 8201f1e86b1cce21ac5895230cb2cf9a56b7f6e7 Merge: d08997c 22e098d Author: Dave Airlie Date: Fri Mar 24 11:04:08 2017 +1000 Merge branch 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes Just several fixups, - fix page fault and vblank timeout issues due to delayed vblank handling. - fix panel driver probing to fail without te-gpios property. - fix potential security hole by using "%pK" format. - fix wrong if statement condition. And one cleanup which removes Exynos4415 SoC support which is not supported anymore. * 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos: drm/exynos/dsi: make te-gpios optional drm/exynos: Print kernel pointers in a restricted form drm/exynos/decon5433: fix software trigger mask drm/exynos/fimd: signal frame done interrupt at front porch drm/exynos/decon5433: signal frame done interrupt at front porch drm/exynos/decon5433: fix vblank event handling drm/exynos: move crtc event handling to drivers callbacks drm/exynos: Remove support for Exynos4415 (SoC not supported anymore) drm/exynos/decon5433: & vs | typo commit f35ec35e5e726e7137deaee0dec24f8cbf07a48f Author: Florian Fainelli Date: Wed Mar 22 22:40:30 2017 -0700 net: phy: Export mdiobus_register_board_info() We can build modular code that uses mdiobus_register_board_info() which would lead to linking failure since this symbol is not expoerted. Fixes: 648ea0134069 ("net: phy: Allow pre-declaration of MDIO devices") Signed-off-by: Florian Fainelli Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/phy/mdio-boardinfo.c | 1 + 1 file changed, 1 insertion(+) commit 90ff2b729e181fba628b854eac2097e5ccc22e66 Merge: 6488294 ad0a45f Author: Rafael J. Wysocki Date: Fri Mar 24 00:43:46 2017 +0100 Merge branch 'pm-cpuidle-fixes' * pm-cpuidle-fixes: cpuidle: Validate cpu_dev in cpuidle_add_sysfs() commit 6488294e4a6328ca260b9d872c04cbd7db09e17e Merge: ff01047 4296f23 64897b2 Author: Rafael J. Wysocki Date: Fri Mar 24 00:43:26 2017 +0100 Merge branches 'pm-cpufreq-fixes', 'pm-cpufreq-sched-fixes' and 'intel_pstate-fixes' * pm-cpufreq-fixes: cpufreq: Restore policy min/max limits on CPU online * pm-cpufreq-sched-fixes: cpufreq: schedutil: Fix per-CPU structure initialization in sugov_start() * intel_pstate-fixes: cpufreq: intel_pstate: Fix policy data management in passive mode cpufreq: intel_pstate: One set of global limits in active mode commit 7f0b97d5bb4c1c99c38dd6770ad11f714ea42583 Merge: f8ba2d6 b467e08 Author: Stephen Boyd Date: Thu Mar 23 16:08:46 2017 -0700 Merge tag 'sunxi-clk-fixes-for-4.11' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into clk-fixes Pull Allwinner clock fixes from Maxime Ripard: A few fixes for a bunch of clocks on a few SoCs. The most important one is probably one that fixes the NKMP clock frequency calculation and could end up with clocking the CPU frequency to out of bounds rates. * tag 'sunxi-clk-fixes-for-4.11' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux: clk: sunxi-ng: fix recalc_rate formula of NKMP clocks clk: sunxi-ng: Fix div/mult settings for osc12M on A64 clk: sunxi-ng: sun6i: Fix enable bit offset for hdmi-ddc module clock clk: sunxi: ccu-sun5i needs nkmp clk: sunxi-ng: mp: Adjust parent rate for pre-dividers commit 9abb27c7594a62bbf6385e20b7f5a90b4eceae2f Author: Tomasz Nowicki Date: Thu Mar 23 17:10:16 2017 -0500 PCI: thunder-pem: Add legacy firmware support for Cavium ThunderX host controller During early days of PCI quirks support, ThunderX firmware did not provide PNP0c02 node with PCI configuration space and PEM-specific register ranges. This means that for legacy FW we are not reserving these resources and cannot gather PEM-specific resources for further PEM initialization. To support already deployed legacy FW, calculate PEM-specific ranges and provide resources reservation as fallback scenario into PEM driver when we could not gather PEM reg base from ACPI tables. Tested-by: Robert Richter Signed-off-by: Tomasz Nowicki Signed-off-by: Vadim Lomovtsev Signed-off-by: Bjorn Helgaas Acked-by: Robert Richter CC: stable@vger.kernel.org # v4.10+ drivers/pci/host/pci-thunder-pem.c | 56 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 54 insertions(+), 2 deletions(-) commit 81caa91b72fd6a0b8dfc5eb10942c34f7efd2bc5 Author: Tomasz Nowicki Date: Thu Mar 23 17:10:10 2017 -0500 PCI: thunder-pem: Use Cavium assigned hardware ID for ThunderX host controller "CAV" is the only PNP/ACPI hardware ID vendor prefix assigned to Cavium so fix this as it should be from day one. Fixes: 44f22bd91e88 ("PCI: Add MCFG quirks for Cavium ThunderX pass2.x host controller") Tested-by: Robert Richter Signed-off-by: Tomasz Nowicki Signed-off-by: Bjorn Helgaas Acked-by: Robert Richter CC: stable@vger.kernel.org # v4.10+ drivers/pci/host/pci-thunder-pem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e88162f9dad426f3c83e23150b7f28b7d9486df8 Author: Andy Shevchenko Date: Tue Mar 21 21:13:09 2017 +0200 Revert "i2c: mux: pca954x: Add ACPI support for pca954x" In ACPI world any ID should be carefully chosen and registered officially. The commit bbf9d262a147 seems did a wrong assumption because PCA is the registered PNP ID for "PHILIPS BU ADD ON CARD". I'm pretty sure this prefix has nothing to do with the driver in question. Moreover, newer ACPI specification has a support of _DSD method and special device IDs to allow drivers be enumerated via compatible string. The slight change to support this kind of enumeration will be added in sequential patch against pca954x.c. Revert the commit bbf9d262a147 for good. Cc: Tin Huynh Signed-off-by: Andy Shevchenko Signed-off-by: Peter Rosin drivers/i2c/muxes/i2c-mux-pca954x.c | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) commit fd290e7096bd4441fdd61e241ee997b16e04afbd Merge: 5617c05 436ecf5 Author: Greg Kroah-Hartman Date: Thu Mar 23 22:07:22 2017 +0100 Merge tag 'usb-serial-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.11-rc4 Some more device ids for option and qcserial. Signed-off-by: Johan Hovold commit 5617c05d44ebd7b75973b5b31a9f2e55e5882d3f Merge: 22db87b 25cd972 Author: Greg Kroah-Hartman Date: Thu Mar 23 22:05:10 2017 +0100 Merge tag 'fixes-for-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v4.11-rc4 f_acm got an endianness fix by Oliver Neukum. This has been around for a long time but it's finally fixed. f_hid learned that it should never access hidg->req without first grabbing the spinlock. Roger Quadros fixed two bugs in the f_uvc function driver. Janusz Dziedzic fixed a very peculiar bug with EP0, one that's rather difficult to trigger. When we're dealing with bounced EP0 requests, we should delay unmap until after ->complete() is called. UDC class got a use-after-free fix. commit 22db87ba6bbefcb12493ae9c7be2037f5f12639d Merge: 7b2db29 1a09b6a Author: Greg Kroah-Hartman Date: Thu Mar 23 22:04:26 2017 +0100 Merge tag 'phy-for-4.11-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/kishon/linux-phy into usb-linus Kishon writes: phy: for 4.11-rc *) Revert USB3 PHY support for Broadcom NSP SoC *) Fix compiler error on qcom-usb-hs when depends on EXTCON is not added *) Fix error handling in phy-exynos-pcie Signed-off-by: Kishon Vijay Abraham I commit a2125d02443e9a4e68bcfd9f8004fa23239e8329 Author: Arnd Bergmann Date: Thu Mar 23 16:03:11 2017 +0100 hwmon: (asus_atk0110) fix uninitialized data access The latest gcc-7 snapshot adds a warning to point out that when atk_read_value_old or atk_read_value_new fails, we copy uninitialized data into sensor->cached_value: drivers/hwmon/asus_atk0110.c: In function 'atk_input_show': drivers/hwmon/asus_atk0110.c:651:26: error: 'value' may be used uninitialized in this function [-Werror=maybe-uninitialized] Adding an error check avoids this. All versions of the driver are affected. Fixes: 2c03d07ad54d ("hwmon: Add Asus ATK0110 support") Signed-off-by: Arnd Bergmann Reviewed-by: Luca Tettamanti Signed-off-by: Guenter Roeck drivers/hwmon/asus_atk0110.c | 3 +++ 1 file changed, 3 insertions(+) commit d038e3dcfff6e3de132726a9c7174d8170032aa4 Merge: 131fbf4 3f30783 Author: Linus Torvalds Date: Thu Mar 23 11:58:08 2017 -0700 Merge tag 'sound-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "This contains the collection of small fixes for 4.11 that were pending during my vacation: - a few HD-audio quirks (more Dell headset support, docking station support on HP laptops) - a regression fix for the previous ctxfi DMA mask fix - a correction of the new CONFIG_SND_X86 menu entry - a fix for the races in ALSA sequencer core spotted by syzkaller" * tag 'sound-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda - Adding a group of pin definition to fix headset problem ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() ALSA: x86: Make CONFIG_SND_X86 bool ALSA: hda - add support for docking station for HP 840 G3 ALSA: hda - add support for docking station for HP 820 G2 ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call commit 7d79f6098d82f8c09914d7799bc96891ad9c3baf Author: Rob Herring Date: Tue Mar 21 21:03:01 2017 -0500 ARM: dts: ti: fix PCI bus dtc warnings dtc recently added PCI bus checks. Fix these warnings. Signed-off-by: Rob Herring Cc: "Benoît Cousson" Cc: Tony Lindgren Cc: linux-omap@vger.kernel.org Signed-off-by: Tony Lindgren arch/arm/boot/dts/dra7.dtsi | 2 ++ 1 file changed, 2 insertions(+) commit ce2899428ec0249512023aecaa3530c29f775a4f Author: Yegor Yefremov Date: Mon Mar 13 10:03:14 2017 +0100 ARM: dts: am335x-baltos: disable EEE for Atheros 8035 PHY Though cpsw doesn't support EEE feature, Atheros 8035 provides automatic EEE support that is enabled by default. This causes occasional link drops when link partner also announces EEE support. These link drops occur on both 100Mbit/s and 1000Mbit/s speeds. So disable EEE advertising completely. Signed-off-by: Yegor Yefremov Signed-off-by: Tony Lindgren arch/arm/boot/dts/am335x-baltos.dtsi | 2 ++ 1 file changed, 2 insertions(+) commit 06e1a5cc570703796ff1bd3a712e8e3b15c6bb0d Author: Adam Ford Date: Mon Mar 6 12:56:55 2017 -0600 ARM: dts: OMAP3: Fix MFG ID EEPROM The manufacturing information is stored in the EEPROM. This chip is an AT24C64 not not (nor has it ever been) 24C02. This patch will correctly address the EEPROM to read the entire contents and not just 256 bytes (of 0xff). Fixes: 5e3447a29a38 ("ARM: dts: LogicPD Torpedo: Add AT24 EEPROM Support") Signed-off-by: Adam Ford Signed-off-by: Tony Lindgren arch/arm/boot/dts/logicpd-torpedo-som.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 131fbf4f9c096adadde27ad4bc70ea1632d720a4 Merge: f341d9f e1699d2 Author: Linus Torvalds Date: Thu Mar 23 11:39:33 2017 -0700 Merge branch 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fixes from Chris Mason: "Zygo tracked down a very old bug with inline compressed extents. I didn't tag this one for stable because I want to do individual tested backports. It's a little tricky and I'd rather do some extra testing on it along the way" * 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: add missing memset while reading compressed inline extents Btrfs: fix regression in lock_delalloc_pages btrfs: remove btrfs_err_str function from uapi/linux/btrfs.h commit f341d9f08ae01d90d8d0c135ae2edf4423e724c9 Merge: 093b995 68c3865 Author: Linus Torvalds Date: Thu Mar 23 11:29:49 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Several netfilter fixes from Pablo and the crew: - Handle fragmented packets properly in netfilter conntrack, from Florian Westphal. - Fix SCTP ICMP packet handling, from Ying Xue. - Fix big-endian bug in nftables, from Liping Zhang. - Fix alignment of fake conntrack entry, from Steven Rostedt. 2) Fix feature flags setting in fjes driver, from Taku Izumi. 3) Openvswitch ipv6 tunnel source address not set properly, from Or Gerlitz. 4) Fix jumbo MTU handling in amd-xgbe driver, from Thomas Lendacky. 5) sk->sk_frag.page not released properly in some cases, from Eric Dumazet. 6) Fix RTNL deadlocks in nl80211, from Johannes Berg. 7) Fix erroneous RTNL lockdep splat in crypto, from Herbert Xu. 8) Cure improper inflight handling during AF_UNIX GC, from Andrey Ulanov. 9) sch_dsmark doesn't write to packet headers properly, from Eric Dumazet. 10) Fix SCM_TIMESTAMPING_OPT_STATS handling in TCP, from Soheil Hassas Yeganeh. 11) Add some IDs for Motorola qmi_wwan chips, from Tony Lindgren. 12) Fix nametbl deadlock in tipc, from Ying Xue. 13) GRO and LRO packets not counted correctly in mlx5 driver, from Gal Pressman. 14) Fix reset of internal PHYs in bcmgenet, from Doug Berger. 15) Fix hashmap allocation handling, from Alexei Starovoitov. 16) nl_fib_input() needs stronger netlink message length checking, from Eric Dumazet. 17) Fix double-free of sk->sk_filter during sock clone, from Daniel Borkmann. 18) Fix RX checksum offloading in aquantia driver, from Pavel Belous. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (85 commits) net:ethernet:aquantia: Fix for RX checksum offload. amd-xgbe: Fix the ECC-related bit position definitions sfc: cleanup a condition in efx_udp_tunnel_del() Bluetooth: btqcomsmd: fix compile-test dependency inet: frag: release spinlock before calling icmp_send() tcp: initialize icsk_ack.lrcvtime at session start time genetlink: fix counting regression on ctrl_dumpfamily() socket, bpf: fix sk_filter use after free in sk_clone_lock ipv4: provide stronger user input validation in nl_fib_input() bpf: fix hashmap extra_elems logic enic: update enic maintainers net: bcmgenet: remove bcmgenet_internal_phy_setup() ipv6: make sure to initialize sockc.tsflags before first use fjes: Do not load fjes driver if extended socket device is not power on. fjes: Do not load fjes driver if system does not have extended socket device. net/mlx5e: Count LRO packets correctly net/mlx5e: Count GSO packets correctly net/mlx5: Increase number of max QPs in default profile net/mlx5e: Avoid supporting udp tunnel port ndo for VF reps net/mlx5e: Use the proper UAPI values when offloading TC vlan actions ... commit 90db10434b163e46da413d34db8d0e77404cc645 Author: David Hildenbrand Date: Thu Mar 23 18:24:19 2017 +0100 KVM: kvm_io_bus_unregister_dev() should never fail No caller currently checks the return value of kvm_io_bus_unregister_dev(). This is evil, as all callers silently go on freeing their device. A stale reference will remain in the io_bus, getting at least used again, when the iobus gets teared down on kvm_destroy_vm() - leading to use after free errors. There is nothing the callers could do, except retrying over and over again. So let's simply remove the bus altogether, print an error and make sure no one can access this broken bus again (returning -ENOMEM on any attempt to access it). Fixes: e93f8a0f821e ("KVM: convert io_bus to SRCU") Cc: stable@vger.kernel.org # 3.4+ Reported-by: Dmitry Vyukov Reviewed-by: Cornelia Huck Signed-off-by: David Hildenbrand Signed-off-by: Paolo Bonzini include/linux/kvm_host.h | 4 ++-- virt/kvm/eventfd.c | 3 ++- virt/kvm/kvm_main.c | 42 +++++++++++++++++++++++++----------------- 3 files changed, 29 insertions(+), 20 deletions(-) commit 08d839c4b134b8328ec42f2157a9ca4b93227c03 Author: Wanpeng Li Date: Thu Mar 23 05:30:08 2017 -0700 KVM: VMX: Fix enable VPID conditions This can be reproduced by running L2 on L1, and disable VPID on L0 if w/o commit "KVM: nVMX: Fix nested VPID vmx exec control", the L2 crash as below: KVM: entry failed, hardware error 0x7 EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c3 ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000 EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 00000000 0000ffff 00009300 CS =f000 ffff0000 0000ffff 00009b00 SS =0000 00000000 0000ffff 00009300 DS =0000 00000000 0000ffff 00009300 FS =0000 00000000 0000ffff 00009300 GS =0000 00000000 0000ffff 00009300 LDT=0000 00000000 0000ffff 00008200 TR =0000 00000000 0000ffff 00008b00 GDT= 00000000 0000ffff IDT= 00000000 0000ffff CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000000 Reference SDM 30.3 INVVPID: Protected Mode Exceptions - #UD - If not in VMX operation. - If the logical processor does not support VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=0). - If the logical processor supports VPIDs (IA32_VMX_PROCBASED_CTLS2[37]=1) but does not support the INVVPID instruction (IA32_VMX_EPT_VPID_CAP[32]=0). So we should check both VPID enable bit in vmx exec control and INVVPID support bit in vmx capability MSRs to enable VPID. This patch adds the guarantee to not enable VPID if either INVVPID or single-context/all-context invalidation is not exposed in vmx capability MSRs. Reviewed-by: David Hildenbrand Reviewed-by: Jim Mattson Cc: Paolo Bonzini Cc: Radim Krčmář Signed-off-by: Wanpeng Li Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 63cb6d5f004ca44f9b8e562b6dd191f717a4960e Author: Wanpeng Li Date: Mon Mar 20 21:18:53 2017 -0700 KVM: nVMX: Fix nested VPID vmx exec control This can be reproduced by running kvm-unit-tests/vmx.flat on L0 w/ vpid disabled. Test suite: VPID Unhandled exception 6 #UD at ip 00000000004051a6 error_code=0000 rflags=00010047 cs=00000008 rax=0000000000000000 rcx=0000000000000001 rdx=0000000000000047 rbx=0000000000402f79 rbp=0000000000456240 rsi=0000000000000001 rdi=0000000000000000 r8=000000000000000a r9=00000000000003f8 r10=0000000080010011 r11=0000000000000000 r12=0000000000000003 r13=0000000000000708 r14=0000000000000000 r15=0000000000000000 cr0=0000000080010031 cr2=0000000000000000 cr3=0000000007fff000 cr4=0000000000002020 cr8=0000000000000000 STACK: @4051a6 40523e 400f7f 402059 40028f We should hide and forbid VPID in L1 if it is disabled on L0. However, nested VPID enable bit is set unconditionally during setup nested vmx exec controls though VPID is not exposed through nested VMX capablity. This patch fixes it by don't set nested VPID enable bit if it is disabled on L0. Cc: Paolo Bonzini Cc: Radim Krčmář Cc: stable@vger.kernel.org Fixes: 5c614b3583e (KVM: nVMX: nested VPID emulation) Signed-off-by: Wanpeng Li Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 24dccf83a121b8a4ad5c2ad383a8184ef6c266ee Author: Wanpeng Li Date: Mon Mar 20 21:18:55 2017 -0700 KVM: x86: correct async page present tracepoint After async pf setup successfully, there is a broadcast wakeup w/ special token 0xffffffff which tells vCPU that it should wake up all processes waiting for APFs though there is no real process waiting at the moment. The async page present tracepoint print prematurely and fails to catch the special token setup. This patch fixes it by moving the async page present tracepoint after the special token setup. Before patch: qemu-system-x86-8499 [006] ...1 5973.473292: kvm_async_pf_ready: token 0x0 gva 0x0 After patch: qemu-system-x86-8499 [006] ...1 5973.473292: kvm_async_pf_ready: token 0xffffffff gva 0x0 Cc: Paolo Bonzini Cc: Radim Krčmář Signed-off-by: Wanpeng Li Signed-off-by: Paolo Bonzini arch/x86/kvm/x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fb6c8198431311027c3434d4e94ab8bc040f7aea Author: Jim Mattson Date: Thu Mar 16 13:53:59 2017 -0700 kvm: vmx: Flush TLB when the APIC-access address changes Quoting from the Intel SDM, volume 3, section 28.3.3.4: Guidelines for Use of the INVEPT Instruction: If EPT was in use on a logical processor at one time with EPTP X, it is recommended that software use the INVEPT instruction with the "single-context" INVEPT type and with EPTP X in the INVEPT descriptor before a VM entry on the same logical processor that enables EPT with EPTP X and either (a) the "virtualize APIC accesses" VM-execution control was changed from 0 to 1; or (b) the value of the APIC-access address was changed. In the nested case, the burden falls on L1, unless L0 enables EPT in vmcs02 when L1 doesn't enable EPT in vmcs12. Signed-off-by: Jim Mattson Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) commit c761159cf81b8641290f7559a8d8e30f6ab92669 Author: Peter Xu Date: Wed Mar 15 16:01:19 2017 +0800 KVM: x86: use pic/ioapic destructor when destroy vm We have specific destructors for pic/ioapic, we'd better use them when destroying the VM as well. Signed-off-by: Peter Xu Signed-off-by: Radim Krčmář arch/x86/kvm/x86.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 950712eb8ef03e4a62ac5b3067efde7ec2f8a91e Author: Peter Xu Date: Wed Mar 15 16:01:18 2017 +0800 KVM: x86: check existance before destroy Mostly used for split irqchip mode. In that case, these two things are not inited at all, so no need to release. Signed-off-by: Peter Xu Signed-off-by: Radim Krčmář arch/x86/kvm/i8259.c | 3 +++ arch/x86/kvm/ioapic.c | 3 +++ 2 files changed, 6 insertions(+) commit 1914f0cd203c941bba72f9452c8290324f1ef3dc Author: Ankur Arora Date: Tue Mar 21 15:43:38 2017 -0700 xen/acpi: upload PM state from init-domain to Xen This was broken in commit cd979883b9ed ("xen/acpi-processor: fix enabling interrupts on syscore_resume"). do_suspend (from xen/manage.c) and thus xen_resume_notifier never get called on the initial-domain at resume (it is if running as guest.) The rationale for the breaking change was that upload_pm_data() potentially does blocking work in syscore_resume(). This patch addresses the original issue by scheduling upload_pm_data() to execute in workqueue context. Cc: Stanislaw Gruszka Cc: stable@vger.kernel.org Based-on-patch-by: Konrad Wilk Reviewed-by: Konrad Rzeszutek Wilk Reviewed-by: Stanislaw Gruszka Signed-off-by: Ankur Arora Signed-off-by: Boris Ostrovsky drivers/xen/xen-acpi-processor.c | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) commit 223b78ea212852726dfa86ef267a9c8a323d5cc2 Author: Arnd Bergmann Date: Thu Mar 23 15:53:45 2017 +0100 scsi: lpfc: fix building without debugfs support On a randconfig build without CONFIG_SCSI_LPFC_DEBUG_FS, I ran into multiple compile failures: drivers/scsi/lpfc/lpfc_debugfs.h: In function 'lpfc_debug_dump_wq': drivers/scsi/lpfc/lpfc_debugfs.h:405:15: error: 'DUMP_FCP' undeclared (first use in this function); did you mean 'DUMP_VAR'? drivers/scsi/lpfc/lpfc_debugfs.h:405:15: note: each undeclared identifier is reported only once for each function it appears in drivers/scsi/lpfc/lpfc_debugfs.h:408:22: error: 'DUMP_NVME' undeclared (first use in this function); did you mean 'DUMP_NONE'? drivers/scsi/lpfc/lpfc_nvmet.c: In function 'lpfc_nvmet_xmt_ls_rsp_cmp': drivers/scsi/lpfc/lpfc_nvmet.c:109:2: error: implicit declaration of function 'lpfc_nvmeio_data'; did you mean 'lpfc_mem_free'? [-Werror=implicit-function-declaration] drivers/scsi/lpfc/lpfc_nvmet.c: In function 'lpfc_nvmet_xmt_fcp_op': drivers/scsi/lpfc/lpfc_nvmet.c:523:10: error: unused variable 'id' [-Werror=unused-variable] They are all trivial to fix, so I'm doing it in a combined patch here. Fixes: 1d9d5a9879ad ("scsi: lpfc: refactor debugfs queue dump routines") Fixes: bd2cdd5e400f ("scsi: lpfc: NVME Initiator: Add debugfs support") Fixes: 2b65e18202fd ("scsi: lpfc: NVME Target: Add debugfs support") Signed-off-by: Arnd Bergmann Acked-by: Dick Kennedy Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_debugfs.h | 22 ++++++++++++++-------- drivers/scsi/lpfc/lpfc_nvmet.c | 4 ++-- 2 files changed, 16 insertions(+), 10 deletions(-) commit a71e3cdcfce4880a4578915e110e3eaed1659765 Author: Dick Kennedy Date: Thu Mar 23 08:47:18 2017 -0400 scsi: lpfc: Fix PT2PT PRLI reject lpfc cannot establish connection with targets that send PRLI in P2P configurations. If lpfc rejects a PRLI that is sent from a target the target will not resend and will reject the PRLI send from the initiator. [mkp: applied by hand] Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_els.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit eb94588dabec82e012281608949a860f64752914 Author: Tomas Henzl Date: Mon Mar 20 16:42:48 2017 +0100 scsi: hpsa: fix volume offline state In a previous patch a hpsa_scsi_dev_t.volume_offline update line has been removed, so let us put it back.. Fixes: 85b29008d8 (hpsa: update check for logical volume status) Signed-off-by: Tomas Henzl Acked-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/hpsa.c | 1 + 1 file changed, 1 insertion(+) commit 12ffed96d4369f086261ba2ee734fa8c932d7f55 Author: Michel Dänzer Date: Thu Mar 23 17:53:26 2017 +0900 drm/fb-helper: Allow var->x/yres(_virtual) < fb->width/height again Otherwise this can also prevent modesets e.g. for switching VTs, when multiple monitors with different native resolutions are connected. The depths must match though, so keep the != test for that. Also update the DRM_DEBUG output to be slightly more accurate, this doesn't only affect requests from userspace. Bugzilla: https://bugs.freedesktop.org/99841 Fixes: 865afb11949e ("drm/fb-helper: reject any changes to the fbdev") Signed-off-by: Michel Dänzer Reviewed-by: Daniel Stone Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20170323085326.20185-1-michel@daenzer.net drivers/gpu/drm/drm_fb_helper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 1c2593cc8fd5960f8861de1be67135851f884836 Author: Ankur Arora Date: Tue Mar 21 15:43:37 2017 -0700 xen/acpi: Replace hard coded "ACPI0007" Replace hard coded "ACPI0007" with ACPI_PROCESSOR_DEVICE_HID Reviewed-by: Konrad Rzeszutek Wilk Signed-off-by: Ankur Arora Signed-off-by: Boris Ostrovsky drivers/xen/xen-acpi-processor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cd1be315ac9766fe83e4fb788d5d9fe032a9b877 Author: Borislav Petkov Date: Sat Mar 18 18:26:34 2017 +0100 EDAC, pnd2_edac: Fix !EDAC_DEBUG build Provide debugfs function stubs when EDAC_DEBUG is not enabled so that we don't fail the build: drivers/edac/pnd2_edac.c: In function ‘pnd2_init’: drivers/edac/pnd2_edac.c:1521:2: error: implicit declaration of function ‘setup_pnd2_debug’ [-Werror=implicit-function-declaration] setup_pnd2_debug(); ^ drivers/edac/pnd2_edac.c: In function ‘pnd2_exit’: drivers/edac/pnd2_edac.c:1529:2: error: implicit declaration of function ‘teardown_pnd2_debug’ [-Werror=implicit-function-declaration] teardown_pnd2_debug(); ^ Signed-off-by: Borislav Petkov drivers/edac/pnd2_edac.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 1c5bf78114d38c2761721108a2d925bccb496027 Author: Borislav Petkov Date: Sat Mar 18 18:25:05 2017 +0100 EDAC: Select DEBUG_FS The debugfs.c functionality relies on DEBUG_FS so select it. Signed-off-by: Borislav Petkov drivers/edac/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 633ee407b9d15a75ac9740ba9d3338815e1fcb95 Author: Ilya Dryomov Date: Tue Mar 21 13:44:28 2017 +0100 libceph: force GFP_NOIO for socket allocations sock_alloc_inode() allocates socket+inode and socket_wq with GFP_KERNEL, which is not allowed on the writeback path: Workqueue: ceph-msgr con_work [libceph] ffff8810871cb018 0000000000000046 0000000000000000 ffff881085d40000 0000000000012b00 ffff881025cad428 ffff8810871cbfd8 0000000000012b00 ffff880102fc1000 ffff881085d40000 ffff8810871cb038 ffff8810871cb148 Call Trace: [] schedule+0x29/0x70 [] schedule_timeout+0x1bd/0x200 [] ? ttwu_do_wakeup+0x2c/0x120 [] ? ttwu_do_activate.constprop.135+0x66/0x70 [] wait_for_completion+0xbf/0x180 [] ? try_to_wake_up+0x390/0x390 [] flush_work+0x165/0x250 [] ? worker_detach_from_pool+0xd0/0xd0 [] xlog_cil_force_lsn+0x81/0x200 [xfs] [] ? __slab_free+0xee/0x234 [] _xfs_log_force_lsn+0x4d/0x2c0 [xfs] [] ? lookup_page_cgroup_used+0xe/0x30 [] ? xfs_reclaim_inode+0xa3/0x330 [xfs] [] xfs_log_force_lsn+0x3f/0xf0 [xfs] [] ? xfs_reclaim_inode+0xa3/0x330 [xfs] [] xfs_iunpin_wait+0xc6/0x1a0 [xfs] [] ? wake_atomic_t_function+0x40/0x40 [] xfs_reclaim_inode+0xa3/0x330 [xfs] [] xfs_reclaim_inodes_ag+0x257/0x3d0 [xfs] [] xfs_reclaim_inodes_nr+0x33/0x40 [xfs] [] xfs_fs_free_cached_objects+0x15/0x20 [xfs] [] super_cache_scan+0x178/0x180 [] shrink_slab_node+0x14e/0x340 [] ? mem_cgroup_iter+0x16b/0x450 [] shrink_slab+0x100/0x140 [] do_try_to_free_pages+0x335/0x490 [] try_to_free_pages+0xb9/0x1f0 [] ? __alloc_pages_direct_compact+0x69/0x1be [] __alloc_pages_nodemask+0x69a/0xb40 [] alloc_pages_current+0x9e/0x110 [] new_slab+0x2c5/0x390 [] __slab_alloc+0x33b/0x459 [] ? sock_alloc_inode+0x2d/0xd0 [] ? inet_sendmsg+0x71/0xc0 [] ? sock_alloc_inode+0x2d/0xd0 [] kmem_cache_alloc+0x1a2/0x1b0 [] sock_alloc_inode+0x2d/0xd0 [] alloc_inode+0x26/0xa0 [] new_inode_pseudo+0x1a/0x70 [] sock_alloc+0x1e/0x80 [] __sock_create+0x95/0x220 [] sock_create_kern+0x24/0x30 [] con_work+0xef9/0x2050 [libceph] [] ? rbd_img_request_submit+0x4c/0x60 [rbd] [] process_one_work+0x159/0x4f0 [] worker_thread+0x11b/0x530 [] ? create_worker+0x1d0/0x1d0 [] kthread+0xc9/0xe0 [] ? flush_kthread_worker+0x90/0x90 [] ret_from_fork+0x58/0x90 [] ? flush_kthread_worker+0x90/0x90 Use memalloc_noio_{save,restore}() to temporarily force GFP_NOIO here. Cc: stable@vger.kernel.org # 3.10+, needs backporting Link: http://tracker.ceph.com/issues/19309 Reported-by: Sergey Jerusalimov Signed-off-by: Ilya Dryomov Reviewed-by: Jeff Layton net/ceph/messenger.c | 6 ++++++ 1 file changed, 6 insertions(+) commit d7402de48efae57bbb0072e53d3800c30de57ea5 Author: Christian Lamparter Date: Thu Mar 16 21:36:07 2017 +0100 pinctrl: qcom: ipq4019: add missing pingroups for pins > 70 This patch adds the missing PINGROUP for GPIO70-99. This fixes a crash that happens in pinctrl-msm, if any of the GPIO70-99 are accessed. Fixes: 5303f7827fcd41d ("pinctrl: qcom: ipq4019: set ngpios to correct value") Signed-off-by: Christian Lamparter Acked-by: Bjorn Andersson Signed-off-by: Linus Walleij drivers/pinctrl/qcom/pinctrl-ipq4019.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) commit e855fa9a65c40788b5069abb0d094537daa22e05 Author: Patrice Chotard Date: Thu Mar 16 18:26:02 2017 +0100 pinctrl: st: add irq_request/release_resources callbacks When using GPIO as IRQ source, the GPIO must be configured in INPUT. Callbacks dedicated for this was missing in pinctrl-st driver. This fix the following kernel error when trying to lock a gpio as IRQ: [ 7.521095] gpio gpiochip7: (PIO11): gpiochip_lock_as_irq: tried to flag a GPIO set as output for IRQ [ 7.526018] gpio gpiochip7: (PIO11): unable to lock HW IRQ 6 for IRQ [ 7.529405] genirq: Failed to request resources for 0-0053 (irq 81) on irqchip GPIO Signed-off-by: Patrice Chotard Signed-off-by: Linus Walleij drivers/pinctrl/pinctrl-st.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) commit a6566710adaa4a7dd5e0d99820ff9c9c30ee5951 Author: Bjorn Andersson Date: Tue Mar 14 08:23:26 2017 -0700 pinctrl: qcom: Don't clear status bit on irq_unmask Clearing the status bit on irq_unmask will discard any pending interrupt that did arrive after the irq_ack, i.e. while the IRQ handler function was executing. Fixes: f365be092572 ("pinctrl: Add Qualcomm TLMM driver") Cc: stable@vger.kernel.org Cc: Stephen Boyd Reported-by: Timur Tabi Signed-off-by: Bjorn Andersson Signed-off-by: Linus Walleij drivers/pinctrl/qcom/pinctrl-msm.c | 4 ---- 1 file changed, 4 deletions(-) commit 59f34e80c4910bc69ca643a2bb93fcce51366d83 Author: Andrzej Hajda Date: Thu Feb 23 11:12:40 2017 +0100 pinctrl: samsung: Fix memory mapping code Some pinctrls share memory regions, and devm_ioremap_resource does not allow to share resources, in opposition to devm_ioremap. This patch restores back usage of devm_ioremap function, but with proper error handling and logging. Fixes: baafaca ("pinctrl: samsung: Fix return value check in samsung_pinctrl_get_soc_data()") Signed-off-by: Andrzej Hajda Tested-by: Marek Szyprowski Reviewed-by: Krzysztof Kozlowski Signed-off-by: Linus Walleij drivers/pinctrl/samsung/pinctrl-samsung.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 08a7f260c88f8d52be52ff2113119b3464b69874 Author: Neil Armstrong Date: Tue Mar 7 14:31:00 2017 +0100 pinctrl: meson-gxbb: Fix typo in i2c ao groups Signed-off-by: Neil Armstrong Signed-off-by: Linus Walleij drivers/pinctrl/meson/pinctrl-meson-gxbb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6e790555b6cae4da9c578376ff500861337fcfc1 Author: Peter Robinson Date: Thu Mar 2 17:46:36 2017 +0000 pinctrl: ti: The IODelay driver is a DRA7xxx feature so depend on that SoC As the IODelay driver is a hardware feature of the DRA7xxx SoC depend on that SoC and compile test. Signed-off-by: Peter Robinson Acked-by: Tony Lindgren Signed-off-by: Linus Walleij drivers/pinctrl/ti/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3f307834e695f59dac4337a40316bdecfb9d0508 Author: Hui Wang Date: Thu Mar 23 10:00:25 2017 +0800 ALSA: hda - Adding a group of pin definition to fix headset problem A new Dell laptop needs to apply ALC269_FIXUP_DELL1_MIC_NO_PRESENCE to fix the headset problem, and the pin definiton of this machine is not in the pin quirk table yet, now adding it to the table. Signed-off-by: Hui Wang Cc: Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 2 ++ 1 file changed, 2 insertions(+) commit 027fb89e61054b4aedd962adb3e2003dec78a716 Author: Adrian Hunter Date: Mon Mar 20 19:50:30 2017 +0200 mmc: sdhci-pci: Do not disable interrupts in sdhci_intel_set_power Disabling interrupts for even a millisecond can cause problems for some devices. That can happen when Intel host controllers wait for the present state to propagate. The spin lock is not necessary here. Anything that is racing with changes to the I/O state is already broken. The mmc core already provides synchronization via "claiming" the host. Although the spin lock probably should be removed from the code paths that lead to this point, such a patch would touch too much code to be suitable for stable trees. Consequently, for this patch, just drop the spin lock while waiting. Signed-off-by: Adrian Hunter Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: Ulf Hansson Tested-by: Ludovic Desroches drivers/mmc/host/sdhci-pci-core.c | 4 ++++ 1 file changed, 4 insertions(+) commit e2ebfb2142acefecc2496e71360f50d25726040b Author: Adrian Hunter Date: Mon Mar 20 19:50:29 2017 +0200 mmc: sdhci: Do not disable interrupts while waiting for clock Disabling interrupts for even a millisecond can cause problems for some devices. That can happen when sdhci changes clock frequency because it waits for the clock to become stable under a spin lock. The spin lock is not necessary here. Anything that is racing with changes to the I/O state is already broken. The mmc core already provides synchronization via "claiming" the host. Although the spin lock probably should be removed from the code paths that lead to this point, such a patch would touch too much code to be suitable for stable trees. Consequently, for this patch, just drop the spin lock while waiting. Signed-off-by: Adrian Hunter Cc: stable@vger.kernel.org Signed-off-by: Ulf Hansson Tested-by: Ludovic Desroches drivers/mmc/host/sdhci.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 698eff6355f735d46d1b7113df8b422874cd7988 Author: Peter Zijlstra Date: Fri Mar 17 12:48:18 2017 +0100 sched/clock, x86/perf: Fix "perf test tsc" People reported that commit: 5680d8094ffa ("sched/clock: Provide better clock continuity") broke "perf test tsc". That commit added another offset to the reported clock value; so take that into account when computing the provided offset values. Reported-by: Adrian Hunter Reported-by: Arnaldo Carvalho de Melo Tested-by: Alexander Shishkin Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 5680d8094ffa ("sched/clock: Provide better clock continuity") Signed-off-by: Ingo Molnar arch/x86/events/core.c | 9 ++++++--- arch/x86/include/asm/timer.h | 2 ++ arch/x86/kernel/tsc.c | 4 ++-- include/linux/sched/clock.h | 13 +++++++------ kernel/sched/clock.c | 22 +++++++++++----------- 5 files changed, 28 insertions(+), 22 deletions(-) commit 71fdb70eb48784c1f28cdf2e67c4c587dd7f2594 Author: Peter Zijlstra Date: Mon Mar 13 13:46:21 2017 +0100 sched/clock: Fix clear_sched_clock_stable() preempt wobbly Paul reported a problems with clear_sched_clock_stable(). Since we run all of __clear_sched_clock_stable() from workqueue context, there's a preempt problem. Solve it by only running the static_key_disable() from workqueue. Reported-by: Paul E. McKenney Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: fweisbec@gmail.com Link: http://lkml.kernel.org/r/20170313124621.GA3328@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar kernel/sched/clock.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) commit 68c386590375b2aea5a3154f17882a30170707bf Author: Pavel Belous Date: Thu Mar 23 02:20:39 2017 +0300 net:ethernet:aquantia: Fix for RX checksum offload. Since AQC-100/107/108 chips supports hardware checksums for RX we should indicate this via NETIF_F_RXCSUM flag. v1->v2: 'Signed-off-by' tag added. Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0_internal.h | 1 + drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0_internal.h | 1 + 2 files changed, 2 insertions(+) commit f43feef4e6acde10857fcbfdede790d6b3f2c71d Author: Lendacky, Thomas Date: Wed Mar 22 17:25:27 2017 -0500 amd-xgbe: Fix the ECC-related bit position definitions The ECC bit positions that describe whether the ECC interrupt is for Tx, Rx or descriptor memory and whether the it is a single correctable or double detected error were defined in incorrectly (reversed order). Fix the bit position definitions for these settings so that the proper ECC handling is performed. Signed-off-by: Tom Lendacky Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-common.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit c04ca616eed02b9abe7afd311382c3ed5eef5c40 Author: Dan Carpenter Date: Wed Mar 22 12:10:02 2017 +0300 sfc: cleanup a condition in efx_udp_tunnel_del() Presumably if there is an "add" function, there is also a "del" function. But it causes a static checker warning because it looks like a common cut and paste bug. Signed-off-by: Dan Carpenter Acked-by: Jarod Wilson Signed-off-by: David S. Miller drivers/net/ethernet/sfc/efx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6e9e6cc8f4e4f2cd67931510c9f39abf3d9e0d3b Author: Arnd Bergmann Date: Mon Mar 20 15:31:10 2017 -0700 Bluetooth: btqcomsmd: fix compile-test dependency compile-testing fails when QCOM_SMD is a loadable module: drivers/bluetooth/built-in.o: In function `btqcomsmd_send': btqca.c:(.text+0xa8): undefined reference to `qcom_smd_send' drivers/bluetooth/built-in.o: In function `btqcomsmd_probe': btqca.c:(.text+0x3ec): undefined reference to `qcom_wcnss_open_channel' btqca.c:(.text+0x46c): undefined reference to `qcom_smd_set_drvdata' This clarifies the dependency to allow compile-testing only when SMD is completely disabled, otherwise the dependency on QCOM_SMD will make sure we can link against it. Fixes: e27ee2b16bad ("Bluetooth: btqcomsmd: Allow driver to build if COMPILE_TEST is enabled") Signed-off-by: Arnd Bergmann [bjorn: Restructure and clarify dependency to QCOM_WCNSS_CTRL] Signed-off-by: Bjorn Andersson Acked-by: Marcel Holtmann Signed-off-by: David S. Miller drivers/bluetooth/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d08997cb416ae4f502b34b20b1edba48a43fe418 Merge: 97da385 590379a Author: Dave Airlie Date: Thu Mar 23 11:47:17 2017 +1000 Merge tag 'drm-intel-fixes-2017-03-22' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes drm/i915 fixes for v4.11-rc4 * tag 'drm-intel-fixes-2017-03-22' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: make context status notifier head be per engine drm/i915: Avoid rcu_barrier() from reclaim paths (shrinker) drm/i915/gvt: Fix gvt scheduler interval time drm/i915/gvt: GVT pin/unpin shadow context drm/i915/gvt: scan shadow indirect context image when valid drm/i915/kvmgt: fix suspicious rcu dereference usage drm/i915/gvt: add enable_execlists check before enable gvt drm/i915/gvt: Remove bogus retry around i915_wait_request drm/i915/gvt: correct the ggtt valid bit check in pipe control command drm/i915/gvt: replace the gvt_err with gvt_vgpu_err drm/i915/gvt: handle force-nonpriv registers, cmd parser part drm/i915: Do .init_clock_gating() earlier to avoid it clobbering watermarks drm/i915/glk: Remove MODULE_FIRMWARE() tag from Geminilake's DMC drm/i915: Reject HDMI 12bpc if the sink doesn't indicate support drm/i915: Always call i915_gem_reset_finish() following i915_gem_reset_prepare() drm/i915: Stop using RP_DOWN_EI on Baytrail drm/i915: Drop support for I915_EXEC_CONSTANTS_* execbuf parameters. drm/i915: Only enable hotplug interrupts if the display interrupts are enabled drm/i915: Disable engine->irq_tasklet around resets drm/i915: Split GEM resetting into 3 phases commit 11cd3386a1987a0515d7ce11ee87b242e5015dfe Merge: 9d3a4de a03849e Author: Joerg Roedel Date: Wed Mar 22 23:59:56 2017 +0100 Merge branch 'for-joerg/arm-smmu/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux into iommu/fixes commit ec4fbd64751de18729eaa816ec69e4b504b5a7a2 Author: Eric Dumazet Date: Wed Mar 22 08:57:15 2017 -0700 inet: frag: release spinlock before calling icmp_send() Dmitry reported a lockdep splat [1] (false positive) that we can fix by releasing the spinlock before calling icmp_send() from ip_expire() This is a false positive because sending an ICMP message can not possibly re-enter the IP frag engine. [1] [ INFO: possible circular locking dependency detected ] 4.10.0+ #29 Not tainted ------------------------------------------------------- modprobe/12392 is trying to acquire lock: (_xmit_ETHER#2){+.-...}, at: [] spin_lock include/linux/spinlock.h:299 [inline] (_xmit_ETHER#2){+.-...}, at: [] __netif_tx_lock include/linux/netdevice.h:3486 [inline] (_xmit_ETHER#2){+.-...}, at: [] sch_direct_xmit+0x282/0x6d0 net/sched/sch_generic.c:180 but task is already holding lock: (&(&q->lock)->rlock){+.-...}, at: [] spin_lock include/linux/spinlock.h:299 [inline] (&(&q->lock)->rlock){+.-...}, at: [] ip_expire+0x51/0x6c0 net/ipv4/ip_fragment.c:201 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&(&q->lock)->rlock){+.-...}: validate_chain kernel/locking/lockdep.c:2267 [inline] __lock_acquire+0x2149/0x3430 kernel/locking/lockdep.c:3340 lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3755 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:299 [inline] ip_defrag+0x3a2/0x4130 net/ipv4/ip_fragment.c:669 ip_check_defrag+0x4e3/0x8b0 net/ipv4/ip_fragment.c:713 packet_rcv_fanout+0x282/0x800 net/packet/af_packet.c:1459 deliver_skb net/core/dev.c:1834 [inline] dev_queue_xmit_nit+0x294/0xa90 net/core/dev.c:1890 xmit_one net/core/dev.c:2903 [inline] dev_hard_start_xmit+0x16b/0xab0 net/core/dev.c:2923 sch_direct_xmit+0x31f/0x6d0 net/sched/sch_generic.c:182 __dev_xmit_skb net/core/dev.c:3092 [inline] __dev_queue_xmit+0x13e5/0x1e60 net/core/dev.c:3358 dev_queue_xmit+0x17/0x20 net/core/dev.c:3423 neigh_resolve_output+0x6b9/0xb10 net/core/neighbour.c:1308 neigh_output include/net/neighbour.h:478 [inline] ip_finish_output2+0x8b8/0x15a0 net/ipv4/ip_output.c:228 ip_do_fragment+0x1d93/0x2720 net/ipv4/ip_output.c:672 ip_fragment.constprop.54+0x145/0x200 net/ipv4/ip_output.c:545 ip_finish_output+0x82d/0xe10 net/ipv4/ip_output.c:314 NF_HOOK_COND include/linux/netfilter.h:246 [inline] ip_output+0x1f0/0x7a0 net/ipv4/ip_output.c:404 dst_output include/net/dst.h:486 [inline] ip_local_out+0x95/0x170 net/ipv4/ip_output.c:124 ip_send_skb+0x3c/0xc0 net/ipv4/ip_output.c:1492 ip_push_pending_frames+0x64/0x80 net/ipv4/ip_output.c:1512 raw_sendmsg+0x26de/0x3a00 net/ipv4/raw.c:655 inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:761 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xca/0x110 net/socket.c:643 ___sys_sendmsg+0x4a3/0x9f0 net/socket.c:1985 __sys_sendmmsg+0x25c/0x750 net/socket.c:2075 SYSC_sendmmsg net/socket.c:2106 [inline] SyS_sendmmsg+0x35/0x60 net/socket.c:2101 do_syscall_64+0x2e8/0x930 arch/x86/entry/common.c:281 return_from_SYSCALL_64+0x0/0x7a -> #0 (_xmit_ETHER#2){+.-...}: check_prev_add kernel/locking/lockdep.c:1830 [inline] check_prevs_add+0xa8f/0x19f0 kernel/locking/lockdep.c:1940 validate_chain kernel/locking/lockdep.c:2267 [inline] __lock_acquire+0x2149/0x3430 kernel/locking/lockdep.c:3340 lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3755 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:299 [inline] __netif_tx_lock include/linux/netdevice.h:3486 [inline] sch_direct_xmit+0x282/0x6d0 net/sched/sch_generic.c:180 __dev_xmit_skb net/core/dev.c:3092 [inline] __dev_queue_xmit+0x13e5/0x1e60 net/core/dev.c:3358 dev_queue_xmit+0x17/0x20 net/core/dev.c:3423 neigh_hh_output include/net/neighbour.h:468 [inline] neigh_output include/net/neighbour.h:476 [inline] ip_finish_output2+0xf6c/0x15a0 net/ipv4/ip_output.c:228 ip_finish_output+0xa29/0xe10 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:246 [inline] ip_output+0x1f0/0x7a0 net/ipv4/ip_output.c:404 dst_output include/net/dst.h:486 [inline] ip_local_out+0x95/0x170 net/ipv4/ip_output.c:124 ip_send_skb+0x3c/0xc0 net/ipv4/ip_output.c:1492 ip_push_pending_frames+0x64/0x80 net/ipv4/ip_output.c:1512 icmp_push_reply+0x372/0x4d0 net/ipv4/icmp.c:394 icmp_send+0x156c/0x1c80 net/ipv4/icmp.c:754 ip_expire+0x40e/0x6c0 net/ipv4/ip_fragment.c:239 call_timer_fn+0x241/0x820 kernel/time/timer.c:1268 expire_timers kernel/time/timer.c:1307 [inline] __run_timers+0x960/0xcf0 kernel/time/timer.c:1601 run_timer_softirq+0x21/0x80 kernel/time/timer.c:1614 __do_softirq+0x31f/0xbe7 kernel/softirq.c:284 invoke_softirq kernel/softirq.c:364 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:657 [inline] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:962 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:707 __read_once_size include/linux/compiler.h:254 [inline] atomic_read arch/x86/include/asm/atomic.h:26 [inline] rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:350 [inline] __rcu_is_watching kernel/rcu/tree.c:1133 [inline] rcu_is_watching+0x83/0x110 kernel/rcu/tree.c:1147 rcu_read_lock_held+0x87/0xc0 kernel/rcu/update.c:293 radix_tree_deref_slot include/linux/radix-tree.h:238 [inline] filemap_map_pages+0x6d4/0x1570 mm/filemap.c:2335 do_fault_around mm/memory.c:3231 [inline] do_read_fault mm/memory.c:3265 [inline] do_fault+0xbd5/0x2080 mm/memory.c:3370 handle_pte_fault mm/memory.c:3600 [inline] __handle_mm_fault+0x1062/0x2cb0 mm/memory.c:3714 handle_mm_fault+0x1e2/0x480 mm/memory.c:3751 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1397 do_page_fault+0x54/0x70 arch/x86/mm/fault.c:1460 page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1011 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&q->lock)->rlock); lock(_xmit_ETHER#2); lock(&(&q->lock)->rlock); lock(_xmit_ETHER#2); *** DEADLOCK *** 10 locks held by modprobe/12392: #0: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x2b8/0xb60 arch/x86/mm/fault.c:1336 #1: (rcu_read_lock){......}, at: [] filemap_map_pages+0x1e6/0x1570 mm/filemap.c:2324 #2: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] spin_lock include/linux/spinlock.h:299 [inline] #2: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] pte_alloc_one_map mm/memory.c:2944 [inline] #2: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] alloc_set_pte+0x13b8/0x1b90 mm/memory.c:3072 #3: (((&q->timer))){+.-...}, at: [] lockdep_copy_map include/linux/lockdep.h:175 [inline] #3: (((&q->timer))){+.-...}, at: [] call_timer_fn+0x1c2/0x820 kernel/time/timer.c:1258 #4: (&(&q->lock)->rlock){+.-...}, at: [] spin_lock include/linux/spinlock.h:299 [inline] #4: (&(&q->lock)->rlock){+.-...}, at: [] ip_expire+0x51/0x6c0 net/ipv4/ip_fragment.c:201 #5: (rcu_read_lock){......}, at: [] ip_expire+0x1b3/0x6c0 net/ipv4/ip_fragment.c:216 #6: (slock-AF_INET){+.-...}, at: [] spin_trylock include/linux/spinlock.h:309 [inline] #6: (slock-AF_INET){+.-...}, at: [] icmp_xmit_lock net/ipv4/icmp.c:219 [inline] #6: (slock-AF_INET){+.-...}, at: [] icmp_send+0x803/0x1c80 net/ipv4/icmp.c:681 #7: (rcu_read_lock_bh){......}, at: [] ip_finish_output2+0x2c1/0x15a0 net/ipv4/ip_output.c:198 #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x23e/0x1e60 net/core/dev.c:3324 #9: (dev->qdisc_running_key ?: &qdisc_running_key){+.....}, at: [] dev_queue_xmit+0x17/0x20 net/core/dev.c:3423 stack backtrace: CPU: 0 PID: 12392 Comm: modprobe Not tainted 4.10.0+ #29 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x2ee/0x3ef lib/dump_stack.c:52 print_circular_bug+0x307/0x3b0 kernel/locking/lockdep.c:1204 check_prev_add kernel/locking/lockdep.c:1830 [inline] check_prevs_add+0xa8f/0x19f0 kernel/locking/lockdep.c:1940 validate_chain kernel/locking/lockdep.c:2267 [inline] __lock_acquire+0x2149/0x3430 kernel/locking/lockdep.c:3340 lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3755 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:299 [inline] __netif_tx_lock include/linux/netdevice.h:3486 [inline] sch_direct_xmit+0x282/0x6d0 net/sched/sch_generic.c:180 __dev_xmit_skb net/core/dev.c:3092 [inline] __dev_queue_xmit+0x13e5/0x1e60 net/core/dev.c:3358 dev_queue_xmit+0x17/0x20 net/core/dev.c:3423 neigh_hh_output include/net/neighbour.h:468 [inline] neigh_output include/net/neighbour.h:476 [inline] ip_finish_output2+0xf6c/0x15a0 net/ipv4/ip_output.c:228 ip_finish_output+0xa29/0xe10 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:246 [inline] ip_output+0x1f0/0x7a0 net/ipv4/ip_output.c:404 dst_output include/net/dst.h:486 [inline] ip_local_out+0x95/0x170 net/ipv4/ip_output.c:124 ip_send_skb+0x3c/0xc0 net/ipv4/ip_output.c:1492 ip_push_pending_frames+0x64/0x80 net/ipv4/ip_output.c:1512 icmp_push_reply+0x372/0x4d0 net/ipv4/icmp.c:394 icmp_send+0x156c/0x1c80 net/ipv4/icmp.c:754 ip_expire+0x40e/0x6c0 net/ipv4/ip_fragment.c:239 call_timer_fn+0x241/0x820 kernel/time/timer.c:1268 expire_timers kernel/time/timer.c:1307 [inline] __run_timers+0x960/0xcf0 kernel/time/timer.c:1601 run_timer_softirq+0x21/0x80 kernel/time/timer.c:1614 __do_softirq+0x31f/0xbe7 kernel/softirq.c:284 invoke_softirq kernel/softirq.c:364 [inline] irq_exit+0x1cc/0x200 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:657 [inline] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:962 apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:707 RIP: 0010:__read_once_size include/linux/compiler.h:254 [inline] RIP: 0010:atomic_read arch/x86/include/asm/atomic.h:26 [inline] RIP: 0010:rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:350 [inline] RIP: 0010:__rcu_is_watching kernel/rcu/tree.c:1133 [inline] RIP: 0010:rcu_is_watching+0x83/0x110 kernel/rcu/tree.c:1147 RSP: 0000:ffff8801c391f120 EFLAGS: 00000a03 ORIG_RAX: ffffffffffffff10 RAX: dffffc0000000000 RBX: ffff8801c391f148 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 000055edd4374000 RDI: ffff8801dbe1ae0c RBP: ffff8801c391f1a0 R08: 0000000000000002 R09: 0000000000000000 R10: dffffc0000000000 R11: 0000000000000002 R12: 1ffff10038723e25 R13: ffff8801dbe1ae00 R14: ffff8801c391f680 R15: dffffc0000000000 rcu_read_lock_held+0x87/0xc0 kernel/rcu/update.c:293 radix_tree_deref_slot include/linux/radix-tree.h:238 [inline] filemap_map_pages+0x6d4/0x1570 mm/filemap.c:2335 do_fault_around mm/memory.c:3231 [inline] do_read_fault mm/memory.c:3265 [inline] do_fault+0xbd5/0x2080 mm/memory.c:3370 handle_pte_fault mm/memory.c:3600 [inline] __handle_mm_fault+0x1062/0x2cb0 mm/memory.c:3714 handle_mm_fault+0x1e2/0x480 mm/memory.c:3751 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1397 do_page_fault+0x54/0x70 arch/x86/mm/fault.c:1460 page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1011 RIP: 0033:0x7f83172f2786 RSP: 002b:00007fffe859ae80 EFLAGS: 00010293 RAX: 000055edd4373040 RBX: 00007f83175111c8 RCX: 000055edd4373238 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f8317510970 RBP: 00007fffe859afd0 R08: 0000000000000009 R09: 0000000000000000 R10: 0000000000000064 R11: 0000000000000000 R12: 000055edd4373040 R13: 0000000000000000 R14: 00007fffe859afe8 R15: 0000000000000000 Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Signed-off-by: David S. Miller net/ipv4/ip_fragment.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) commit 15bb7745e94a665caf42bfaabf0ce062845b533b Author: Eric Dumazet Date: Wed Mar 22 08:10:21 2017 -0700 tcp: initialize icsk_ack.lrcvtime at session start time icsk_ack.lrcvtime has a 0 value at socket creation time. tcpi_last_data_recv can have bogus value if no payload is ever received. This patch initializes icsk_ack.lrcvtime for active sessions in tcp_finish_connect(), and for passive sessions in tcp_create_openreq_child() Signed-off-by: Eric Dumazet Acked-by: Neal Cardwell Signed-off-by: David S. Miller net/ipv4/tcp_input.c | 2 +- net/ipv4/tcp_minisocks.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 1d2a6a5e4bf2921531071fcff8538623dce74efa Author: Stanislaw Gruszka Date: Wed Mar 22 16:08:33 2017 +0100 genetlink: fix counting regression on ctrl_dumpfamily() Commit 2ae0f17df1cd ("genetlink: use idr to track families") replaced if (++n < fams_to_skip) continue; into: if (n++ < fams_to_skip) continue; This subtle change cause that on retry ctrl_dumpfamily() call we omit one family that failed to do ctrl_fill_info() on previous call, because cb->args[0] = n number counts also family that failed to do ctrl_fill_info(). Patch fixes the problem and avoid confusion in the future just decrease n counter when ctrl_fill_info() fail. User visible problem caused by this bug is failure to get access to some genetlink family i.e. nl80211. However problem is reproducible only if number of registered genetlink families is big enough to cause second call of ctrl_dumpfamily(). Cc: Xose Vazquez Perez Cc: Larry Finger Cc: Johannes Berg Fixes: 2ae0f17df1cd ("genetlink: use idr to track families") Signed-off-by: Stanislaw Gruszka Acked-by: Johannes Berg Signed-off-by: David S. Miller net/netlink/genetlink.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit a97e50cc4cb67e1e7bff56f6b41cda62ca832336 Author: Daniel Borkmann Date: Wed Mar 22 13:08:08 2017 +0100 socket, bpf: fix sk_filter use after free in sk_clone_lock In sk_clone_lock(), we create a new socket and inherit most of the parent's members via sock_copy() which memcpy()'s various sections. Now, in case the parent socket had a BPF socket filter attached, then newsk->sk_filter points to the same instance as the original sk->sk_filter. sk_filter_charge() is then called on the newsk->sk_filter to take a reference and should that fail due to hitting max optmem, we bail out and release the newsk instance. The issue is that commit 278571baca2a ("net: filter: simplify socket charging") wrongly combined the dismantle path with the failure path of xfrm_sk_clone_policy(). This means, even when charging failed, we call sk_free_unlock_clone() on the newsk, which then still points to the same sk_filter as the original sk. Thus, sk_free_unlock_clone() calls into __sk_destruct() eventually where it tests for present sk_filter and calls sk_filter_uncharge() on it, which potentially lets sk_omem_alloc wrap around and releases the eBPF prog and sk_filter structure from the (still intact) parent. Fix it by making sure that when sk_filter_charge() failed, we reset newsk->sk_filter back to NULL before passing to sk_free_unlock_clone(), so that we don't mess with the parents sk_filter. Only if xfrm_sk_clone_policy() fails, we did reach the point where either the parent's filter was NULL and as a result newsk's as well or where we previously had a successful sk_filter_charge(), thus for that case, we do need sk_filter_uncharge() to release the prior taken reference on sk_filter. Fixes: 278571baca2a ("net: filter: simplify socket charging") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller net/core/sock.c | 6 ++++++ 1 file changed, 6 insertions(+) commit c64c0b3cac4c5b8cb093727d2c19743ea3965c0b Author: Eric Dumazet Date: Tue Mar 21 19:22:28 2017 -0700 ipv4: provide stronger user input validation in nl_fib_input() Alexander reported a KMSAN splat caused by reads of uninitialized field (tb_id_in) from user provided struct fib_result_nl It turns out nl_fib_input() sanity tests on user input is a bit wrong : User can pretend nlh->nlmsg_len is big enough, but provide at sendmsg() time a too small buffer. Reported-by: Alexander Potapenko Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/fib_frontend.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8c290e60fa2a51806159522331c9ed41252a8fb3 Author: Alexei Starovoitov Date: Tue Mar 21 19:05:04 2017 -0700 bpf: fix hashmap extra_elems logic In both kmalloc and prealloc mode the bpf_map_update_elem() is using per-cpu extra_elems to do atomic update when the map is full. There are two issues with it. The logic can be misused, since it allows max_entries+num_cpus elements to be present in the map. And alloc_extra_elems() at map creation time can fail percpu alloc for large map values with a warn: WARNING: CPU: 3 PID: 2752 at ../mm/percpu.c:892 pcpu_alloc+0x119/0xa60 illegal size (32824) or align (8) for percpu allocation The fixes for both of these issues are different for kmalloc and prealloc modes. For prealloc mode allocate extra num_possible_cpus elements and store their pointers into extra_elems array instead of actual elements. Hence we can use these hidden(spare) elements not only when the map is full but during bpf_map_update_elem() that replaces existing element too. That also improves performance, since pcpu_freelist_pop/push is avoided. Unfortunately this approach cannot be used for kmalloc mode which needs to kfree elements after rcu grace period. Therefore switch it back to normal kmalloc even when full and old element exists like it was prior to commit 6c9059817432 ("bpf: pre-allocate hash map elements"). Add tests to check for over max_entries and large map values. Reported-by: Dave Jones Fixes: 6c9059817432 ("bpf: pre-allocate hash map elements") Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Acked-by: Martin KaFai Lau Signed-off-by: David S. Miller kernel/bpf/hashtab.c | 144 ++++++++++++++++---------------- tools/testing/selftests/bpf/test_maps.c | 29 ++++++- 2 files changed, 97 insertions(+), 76 deletions(-) commit dd1ef79120e1600cb48320cf80a612ee6510110c Author: Govindarajulu Varadarajan Date: Tue Mar 21 15:07:48 2017 -0700 enic: update enic maintainers update enic maintainers Signed-off-by: Govindarajulu Varadarajan Signed-off-by: David S. Miller MAINTAINERS | 1 - 1 file changed, 1 deletion(-) commit 31739eae738ccbe8b9d627c3f2251017ca03f4d2 Author: Doug Berger Date: Tue Mar 21 14:01:06 2017 -0700 net: bcmgenet: remove bcmgenet_internal_phy_setup() Commit 6ac3ce8295e6 ("net: bcmgenet: Remove excessive PHY reset") removed the bcmgenet_mii_reset() function from bcmgenet_power_up() and bcmgenet_internal_phy_setup() functions. In so doing it broke the reset of the internal PHY devices used by the GENETv1-GENETv3 which required this reset before the UniMAC was enabled. It also broke the internal GPHY devices used by the GENETv4 because the config_init that installed the AFE workaround was no longer occurring after the reset of the GPHY performed by bcmgenet_phy_power_set() in bcmgenet_internal_phy_setup(). In addition the code in bcmgenet_internal_phy_setup() related to the "enable APD" comment goes with the bcmgenet_mii_reset() so it should have also been removed. Commit bd4060a6108b ("net: bcmgenet: Power on integrated GPHY in bcmgenet_power_up()") moved the bcmgenet_phy_power_set() call to the bcmgenet_power_up() function, but failed to remove it from the bcmgenet_internal_phy_setup() function. Had it done so, the bcmgenet_internal_phy_setup() function would have been empty and could have been removed at that time. Commit 5dbebbb44a6a ("net: bcmgenet: Software reset EPHY after power on") was submitted to correct the functional problems introduced by commit 6ac3ce8295e6 ("net: bcmgenet: Remove excessive PHY reset"). It was included in v4.4 and made available on 4.3-stable. Unfortunately, it didn't fully revert the commit because this bcmgenet_mii_reset() doesn't apply the soft reset to the internal GPHY used by GENETv4 like the previous one did. This prevents the restoration of the AFE work- arounds for internal GPHY devices after the bcmgenet_phy_power_set() in bcmgenet_internal_phy_setup(). This commit takes the alternate approach of removing the unnecessary bcmgenet_internal_phy_setup() function which shouldn't have been in v4.3 so that when bcmgenet_mii_reset() was restored it should have only gone into bcmgenet_power_up(). This will avoid the problems while also removing the redundancy (and hopefully some of the confusion). Fixes: 6ac3ce8295e6 ("net: bcmgenet: Remove excessive PHY reset") Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmmii.c | 15 --------------- 1 file changed, 15 deletions(-) commit d515684d78148884d5fc425ba904c50f03844020 Author: Alexander Potapenko Date: Tue Mar 21 17:14:27 2017 +0100 ipv6: make sure to initialize sockc.tsflags before first use In the case udp_sk(sk)->pending is AF_INET6, udpv6_sendmsg() would jump to do_append_data, skipping the initialization of sockc.tsflags. Fix the problem by moving sockc.tsflags initialization earlier. The bug was detected with KMSAN. Fixes: c14ac9451c34 ("sock: enable timestamping using control messages") Signed-off-by: Alexander Potapenko Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller net/ipv6/udp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1b33c0d2a1885b64dbd9e4c4513b8051c4d984c9 Merge: efad54a 2b396d3 Author: David S. Miller Date: Wed Mar 22 12:38:17 2017 -0700 Merge branch 'fjes-fixes' YASUAKI ISHIMATSU says: ==================== fjes: Do not load fjes driver The fjes driver is used only by FUJITSU servers and almost of all servers in the world never use it. But currently if ACPI PNP0C02 is defined in the ACPI table, the following message is always shown: "FUJITSU Extended Socket Network Device Driver - version 1.2 - Copyright (c) 2015 FUJITSU LIMITED" The message makes users confused because there is no reason that the message is shown in other vendor servers. To avoid the confusion, the patch adds several checks. v3: - Rebase on latest net tree. - Add _STA method check to avoid loading fjes driver. v2: - Order local variable declarations from longest to shortest line ==================== Signed-off-by: David S. Miller commit 2b396d302650f1ebb770ed758ddcf5a64328ffd5 Author: Yasuaki Ishimatsu Date: Tue Mar 21 11:46:35 2017 -0400 fjes: Do not load fjes driver if extended socket device is not power on. The extended device socket cannot turn on/off while system is running. So when system boots up and the device is not power on, the fjes driver does not need be loaded. To check the status of the device, the patch adds ACPI _STA method check. Signed-off-by: Yasuaki Ishimatsu CC: Taku Izumi Signed-off-by: David S. Miller drivers/net/fjes/fjes_main.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit ac23d3cac1f339febd95c403a245ae072dfd0e84 Author: Yasuaki Ishimatsu Date: Tue Mar 21 11:44:25 2017 -0400 fjes: Do not load fjes driver if system does not have extended socket device. The fjes driver is used only by FUJITSU servers and almost of all servers in the world never use it. But currently if ACPI PNP0C02 is defined in the ACPI table, the following message is always shown: "FUJITSU Extended Socket Network Device Driver - version 1.2 - Copyright (c) 2015 FUJITSU LIMITED" The message makes users confused because there is no reason that the message is shown in other vendor servers. To avoid the confusion, the patch adds a check that the server has a extended socket device or not. Signed-off-by: Yasuaki Ishimatsu CC: Taku Izumi Signed-off-by: David S. Miller drivers/net/fjes/fjes_main.c | 52 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 5 deletions(-) commit efad54a115c22c5eee5ac89a027d07e06fafb706 Merge: bf601fe 8ab7e2a Author: David S. Miller Date: Wed Mar 22 12:11:14 2017 -0700 Merge branch 'mlx5-fixes' Saeed Mahameed says: ==================== Mellanox mlx5 fixes 2017-03-21 This series contains some mlx5 core and ethernet driver fixes. For -stable: net/mlx5e: Count LRO packets correctly (for kernel >= 4.2) net/mlx5e: Count GSO packets correctly (for kernel >= 4.2) net/mlx5: Increase number of max QPs in default profile (for kernel >= 4.0) net/mlx5e: Avoid supporting udp tunnel port ndo for VF reps (for kernel >= 4.10) net/mlx5e: Use the proper UAPI values when offloading TC vlan actions (for kernel >= v4.9) net/mlx5: E-Switch, Don't allow changing inline mode when flows are configured (for kernel >= 4.10) net/mlx5e: Change the TC offload rule add/del code path to be per NIC or E-Switch (for kernel >= 4.10) net/mlx5: Add missing entries for set/query rate limit commands (for kernel >= 4.8) ==================== Signed-off-by: David S. Miller commit 8ab7e2ae15d84ba758b2c8c6f4075722e9bd2a08 Author: Gal Pressman Date: Tue Mar 21 15:59:19 2017 +0200 net/mlx5e: Count LRO packets correctly RX packets statistics ('rx_packets' counter) used to count LRO packets as one, even though it contains multiple segments. This patch will increment the counter by the number of segments, and align the driver with the behavior of other drivers in the stack. Note that no information is lost in this patch due to 'rx_lro_packets' counter existence. Before, ethtool showed: $ ethtool -S ens6 | egrep "rx_packets|rx_lro_packets" rx_packets: 435277 rx_lro_packets: 35847 rx_packets_phy: 1935066 Now, we will see the more logical statistics: $ ethtool -S ens6 | egrep "rx_packets|rx_lro_packets" rx_packets: 1935066 rx_lro_packets: 35847 rx_packets_phy: 1935066 Fixes: e586b3b0baee ("net/mlx5: Ethernet Datapath files") Signed-off-by: Gal Pressman Cc: kernel-team@fb.com Signed-off-by: Saeed Mahameed Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 4 ++++ 1 file changed, 4 insertions(+) commit d3a4e4da54c7adb420d5f48e89be913b14bdeff1 Author: Gal Pressman Date: Tue Mar 21 15:59:18 2017 +0200 net/mlx5e: Count GSO packets correctly TX packets statistics ('tx_packets' counter) used to count GSO packets as one, even though it contains multiple segments. This patch will increment the counter by the number of segments, and align the driver with the behavior of other drivers in the stack. Note that no information is lost in this patch due to 'tx_tso_packets' counter existence. Before, ethtool showed: $ ethtool -S ens6 | egrep "tx_packets|tx_tso_packets" tx_packets: 61340 tx_tso_packets: 60954 tx_packets_phy: 2451115 Now, we will see the more logical statistics: $ ethtool -S ens6 | egrep "tx_packets|tx_tso_packets" tx_packets: 2451115 tx_tso_packets: 60954 tx_packets_phy: 2451115 Fixes: e586b3b0baee ("net/mlx5: Ethernet Datapath files") Signed-off-by: Gal Pressman Cc: kernel-team@fb.com Signed-off-by: Saeed Mahameed Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 5f40b4ed975c26016cf41953b7510fe90718e21c Author: Maor Gottlieb Date: Tue Mar 21 15:59:17 2017 +0200 net/mlx5: Increase number of max QPs in default profile With ConnectX-4 sharing SRQs from the same space as QPs, we hit a limit preventing some applications to allocate needed QPs amount. Double the size to 256K. Fixes: e126ba97dba9e ('mlx5: Add driver for Mellanox Connect-IB adapters') Signed-off-by: Maor Gottlieb Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1ad9a00ae0efc2e9337148d6c382fad3d27bf99a Author: Paul Blakey Date: Tue Mar 21 15:59:16 2017 +0200 net/mlx5e: Avoid supporting udp tunnel port ndo for VF reps This was added to allow the TC offloading code to identify offloading encap/decap vxlan rules. The VF reps are effectively related to the same mlx5 PCI device as the PF. Since the kernel invokes the (say) delete ndo for each netdev, the FW erred on multiple vxlan dst port deletes when the port was deleted from the system. We fix that by keeping the registration to be carried out only by the PF. Since the PF serves as the uplink device, the VF reps will look up a port there and realize if they are ok to offload that. Tested: ip link add vxlan1 type vxlan id 44 dev ens5f0 dstport 9999 ip link set vxlan1 up ip link del dev vxlan1 Fixes: 4a25730eb202 ('net/mlx5e: Add ndo_udp_tunnel_add to VF representors') Signed-off-by: Paul Blakey Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en.h | 4 ---- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 8 ++++---- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 -- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 9 +++++++-- 4 files changed, 11 insertions(+), 12 deletions(-) commit 09c91ddf2cd33489c2c14edfef43ae38d412888e Author: Or Gerlitz Date: Tue Mar 21 15:59:15 2017 +0200 net/mlx5e: Use the proper UAPI values when offloading TC vlan actions Currently we use the non UAPI values and we miss erring on the modify action which is not supported, fix that. Fixes: 8b32580df1cb ('net/mlx5e: Add TC vlan action for SRIOV offloads') Signed-off-by: Or Gerlitz Reported-by: Petr Machata Reviewed-by: Jiri Pirko Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 375f51e2b5b7b9a42b3139aea519cbb1bfc5d6ef Author: Roi Dayan Date: Tue Mar 21 15:59:14 2017 +0200 net/mlx5: E-Switch, Don't allow changing inline mode when flows are configured Changing the eswitch inline mode can potentially cause already configured flows not to match the policy. E.g. set policy L4, add some L4 rules, set policy to L2 --> bad! Hence we disallow it. Keep track of how many offloaded rules are now set and refuse inline mode changes if this isn't zero. Fixes: bffaa916588e ("net/mlx5: E-Switch, Add control for inline mode") Signed-off-by: Roi Dayan Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 8 ++++++++ 2 files changed, 9 insertions(+) commit d85cdccbb3fe9a632ec9d0f4e4526c8c84fc3523 Author: Or Gerlitz Date: Tue Mar 21 15:59:13 2017 +0200 net/mlx5e: Change the TC offload rule add/del code path to be per NIC or E-Switch Refactor the code to deal with add/del TC rules to have handler per NIC/E-switch offloading use case, and push the latter into the e-switch code. This provides better separation and is to be used in down-stream patch for applying a fix. Fixes: bffaa916588e ("net/mlx5: E-Switch, Add control for inline mode") Signed-off-by: Or Gerlitz Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 59 ++++++++++++++-------- drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 5 ++ .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 14 +++++ 3 files changed, 58 insertions(+), 20 deletions(-) commit 1f30a86c58093046dc3e49c23d2618894e098f7a Author: Or Gerlitz Date: Tue Mar 21 15:59:12 2017 +0200 net/mlx5: Add missing entries for set/query rate limit commands The switch cases for the rate limit set and query commands were missing, which could get us wrong under fw error or driver reset flow, fix that. Fixes: 1466cc5b23d1 ('net/mlx5: Rate limit tables support') Signed-off-by: Or Gerlitz Reviewed-by: Hadar Hen Zion Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 4 ++++ 1 file changed, 4 insertions(+) commit bf601fe52e8392082e1c0587ab5e34df97675a97 Merge: 557d054c 6be3b6c Author: David S. Miller Date: Wed Mar 22 12:06:49 2017 -0700 Merge tag 'wireless-drivers-for-davem-2017-03-21' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.11 iwlwifi * fix a user reported warning in DQA mwifiex * fix a potential double free * fix lost early debug logs * fix init wakeup warning message from device framework * add Ganapathi and Xinming as maintainers ath10k * fix regression with QCA6174 during resume and firmware crash ==================== Signed-off-by: David S. Miller commit 557d054c01da0337ca81de9e9d9206d57245b57e Author: Ying Xue Date: Tue Mar 21 10:47:49 2017 +0100 tipc: fix nametbl deadlock at tipc_nametbl_unsubscribe Until now, tipc_nametbl_unsubscribe() is called at subscriptions reference count cleanup. Usually the subscriptions cleanup is called at subscription timeout or at subscription cancel or at subscriber delete. We have ignored the possibility of this being called from other locations, which causes deadlock as we try to grab the tn->nametbl_lock while holding it already. CPU1: CPU2: ---------- ---------------- tipc_nametbl_publish spin_lock_bh(&tn->nametbl_lock) tipc_nametbl_insert_publ tipc_nameseq_insert_publ tipc_subscrp_report_overlap tipc_subscrp_get tipc_subscrp_send_event tipc_close_conn tipc_subscrb_release_cb tipc_subscrb_delete tipc_subscrp_put tipc_subscrp_put tipc_subscrp_kref_release tipc_nametbl_unsubscribe spin_lock_bh(&tn->nametbl_lock) <> CPU1: CPU2: ---------- ---------------- tipc_nametbl_stop spin_lock_bh(&tn->nametbl_lock) tipc_purge_publications tipc_nameseq_remove_publ tipc_subscrp_report_overlap tipc_subscrp_get tipc_subscrp_send_event tipc_close_conn tipc_subscrb_release_cb tipc_subscrb_delete tipc_subscrp_put tipc_subscrp_put tipc_subscrp_kref_release tipc_nametbl_unsubscribe spin_lock_bh(&tn->nametbl_lock) <> In this commit, we advance the calling of tipc_nametbl_unsubscribe() from the refcount cleanup to the intended callers. Fixes: d094c4d5f5c7 ("tipc: add subscription refcount to avoid invalid delete") Reported-by: John Thompson Acked-by: Jon Maloy Signed-off-by: Ying Xue Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: David S. Miller net/tipc/subscr.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 581947787eaf1ad801959d00b42b9d0131aacb6a Author: Xin Long Date: Mon Mar 20 18:00:28 2017 +0800 sctp: remove useless err from sctp_association_init This patch is to remove the unnecessary temporary variable 'err' from sctp_association_init. Signed-off-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/associola.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 1511949c61ec63e4b646c34d602ac6990b38ce30 Author: Xin Long Date: Mon Mar 20 17:46:27 2017 +0800 sctp: declare struct sctp_stream before using it sctp_stream_free uses struct sctp_stream as a param, but struct sctp_stream is defined after it's declaration. This patch is to declare struct sctp_stream before sctp_stream_free. Fixes: a83863174a61 ("sctp: prepare asoc stream for stream reconf") Signed-off-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller include/net/sctp/structs.h | 1 + 1 file changed, 1 insertion(+) commit 07fef3623407444e51c12ea57cd91df38c1069e0 Author: Arnd Bergmann Date: Mon Mar 20 09:58:33 2017 +0100 cpsw/netcp: cpts depends on posix_timers With posix timers having become optional, we get a build error with the cpts time sync option of the CPSW driver: drivers/net/ethernet/ti/cpts.c: In function 'cpts_find_ts': drivers/net/ethernet/ti/cpts.c:291:23: error: implicit declaration of function 'ptp_classify_raw';did you mean 'ptp_classifier_init'? [-Werror=implicit-function-declaration] This adds a hard dependency on PTP_CLOCK to avoid the problem, as building it without PTP support makes no sense anyway. Fixes: baa73d9e478f ("posix-timers: Make them configurable") Cc: Nicolas Pitre Cc: stable@vger.kernel.org Signed-off-by: Arnd Bergmann Acked-by: Nicolas Pitre Signed-off-by: David S. Miller drivers/net/ethernet/ti/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit be9ca0d33c850192198c22518eeb1f41401268e8 Author: Arnd Bergmann Date: Mon Mar 20 09:52:50 2017 +0100 cpsw/netcp: work around reverse cpts dependency The dependency is reversed: cpsw and netcp call into cpts, but cpts depends on the other two in Kconfig. This can lead to cpts being a loadable module and its callers built-in: drivers/net/ethernet/ti/cpsw.o: In function `cpsw_remove': cpsw.c:(.text.cpsw_remove+0xd0): undefined reference to `cpts_release' drivers/net/ethernet/ti/cpsw.o: In function `cpsw_rx_handler': cpsw.c:(.text.cpsw_rx_handler+0x2dc): undefined reference to `cpts_rx_timestamp' drivers/net/ethernet/ti/cpsw.o: In function `cpsw_tx_handler': cpsw.c:(.text.cpsw_tx_handler+0x7c): undefined reference to `cpts_tx_timestamp' drivers/net/ethernet/ti/cpsw.o: In function `cpsw_ndo_stop': As a workaround, I'm introducing another Kconfig symbol to control the compilation of cpts, while making the actual module controlled by a silent symbol that is =y when necessary. Fixes: 6246168b4a38 ("net: ethernet: ti: netcp: add support of cpts") Signed-off-by: Arnd Bergmann Reviewed-by: Grygorii Strashko Signed-off-by: David S. Miller drivers/net/ethernet/ti/Kconfig | 8 +++++++- drivers/net/ethernet/ti/Makefile | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) commit 8fb106b28c68d6c81cf6d69773b8cfdbf657b94e Merge: a05d4fd b20cb60 Author: David S. Miller Date: Wed Mar 22 10:50:37 2017 -0700 Merge branch 'r8152-rx-settings' Hayes Wang says: ==================== r8152: fix the rx settings of RTL8153 The RMS and the rx early size should base on the same rx size. However, the RMS is set to 9K bytes now and the rx early depends on mtu. For using the rx buffer effectively, sync the two settings according to the mtu. ==================== Signed-off-by: David S. Miller commit b20cb60e2b865638459e6ec82ad3536d3734e555 Author: hayeswang Date: Mon Mar 20 16:13:45 2017 +0800 r8152: fix the rx early size of RTL8153 revert commit a59e6d815226 ("r8152: correct the rx early size") and fix the rx early size as (rx buffer size - rx packet size - rx desc size - alignment) / 4 Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 210c4f70b4c630b27f0840c8043c138c955edc9e Author: hayeswang Date: Mon Mar 20 16:13:44 2017 +0800 r8152: set the RMS of RTL8153 according to the mtu Set the received maximum size (RMS) according to the mtu size. It is unnecessary to receive a packet which is more than the size we could transmit. Besides, this could let the rx buffer be used effectively. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit a05d4fd9176003e0c1f9c3d083f4dac19fd346ab Author: Tejun Heo Date: Tue Mar 14 19:25:56 2017 -0400 cgroup, net_cls: iterate the fds of only the tasks which are being migrated The net_cls controller controls the classid field of each socket which is associated with the cgroup. Because the classid is per-socket attribute, when a task migrates to another cgroup or the configured classid of the cgroup changes, the controller needs to walk all sockets and update the classid value, which was implemented by 3b13758f51de ("cgroups: Allow dynamically changing net_classid"). While the approach is not scalable, migrating tasks which have a lot of fds attached to them is rare and the cost is born by the ones initiating the operations. However, for simplicity, both the migration and classid config change paths call update_classid() which scans all fds of all tasks in the target css. This is an overkill for the migration path which only needs to cover a much smaller subset of tasks which are actually getting migrated in. On cgroup v1, this can lead to unexpected scalability issues when one tries to migrate a task or process into a net_cls cgroup which already contains a lot of fds. Even if the migration traget doesn't have many to get scanned, update_classid() ends up scanning all fds in the target cgroup which can be extremely numerous. Unfortunately, on cgroup v2 which doesn't use net_cls, the problem is even worse. Before bfc2cf6f61fc ("cgroup: call subsys->*attach() only for subsystems which are actually affected by migration"), cgroup core would call the ->css_attach callback even for controllers which don't see actual migration to a different css. As net_cls is always disabled but still mounted on cgroup v2, whenever a process is migrated on the cgroup v2 hierarchy, net_cls sees identity migration from root to root and cgroup core used to call ->css_attach callback for those. The net_cls ->css_attach ends up calling update_classid() on the root net_cls css to which all processes on the system belong to as the controller isn't used. This makes any cgroup v2 migration O(total_number_of_fds_on_the_system) which is horrible and easily leads to noticeable stalls triggering RCU stall warnings and so on. The worst symptom is already fixed in upstream by bfc2cf6f61fc ("cgroup: call subsys->*attach() only for subsystems which are actually affected by migration"); however, backporting that commit is too invasive and we want to avoid other cases too. This patch updates net_cls's cgrp_attach() to iterate fds of only the processes which are actually getting migrated. This removes the surprising migration cost which is dependent on the total number of fds in the target cgroup. As this leaves write_classid() the only user of update_classid(), open-code the helper into write_classid(). Reported-by: David Goode Fixes: 3b13758f51de ("cgroups: Allow dynamically changing net_classid") Cc: stable@vger.kernel.org # v4.4+ Cc: Nina Schiff Cc: David S. Miller Signed-off-by: Tejun Heo Signed-off-by: David S. Miller net/core/netclassid_cgroup.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) commit f0c0cb99f74c03e2407ea553f6d46eb611e262b5 Author: Jon Mason Date: Tue Mar 21 16:51:19 2017 -0400 arm64: dts: NS2: Add dma-coherent to relevant DT entries Cache related issues with DMA rings and performance issues related to caching are being caused by not properly setting the "dma-coherent" flag in the device tree entries. Adding it here to correct the issue. Signed-off-by: Jon Mason Fixes: fd5e5dd56 ("arm64: dts: Add PCIe0 and PCIe4 DT nodes for NS2") Fixes: dddc3c9d7 ("arm64: dts: NS2: add AMAC ethernet support") Fixes: e79249143 ("arm64: dts: Add Broadcom Northstar2 device tree entries for PDC driver") Fixes: ac9aae00f ("arm64: dts: Add SATA3 AHCI and SATA3 PHY DT nodes for NS2") Fixes: efc877676 ("arm64: dts: Add SDHCI DT node for NS2") Signed-off-by: Florian Fainelli arch/arm64/boot/dts/broadcom/ns2.dtsi | 11 +++++++++++ 1 file changed, 11 insertions(+) commit afd0e5a876703accb95894f23317a13e2c49b523 Author: Neeraj Upadhyay Date: Wed Mar 22 17:08:25 2017 +0530 arm64: kaslr: Fix up the kernel image alignment If kernel image extends across alignment boundary, existing code increases the KASLR offset by size of kernel image. The offset is masked after resizing. There are cases, where after masking, we may still have kernel image extending across boundary. This eventually results in only 2MB block getting mapped while creating the page tables. This results in data aborts while accessing unmapped regions during second relocation (with kaslr offset) in __primary_switch. To fix this problem, round up the kernel image size, by swapper block size, before adding it for correction. For example consider below case, where kernel image still crosses 1GB alignment boundary, after masking the offset, which is fixed by rounding up kernel image size. SWAPPER_TABLE_SHIFT = 30 Swapper using section maps with section size 2MB. CONFIG_PGTABLE_LEVELS = 3 VA_BITS = 39 _text : 0xffffff8008080000 _end : 0xffffff800aa1b000 offset : 0x1f35600000 mask = ((1UL << (VA_BITS - 2)) - 1) & ~(SZ_2M - 1) (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d offset after existing correction (before mask) = 0x1f37f9b000 (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d offset (after mask) = 0x1f37e00000 (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7c (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d new offset w/ rounding up = 0x1f38000000 (_text + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d (_end + offset) >> SWAPPER_TABLE_SHIFT = 0x3fffffe7d Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR") Cc: Reviewed-by: Ard Biesheuvel Signed-off-by: Neeraj Upadhyay Signed-off-by: Srinivas Ramana Signed-off-by: Will Deacon arch/arm64/kernel/kaslr.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 9d3a4de4cb8db8e71730e36736272ef041836f68 Author: Robin Murphy Date: Thu Mar 16 17:00:16 2017 +0000 iommu: Disambiguate MSI region types The introduction of reserved regions has left a couple of rough edges which we could do with sorting out sooner rather than later. Since we are not yet addressing the potential dynamic aspect of software-managed reservations and presenting them at arbitrary fixed addresses, it is incongruous that we end up displaying hardware vs. software-managed MSI regions to userspace differently, especially since ARM-based systems may actually require one or the other, or even potentially both at once, (which iommu-dma currently has no hope of dealing with at all). Let's resolve the former user-visible inconsistency ASAP before the ABI has been baked into a kernel release, in a way that also lays the groundwork for the latter shortcoming to be addressed by follow-up patches. For clarity, rename the software-managed type to IOMMU_RESV_SW_MSI, use IOMMU_RESV_MSI to describe the hardware type, and document everything a little bit. Since the x86 MSI remapping hardware falls squarely under this meaning of IOMMU_RESV_MSI, apply that type to their regions as well, so that we tell the same story to userspace across all platforms. Secondly, as the various region types require quite different handling, and it really makes little sense to ever try combining them, convert the bitfield-esque #defines to a plain enum in the process before anyone gets the wrong impression. Fixes: d30ddcaa7b02 ("iommu: Add a new type field in iommu_resv_region") Reviewed-by: Eric Auger CC: Alex Williamson CC: David Woodhouse CC: kvm@vger.kernel.org Signed-off-by: Robin Murphy Signed-off-by: Joerg Roedel drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/arm-smmu-v3.c | 2 +- drivers/iommu/arm-smmu.c | 2 +- drivers/iommu/intel-iommu.c | 2 +- drivers/iommu/iommu.c | 5 +++-- drivers/vfio/vfio_iommu_type1.c | 7 +++---- include/linux/iommu.h | 18 +++++++++++++----- 7 files changed, 23 insertions(+), 15 deletions(-) commit cd37a296a9f890586665bb8974a8b17ee2f17d6d Author: Marek Szyprowski Date: Mon Mar 20 10:17:57 2017 +0100 iommu/exynos: Workaround FLPD cache flush issues for SYSMMU v5 For some unknown reasons, in some cases, FLPD cache invalidation doesn't work properly with SYSMMU v5 controllers found in Exynos5433 SoCs. This can be observed by a firmware crash during initialization phase of MFC video decoder available in the mentioned SoCs when IOMMU support is enabled. To workaround this issue perform a full TLB/FLPD invalidation in case of replacing any first level page descriptors in case of SYSMMU v5. Fixes: 740a01eee9ada ("iommu/exynos: Add support for v5 SYSMMU") CC: stable@vger.kernel.org # v4.10+ Signed-off-by: Marek Szyprowski Tested-by: Andrzej Hajda Signed-off-by: Joerg Roedel drivers/iommu/exynos-iommu.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 7d2aa6b814476a2e2794960f844344519246df72 Author: Marek Szyprowski Date: Mon Mar 20 10:17:56 2017 +0100 iommu/exynos: Block SYSMMU while invalidating FLPD cache Documentation specifies that SYSMMU should be in blocked state while performing TLB/FLPD cache invalidation, so add needed calls to sysmmu_block/unblock. Fixes: 66a7ed84b345d ("iommu/exynos: Apply workaround of caching fault page table entries") CC: stable@vger.kernel.org # v4.10+ Signed-off-by: Marek Szyprowski Signed-off-by: Joerg Roedel drivers/iommu/exynos-iommu.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 95a49603707d982b25d17c5b70e220a05556a2f9 Author: Ming Lei Date: Wed Mar 22 10:14:43 2017 +0800 blk-mq: don't complete un-started request in timeout handler When iterating busy requests in timeout handler, if the STARTED flag of one request isn't set, that means the request is being processed in block layer or driver, and isn't submitted to hardware yet. In current implementation of blk_mq_check_expired(), if the request queue becomes dying, un-started requests are handled as being completed/freed immediately. This way is wrong, and can cause rq corruption or double allocation[1][2], when doing I/O and removing&resetting NVMe device at the sametime. This patch fixes several issues reported by Yi Zhang. [1]. oops log 1 [ 581.789754] ------------[ cut here ]------------ [ 581.789758] kernel BUG at block/blk-mq.c:374! [ 581.789760] invalid opcode: 0000 [#1] SMP [ 581.789761] Modules linked in: vfat fat ipmi_ssif intel_rapl sb_edac edac_core x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm nvme irqbypass crct10dif_pclmul nvme_core crc32_pclmul ghash_clmulni_intel intel_cstate ipmi_si mei_me ipmi_devintf intel_uncore sg ipmi_msghandler intel_rapl_perf iTCO_wdt mei iTCO_vendor_support mxm_wmi lpc_ich dcdbas shpchp pcspkr acpi_power_meter wmi nfsd auth_rpcgss nfs_acl lockd dm_multipath grace sunrpc ip_tables xfs libcrc32c sd_mod mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm ahci libahci crc32c_intel tg3 libata megaraid_sas i2c_core ptp fjes pps_core dm_mirror dm_region_hash dm_log dm_mod [ 581.789796] CPU: 1 PID: 1617 Comm: kworker/1:1H Not tainted 4.10.0.bz1420297+ #4 [ 581.789797] Hardware name: Dell Inc. PowerEdge R730xd/072T6D, BIOS 2.2.5 09/06/2016 [ 581.789804] Workqueue: kblockd blk_mq_timeout_work [ 581.789806] task: ffff8804721c8000 task.stack: ffffc90006ee4000 [ 581.789809] RIP: 0010:blk_mq_end_request+0x58/0x70 [ 581.789810] RSP: 0018:ffffc90006ee7d50 EFLAGS: 00010202 [ 581.789811] RAX: 0000000000000001 RBX: ffff8802e4195340 RCX: ffff88028e2f4b88 [ 581.789812] RDX: 0000000000001000 RSI: 0000000000001000 RDI: 0000000000000000 [ 581.789813] RBP: ffffc90006ee7d60 R08: 0000000000000003 R09: ffff88028e2f4b00 [ 581.789814] R10: 0000000000001000 R11: 0000000000000001 R12: 00000000fffffffb [ 581.789815] R13: ffff88042abe5780 R14: 000000000000002d R15: ffff88046fbdff80 [ 581.789817] FS: 0000000000000000(0000) GS:ffff88047fc00000(0000) knlGS:0000000000000000 [ 581.789818] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 581.789819] CR2: 00007f64f403a008 CR3: 000000014d078000 CR4: 00000000001406e0 [ 581.789820] Call Trace: [ 581.789825] blk_mq_check_expired+0x76/0x80 [ 581.789828] bt_iter+0x45/0x50 [ 581.789830] blk_mq_queue_tag_busy_iter+0xdd/0x1f0 [ 581.789832] ? blk_mq_rq_timed_out+0x70/0x70 [ 581.789833] ? blk_mq_rq_timed_out+0x70/0x70 [ 581.789840] ? __switch_to+0x140/0x450 [ 581.789841] blk_mq_timeout_work+0x88/0x170 [ 581.789845] process_one_work+0x165/0x410 [ 581.789847] worker_thread+0x137/0x4c0 [ 581.789851] kthread+0x101/0x140 [ 581.789853] ? rescuer_thread+0x3b0/0x3b0 [ 581.789855] ? kthread_park+0x90/0x90 [ 581.789860] ret_from_fork+0x2c/0x40 [ 581.789861] Code: 48 85 c0 74 0d 44 89 e6 48 89 df ff d0 5b 41 5c 5d c3 48 8b bb 70 01 00 00 48 85 ff 75 0f 48 89 df e8 7d f0 ff ff 5b 41 5c 5d c3 <0f> 0b e8 71 f0 ff ff 90 eb e9 0f 1f 40 00 66 2e 0f 1f 84 00 00 [ 581.789882] RIP: blk_mq_end_request+0x58/0x70 RSP: ffffc90006ee7d50 [ 581.789889] ---[ end trace bcaf03d9a14a0a70 ]--- [2]. oops log2 [ 6984.857362] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 [ 6984.857372] IP: nvme_queue_rq+0x6e6/0x8cd [nvme] [ 6984.857373] PGD 0 [ 6984.857374] [ 6984.857376] Oops: 0000 [#1] SMP [ 6984.857379] Modules linked in: ipmi_ssif vfat fat intel_rapl sb_edac edac_core x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ipmi_si iTCO_wdt iTCO_vendor_support mxm_wmi ipmi_devintf intel_cstate sg dcdbas intel_uncore mei_me intel_rapl_perf mei pcspkr lpc_ich ipmi_msghandler shpchp acpi_power_meter wmi nfsd auth_rpcgss dm_multipath nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sd_mod mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect crc32c_intel sysimgblt fb_sys_fops ttm nvme drm nvme_core ahci libahci i2c_core tg3 libata ptp megaraid_sas pps_core fjes dm_mirror dm_region_hash dm_log dm_mod [ 6984.857416] CPU: 7 PID: 1635 Comm: kworker/7:1H Not tainted 4.10.0-2.el7.bz1420297.x86_64 #1 [ 6984.857417] Hardware name: Dell Inc. PowerEdge R730xd/072T6D, BIOS 2.2.5 09/06/2016 [ 6984.857427] Workqueue: kblockd blk_mq_run_work_fn [ 6984.857429] task: ffff880476e3da00 task.stack: ffffc90002e90000 [ 6984.857432] RIP: 0010:nvme_queue_rq+0x6e6/0x8cd [nvme] [ 6984.857433] RSP: 0018:ffffc90002e93c50 EFLAGS: 00010246 [ 6984.857434] RAX: 0000000000000000 RBX: ffff880275646600 RCX: 0000000000001000 [ 6984.857435] RDX: 0000000000000fff RSI: 00000002fba2a000 RDI: ffff8804734e6950 [ 6984.857436] RBP: ffffc90002e93d30 R08: 0000000000002000 R09: 0000000000001000 [ 6984.857437] R10: 0000000000001000 R11: 0000000000000000 R12: ffff8804741d8000 [ 6984.857438] R13: 0000000000000040 R14: ffff880475649f80 R15: ffff8804734e6780 [ 6984.857439] FS: 0000000000000000(0000) GS:ffff88047fcc0000(0000) knlGS:0000000000000000 [ 6984.857440] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6984.857442] CR2: 0000000000000010 CR3: 0000000001c09000 CR4: 00000000001406e0 [ 6984.857443] Call Trace: [ 6984.857451] ? mempool_free+0x2b/0x80 [ 6984.857455] ? bio_free+0x4e/0x60 [ 6984.857459] blk_mq_dispatch_rq_list+0xf5/0x230 [ 6984.857462] blk_mq_process_rq_list+0x133/0x170 [ 6984.857465] __blk_mq_run_hw_queue+0x8c/0xa0 [ 6984.857467] blk_mq_run_work_fn+0x12/0x20 [ 6984.857473] process_one_work+0x165/0x410 [ 6984.857475] worker_thread+0x137/0x4c0 [ 6984.857478] kthread+0x101/0x140 [ 6984.857480] ? rescuer_thread+0x3b0/0x3b0 [ 6984.857481] ? kthread_park+0x90/0x90 [ 6984.857489] ret_from_fork+0x2c/0x40 [ 6984.857490] Code: 8b bd 70 ff ff ff 89 95 50 ff ff ff 89 8d 58 ff ff ff 44 89 95 60 ff ff ff e8 b7 dd 12 e1 8b 95 50 ff ff ff 48 89 85 68 ff ff ff <4c> 8b 48 10 44 8b 58 18 8b 8d 58 ff ff ff 44 8b 95 60 ff ff ff [ 6984.857511] RIP: nvme_queue_rq+0x6e6/0x8cd [nvme] RSP: ffffc90002e93c50 [ 6984.857512] CR2: 0000000000000010 [ 6984.895359] ---[ end trace 2d7ceb528432bf83 ]--- Cc: stable@vger.kernel.org Reported-by: Yi Zhang Tested-by: Yi Zhang Reviewed-by: Bart Van Assche Reviewed-by: Hannes Reinecke Signed-off-by: Ming Lei Signed-off-by: Jens Axboe block/blk-mq.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) commit 24a47426066c8ba16a4db1b20a41d63187281195 Author: Thibault Saunier Date: Wed Feb 1 18:05:21 2017 -0200 [media] exynos-gsc: Do not swap cb/cr for semi planar formats In the case of semi planar formats cb and cr are in the same plane in memory, meaning that will be set to 'cb' whatever the format is, and whatever the (packed) order of those components are. Suggested-by: Nicolas Dufresne Signed-off-by: Thibault Saunier Signed-off-by: Javier Martinez Canillas Acked-by: Sylwester Nawrocki Signed-off-by: Mauro Carvalho Chehab drivers/media/platform/exynos-gsc/gsc-core.c | 2 -- 1 file changed, 2 deletions(-) commit 389e3f0d57e6ab50c207bee5ea2c4a5982a029c2 Author: Shailendra Verma Date: Fri Dec 2 02:48:01 2016 -0200 [media] bdisp: Clean up file handle in open() error path The File handle is not yet added in the vdev list.So no need to call v4l2_fh_del(&ctx->fh)if it fails to create control. Signed-off-by: Shailendra Verma Reviewed-by: Fabien Dessenne Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/platform/sti/bdisp/bdisp-v4l2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6e2e0eea072f6f82ac0afbcfa8dc38dcc3a29fa4 Author: Arnd Bergmann Date: Thu Feb 9 13:09:08 2017 -0200 [media] coda/imx-vdoa: platform_driver should not be const The device driver platform is actually written to during registration, for setting the owner field, so platform_driver_register() does not take a const pointer: drivers/media/platform/coda/imx-vdoa.c: In function 'vdoa_driver_init': drivers/media/platform/coda/imx-vdoa.c:333:213: error: passing argument 1 of '__platform_driver_register' discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] module_platform_driver(vdoa_driver); In file included from drivers/media/platform/coda/imx-vdoa.c:22:0: include/linux/platform_device.h:199:12: note: expected 'struct platform_driver *' but argument is of type 'const struct platform_driver *' extern int __platform_driver_register(struct platform_driver *, ^~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/media/platform/coda/imx-vdoa.c: In function 'vdoa_driver_exit': drivers/media/platform/coda/imx-vdoa.c:333:626: error: passing argument 1 of 'platform_driver_unregister' discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] Remove the modifier again. Fixes: d2fe28feaebb ("[media] coda/imx-vdoa: constify structs") Signed-off-by: Arnd Bergmann Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/platform/coda/imx-vdoa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f83bf8da1135ca635aac8f062cad3f001fcf3a26 Author: Jeffy Chen Date: Tue Mar 21 15:07:10 2017 +0800 netfilter: nfnl_cthelper: Fix memory leak We have memory leaks of nf_conntrack_helper & expect_policy. Signed-off-by: Jeffy Chen Signed-off-by: Pablo Neira Ayuso net/netfilter/nfnetlink_cthelper.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 2c422257550f123049552b39f7af6e3428a60f43 Author: Pablo Neira Ayuso Date: Tue Mar 21 13:32:37 2017 +0100 netfilter: nfnl_cthelper: fix runtime expectation policy updates We only allow runtime updates of expectation policies for timeout and maximum number of expectations, otherwise reject the update. Signed-off-by: Pablo Neira Ayuso Acked-by: Liping Zhang net/netfilter/nfnetlink_cthelper.c | 86 +++++++++++++++++++++++++++++++++++++- 1 file changed, 84 insertions(+), 2 deletions(-) commit 5c1724c42dc1d60addaa67106a4f25c2a9a140de Merge: c342356 70216fd Author: Greg Kroah-Hartman Date: Wed Mar 22 12:03:17 2017 +0100 Merge tag 'extcon-fixes-for-4.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/chanwoo/extcon into char-misc-linus Chanwoo writes: Update extcon for v4.11-rc3 This patch fixes issues for Intel INT3496 ACPI device as following: - Propagate error code of gpiod_to_irq(). - Set the ID pin as the input direction if firmware has the bug - Rename the gpio name for bining according to the documentation. - Add gpio acpi mapping table and the dependency on X86. - Use the devm_gpiod_get() instead of gpiod_get_index because of acpi mapping table. commit 43c49938bf72b2862aa12b5d66e710e15ce0f7b7 Merge: 4495c08 6985bd5 Author: Greg Kroah-Hartman Date: Wed Mar 22 12:02:01 2017 +0100 Merge tag 'iio-fixes-for-4.11c' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus Jonathan writes: Thirds set of IIO fixes for the 4.11 cycle. * core - iio sw-device - ensure configfs is enabled both when building as module and built in. * ak8974 - drop incorrect __exit markup on remove. * hid-sensor-trigger - code reorganise to avoid losing settings if a power cycle occurs during S3. * lsm6dsx - fix incorrect overwrite of parts of FIFO_CTRL2 register during watermark configuration. * ti-am335x - fix a hard to hit bug when reenabling from a fifo overrun by waiting for current cycle to finish. commit 5003ae1e735e6bfe4679d9bed6846274f322e77e Author: Koos Vriezen Date: Wed Mar 1 21:02:50 2017 +0100 iommu/vt-d: Fix NULL pointer dereference in device_to_iommu The function device_to_iommu() in the Intel VT-d driver lacks a NULL-ptr check, resulting in this oops at boot on some platforms: BUG: unable to handle kernel NULL pointer dereference at 00000000000007ab IP: [] device_to_iommu+0x11a/0x1a0 PGD 0 [...] Call Trace: ? find_or_alloc_domain.constprop.29+0x1a/0x300 ? dw_dma_probe+0x561/0x580 [dw_dmac_core] ? __get_valid_domain_for_dev+0x39/0x120 ? __intel_map_single+0x138/0x180 ? intel_alloc_coherent+0xb6/0x120 ? sst_hsw_dsp_init+0x173/0x420 [snd_soc_sst_haswell_pcm] ? mutex_lock+0x9/0x30 ? kernfs_add_one+0xdb/0x130 ? devres_add+0x19/0x60 ? hsw_pcm_dev_probe+0x46/0xd0 [snd_soc_sst_haswell_pcm] ? platform_drv_probe+0x30/0x90 ? driver_probe_device+0x1ed/0x2b0 ? __driver_attach+0x8f/0xa0 ? driver_probe_device+0x2b0/0x2b0 ? bus_for_each_dev+0x55/0x90 ? bus_add_driver+0x110/0x210 ? 0xffffffffa11ea000 ? driver_register+0x52/0xc0 ? 0xffffffffa11ea000 ? do_one_initcall+0x32/0x130 ? free_vmap_area_noflush+0x37/0x70 ? kmem_cache_alloc+0x88/0xd0 ? do_init_module+0x51/0x1c4 ? load_module+0x1ee9/0x2430 ? show_taint+0x20/0x20 ? kernel_read_file+0xfd/0x190 ? SyS_finit_module+0xa3/0xb0 ? do_syscall_64+0x4a/0xb0 ? entry_SYSCALL64_slow_path+0x25/0x25 Code: 78 ff ff ff 4d 85 c0 74 ee 49 8b 5a 10 0f b6 9b e0 00 00 00 41 38 98 e0 00 00 00 77 da 0f b6 eb 49 39 a8 88 00 00 00 72 ce eb 8f <41> f6 82 ab 07 00 00 04 0f 85 76 ff ff ff 0f b6 4d 08 88 0e 49 RIP [] device_to_iommu+0x11a/0x1a0 RSP CR2: 00000000000007ab ---[ end trace 16f974b6d58d0aad ]--- Add the missing pointer check. Fixes: 1c387188c60f53b338c20eee32db055dfe022a9b ("iommu/vt-d: Fix IOMMU lookup for SR-IOV Virtual Functions") Signed-off-by: Koos Vriezen Cc: stable@vger.kernel.org # 4.8.15+ Signed-off-by: Joerg Roedel drivers/iommu/intel-iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit db8466c581cca1a08b505f1319c3ecd246f16fa8 Author: Matt Redfearn Date: Tue Mar 21 14:52:25 2017 +0000 MIPS: IRQ Stack: Unwind IRQ stack onto task stack When the separate IRQ stack was introduced, stack unwinding only proceeded as far as the top of the IRQ stack, leading to kernel backtraces being less useful, lacking the trace of what was interrupted. Fix this by providing a means for the kernel to unwind the IRQ stack onto the interrupted task stack. The processor state is saved to the kernel task stack on interrupt. The IRQ_STACK_START macro reserves an unsigned long at the top of the IRQ stack where the interrupted task stack pointer can be saved. After the active stack is switched to the IRQ stack, save the interrupted tasks stack pointer to the reserved location. Fix the stack unwinding code to look for the frame being the top of the IRQ stack and if so get the next frame from the saved location. The existing test does not work with the separate stack since the ra is no longer pointed at ret_from_{irq,exception}. The test to stop unwinding the stack 32 bytes from the top of a stack must be modified to allow unwinding to continue up to the location of the saved task stack pointer when on the IRQ stack. The low / high marks of the stack are set depending on whether the sp is on an irq stack or not. Signed-off-by: Matt Redfearn Cc: Paolo Bonzini Cc: Marcin Nowakowski Cc: Masanari Iida Cc: Chris Metcalf Cc: James Hogan Cc: Paul Burton Cc: Ingo Molnar Cc: Jason A. Donenfeld Cc: Andrew Morton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15788/ Signed-off-by: Ralf Baechle arch/mips/include/asm/irq.h | 15 +++++++++++ arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/genex.S | 8 ++++-- arch/mips/kernel/process.c | 56 ++++++++++++++++++++++++++++-------------- 4 files changed, 60 insertions(+), 20 deletions(-) commit 70216fd937fea79c20705400540fa48f86ddf1c5 Author: Hans de Goede Date: Mon Mar 13 12:28:34 2017 +0100 extcon: int3496: Set the id pin to direction-input if necessary With the new more strict ACPI gpio code the dsdt's IoRestriction flags are honored on gpiod_get, but in some dsdt's it is wrong, so explicitly call gpiod_direction_input on the id gpio if necessary. This fixes the following errors when the int3496 code is used together with the new more strict ACPI gpio code: [ 2382.484415] gpio gpiochip1: (INT33FF:01): gpiochip_lock_as_irq: tried to flag a GPIO set as output for IRQ [ 2382.484425] gpio gpiochip1: (INT33FF:01): unable to lock HW IRQ 3 for IRQ [ 2382.484429] genirq: Failed to request resources for INT3496:00 (irq 174) on irqchip chv-gpio [ 2382.484518] intel-int3496 INT3496:00: can't request IRQ for USB ID GPIO: -22 [ 2382.500359] intel-int3496: probe of INT3496:00 failed with error -22 Signed-off-by: Hans de Goede Reviewed-by: Andy Shevchenko Signed-off-by: Chanwoo Choi drivers/extcon/extcon-intel-int3496.c | 3 +++ 1 file changed, 3 insertions(+) commit 408c5b41d215b317ab58c98b959454407ee4a53d Author: Hans de Goede Date: Fri Mar 10 21:52:08 2017 +0100 extcon: int3496: Use gpiod_get instead of gpiod_get_index Now that we've an acpi mapping table we should be using gpiod_get instead of gpiod_get_index. Signed-off-by: Hans de Goede Reviewed-by: Andy Shevchenko Signed-off-by: Chanwoo Choi drivers/extcon/extcon-intel-int3496.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit 059c7874b87575e48d2c7702849ff56017059195 Author: Peter Robinson Date: Thu Mar 2 18:10:10 2017 +0000 extcon: int3496: Add dependency on X86 as it's Intel specific Add dependency on X86 so it doesn't show up on other arches and add a option for compile test so it still gets build coverage. Signed-off-by: Peter Robinson Signed-off-by: Chanwoo Choi drivers/extcon/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8cb2cbae45ae46b1e1be16950670d5c5d4408474 Author: Andy Shevchenko Date: Fri Feb 24 14:35:55 2017 +0200 extcon: int3496: Add GPIO ACPI mapping table In order to make GPIO ACPI library stricter prepare users of gpiod_get_index() to correctly behave when there no mapping is provided by firmware. Here we add explicit mapping between _CRS GpioIo() resources and their names used in the driver. Signed-off-by: Andy Shevchenko Signed-off-by: Chanwoo Choi Documentation/extcon/intel-int3496.txt | 5 +++++ drivers/extcon/extcon-intel-int3496.c | 20 ++++++++++++++++++++ 2 files changed, 25 insertions(+) commit 90400c5884b89a5db232049721ef4dc1ab2f1f1c Author: Andy Shevchenko Date: Fri Feb 24 14:35:54 2017 +0200 extcon: int3496: Rename GPIO pins in accordance with binding Update GPIO pin names in extcon-intel-int3496.c driver to follow the existing extcon binding. Signed-off-by: Andy Shevchenko Signed-off-by: Chanwoo Choi drivers/extcon/extcon-intel-int3496.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 25cd9721c2b16ee0d775e36ec3af31f392003f80 Author: Krzysztof Opasiak Date: Tue Jan 31 18:12:31 2017 +0100 usb: gadget: f_hid: fix: Don't access hidg->req without spinlock held hidg->req should be accessed only with write_spinlock held as it is set to NULL when we get disabled by host. Signed-off-by: Krzysztof Opasiak Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_hid.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1f459262b0e1649a1e5ad12fa4c66eb76c2220ce Author: Gustavo A. R. Silva Date: Fri Mar 10 15:39:32 2017 -0600 usb: gadget: udc: remove pointer dereference after free Remove pointer dereference after free. Addresses-Coverity-ID: 1091173 Acked-by: Michal Nazarewicz Signed-off-by: Gustavo A. R. Silva Signed-off-by: Felipe Balbi drivers/usb/gadget/udc/pch_udc.c | 1 - 1 file changed, 1 deletion(-) commit 16bb05d98c904a4f6c5ce7e2d992299f794acbf2 Author: Roger Quadros Date: Wed Mar 8 16:05:44 2017 +0200 usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed As per USB3.0 Specification "Table 9-20. Standard Endpoint Descriptor", for interrupt and isochronous endpoints, wMaxPacketSize must be set to 1024 if the endpoint defines bMaxBurst to be greater than zero. Reviewed-by: Laurent Pinchart Signed-off-by: Roger Quadros Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_uvc.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 09424c50b7dff40cb30011c09114404a4656e023 Author: Roger Quadros Date: Wed Mar 8 16:05:43 2017 +0200 usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval The streaming_maxburst module parameter is 0 offset (0..15) so we must add 1 while using it for wBytesPerInterval calculation for the SuperSpeed companion descriptor. Without this host uvcvideo driver will always see the wrong wBytesPerInterval for SuperSpeed uvc gadget and may not find a suitable video interface endpoint. e.g. for streaming_maxburst = 0 case it will always fail as wBytePerInterval was evaluating to 0. Cc: stable@vger.kernel.org Reviewed-by: Laurent Pinchart Signed-off-by: Roger Quadros Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_uvc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 74098c4ac782afd71b35ac56f9536ae2f5cd7da7 Author: Oliver Neukum Date: Tue Mar 14 12:09:56 2017 +0100 usb: gadget: acm: fix endianness in notifications The gadget code exports the bitfield for serial status changes over the wire in its internal endianness. The fix is to convert to little endian before sending it over the wire. Signed-off-by: Oliver Neukum Tested-by: 家瑋 CC: Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_acm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit de288e36fe33f7e06fa272bc8e2f85aa386d99aa Author: Janusz Dziedzic Date: Mon Mar 13 14:11:32 2017 +0200 usb: dwc3: gadget: delay unmap of bounced requests In the case of bounced ep0 requests, we must delay DMA operation until after ->complete() otherwise we might overwrite contents of req->buf. This caused problems with RNDIS gadget. Signed-off-by: Janusz Dziedzic Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) commit 26a37ab319a26d330bab298770d692bb9c852aff Author: Tony Luck Date: Mon Mar 20 14:40:30 2017 -0700 x86/mce: Fix copy/paste error in exception table entries Back in commit: 92b0729c34cab ("x86/mm, x86/mce: Add memcpy_mcsafe()") ... I made a copy/paste error setting up the exception table entries and ended up with two for label .L_cache_w3 and none for .L_cache_w2. This means that if we take a machine check on: .L_cache_w2: movq 2*8(%rsi), %r10 then we don't have an exception table entry for this instruction and we can't recover. Fix: s/3/2/ Signed-off-by: Tony Luck Cc: Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 92b0729c34cab ("x86/mm, x86/mce: Add memcpy_mcsafe()") Link: http://lkml.kernel.org/r/1490046030-25862-1-git-send-email-tony.luck@intel.com Signed-off-by: Ingo Molnar arch/x86/lib/memcpy_64.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ca681ec860d6533b8debda4f6ab2e70e6d519d89 Author: Harald Freudenberger Date: Wed Mar 15 10:58:07 2017 +0100 s390/pkey: Fix wrong handling of secure key with old MKVP When a secure key with an old Master Key Verification Pattern was given to the pkey_findcard function, there was no responsible card found because only the current MKVP of each card was compared. With this fix also the old MKVP values are considered and so a matching card able to handle the key is reported back to the caller. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/pkey_api.c | 53 +++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 19 deletions(-) commit 0861b5a754fd5539f527b445aaa61538185c8264 Author: Heiko Carstens Date: Thu Mar 16 11:02:36 2017 +0100 s390/smp: fix ipl from cpu with non-zero address Commit af51160ebd3c ("s390/smp: initialize cpu_present_mask in setup_arch") initializes the cpu_present_mask much earlier than before. However the cpu detection code relies on the fact that iff logical cpu 0 is marked present then also the corresponding physical cpu address within the pcpu_devices array slot is valid. Since commit 44fd22992cb7 ("[PATCH] Register the boot-cpu in the cpu maps earlier") this assumption is not true anymore. The patch marks logical cpu 0 as present in common code without that architecture code had a chance to setup the logical to physical map. With that change the cpu detection code assumes that the physical cpu address of cpu 0 is also 0, which is not necessarily true. Subsequently the physical cpu address of the ipl cpu will be mapped to a different logical cpu. If that cpu is brought online later the ipl cpu will send itself an initial cpu reset sigp signal. This in turn completely resets the ipl cpu and the system stops working. A dump of such a system looks like a "store status" has been forgotten. But actually the kernel itself removed all traces which would allow to easily tell what went wrong. To fix this initialize the logical to physical cpu address already in smp_setup_processor_id(). In addition remove the initialization of the cpu_present_mask and cpu_online_mask for cpu 0, since that has already been done. Also add a sanity check, just in case common code will be changed again... The problem can be easily reproduced within a z/VM guest: > chcpu -d 0 > vmcp ipl Fixes: af51160ebd3c ("s390/smp: initialize cpu_present_mask in setup_arch") Reported-by: Sebastian Ott Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/smp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit d82c0d12c92705ef468683c9b7a8298dd61ed191 Author: Marcelo Henrique Cerri Date: Mon Mar 13 12:14:58 2017 -0300 s390/decompressor: fix initrd corruption caused by bss clear Reorder the operations in decompress_kernel() to ensure initrd is moved to a safe location before the bss section is zeroed. During decompression bss can overlap with the initrd and this can corrupt the initrd contents depending on the size of the compressed kernel (which affects where the initrd is placed by the bootloader) and the size of the bss section of the decompressor. Also use the correct initrd size when checking for overlaps with parmblock. Fixes: 06c0dd72aea3 ([S390] fix boot failures with compressed kernels) Cc: stable@vger.kernel.org Reviewed-by: Joy Latten Reviewed-by: Vineetha HariPai Signed-off-by: Marcelo Henrique Cerri Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/boot/compressed/misc.c | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) commit a5023a99393dab276069cd60dad3e61d57720fda Author: Peter Huewe Date: Fri Mar 17 00:28:56 2017 +0100 hwmon: Add missing HWMON_T_ALARM Unfortunately the HWMON_T_ALARM define was missing, although the associated entry was present in hwmon_temp_attributes. This is needed to convert drivers to the new interface which use channel based alarms. Signed-off-by: Peter Huewe Signed-off-by: Guenter Roeck include/linux/hwmon.h | 1 + 1 file changed, 1 insertion(+) commit 8358378b22518d92424597503d3c1cd302a490b6 Author: Guenter Roeck Date: Sun Mar 12 06:18:58 2017 -0700 hwmon: (it87) Avoid registering the same chip on both SIO addresses IT8705F is known to respond on both SIO addresses. Registering it twice may result in system lockups. Reported-by: Russell King Fixes: e84bd9535e2b ("hwmon: (it87) Add support for second Super-IO chip") Signed-off-by: Guenter Roeck drivers/hwmon/it87.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) commit dd7406dd334a98ada3ff5371847a3eeb4ba16313 Author: Alex Hemme Date: Tue Mar 7 14:38:29 2017 -0500 hwmon: (max31790) Set correct PWM value Traced fans not spinning to incorrect PWM value being written. The passed in value was written instead of the calulated value. Fixes: 54187ff9d766 ("hwmon: (max31790) Convert to use new hwmon registration API") Signed-off-by: Alex Hemme Signed-off-by: Guenter Roeck drivers/hwmon/max31790.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ea33c2c2051a266f68d9cd920c789cec828c8f11 Author: Quentin Schulz Date: Tue Mar 21 16:36:01 2017 +0100 ARM: sun8i: a33: add operating-points-v2 property to all nodes The OPP are declared as shared but no operating points are declared for cpu1, 2 and 3. Thus, the following error happens during the boot: cpu cpu1: dev_pm_opp_of_get_sharing_cpus: Couldn't find tcpu_dev node. This patch applies the operating points to each cpu of the A33. Fixes: 03749eb88e63 ("ARM: dts: sun8i: add opp-v2 table for A33") Signed-off-by: Quentin Schulz Acked-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard arch/arm/boot/dts/sun8i-a33.dtsi | 6 ++++++ 1 file changed, 6 insertions(+) commit ad4830051aac0b967add82ac168f49edf11f01a0 Author: Mike Travis Date: Tue Mar 21 18:16:47 2017 -0500 x86/platform/uv: Fix calculation of Global Physical Address The calculation of the global physical address (GPA) on UV4 is incorrect. The gnode_extra/upper global offset should only be applied for fixed address space systems (UV1..3). Tested-by: John Estabrook Signed-off-by: Mike Travis Cc: Dimitri Sivanich Cc: John Estabrook Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Russ Anderson Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170321231646.667689538@asylum.americas.sgi.com Signed-off-by: Ingo Molnar arch/x86/include/asm/uv/uv_hub.h | 8 +++++--- arch/x86/kernel/apic/x2apic_uv_x.c | 3 ++- 2 files changed, 7 insertions(+), 4 deletions(-) commit bc2d4b62db67f817b09c782219996630e9c2f5e2 Author: Changbin Du Date: Wed Mar 22 12:35:31 2017 +0800 drm/i915/gvt: Use force single submit flag to distinguish gvt request from i915 request In my previous Commit ab9da627906a ("drm/i915: make context status notifier head be per engine") rely on scheduler->current_workload[x] to distinguish gvt spacial request from i915 request. But this is not always true since no synchronization between workload_thread and lrc irq handler. lrc irq handler workload_thread ---- ---- pick i915 requests; intel_vgpu_submit_execlist(); current_workload[x] = xxx; shadow_context_status_change(); Then current_workload[x] is not null but current request is of i915 self. So instead we check ctx flag CONTEXT_FORCE_SINGLE_SUBMISSION. Only gvt request set this flag and always set. v2: Reverse the order of multi-condition 'if' statement. Fixes: ab9da6279 ("drm/i915: make context status notifier head be per engine") Signed-off-by: Changbin Du Reviewed-by: Yulei Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/scheduler.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 4071898bf0f4d79ff353db327af2a15123272548 Author: Tony Lindgren Date: Sun Mar 19 09:19:57 2017 -0700 net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 This gets qmicli working with the MDM6600 modem. Cc: Bjørn Mork Reviewed-by: Sebastian Reichel Tested-by: Sebastian Reichel Signed-off-by: Tony Lindgren Acked-by: Bjørn Mork Signed-off-by: David S. Miller drivers/net/usb/qmi_wwan.c | 4 ++++ 1 file changed, 4 insertions(+) commit e8f1f34a344d060eaf1918089369c4c1172a153b Author: Zi Shen Lim Date: Sun Mar 19 23:03:14 2017 -0700 selftests/bpf: fix broken build, take 2 Merge of 'linux-kselftest-4.11-rc1': 1. Partially removed use of 'test_objs' target, breaking force rebuild of BPFOBJ, introduced in commit d498f8719a09 ("bpf: Rebuild bpf.o for any dependency update"). Update target so dependency on BPFOBJ is restored. 2. Introduced commit 2047f1d8ba28 ("selftests: Fix the .c linking rule") which fixes order of LDLIBS. Commit d02d8986a768 ("bpf: Always test unprivileged programs") added libcap dependency into CFLAGS. Use LDLIBS instead to fix linking of test_verifier. 3. Introduced commit d83c3ba0b926 ("selftests: Fix selftests build to just build, not run tests"). Reordering the Makefile allows us to remove the 'all' target. Tested both: selftests/bpf$ make and selftests$ make TARGETS=bpf on Ubuntu 16.04.2. Signed-off-by: Zi Shen Lim Acked-by: Daniel Borkmann Tested-by: Daniel Borkmann Acked-by: Alexei Starovoitov Tested-by: Alexei Starovoitov Acked-by: Shuah Khan Signed-off-by: David S. Miller tools/testing/selftests/bpf/Makefile | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit 4ef1b2869447411ad3ef91ad7d4891a83c1a509a Author: Soheil Hassas Yeganeh Date: Sat Mar 18 17:03:00 2017 -0400 tcp: mark skbs with SCM_TIMESTAMPING_OPT_STATS SOF_TIMESTAMPING_OPT_STATS can be enabled and disabled while packets are collected on the error queue. So, checking SOF_TIMESTAMPING_OPT_STATS in sk->sk_tsflags is not enough to safely assume that the skb contains OPT_STATS data. Add a bit in sock_exterr_skb to indicate whether the skb contains opt_stats data. Fixes: 1c885808e456 ("tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING") Reported-by: JongHwan Kim Signed-off-by: Soheil Hassas Yeganeh Signed-off-by: Eric Dumazet Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller include/linux/errqueue.h | 2 ++ net/core/skbuff.c | 17 +++++++++++------ net/socket.c | 2 +- 3 files changed, 14 insertions(+), 7 deletions(-) commit 8605330aac5a5785630aec8f64378a54891937cc Author: Soheil Hassas Yeganeh Date: Sat Mar 18 17:02:59 2017 -0400 tcp: fix SCM_TIMESTAMPING_OPT_STATS for normal skbs __sock_recv_timestamp can be called for both normal skbs (for receive timestamps) and for skbs on the error queue (for transmit timestamps). Commit 1c885808e456 (tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING) assumes any skb passed to __sock_recv_timestamp are from the error queue, containing OPT_STATS in the content of the skb. This results in accessing invalid memory or generating junk data. To fix this, set skb->pkt_type to PACKET_OUTGOING for packets on the error queue. This is safe because on the receive path on local sockets skb->pkt_type is never set to PACKET_OUTGOING. With that, copy OPT_STATS from a packet, only if its pkt_type is PACKET_OUTGOING. Fixes: 1c885808e456 ("tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING") Reported-by: JongHwan Kim Signed-off-by: Soheil Hassas Yeganeh Signed-off-by: Eric Dumazet Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller net/core/skbuff.c | 10 ++++++++++ net/socket.c | 13 ++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) commit ff010472fb75670cb5c08671e820eeea3af59c87 Author: Viresh Kumar Date: Tue Mar 21 11:36:06 2017 +0530 cpufreq: Restore policy min/max limits on CPU online On CPU online the cpufreq core restores the previous governor (or the previous "policy" setting for ->setpolicy drivers), but it does not restore the min/max limits at the same time, which is confusing, inconsistent and real pain for users who set the limits and then suspend/resume the system (using full suspend), in which case the limits are reset on all CPUs except for the boot one. Fix this by making cpufreq_online() restore the limits when an inactive policy is brought online. The commit log and patch are inspired from Rafael's earlier work. Reported-by: Rafael J. Wysocki Signed-off-by: Viresh Kumar Cc: 4.3+ # 4.3+ Signed-off-by: Rafael J. Wysocki drivers/cpufreq/cpufreq.c | 3 +++ 1 file changed, 3 insertions(+) commit 23bb09cfbe04076ef647da3889a5a5ab6cbe6f15 Author: Xin Long Date: Sat Mar 18 20:03:59 2017 +0800 sctp: out_qlen should be updated when pruning unsent queue This patch is to fix the issue that sctp_prsctp_prune_sent forgot to update q->out_qlen when removing a chunk from unsent queue. Fixes: 8dbdf1f5b09c ("sctp: implement prsctp PRIO policy") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/outqueue.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 1f904495b79003cd3d881de8731377d48fcbc7e3 Author: Xin Long Date: Sat Mar 18 19:27:23 2017 +0800 sctp: define dst_pending_confirm as a bit in sctp_transport As tp->dst_pending_confirm's value can only be set 0 or 1, this patch is to change to define it as a bit instead of __u32. Signed-off-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller include/net/sctp/structs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 486a43db2e26b87125b5629e1ade516f90833934 Author: Xin Long Date: Sat Mar 18 19:12:22 2017 +0800 sctp: remove temporary variable confirm from sctp_packet_transmit Commit c86a773c7802 ("sctp: add dst_pending_confirm flag") introduced a temporary variable "confirm" in sctp_packet_transmit. But it broke the rule that longer lines should be above shorter ones. Besides, this variable is not necessary, so this patch is to just remove it and use tp->dst_pending_confirm directly. Fixes: c86a773c7802 ("sctp: add dst_pending_confirm flag") Signed-off-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/output.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 3dc857f0e8fc22610a59cbb346ba62c6e921863f Author: David Ahern Date: Fri Mar 17 16:07:11 2017 -0700 net: vrf: Reset rt6i_idev in local dst after put The VRF driver takes a reference to the inet6_dev on the VRF device for its rt6_local dst when handling local traffic through the VRF device as a loopback. When the device is deleted the driver does a put on the idev but does not reset rt6i_idev in the rt6_info struct. When the dst is destroyed, dst_destroy calls ip6_dst_destroy which does a second put for what is essentially the same reference causing it to be prematurely freed. Reset rt6i_idev after the put in the vrf driver. Fixes: b4869aa2f881e ("net: vrf: ipv6 support for local traffic to local addresses") Signed-off-by: David Ahern Signed-off-by: David S. Miller drivers/net/vrf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 13e2d5187f6b965ba3556caedb914baf81b98ed2 Author: Dan Carpenter Date: Fri Mar 17 23:52:35 2017 +0300 bna: integer overflow bug in debugfs We could allocate less memory than intended because we do: bnad->regdata = kzalloc(len << 2, GFP_KERNEL); The shift can overflow leading to a crash. This is debugfs code so the impact is very small. Fixes: 7afc5dbde091 ("bna: Add debugfs interface.") Signed-off-by: Dan Carpenter Acked-by: Rasesh Mody Signed-off-by: David S. Miller drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6479ca8e59d1df54f8406e4c604bc2bf47241b2b Merge: 6014ce8 60b89f1 Author: Olof Johansson Date: Tue Mar 21 17:32:54 2017 -0700 Merge tag 'at91-ab-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux into fixes Fixes for 4.11: - Fix USB host for sama5d2 - Fix cpuidle on sama5 * tag 'at91-ab-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: ARM: at91: pm: cpu_idle: switch DDR to power-down mode Revert "ARM: at91/dt: sama5d2: Use new compatible for ohci node" Signed-off-by: Olof Johansson commit 6014ce8559934580c919485fdc96b4d2d4b18c12 Merge: 2b25930 0ca10b6 Author: Olof Johansson Date: Tue Mar 21 17:30:51 2017 -0700 Merge tag 'reset-fixes-for-4.11' of git://git.pengutronix.de/git/pza/linux into fixes Reset controller fixes for v4.11 Fix optional reset_control_get_stubs to return NULL and remove warnings from reset_control_* stubs. This fixes commit bb475230b8e5 ("reset: make optional functions really optional"), which was merged in reset-for-4.11, and would cause consumer drivers depending on the new behaviour of optional resets to fail probing if RESET_CONTROLLER Kconfig option is disabled. * tag 'reset-fixes-for-4.11' of git://git.pengutronix.de/git/pza/linux: reset: fix optional reset_control_get stubs to return NULL Signed-off-by: Olof Johansson commit 2b259300d2641101847e4ad9ad1723525ad9c476 Merge: fe64ccb 9693219 Author: Olof Johansson Date: Tue Mar 21 17:30:16 2017 -0700 Merge tag 'sunxi-fixes-for-4.11' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into fixes Allwinner fixes for 4.11 A bunch of device tree fixes for various boards / SoCs. * tag 'sunxi-fixes-for-4.11' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux: ARM: sun8i: a23/a33: drop bl_en_pin GPIO pinmux in reference design DTSI ARM: dts: sun7i: lamobo-r1: Fix CPU port RGMII settings ARM: sun8i: Fix the mali clock rate Signed-off-by: Olof Johansson commit fe64ccb2f539defc662523b61eae69fd184afde0 Merge: 42d5d46 12aff99 Author: Olof Johansson Date: Tue Mar 21 17:29:50 2017 -0700 Merge tag 'imx-fixes-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes i.MX fixes for 4.11: - A fix to reboot hang seen on imx6sx-udoo-neo board, by removing arm-supply and soc-supply and using LDO enabled mode. * tag 'imx-fixes-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: ARM: dts: imx6sx-udoo-neo: Fix reboot hang Signed-off-by: Olof Johansson commit 6bd845d1cf98b45c634baacb8381436dad3c2dd0 Author: Bjørn Mork Date: Fri Mar 17 17:20:48 2017 +0100 qmi_wwan: add Dell DW5811e This is a Dell branded Sierra Wireless EM7455. It is operating in MBIM mode by default, but can be configured to provide two QMI/RMNET functions. Signed-off-by: Bjørn Mork Signed-off-by: David S. Miller drivers/net/usb/qmi_wwan.c | 2 ++ 1 file changed, 2 insertions(+) commit aea92fb2e09e29653b023d4254ac9fbf94221538 Author: Eric Dumazet Date: Fri Mar 17 08:05:28 2017 -0700 sch_dsmark: fix invalid skb_cow() usage skb_cow(skb, sizeof(ip header)) is not very helpful in this context. First we need to use pskb_may_pull() to make sure the ip header is in skb linear part, then use skb_try_make_writable() to address clones issues. Fixes: 4c30719f4f55 ("[PKT_SCHED] dsmark: handle cloned and non-linear skb's") Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/sched/sch_dsmark.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 09050957fae896e001498af1aa35c446a11cb47d Author: Yaroslav Isakov Date: Thu Mar 16 22:44:10 2017 +0300 tun: fix inability to set offloads after disabling them via ethtool Added missing logic in tun driver, which prevents apps to set offloads using tun ioctl, if offloads were previously disabled via ethtool Signed-off-by: Yaroslav Isakov Signed-off-by: David S. Miller drivers/net/tun.c | 2 ++ 1 file changed, 2 insertions(+) commit 7df9c24625b9981779afb8fcdbe2bb4765e61147 Author: Andrey Ulanov Date: Tue Mar 14 20:16:42 2017 -0700 net: unix: properly re-increment inflight counter of GC discarded candidates Dmitry has reported that a BUG_ON() condition in unix_notinflight() may be triggered by a simple code that forwards unix socket in an SCM_RIGHTS message. That is caused by incorrect unix socket GC implementation in unix_gc(). The GC first collects list of candidates, then (a) decrements their "children's" inflight counter, (b) checks which inflight counters are now 0, and then (c) increments all inflight counters back. (a) and (c) are done by calling scan_children() with inc_inflight or dec_inflight as the second argument. Commit 6209344f5a37 ("net: unix: fix inflight counting bug in garbage collector") changed scan_children() such that it no longer considers sockets that do not have UNIX_GC_CANDIDATE flag. It also added a block of code that that unsets this flag _before_ invoking scan_children(, dec_iflight, ). This may lead to incorrect inflight counters for some sockets. This change fixes this bug by changing order of operations: UNIX_GC_CANDIDATE is now unset only after all inflight counters are restored to the original state. kernel BUG at net/unix/garbage.c:149! RIP: 0010:[] [] unix_notinflight+0x3b4/0x490 net/unix/garbage.c:149 Call Trace: [] unix_detach_fds.isra.19+0xff/0x170 net/unix/af_unix.c:1487 [] unix_destruct_scm+0xf9/0x210 net/unix/af_unix.c:1496 [] skb_release_head_state+0x101/0x200 net/core/skbuff.c:655 [] skb_release_all+0x1a/0x60 net/core/skbuff.c:668 [] __kfree_skb+0x1a/0x30 net/core/skbuff.c:684 [] kfree_skb+0x184/0x570 net/core/skbuff.c:705 [] unix_release_sock+0x5b5/0xbd0 net/unix/af_unix.c:559 [] unix_release+0x49/0x90 net/unix/af_unix.c:836 [] sock_release+0x92/0x1f0 net/socket.c:570 [] sock_close+0x1b/0x20 net/socket.c:1017 [] __fput+0x34e/0x910 fs/file_table.c:208 [] ____fput+0x1a/0x20 fs/file_table.c:244 [] task_work_run+0x1a0/0x280 kernel/task_work.c:116 [< inline >] exit_task_work include/linux/task_work.h:21 [] do_exit+0x183a/0x2640 kernel/exit.c:828 [] do_group_exit+0x14e/0x420 kernel/exit.c:931 [] get_signal+0x663/0x1880 kernel/signal.c:2307 [] do_signal+0xc5/0x2190 arch/x86/kernel/signal.c:807 [] exit_to_usermode_loop+0x1ea/0x2d0 arch/x86/entry/common.c:156 [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190 [] syscall_return_slowpath+0x4d3/0x570 arch/x86/entry/common.c:259 [] entry_SYSCALL_64_fastpath+0xc4/0xc6 Link: https://lkml.org/lkml/2017/3/6/252 Signed-off-by: Andrey Ulanov Reported-by: Dmitry Vyukov Fixes: 6209344 ("net: unix: fix inflight counting bug in garbage collector") Signed-off-by: David S. Miller net/unix/garbage.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 0be032c190abcdcfa948082b6a1e0d461184ba4d Author: Huacai Chen Date: Thu Mar 16 21:00:29 2017 +0800 MIPS: c-r4k: Fix Loongson-3's vcache/scache waysize calculation If scache.waysize is 0, r4k___flush_cache_all() will do nothing and then cause bugs. BTW, though vcache.waysize isn't being used by now, we also fix its calculation. Signed-off-by: Huacai Chen Cc: John Crispin Cc: Steven J . Hill Cc: Fuxin Zhang Cc: Zhangjin Wu Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15756/ Signed-off-by: Ralf Baechle arch/mips/mm/c-r4k.c | 2 ++ 1 file changed, 2 insertions(+) commit a59d376d9e4d2f9284e046a26dd7790a6781b00e Merge: 8a0f5cc 380feae Author: David S. Miller Date: Tue Mar 21 14:41:47 2017 -0700 Merge branch 'vsock-pkt-cancel' Peng Tao says: ==================== vsock: cancel connect packets when failing to connect Currently, if a connect call fails on a signal or timeout (e.g., guest is still in the process of starting up), we'll just return to caller and leave the connect packet queued and they are sent even though the connection is considered a failure, which can confuse applications with unwanted false connect attempt. The patchset enables vsock (both host and guest) to cancel queued packets when a connect attempt is considered to fail. v5 changelog: - change virtio_vsock_pkt->cancel_token back to virtio_vsock_pkt->vsk v4 changelog: - drop two unnecessary void * cast - update new callback comment v3 changelog: - define cancel_pkt callback in struct vsock_transport rather than struct virtio_transport - rename virtio_vsock_pkt->vsk to virtio_vsock_pkt->cancel_token v2 changelog: - fix queued_replies counting and resume tx/rx when necessary ==================== Signed-off-by: David S. Miller commit 380feae0def7e6a115124a3219c3ec9b654dca32 Author: Peng Tao Date: Wed Mar 15 09:32:17 2017 +0800 vsock: cancel packets when failing to connect Otherwise we'll leave the packets queued until releasing vsock device. E.g., if guest is slow to start up, resulting ETIMEDOUT on connect, guest will get the connect requests from failed host sockets. Reviewed-by: Stefan Hajnoczi Reviewed-by: Jorgen Hansen Signed-off-by: Peng Tao Signed-off-by: David S. Miller net/vmw_vsock/af_vsock.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 073b4f2c50fe67c7c66a059a4d6db52bb1465490 Author: Peng Tao Date: Wed Mar 15 09:32:16 2017 +0800 vsock: add pkt cancel capability Reviewed-by: Stefan Hajnoczi Signed-off-by: Peng Tao Signed-off-by: David S. Miller net/vmw_vsock/virtio_transport.c | 42 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) commit 16320f363ae128d9b9c70e60f00f2a572f57c23d Author: Peng Tao Date: Wed Mar 15 09:32:15 2017 +0800 vhost-vsock: add pkt cancel capability To allow canceling all packets of a connection. Reviewed-by: Stefan Hajnoczi Reviewed-by: Jorgen Hansen Signed-off-by: Peng Tao Signed-off-by: David S. Miller drivers/vhost/vsock.c | 41 +++++++++++++++++++++++++++++++++++++++++ include/net/af_vsock.h | 3 +++ 2 files changed, 44 insertions(+) commit 36d277bac8080202684e67162ebb157f16631581 Author: Peng Tao Date: Wed Mar 15 09:32:14 2017 +0800 vsock: track pkt owner vsock So that we can cancel a queued pkt later if necessary. Signed-off-by: Peng Tao Signed-off-by: David S. Miller include/linux/virtio_vsock.h | 3 +++ net/vmw_vsock/virtio_transport_common.c | 7 +++++++ 2 files changed, 10 insertions(+) commit 8a0f5ccfb33b0b8b51de65b7b3bf342ba10b4fb6 Author: Herbert Xu Date: Tue Mar 14 18:25:57 2017 +0800 crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex On Tue, Mar 14, 2017 at 10:44:10AM +0100, Dmitry Vyukov wrote: > > Yes, please. > Disregarding some reports is not a good way long term. Please try this patch. ---8<--- Subject: netlink: Annotate nlk cb_mutex by protocol Currently all occurences of nlk->cb_mutex are annotated by lockdep as a single class. This causes a false lcokdep cycle involving genl and crypto_user. This patch fixes it by dividing cb_mutex into individual classes based on the netlink protocol. As genl and crypto_user do not use the same netlink protocol this breaks the false dependency loop. Reported-by: Dmitry Vyukov Signed-off-by: Herbert Xu Signed-off-by: David S. Miller net/netlink/af_netlink.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) commit 98d068ab52b4b11d403995ed14154660797e7136 Author: hayeswang Date: Tue Mar 14 14:15:20 2017 +0800 r8152: fix the list rx_done may be used without initialization The list rx_done would be initialized when the linking on occurs. Therefore, if a napi is scheduled without any linking on before, the following kernel panic would happen. BUG: unable to handle kernel NULL pointer dereference at 000000000000008 IP: [] r8152_poll+0xe1e/0x1210 [r8152] PGD 0 Oops: 0002 [#1] SMP Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 1 + 1 file changed, 1 insertion(+) commit ad0a45fd9c14feebd000b6e84189d0edff265170 Author: Vaidyanathan Srinivasan Date: Sun Mar 19 00:51:59 2017 +0530 cpuidle: Validate cpu_dev in cpuidle_add_sysfs() If a given cpu is not in cpu_present and cpu hotplug is disabled, arch can skip setting up the cpu_dev. Arch cpuidle driver should pass correct cpu mask for registration, but failing to do so by the driver causes error to propagate and crash like this: [ 30.076045] Unable to handle kernel paging request for data at address 0x00000048 [ 30.076100] Faulting instruction address: 0xc0000000007b2f30 cpu 0x4d: Vector: 300 (Data Access) at [c000003feb18b670] pc: c0000000007b2f30: kobject_get+0x20/0x70 lr: c0000000007b3c94: kobject_add_internal+0x54/0x3f0 sp: c000003feb18b8f0 msr: 9000000000009033 dar: 48 dsisr: 40000000 current = 0xc000003fd2ed8300 paca = 0xc00000000fbab500 softe: 0 irq_happened: 0x01 pid = 1, comm = swapper/0 Linux version 4.11.0-rc2-svaidy+ (sv@sagarika) (gcc version 6.2.0 20161005 (Ubuntu 6.2.0-5ubuntu12) ) #10 SMP Sun Mar 19 00:08:09 IST 2017 enter ? for help [c000003feb18b960] c0000000007b3c94 kobject_add_internal+0x54/0x3f0 [c000003feb18b9f0] c0000000007b43a4 kobject_init_and_add+0x64/0xa0 [c000003feb18ba70] c000000000e284f4 cpuidle_add_sysfs+0xb4/0x130 [c000003feb18baf0] c000000000e26038 cpuidle_register_device+0x118/0x1c0 [c000003feb18bb30] c000000000e26c48 cpuidle_register+0x78/0x120 [c000003feb18bbc0] c00000000168fd9c powernv_processor_idle_init+0x110/0x1c4 [c000003feb18bc40] c00000000000cff8 do_one_initcall+0x68/0x1d0 [c000003feb18bd00] c0000000016242f4 kernel_init_freeable+0x280/0x360 [c000003feb18bdc0] c00000000000d864 kernel_init+0x24/0x160 [c000003feb18be30] c00000000000b4e8 ret_from_kernel_thread+0x5c/0x74 Validating cpu_dev fixes the crash and reports correct error message like: [ 30.163506] Failed to register cpuidle device for cpu136 [ 30.173329] Registration of powernv driver failed. Signed-off-by: Vaidyanathan Srinivasan [ rjw: Comment massage ] Signed-off-by: Rafael J. Wysocki drivers/cpuidle/sysfs.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 64897b20eed29cee2b998fb5ba362e65523dba3c Author: Rafael J. Wysocki Date: Tue Mar 21 22:19:07 2017 +0100 cpufreq: intel_pstate: Fix policy data management in passive mode The policy->cpuinfo.max_freq and policy->max updates in intel_cpufreq_turbo_update() are excessive as they are done for no good reason and may lead to problems in principle, so they should be dropped. However, after dropping them intel_cpufreq_turbo_update() becomes almost entirely pointless, because the check made by it is made again down the road in intel_pstate_prepare_request(). The only thing in it that still needs to be done is the call to update_turbo_state(), so drop intel_cpufreq_turbo_update() altogether and make its callers invoke update_turbo_state() directly instead of it. In addition to that, fix intel_cpufreq_verify_policy() so that it checks global.no_turbo in addition to global.turbo_disabled when updating policy->cpuinfo.max_freq to make it consistent with intel_pstate_verify_policy(). Fixes: 001c76f05b01 (cpufreq: intel_pstate: Generic governors support) Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 29 ++++++----------------------- 1 file changed, 6 insertions(+), 23 deletions(-) commit 093b995e3b55a0ae0670226ddfcb05bfbf0099ae Author: Huang Ying Date: Mon Mar 20 14:26:42 2017 +0800 mm, swap: Remove WARN_ON_ONCE() in free_swap_slot() Before commit 452b94b8c8c7 ("mm/swap: don't BUG_ON() due to uninitialized swap slot cache"), the following bug is reported, ------------[ cut here ]------------ kernel BUG at mm/swap_slots.c:270! invalid opcode: 0000 [#1] SMP CPU: 5 PID: 1745 Comm: (sd-pam) Not tainted 4.11.0-rc1-00243-g24c534bb161b #1 Hardware name: System manufacturer System Product Name/Z170-K, BIOS 1803 05/06/2016 RIP: 0010:free_swap_slot+0xba/0xd0 Call Trace: swap_free+0x36/0x40 do_swap_page+0x360/0x6d0 __handle_mm_fault+0x880/0x1080 handle_mm_fault+0xd0/0x240 __do_page_fault+0x232/0x4d0 do_page_fault+0x20/0x70 page_fault+0x22/0x30 ---[ end trace aefc9ede53e0ab21 ]--- This is raised by the BUG_ON(!swap_slot_cache_initialized) in free_swap_slot(). This is incorrect, because even if the swap slots cache fails to be initialized, the swap should operate properly without the swap slots cache. And the use_swap_slot_cache check later in the function will protect the uninitialized swap slots cache case. In commit 452b94b8c8c7, the BUG_ON() is replaced by WARN_ON_ONCE(). In the patch, the WARN_ON_ONCE() is removed too. Reported-by: Linus Torvalds Acked-by: Tim Chen Cc: Michal Hocko Signed-off-by: "Huang, Ying" Signed-off-by: Linus Torvalds mm/swap_slots.c | 2 -- 1 file changed, 2 deletions(-) commit 0115f6cbf26663c86496bc56eeea293f85b77897 Author: Huacai Chen Date: Thu Mar 16 21:00:27 2017 +0800 MIPS: Flush wrong invalid FTLB entry for huge page On VTLB+FTLB platforms (such as Loongson-3A R2), FTLB's pagesize is usually configured the same as PAGE_SIZE. In such a case, Huge page entry is not suitable to write in FTLB. Unfortunately, when a huge page is created, its page table entries haven't created immediately. Then the TLB refill handler will fetch an invalid page table entry which has no "HUGE" bit, and this entry may be written to FTLB. Since it is invalid, TLB load/store handler will then use tlbwi to write the valid entry at the same place. However, the valid entry is a huge page entry which isn't suitable for FTLB. Our solution is to modify build_huge_handler_tail. Flush the invalid old entry (whether it is in FTLB or VTLB, this is in order to reduce branches) and use tlbwr to write the valid new entry. Signed-off-by: Rui Wang Signed-off-by: Huacai Chen Cc: John Crispin Cc: Steven J . Hill Cc: Fuxin Zhang Cc: Zhangjin Wu Cc: Huacai Chen Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15754/ Signed-off-by: Ralf Baechle arch/mips/mm/tlbex.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) commit 5a34133167dce36666ea054e30a561b7f4413b7f Author: Huacai Chen Date: Thu Mar 16 21:00:26 2017 +0800 MIPS: Check TLB before handle_ri_rdhwr() for Loongson-3 Loongson-3's micro TLB (ITLB) is not strictly a subset of JTLB. That means: when a JTLB entry is replaced by hardware, there may be an old valid entry exists in ITLB. So, a TLB miss exception may occur while handle_ri_rdhwr() is running because it try to access EPC's content. However, handle_ri_rdhwr() doesn't clear EXL, which makes a TLB Refill exception be treated as a TLB Invalid exception and tlbp may fail. In this case, if FTLB (which is usually set-associative instead of set- associative) is enabled, a tlbp failure will cause an invalid tlbwi, which will hang the whole system. This patch rename handle_ri_rdhwr_vivt to handle_ri_rdhwr_tlbp and use it for Loongson-3. It try to solve the same problem described as below, but more straightforwards. https://patchwork.linux-mips.org/patch/12591/ I think Loongson-2 has the same problem, but it has no FTLB, so we just keep it as is. Signed-off-by: Huacai Chen Cc: Rui Wang Cc: John Crispin Cc: Steven J . Hill Cc: Fuxin Zhang Cc: Zhangjin Wu Cc: Huacai Chen Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15753/ Signed-off-by: Ralf Baechle arch/mips/kernel/genex.S | 4 ++-- arch/mips/kernel/traps.c | 17 +++++++++++++---- 2 files changed, 15 insertions(+), 6 deletions(-) commit 033cffeedbd11c140952b98e8639bf652091a17d Author: Huacai Chen Date: Thu Mar 16 21:00:25 2017 +0800 MIPS: Add MIPS_CPU_FTLB for Loongson-3A R2 Loongson-3A R2 and newer CPU have FTLB, but Config0.MT is 1, so add MIPS_CPU_FTLB to the CPU options. Signed-off-by: Huacai Chen Cc: John Crispin Cc: Steven J . Hill Cc: Fuxin Zhang Cc: Zhangjin Wu Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15752/ Signed-off-by: Ralf Baechle arch/mips/kernel/cpu-probe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6ef90877eee63a0d03e83183bb44b64229b624e6 Author: Hauke Mehrtens Date: Wed Mar 15 23:26:42 2017 +0100 MIPS: Lantiq: fix missing xbar kernel panic Commit 08b3c894e565 ("MIPS: lantiq: Disable xbar fpi burst mode") accidentally requested the resources from the pmu address region instead of the xbar registers region, but the check for the return value of request_mem_region() was wrong. Commit 98ea51cb0c8c ("MIPS: Lantiq: Fix another request_mem_region() return code check") fixed the check of the return value of request_mem_region() which made the kernel panics. This patch now makes use of the correct memory region for the cross bar. Fixes: 08b3c894e565 ("MIPS: lantiq: Disable xbar fpi burst mode") Signed-off-by: Hauke Mehrtens Cc: John Crispin Cc: james.hogan@imgtec.com Cc: arnd@arndb.de Cc: sergei.shtylyov@cogentembedded.com Cc: john@phrozen.org Cc: # 4.4.x- Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15751 Signed-off-by: Ralf Baechle arch/mips/lantiq/xway/sysctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1f02071358301e376f5a54e40531db37a1d7c7ab Merge: 2c867ac ca4a213 Author: Linus Torvalds Date: Tue Mar 21 13:10:17 2017 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Nine small fixes: the biggest is probably finally sorting out Kconfig issues with lpfc nvme. There are some performance fixes for megaraid and hpsa and a static checker fix" [ Johannes Thumshirn points out that there still seems to be more lpfc vs nvme config issues. Oh well. - Linus ] * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: lpfc: Finalize Kconfig options for nvme scsi: ufs: don't check unsigned type for a negative value scsi: hpsa: do not timeout reset operations scsi: hpsa: limit outstanding rescans scsi: hpsa: update check for logical volume status scsi: megaraid_sas: Driver version upgrade scsi: megaraid_sas: raid6 also require cpuSel check same as raid5 scsi: megaraid_sas: add correct return type check for ldio hint logic for raid1 scsi: megaraid_sas: enable intx only if msix request fails commit 2c867ac3957de0f7b6886d1d9ce7d4dafd3c7b33 Merge: 4719177 6e5364f Author: Linus Torvalds Date: Tue Mar 21 13:07:18 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - regression fixes for Wacom devices, from Aaron Armstrong Skomra and Ping Cheng - memory leak in hid-sony driver from Roderick Colenbrander - new device IDs support from Oscar Campos and Daniel Drake * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: wacom: generic: Wacom mouse is only provided for opaque tablets HID: corsair: Add driver Scimitar Pro RGB gaming mouse 1b1c:1b3e support to hid-corsair HID: corsair: support for K65-K70 Rapidfire and Scimitar Pro RGB HID: wacom: don't manually release resources for the EKR HID: wacom: Correct Intuos Pro 2 resolution HID: sony: Fix input device leak when connecting a DS4 twice using USB/BT HID: chicony: Add support for another ASUS Zen AiO keyboard commit 47191777804faf0560af9ba33b3871b4c4039c9c Merge: 8a01150 2cd29f2 Author: Linus Torvalds Date: Tue Mar 21 13:01:53 2017 -0700 Merge tag 'gpio-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO fixes from Linus Walleij: "Here is the first set of GPIO fixes for 4.11. It was delayed a bit beacuse I was chicken when linux-next was not rotating last week. This hits the ST serial driver in drivers/tty/serial and that has an ACK from Greg, he suggested to keep the old GPIO fwnode API around to smoothen things in the merge Windod and those have now served their purpose so we take them out and convert the last driver to the new API. Apart from that it's fixes as usual. Summary: - set the parent on the Altera A10SR driver, also fix high level IRQs. - fix error path on the mockup driver. - compilation noise about unused functions fixed. - fix missed interrupts on the MCP23S08 expander, this is also tagged for stable. - retire the interrim helpers devm_get_gpiod_from_child() used to smoothen merging in the merge window" * tag 'gpio-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio:mcp23s08 Fixed missing interrupts serial: st-asc: Use new GPIOD API to obtain RTS pin gpio: altera: Use handle_level_irq when configured as a level_high gpio: xgene: mark PM functions as __maybe_unused gpio: mockup: return -EFAULT if copy_from_user() fails gpio: altera-a10sr: Set gpio_chip parent property commit 8a011508409a6f3064e4e53ea62c8c0bda1bd31f Merge: 689b957 c3104aa Author: Linus Torvalds Date: Tue Mar 21 12:54:12 2017 -0700 Merge tag 'rproc-v4.11-fixes' of git://github.com/andersson/remoteproc Pull remoteproc fix from Bjorn Andersson: "This fixes a Kbuild dependency issue related to the Qualcomm remoteproc drivers" * tag 'rproc-v4.11-fixes' of git://github.com/andersson/remoteproc: remoteproc: qcom: fix QCOM_SMD dependencies commit fb2155e3c30dc2043b52020e26965067a3e7779c Author: Matt Redfearn Date: Tue Mar 21 14:39:19 2017 +0000 MIPS: smp-cps: Fix retrieval of VPE mask on big endian CPUs The vpe_mask member of struct core_boot_config is of type atomic_t, which is a 32bit type. In cps-vec.S this member was being retrieved by a PTR_L macro, which on 64bit systems is a 64bit load. On little endian systems this is OK, since the double word that is retrieved will have the required less significant word in the correct position. However, on big endian systems the less significant word of the load is retrieved from address+4, and the more significant from address+0. The destination register therefore ends up with the required word in the more significant word e.g. when starting the second VP of a big endian 64bit system, the load PTR_L ta2, COREBOOTCFG_VPEMASK(a0) ends up setting register ta2 to 0x0000000300000000 When this value is written to the CPC it is ignored, since it is invalid to write anything larger than 4 bits. This results in any VP other than VP0 in a core failing to start in 64bit big endian systems. Change the load to a 32bit load word instruction to fix the bug. Fixes: f12401d7219f ("MIPS: smp-cps: Pull boot config retrieval out of mips_cps_boot_vpes") Signed-off-by: Matt Redfearn Cc: Paul Burton Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15787/ Signed-off-by: Ralf Baechle arch/mips/kernel/cps-vec.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 689b957baf4412f8d737ce67b6d07cab043becd3 Merge: 97da385 7041d5d Author: Linus Torvalds Date: Tue Mar 21 12:27:06 2017 -0700 Merge tag 'for-f2fs-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs Pull f2fs fixes from Jaegeuk Kim: - fix performance regression reported by lkp-rebot - fix potential data lost after power-cut due to SSR reallocation * tag 'for-f2fs-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: f2fs: combine nat_bits and free_nid_bitmap cache f2fs: skip scanning free nid bitmap of full NAT blocks f2fs: use __set{__clear}_bit_le f2fs: declare static functions f2fs: don't overwrite node block by SSR commit 65b1adebfe43c642dfe3b109edb5d992db5fbe72 Author: Alex Williamson Date: Tue Mar 21 13:19:09 2017 -0600 vfio: Rework group release notifier warning The intent of the original warning is make sure that the mdev vendor driver has removed any group notifiers at the point where the group is closed by the user. Theoretically this would be through an orderly shutdown where any devices are release prior to the group release. We can't always count on an orderly shutdown, the user can close the group before the notifier can be removed or the user task might be killed. We'd like to add this sanity test when the group is idle and the only references are from the devices within the group themselves, but we don't have a good way to do that. Instead check both when the group itself is removed and when the group is opened. A bit later than we'd prefer, but better than the current over aggressive approach. Fixes: ccd46dbae77d ("vfio: support notifier chain in vfio_group") Signed-off-by: Alex Williamson Cc: # v4.10 Cc: Jike Song drivers/vfio/vfio.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 713cc9df6473f0cc8d699987d990482d432c0679 Author: Will Deacon Date: Tue Mar 21 18:04:26 2017 +0000 arm64: compat: Update compat syscalls Hook up three pkey syscalls (which we don't implement) and the new statx syscall, as has been done for arch/arm/. Signed-off-by: Will Deacon arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) commit 9be3213b14d44f6328281941193d97f3b97e7d4c Author: Nicolas Iooss Date: Mon Mar 13 20:33:41 2017 +0100 gconfig: remove misleading parentheses around a condition When building the kernel with clang, the compiler complains about the presence of a condition inside two pairs of parentheses: scripts/kconfig/gconf.c:917:19: error: equality comparison with extraneous parentheses [-Werror,-Wparentheses-equality] } else if ((col == COL_OPTION)) { ~~~~^~~~~~~~~~~~~ scripts/kconfig/gconf.c:917:19: note: remove extraneous parentheses around the comparison to silence this warning } else if ((col == COL_OPTION)) { ~ ^ ~ scripts/kconfig/gconf.c:917:19: note: use '=' to turn this equality comparison into an assignment } else if ((col == COL_OPTION)) { ^~ = Silence this warning by removing a level of parentheses. Signed-off-by: Nicolas Iooss Signed-off-by: Masahiro Yamada scripts/kconfig/gconf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7292ae3d5a18fb922be496e6bb687647193569b4 Author: Gleb Fotengauer-Malinovskiy Date: Mon Mar 20 20:15:53 2017 +0300 jump label: fix passing kbuild_cflags when checking for asm goto support The latest change of asm goto support check added passing of KBUILD_CFLAGS to compiler. When these flags reference gcc plugins that are not built yet, the check fails. When one runs "make bzImage" followed by "make modules", the kernel is always built with HAVE_JUMP_LABEL disabled, while the modules are built depending on CONFIG_JUMP_LABEL. If HAVE_JUMP_LABEL macro happens to be different, modules are built with undefined references, e.g.: ERROR: "static_key_slow_inc" [net/netfilter/xt_TEE.ko] undefined! ERROR: "static_key_slow_dec" [net/netfilter/xt_TEE.ko] undefined! ERROR: "static_key_slow_dec" [net/netfilter/nft_meta.ko] undefined! ERROR: "static_key_slow_inc" [net/netfilter/nft_meta.ko] undefined! ERROR: "nf_hooks_needed" [net/netfilter/ipvs/ip_vs.ko] undefined! ERROR: "nf_hooks_needed" [net/ipv6/ipv6.ko] undefined! ERROR: "static_key_count" [net/ipv6/ipv6.ko] undefined! ERROR: "static_key_slow_inc" [net/ipv6/ipv6.ko] undefined! This change moves the check before all these references are added to KBUILD_CFLAGS. This is correct because subsequent KBUILD_CFLAGS modifications are not relevant to this check. Reported-by: Anton V. Boyarshinov Fixes: 35f860f9ba6a ("jump label: pass kbuild_cflags when checking for asm goto support") Cc: stable@vger.kernel.org # v4.10 Signed-off-by: Gleb Fotengauer-Malinovskiy Signed-off-by: Dmitry V. Levin Acked-by: Steven Rostedt (VMware) Acked-by: David Lin Signed-off-by: Masahiro Yamada Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 0ca10b60ceeb5372da01798ca68c116ae45a6eb6 Author: Philipp Zabel Date: Mon Mar 20 11:25:16 2017 +0100 reset: fix optional reset_control_get stubs to return NULL When RESET_CONTROLLER is not enabled, the optional reset_control_get stubs should now also return NULL. Since it is now valid for reset_control_assert/deassert/reset/status/put to be called unconditionally, with NULL as an argument for optional resets, the stubs are not allowed to warn anymore. Fixes: bb475230b8e5 ("reset: make optional functions really optional") Reported-by: Andrzej Hajda Tested-by: Andrzej Hajda Reviewed-by: Andrzej Hajda Cc: Ramiro Oliveira Signed-off-by: Philipp Zabel include/linux/reset.h | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit a457d08e117e7d228588cb673d061ea58a0c8b2f Merge: efd4b81 945dd5b Author: Jens Axboe Date: Tue Mar 21 11:03:53 2017 -0600 Merge branch 'nvme-4.11-rc' of git://git.infradead.org/nvme into for-linus Sagi writes: This consists of some fixes for issues reported lately: - loop and rdma host driver cpu hotplug fixes - fix loop use-after-free - nvmet percpu_ref confirmation fix to fail ongoing requests - nvmet-rdma fix a non-initialized commands deref commit 945dd5bacc8978439af276976b5dcbbd42333dbc Author: Sagi Grimberg Date: Mon Mar 13 13:27:51 2017 +0200 nvme-loop: handle cpu unplug when re-establishing the controller If a cpu unplug event has occured, we need to take the minimum of the provided nr_io_queues and the number of online cpus, otherwise we won't be able to connect them as blk-mq mapping won't dispatch to those queues. Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/target/loop.c | 88 ++++++++++++++++++++++++++-------------------- 1 file changed, 50 insertions(+), 38 deletions(-) commit c248c64387fac5a6b31b343d9acb78f478e8619c Author: Sagi Grimberg Date: Thu Mar 9 13:26:07 2017 +0200 nvme-rdma: handle cpu unplug when re-establishing the controller If a cpu unplug event has occured, we need to take the minimum of the provided nr_io_queues and the number of online cpus, otherwise we won't be able to connect them as blk-mq mapping won't dispatch to those queues. Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/host/rdma.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 974310d047f3c7788a51d10c8d255eebdb1fa857 Author: Jon Medhurst Date: Thu Mar 2 13:04:09 2017 +0000 arm: kprobes: Align stack to 8-bytes in test code kprobes test cases need to have a stack that is aligned to an 8-byte boundary because they call other functions (and the ARM ABI mandates that alignment) and because test cases include 64-bit accesses to the stack. Unfortunately, GCC doesn't ensure this alignment for inline assembler and for the code in question seems to always misalign it by pushing just the LR register onto the stack. We therefore need to explicitly perform stack alignment at the start of each test case. Without this fix, some test cases will generate alignment faults on systems where alignment is enforced. Even if the kernel is configured to handle these faults in software, triggering them is ugly. It also exposes limitations in the fault handling code which doesn't cope with writes to the stack. E.g. when handling this instruction strd r6, [sp, #-64]! the fault handling code will write to a stack location below the SP value at the point the fault occurred, which coincides with where the exception handler has pushed the saved register context. This results in corruption of those registers. Signed-off-by: Jon Medhurst arch/arm/probes/kprobes/test-core.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 06553175f585b52509c7df37d6f4a50aacb7b211 Author: Masami Hiramatsu Date: Tue Feb 14 00:05:59 2017 +0900 arm: kprobes: Fix the return address of multiple kretprobes This is arm port of commit 737480a0d525 ("kprobes/x86: Fix the return address of multiple kretprobes"). Fix the return address of subsequent kretprobes when multiple kretprobes are set on the same function. For example: # cd /sys/kernel/debug/tracing # echo "r:event1 sys_symlink" > kprobe_events # echo "r:event2 sys_symlink" >> kprobe_events # echo 1 > events/kprobes/enable # ln -s /tmp/foo /tmp/bar (without this patch) # cat trace | grep -v ^# ln-82 [000] dn.2 68.446525: event1: (kretprobe_trampoline+0x0/0x18 <- SyS_symlink) ln-82 [000] dn.2 68.447831: event2: (ret_fast_syscall+0x0/0x1c <- SyS_symlink) (with this patch) # cat trace | grep -v ^# ln-81 [000] dn.1 39.463469: event1: (ret_fast_syscall+0x0/0x1c <- SyS_symlink) ln-81 [000] dn.1 39.464701: event2: (ret_fast_syscall+0x0/0x1c <- SyS_symlink) Signed-off-by: Masami Hiramatsu Cc: KUMANO Syuhei Signed-off-by: Jon Medhurst arch/arm/probes/kprobes/core.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) commit 91fc862c613ab7a0ef6b0b7755c33619127f4e5a Author: Masami Hiramatsu Date: Tue Feb 14 00:04:48 2017 +0900 arm: kprobes: Skip single-stepping in recursing path if possible Kprobes/arm skips single-stepping (moreover handling the event) if the conditional instruction must not be executed. This also apply the rule when we hit the recursing kprobe, so that kprobe does not count nmissed up in that case. Signed-off-by: Masami Hiramatsu Signed-off-by: Jon Medhurst arch/arm/probes/kprobes/core.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit f3fbd7ec62dec1528fb8044034e2885f2b257941 Author: Masami Hiramatsu Date: Tue Feb 14 00:03:38 2017 +0900 arm: kprobes: Allow to handle reentered kprobe on single-stepping This is arm port of commit 6a5022a56ac3 ("kprobes/x86: Allow to handle reentered kprobe on single-stepping") Since the FIQ handlers can interrupt in the single stepping (or preparing the single stepping, do_debug etc.), we should consider a kprobe is hit in the NMI handler. Even in that case, the kprobe is allowed to be reentered as same as the kprobes hit in kprobe handlers (KPROBE_HIT_ACTIVE or KPROBE_HIT_SSDONE). The real issue will happen when a kprobe hit while another reentered kprobe is processing (KPROBE_REENTER), because we already consumed a saved-area for the previous kprobe. Signed-off-by: Masami Hiramatsu Signed-off-by: Jon Medhurst arch/arm/probes/kprobes/core.c | 6 ++++++ 1 file changed, 6 insertions(+) commit df630b8c1e851b5e265dc2ca9c87222e342c093b Author: Peter Xu Date: Wed Mar 15 16:01:17 2017 +0800 KVM: x86: clear bus pointer when destroyed When releasing the bus, let's clear the bus pointers to mark it out. If any further device unregister happens on this bus, we know that we're done if we found the bus being released already. Signed-off-by: Peter Xu Signed-off-by: Radim Krčmář virt/kvm/kvm_main.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 28787bf47b11b08290918dcf91b08764cb5fe122 Author: Quentin Schulz Date: Mon Mar 20 12:25:51 2017 +0100 ARM: sun8i: a33: remove highest OPP to fix CPU crashes The highest supported frequency (1.2GHz) requires to "overvolt" the CPU. However, some boards still do not have the cpu-supply DT property in the cpu DT node which means that the CPU will always run with the same input voltage but try to run at 1.2GHz frequency. This is the source of (experienced) CPU crashes. Remove the OPP which requires overvolting the CPU until all boards have a cpu-supply property. Fixes: 03749eb88e63 ("ARM: dts: sun8i: add opp-v2 table for A33") Signed-off-by: Quentin Schulz Signed-off-by: Maxime Ripard arch/arm/boot/dts/sun8i-a33.dtsi | 6 ------ 1 file changed, 6 deletions(-) commit 5b52330bbfe63b3305765354d6046c9f7f89c011 Author: Paul Moore Date: Tue Mar 21 11:26:35 2017 -0400 audit: fix auditd/kernel connection state tracking What started as a rather straightforward race condition reported by Dmitry using the syzkaller fuzzer ended up revealing some major problems with how the audit subsystem managed its netlink sockets and its connection with the userspace audit daemon. Fixing this properly had quite the cascading effect and what we are left with is this rather large and complicated patch. My initial goal was to try and decompose this patch into multiple smaller patches, but the way these changes are intertwined makes it difficult to split these changes into meaningful pieces that don't break or somehow make things worse for the intermediate states. The patch makes a number of changes, but the most significant are highlighted below: * The auditd tracking variables, e.g. audit_sock, are now gone and replaced by a RCU/spin_lock protected variable auditd_conn which is a structure containing all of the auditd tracking information. * We no longer track the auditd sock directly, instead we track it via the network namespace in which it resides and we use the audit socket associated with that namespace. In spirit, this is what the code was trying to do prior to this patch (at least I think that is what the original authors intended), but it was done rather poorly and added a layer of obfuscation that only masked the underlying problems. * Big backlog queue cleanup, again. In v4.10 we made some pretty big changes to how the audit backlog queues work, here we haven't changed the queue design so much as cleaned up the implementation. Brought about by the locking changes, we've simplified kauditd_thread() quite a bit by consolidating the queue handling into a new helper function, kauditd_send_queue(), which allows us to eliminate a lot of very similar code and makes the looping logic in kauditd_thread() clearer. * All netlink messages sent to auditd are now sent via auditd_send_unicast_skb(). Other than just making sense, this makes the lock handling easier. * Change the audit_log_start() sleep behavior so that we never sleep on auditd events (unchanged) or if the caller is holding the audit_cmd_mutex (changed). Previously we didn't sleep if the caller was auditd or if the message type fell between a certain range; the type check was a poor effort of doing what the cmd_mutex check now does. Richard Guy Briggs originally proposed not sleeping the cmd_mutex owner several years ago but his patch wasn't acceptable at the time. At least the idea lives on here. * A problem with the lost record counter has been resolved. Steve Grubb and I both happened to notice this problem and according to some quick testing by Steve, this problem goes back quite some time. It's largely a harmless problem, although it may have left some careful sysadmins quite puzzled. Cc: # 4.10.x- Reported-by: Dmitry Vyukov Signed-off-by: Paul Moore kernel/audit.c | 639 ++++++++++++++++++++++++++++++++++--------------------- kernel/audit.h | 9 +- kernel/auditsc.c | 6 +- 3 files changed, 399 insertions(+), 255 deletions(-) commit 590379aef2e3fb7d00a093ed556c0a2714f86916 Author: Changbin Du Date: Tue Mar 21 14:47:20 2017 +0000 drm/i915: make context status notifier head be per engine GVTg has introduced the context status notifier to schedule the GVTg workload. At that time, the notifier is bound to GVTg context only, so GVTg is not aware of host workloads. Now we are going to improve GVTg's guest workload scheduler policy, and add Guc emulation support for new Gen graphics. Both these two features require acknowledgment for all contexts running on hardware. (But will not alter host workload.) So here try to make some change. The change is simple: 1. Move the context status notifier head from i915_gem_context to intel_engine_cs. Which means there is a notifier head per engine instead of per context. Execlist driver still call notifier for each context sched-in/out events of current engine. 2. At GVTg side, it binds a notifier_block for each physical engine at GVTg initialization period. Then GVTg can hear all context status events. In this patch, GVTg do nothing for host context event, but later will add a function there. But in any case, the notifier callback is a noop if this is no active vGPU. Since intel_gvt_init() is called at early initialization stage and require the status notifier head has been initiated, I initiate it in intel_engine_setup(). v2: remove a redundant newline. (chris) Fixes: 3c7ba6359d70 ("drm/i915: Introduce execlist context status change notification") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=100232 Signed-off-by: Changbin Du Cc: Joonas Lahtinen Cc: Tvrtko Ursulin Cc: Zhi Wang Reviewed-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/20170313024711.28591-1-changbin.du@intel.com Acked-by: Zhenyu Wang Signed-off-by: Chris Wilson (cherry picked from commit 3fc03069bc6e6c316f19bb526e3c8ce784677477) Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/20170321144720.17020-1-chris@chris-wilson.co.uk drivers/gpu/drm/i915/gvt/gvt.h | 2 +- drivers/gpu/drm/i915/gvt/scheduler.c | 45 ++++++++++++++------------------- drivers/gpu/drm/i915/i915_gem_context.c | 1 - drivers/gpu/drm/i915/i915_gem_context.h | 3 --- drivers/gpu/drm/i915/intel_engine_cs.c | 2 ++ drivers/gpu/drm/i915/intel_lrc.c | 3 ++- drivers/gpu/drm/i915/intel_ringbuffer.h | 3 +++ 7 files changed, 27 insertions(+), 32 deletions(-) commit 3d3d18f086cdda72ee18a454db70ca72c6e3246c Author: Chris Wilson Date: Tue Mar 21 14:45:31 2017 +0000 drm/i915: Avoid rcu_barrier() from reclaim paths (shrinker) The rcu_barrier() takes the cpu_hotplug mutex which itself is not reclaim-safe, and so rcu_barrier() is illegal from inside the shrinker. [ 309.661373] ========================================================= [ 309.661376] [ INFO: possible irq lock inversion dependency detected ] [ 309.661380] 4.11.0-rc1-CI-CI_DRM_2333+ #1 Tainted: G W [ 309.661383] --------------------------------------------------------- [ 309.661386] gem_exec_gttfil/6435 just changed the state of lock: [ 309.661389] (rcu_preempt_state.barrier_mutex){+.+.-.}, at: [] _rcu_barrier+0x31/0x160 [ 309.661399] but this lock took another, RECLAIM_FS-unsafe lock in the past: [ 309.661402] (cpu_hotplug.lock){+.+.+.} [ 309.661404] and interrupts could create inverse lock ordering between them. [ 309.661410] other info that might help us debug this: [ 309.661414] Possible interrupt unsafe locking scenario: [ 309.661417] CPU0 CPU1 [ 309.661419] ---- ---- [ 309.661421] lock(cpu_hotplug.lock); [ 309.661425] local_irq_disable(); [ 309.661432] lock(rcu_preempt_state.barrier_mutex); [ 309.661441] lock(cpu_hotplug.lock); [ 309.661446] [ 309.661448] lock(rcu_preempt_state.barrier_mutex); [ 309.661453] *** DEADLOCK *** [ 309.661460] 4 locks held by gem_exec_gttfil/6435: [ 309.661464] #0: (sb_writers#10){.+.+.+}, at: [] vfs_write+0x17d/0x1f0 [ 309.661475] #1: (debugfs_srcu){......}, at: [] debugfs_use_file_start+0x41/0xa0 [ 309.661486] #2: (&attr->mutex){+.+.+.}, at: [] simple_attr_write+0x37/0xe0 [ 309.661495] #3: (&dev->struct_mutex){+.+.+.}, at: [] i915_drop_caches_set+0x3a/0x150 [i915] [ 309.661540] the shortest dependencies between 2nd lock and 1st lock: [ 309.661547] -> (cpu_hotplug.lock){+.+.+.} ops: 829 { [ 309.661553] HARDIRQ-ON-W at: [ 309.661560] __lock_acquire+0x5e5/0x1b50 [ 309.661565] lock_acquire+0xc9/0x220 [ 309.661572] __mutex_lock+0x6e/0x990 [ 309.661576] mutex_lock_nested+0x16/0x20 [ 309.661583] get_online_cpus+0x61/0x80 [ 309.661590] kmem_cache_create+0x25/0x1d0 [ 309.661596] debug_objects_mem_init+0x30/0x249 [ 309.661602] start_kernel+0x341/0x3fe [ 309.661607] x86_64_start_reservations+0x2a/0x2c [ 309.661612] x86_64_start_kernel+0x173/0x186 [ 309.661619] verify_cpu+0x0/0xfc [ 309.661622] SOFTIRQ-ON-W at: [ 309.661627] __lock_acquire+0x611/0x1b50 [ 309.661632] lock_acquire+0xc9/0x220 [ 309.661636] __mutex_lock+0x6e/0x990 [ 309.661641] mutex_lock_nested+0x16/0x20 [ 309.661646] get_online_cpus+0x61/0x80 [ 309.661650] kmem_cache_create+0x25/0x1d0 [ 309.661655] debug_objects_mem_init+0x30/0x249 [ 309.661660] start_kernel+0x341/0x3fe [ 309.661664] x86_64_start_reservations+0x2a/0x2c [ 309.661669] x86_64_start_kernel+0x173/0x186 [ 309.661674] verify_cpu+0x0/0xfc [ 309.661677] RECLAIM_FS-ON-W at: [ 309.661682] mark_held_locks+0x6f/0xa0 [ 309.661687] lockdep_trace_alloc+0xb3/0x100 [ 309.661693] kmem_cache_alloc_trace+0x31/0x2e0 [ 309.661699] __smpboot_create_thread.part.1+0x27/0xe0 [ 309.661704] smpboot_create_threads+0x61/0x90 [ 309.661709] cpuhp_invoke_callback+0x9c/0x8a0 [ 309.661713] cpuhp_up_callbacks+0x31/0xb0 [ 309.661718] _cpu_up+0x7a/0xc0 [ 309.661723] do_cpu_up+0x5f/0x80 [ 309.661727] cpu_up+0xe/0x10 [ 309.661734] smp_init+0x71/0xb3 [ 309.661738] kernel_init_freeable+0x94/0x19e [ 309.661743] kernel_init+0x9/0xf0 [ 309.661748] ret_from_fork+0x2e/0x40 [ 309.661752] INITIAL USE at: [ 309.661757] __lock_acquire+0x234/0x1b50 [ 309.661761] lock_acquire+0xc9/0x220 [ 309.661766] __mutex_lock+0x6e/0x990 [ 309.661771] mutex_lock_nested+0x16/0x20 [ 309.661775] get_online_cpus+0x61/0x80 [ 309.661780] __cpuhp_setup_state+0x44/0x170 [ 309.661785] page_alloc_init+0x23/0x3a [ 309.661790] start_kernel+0x124/0x3fe [ 309.661794] x86_64_start_reservations+0x2a/0x2c [ 309.661799] x86_64_start_kernel+0x173/0x186 [ 309.661804] verify_cpu+0x0/0xfc [ 309.661807] } [ 309.661813] ... key at: [] cpu_hotplug+0xb0/0x100 [ 309.661817] ... acquired at: [ 309.661821] lock_acquire+0xc9/0x220 [ 309.661825] __mutex_lock+0x6e/0x990 [ 309.661829] mutex_lock_nested+0x16/0x20 [ 309.661833] get_online_cpus+0x61/0x80 [ 309.661837] _rcu_barrier+0x9f/0x160 [ 309.661841] rcu_barrier+0x10/0x20 [ 309.661847] netdev_run_todo+0x5f/0x310 [ 309.661852] rtnl_unlock+0x9/0x10 [ 309.661856] default_device_exit_batch+0x133/0x150 [ 309.661862] ops_exit_list.isra.0+0x4d/0x60 [ 309.661866] cleanup_net+0x1d8/0x2c0 [ 309.661872] process_one_work+0x1f4/0x6d0 [ 309.661876] worker_thread+0x49/0x4a0 [ 309.661881] kthread+0x107/0x140 [ 309.661884] ret_from_fork+0x2e/0x40 [ 309.661890] -> (rcu_preempt_state.barrier_mutex){+.+.-.} ops: 179 { [ 309.661896] HARDIRQ-ON-W at: [ 309.661901] __lock_acquire+0x5e5/0x1b50 [ 309.661905] lock_acquire+0xc9/0x220 [ 309.661910] __mutex_lock+0x6e/0x990 [ 309.661914] mutex_lock_nested+0x16/0x20 [ 309.661919] _rcu_barrier+0x31/0x160 [ 309.661923] rcu_barrier+0x10/0x20 [ 309.661928] netdev_run_todo+0x5f/0x310 [ 309.661932] rtnl_unlock+0x9/0x10 [ 309.661936] default_device_exit_batch+0x133/0x150 [ 309.661941] ops_exit_list.isra.0+0x4d/0x60 [ 309.661946] cleanup_net+0x1d8/0x2c0 [ 309.661951] process_one_work+0x1f4/0x6d0 [ 309.661955] worker_thread+0x49/0x4a0 [ 309.661960] kthread+0x107/0x140 [ 309.661964] ret_from_fork+0x2e/0x40 [ 309.661968] SOFTIRQ-ON-W at: [ 309.661972] __lock_acquire+0x611/0x1b50 [ 309.661977] lock_acquire+0xc9/0x220 [ 309.661981] __mutex_lock+0x6e/0x990 [ 309.661986] mutex_lock_nested+0x16/0x20 [ 309.661990] _rcu_barrier+0x31/0x160 [ 309.661995] rcu_barrier+0x10/0x20 [ 309.661999] netdev_run_todo+0x5f/0x310 [ 309.662003] rtnl_unlock+0x9/0x10 [ 309.662008] default_device_exit_batch+0x133/0x150 [ 309.662013] ops_exit_list.isra.0+0x4d/0x60 [ 309.662017] cleanup_net+0x1d8/0x2c0 [ 309.662022] process_one_work+0x1f4/0x6d0 [ 309.662027] worker_thread+0x49/0x4a0 [ 309.662031] kthread+0x107/0x140 [ 309.662035] ret_from_fork+0x2e/0x40 [ 309.662039] IN-RECLAIM_FS-W at: [ 309.662043] __lock_acquire+0x638/0x1b50 [ 309.662048] lock_acquire+0xc9/0x220 [ 309.662053] __mutex_lock+0x6e/0x990 [ 309.662058] mutex_lock_nested+0x16/0x20 [ 309.662062] _rcu_barrier+0x31/0x160 [ 309.662067] rcu_barrier+0x10/0x20 [ 309.662089] i915_gem_shrink_all+0x33/0x40 [i915] [ 309.662109] i915_drop_caches_set+0x141/0x150 [i915] [ 309.662114] simple_attr_write+0xc7/0xe0 [ 309.662119] full_proxy_write+0x4f/0x70 [ 309.662124] __vfs_write+0x23/0x120 [ 309.662128] vfs_write+0xc6/0x1f0 [ 309.662133] SyS_write+0x44/0xb0 [ 309.662138] entry_SYSCALL_64_fastpath+0x1c/0xb1 [ 309.662142] INITIAL USE at: [ 309.662147] __lock_acquire+0x234/0x1b50 [ 309.662151] lock_acquire+0xc9/0x220 [ 309.662156] __mutex_lock+0x6e/0x990 [ 309.662160] mutex_lock_nested+0x16/0x20 [ 309.662165] _rcu_barrier+0x31/0x160 [ 309.662169] rcu_barrier+0x10/0x20 [ 309.662174] netdev_run_todo+0x5f/0x310 [ 309.662178] rtnl_unlock+0x9/0x10 [ 309.662183] default_device_exit_batch+0x133/0x150 [ 309.662188] ops_exit_list.isra.0+0x4d/0x60 [ 309.662192] cleanup_net+0x1d8/0x2c0 [ 309.662197] process_one_work+0x1f4/0x6d0 [ 309.662202] worker_thread+0x49/0x4a0 [ 309.662206] kthread+0x107/0x140 [ 309.662210] ret_from_fork+0x2e/0x40 [ 309.662214] } [ 309.662220] ... key at: [] rcu_preempt_state+0x508/0x780 [ 309.662225] ... acquired at: [ 309.662229] check_usage_forwards+0x12b/0x130 [ 309.662233] mark_lock+0x360/0x6f0 [ 309.662237] __lock_acquire+0x638/0x1b50 [ 309.662241] lock_acquire+0xc9/0x220 [ 309.662245] __mutex_lock+0x6e/0x990 [ 309.662249] mutex_lock_nested+0x16/0x20 [ 309.662253] _rcu_barrier+0x31/0x160 [ 309.662257] rcu_barrier+0x10/0x20 [ 309.662279] i915_gem_shrink_all+0x33/0x40 [i915] [ 309.662298] i915_drop_caches_set+0x141/0x150 [i915] [ 309.662303] simple_attr_write+0xc7/0xe0 [ 309.662307] full_proxy_write+0x4f/0x70 [ 309.662311] __vfs_write+0x23/0x120 [ 309.662315] vfs_write+0xc6/0x1f0 [ 309.662319] SyS_write+0x44/0xb0 [ 309.662323] entry_SYSCALL_64_fastpath+0x1c/0xb1 [ 309.662329] stack backtrace: [ 309.662335] CPU: 1 PID: 6435 Comm: gem_exec_gttfil Tainted: G W 4.11.0-rc1-CI-CI_DRM_2333+ #1 [ 309.662342] Hardware name: Hewlett-Packard HP Compaq 8100 Elite SFF PC/304Ah, BIOS 786H1 v01.13 07/14/2011 [ 309.662348] Call Trace: [ 309.662354] dump_stack+0x67/0x92 [ 309.662359] print_irq_inversion_bug.part.19+0x1a4/0x1b0 [ 309.662365] check_usage_forwards+0x12b/0x130 [ 309.662369] mark_lock+0x360/0x6f0 [ 309.662374] ? print_shortest_lock_dependencies+0x1a0/0x1a0 [ 309.662379] __lock_acquire+0x638/0x1b50 [ 309.662383] ? __mutex_unlock_slowpath+0x3e/0x2e0 [ 309.662388] ? trace_hardirqs_on+0xd/0x10 [ 309.662392] ? _rcu_barrier+0x31/0x160 [ 309.662396] lock_acquire+0xc9/0x220 [ 309.662400] ? _rcu_barrier+0x31/0x160 [ 309.662404] ? _rcu_barrier+0x31/0x160 [ 309.662409] __mutex_lock+0x6e/0x990 [ 309.662412] ? _rcu_barrier+0x31/0x160 [ 309.662416] ? _rcu_barrier+0x31/0x160 [ 309.662421] ? synchronize_rcu_expedited+0x35/0xb0 [ 309.662426] ? _raw_spin_unlock_irqrestore+0x52/0x60 [ 309.662434] mutex_lock_nested+0x16/0x20 [ 309.662438] _rcu_barrier+0x31/0x160 [ 309.662442] rcu_barrier+0x10/0x20 [ 309.662464] i915_gem_shrink_all+0x33/0x40 [i915] [ 309.662484] i915_drop_caches_set+0x141/0x150 [i915] [ 309.662489] simple_attr_write+0xc7/0xe0 [ 309.662494] full_proxy_write+0x4f/0x70 [ 309.662498] __vfs_write+0x23/0x120 [ 309.662503] ? rcu_read_lock_sched_held+0x75/0x80 [ 309.662507] ? rcu_sync_lockdep_assert+0x2a/0x50 [ 309.662512] ? __sb_start_write+0x102/0x210 [ 309.662516] ? vfs_write+0x17d/0x1f0 [ 309.662520] vfs_write+0xc6/0x1f0 [ 309.662524] ? trace_hardirqs_on_caller+0xe7/0x200 [ 309.662529] SyS_write+0x44/0xb0 [ 309.662533] entry_SYSCALL_64_fastpath+0x1c/0xb1 [ 309.662537] RIP: 0033:0x7f507eac24a0 [ 309.662541] RSP: 002b:00007fffda8720e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 309.662548] RAX: ffffffffffffffda RBX: ffffffff81482bd3 RCX: 00007f507eac24a0 [ 309.662552] RDX: 0000000000000005 RSI: 00007fffda8720f0 RDI: 0000000000000005 [ 309.662557] RBP: ffffc9000048bf88 R08: 0000000000000000 R09: 000000000000002c [ 309.662561] R10: 0000000000000014 R11: 0000000000000246 R12: 00007fffda872230 [ 309.662566] R13: 00007fffda872228 R14: 0000000000000201 R15: 00007fffda8720f0 [ 309.662572] ? __this_cpu_preempt_check+0x13/0x20 Fixes: 0eafec6d3244 ("drm/i915: Enable lockless lookup of request tracking via RCU") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=100192 Signed-off-by: Chris Wilson Cc: Daniel Vetter Cc: # v4.9+ Link: http://patchwork.freedesktop.org/patch/msgid/20170314115019.18127-1-chris@chris-wilson.co.uk Reviewed-by: Daniel Vetter (cherry picked from commit bd784b7cc41af7a19cfb705fa6d800e511c4ab02) Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/20170321144531.12344-1-chris@chris-wilson.co.uk drivers/gpu/drm/i915/i915_gem_shrinker.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ae5c682113f9f94cc5e76f92cf041ee624c173ee Author: Liping Zhang Date: Sun Mar 19 22:35:59 2017 +0800 netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max The helper->expect_class_max must be set to the total number of expect_policy minus 1, since we will use the statement "if (class > helper->expect_class_max)" to validate the CTA_EXPECT_CLASS attr in ctnetlink_alloc_expect. So for compatibility, set the helper->expect_class_max to the NFCTH_POLICY_SET_NUM attr's value minus 1. Also: it's invalid when the NFCTH_POLICY_SET_NUM attr's value is zero. 1. this will result "expect_policy = kzalloc(0, GFP_KERNEL);"; 2. we cannot set the helper->expect_class_max to a proper value. So if nla_get_be32(tb[NFCTH_POLICY_SET_NUM]) is zero, report -EINVAL to the userspace. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nfnetlink_cthelper.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit 6e5364f5f472d4ea66d37459e299071b0190362c Author: Ping Cheng Date: Tue Mar 14 17:08:16 2017 -0700 HID: wacom: generic: Wacom mouse is only provided for opaque tablets Commit f85c9dc ("Support tool ID and additional tool types") introduced mouse and lens cursor tools to generic codepath, which covers both display (direct) and opaque tablets (indirect devices). However, mouse and lens cursor tools are only provided for opaque tablets. This patch ignores mouse and lens cursor tools if the device is a display tablet. Signed-off-by: Ping Cheng Reviewed-by: Jason Gerecke Signed-off-by: Jiri Kosina drivers/hid/wacom_wac.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 01adc47e885f1127b29d76d0dfb21d8262f9d6b4 Author: Oscar Campos Date: Mon Mar 6 21:02:39 2017 +0000 HID: corsair: Add driver Scimitar Pro RGB gaming mouse 1b1c:1b3e support to hid-corsair This mouse sold by Corsair as Scimitar PRO RGB defines two consecutive Logical Minimum items in its Application (Consumer.0001) report making it non parseable. This patch fixes the report descriptor overriding byte 77 in rdesc from 0x16 (Logical Minimum with 16 bits value) to 0x26 (Logical Maximum with 16 bits value). Signed-off-by: Oscar Campos Signed-off-by: Jiri Kosina drivers/hid/Kconfig | 1 + drivers/hid/hid-core.c | 1 + drivers/hid/hid-corsair.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+) commit deaba636997557fce46ca7bcb509bff5ea1b0558 Author: Oscar Campos Date: Fri Feb 10 18:23:00 2017 +0000 HID: corsair: support for K65-K70 Rapidfire and Scimitar Pro RGB Add quirks for several corsair gaming devices to avoid long delays on report initialization Supported devices: - Corsair K65RGB Rapidfire Gaming Keyboard - Corsair K70RGB Rapidfire Gaming Keyboard - Corsair Scimitar Pro RGB Gaming Mouse Signed-off-by: Oscar Campos Signed-off-by: Jiri Kosina drivers/hid/hid-ids.h | 3 +++ drivers/hid/usbhid/hid-quirks.c | 3 +++ 2 files changed, 6 insertions(+) commit b6b1f19b06b7d4dcc261a88d74c5fb0a53988b4e Author: Aaron Armstrong Skomra Date: Mon Mar 6 10:54:58 2017 -0800 HID: wacom: don't manually release resources for the EKR Commit 5b779fc introduces the manual release of resources in wacom_remove() as an addition to the driver's use of devm. The EKR resources can only be released through wacom_remote_destroy_one() so we skip the manual release for it. Fixes: 5b779fc ("HID: wacom: release the resources before leaving despite devm") Signed-off-by: Aaron Armstrong Skomra Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/wacom_sys.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 49cc4c217c0dbb7d09c402472d1f85a81c093f9f Author: Aaron Armstrong Skomra Date: Mon Mar 6 10:54:57 2017 -0800 HID: wacom: Correct Intuos Pro 2 resolution The features struct for the second gen Intuos Pro uses the wrong constant for the resolution. This fix is for commit 4922cd2. Fixes: 4922cd2 ("HID: wacom: Support 2nd-gen Intuos Pro's Bluetooth classic interface") Signed-off-by: Aaron Armstrong Skomra Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/wacom_wac.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c520ff3d03f0b5db7146d9beed6373ad5d2a5e0e Author: Takashi Iwai Date: Tue Mar 21 13:56:04 2017 +0100 ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() When snd_seq_pool_done() is called, it marks the closing flag to refuse the further cell insertions. But snd_seq_pool_done() itself doesn't clear the cells but just waits until all cells are cleared by the caller side. That is, it's racy, and this leads to the endless stall as syzkaller spotted. This patch addresses the racy by splitting the setup of pool->closing flag out of snd_seq_pool_done(), and calling it properly before snd_seq_pool_done(). BugLink: http://lkml.kernel.org/r/CACT4Y+aqqy8bZA1fFieifNxR2fAfFQQABcBHj801+u5ePV0URw@mail.gmail.com Reported-and-tested-by: Dmitry Vyukov Cc: Signed-off-by: Takashi Iwai sound/core/seq/seq_clientmgr.c | 1 + sound/core/seq/seq_fifo.c | 3 +++ sound/core/seq/seq_memory.c | 17 +++++++++++++---- sound/core/seq/seq_memory.h | 1 + 4 files changed, 18 insertions(+), 4 deletions(-) commit c6736a94d0e527ddc0d1eb99dbc59886a9ecf471 Author: Takashi Iwai Date: Tue Mar 21 13:26:02 2017 +0100 ALSA: x86: Make CONFIG_SND_X86 bool CONFIG_SND_X86 is a menu config to filter only for x86-specific drivers in its sub-menu, and this doesn't have to be tristate but rather it should be a bool. Also, like other sub-menu configs, it's more user-friendly to be default=y; it's merely a menu config and the actual drivers are configured in the sub-menu, after all. Fixes: 287599cf2d77 ("ALSA: add Intel HDMI LPE audio driver for BYT/CHT-T") Signed-off-by: Takashi Iwai sound/x86/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit eb3abaea7ea42619a48fa84e4b1ff48f1b18d863 Author: Mylène Josserand Date: Sat Mar 18 08:55:09 2017 +0100 ARM: dts: sun8i: Update audio-routing with renamed widgets The digital AIF interfaces has been renamed in the sun8i audio codec driver so the audio-routing in the device tree must be renamed too. Signed-off-by: Mylène Josserand Acked-by: Chen-Yu Tsai Signed-off-by: Mark Brown arch/arm/boot/dts/sun8i-a33.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d1792285ca63e17f8a7eb42efa48834c261a2d8f Author: Mylène Josserand Date: Sat Mar 18 08:55:08 2017 +0100 ASoC: sun8i-codec: Convert to use SND_SOC_DAPM_AIF_IN Update the driver to use SND_SOC_DAPM_AIF_IN instead of SND_SOC_DAPM_DAC. Rename the interface's widgets to be more precise on which slot the interface is connected. Signed-off-by: Mylène Josserand Acked-by: Chen-Yu Tsai Signed-off-by: Mark Brown sound/soc/sunxi/sun8i-codec.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit 79e26de81448fad80f6c15ae1e3c9e7fca2740cd Author: Mylène Josserand Date: Sat Mar 18 08:55:07 2017 +0100 ASoC: sun8i-codec: Fix space on audio-routing widget An unwanted space is present in an audio widget's name on the dapm routing. It causes an error on the recognition of this widget (error: ("no dapm match for AIF1 Slot 0 Right"). Remove the space fixes it. Signed-off-by: Mylène Josserand Acked-by: Chen-Yu Tsai Signed-off-by: Mark Brown sound/soc/sunxi/sun8i-codec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 649d55436137b397accb6a9d1b6975598c693bcd Author: Mylène Josserand Date: Sat Mar 18 08:55:06 2017 +0100 ASoC: sun8i-codec: Update mixer to use SOC_DAPM_DOUBLE Update the driver to use the new SOC_DAPM_DOUBLE definition on the digital DAC mixer. Update the names accordingly as, when they are shared, the controls are not prefixed with the widget's name anymore. Signed-off-by: Mylène Josserand Acked-by: Chen-Yu Tsai Signed-off-by: Mark Brown sound/soc/sunxi/sun8i-codec.c | 45 ++++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 24 deletions(-) commit a82f16188a32a3c889916c582ea2d9188e3c2734 Author: Mylène Josserand Date: Sat Mar 18 08:55:05 2017 +0100 ASoC: sun8i-codec: Remove analog "HP" widget The "HP" widget is already present and take part to the analog part (sun8i-codec-analog). Remove it from the digital part as it is unnecessary. Signed-off-by: Mylène Josserand Acked-by: Chen-Yu Tsai Signed-off-by: Mark Brown sound/soc/sunxi/sun8i-codec.c | 6 ------ 1 file changed, 6 deletions(-) commit cc638a488a5205713b51eabd047be6ea641cc328 Author: Andrew Donnellan Date: Mon Mar 20 17:55:22 2017 +1100 gcc-plugins: update architecture list in documentation Commit 65c059bcaa73 ("powerpc: Enable support for GCC plugins") enabled GCC plugins on powerpc, but neglected to update the architecture list in the docs. Rectify this. Fixes: 65c059bcaa73 ("powerpc: Enable support for GCC plugins") Signed-off-by: Andrew Donnellan Signed-off-by: Michael Ellerman Documentation/gcc-plugins.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit fc36a903265c18d124cefaba364a7fa71b21be61 Author: Paul Mackerras Date: Tue Mar 21 12:38:02 2017 +1100 Revert "powerpc/64: Disable use of radix under a hypervisor" This reverts commit 3f91a89d424a79f8082525db5a375e438887bb3e. Now that we do have the machinery for using the radix MMU under a hypervisor, the extra check and comment introduced in 3f91a89d424a are no longer correct. The result is that when booted under a hypervisor that only allows use of radix, we clear the MMU_FTR_TYPE_RADIX and then set it again, and print a warning about ignoring the disable_radix command line option, even though the command line does not include "disable_radix". Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman arch/powerpc/mm/init_64.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 22e098daae7e53763493b9d9976ef8c65190017e Author: Andrzej Hajda Date: Wed Mar 15 12:20:42 2017 +0100 drm/exynos/dsi: make te-gpios optional DSI forwards te-gpios interrupts to display controller, but if display controller works in HW-TRIGGER mode this interrupt is not necessary. Making te-gpios property optional allows to avoid generating spare interrupts. And also if panel device node of command mode panel device doesn't provide te-gpios property then the panel driver failed to probe. This was a critial issue. With this patch we can not only get rid of 60 interrupt callbacks per second but also fix the critial issues. Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_dsi.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 9cdf0ed25a9b34fd82cb0eb47a8bdc47dc9f4ff5 Author: Krzysztof Kozlowski Date: Tue Mar 14 20:38:04 2017 +0200 drm/exynos: Print kernel pointers in a restricted form Printing raw kernel pointers might reveal information which sometimes we try to hide (e.g. with Kernel Address Space Layout Randomization). Use the "%pK" format so these pointers will be hidden for unprivileged users. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_dsi.c | 4 ++-- drivers/gpu/drm/exynos/exynos_drm_fimc.c | 2 +- drivers/gpu/drm/exynos/exynos_drm_gem.c | 2 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/exynos/exynos_drm_ipp.c | 22 +++++++++++----------- drivers/gpu/drm/exynos/exynos_drm_rotator.c | 2 +- 6 files changed, 17 insertions(+), 17 deletions(-) commit f07d9c2864d4ccf0a0b5bd2dd6491f5204eab5fe Author: Andrzej Hajda Date: Tue Mar 14 09:28:00 2017 +0100 drm/exynos/decon5433: fix software trigger mask The patch fixes copy/paste bug introduced during code refactoring. Reported-by: Dan Carpenter Fixes: b93c2e8b5d9d ("drm/exynos/decon5433: configure sysreg in case of hardware trigger")Fixes: Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 82a01783252be726d76cdbbababc16540f582cec Author: Andrzej Hajda Date: Tue Mar 14 09:27:59 2017 +0100 drm/exynos/fimd: signal frame done interrupt at front porch VBLANK interrupt should be signalled as soon as scanout ends, front porch is the best moment. Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_fimd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f3cce673e1c11112c536fbc8e6912c5414d7141f Author: Andrzej Hajda Date: Tue Mar 14 09:27:58 2017 +0100 drm/exynos/decon5433: signal frame done interrupt at front porch DECON in case of video mode generates interrupt by default at start of vertical back porch. As this interrupt is used to generate VBLANK events more optimal point is start of vertical front porch. Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 2 +- include/video/exynos5433_decon.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) commit 73488331eb9460d14974a1e2c734f77ce8869183 Author: Andrzej Hajda Date: Tue Mar 14 09:27:57 2017 +0100 drm/exynos/decon5433: fix vblank event handling Current implementation of event handling assumes that vblank interrupt is always called at the right time. It is not true, it can be delayed due to various reasons. As a result different races can happen. The patch fixes the issue by using hardware frame counter present in DECON to serialize vblank and commit completion events. Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 78 ++++++++++++++++++++++++++- include/video/exynos5433_decon.h | 8 +++ 2 files changed, 85 insertions(+), 1 deletion(-) commit a392276d1dec63e5aabe6f527c37de29a729559a Author: Andrzej Hajda Date: Tue Mar 14 09:27:56 2017 +0100 drm/exynos: move crtc event handling to drivers callbacks CRTC event is currently send with next vblank, or instantly in case crtc is being disabled. This approach usually works, but in corner cases it can result in premature event generation. Only device driver is able to verify if the event can be sent. This patch is a first step in that direction - it moves event handling to the drivers. Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 1 + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 1 + drivers/gpu/drm/exynos/exynos_drm_crtc.c | 29 +++++++++++++++------------ drivers/gpu/drm/exynos/exynos_drm_crtc.h | 2 ++ drivers/gpu/drm/exynos/exynos_drm_fimd.c | 2 ++ drivers/gpu/drm/exynos/exynos_drm_vidi.c | 1 + drivers/gpu/drm/exynos/exynos_mixer.c | 1 + 7 files changed, 24 insertions(+), 13 deletions(-) commit 6bdc92ee4980ca10171a8de338fad612f00bb48f Author: Krzysztof Kozlowski Date: Sat Mar 11 20:04:16 2017 +0200 drm/exynos: Remove support for Exynos4415 (SoC not supported anymore) Support for Exynos4415 is going away because there are no internal nor external users. Since commit 46dcf0ff0de3 ("ARM: dts: exynos: Remove exynos4415.dtsi"), the platform cannot be instantiated so remove also the drivers. Signed-off-by: Krzysztof Kozlowski Acked-by: Kukjin Kim Acked-by: Rob Herring Signed-off-by: Inki Dae .../devicetree/bindings/display/exynos/exynos_dsim.txt | 1 - .../bindings/display/exynos/samsung-fimd.txt | 1 - drivers/gpu/drm/exynos/exynos_drm_dsi.c | 15 +-------------- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 18 ++---------------- 4 files changed, 3 insertions(+), 32 deletions(-) commit ac7ce78ba036c0f9952d9706b1941c7d80c78680 Author: Dan Carpenter Date: Tue Feb 14 10:46:20 2017 +0300 drm/exynos/decon5433: & vs | typo "&" was obviously intended instead of "|". The original condition is always true. Fixes: b93c2e8b5d9d ("drm/exynos/decon5433: configure sysreg in case of hardware trigger") Signed-off-by: Dan Carpenter Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 359b69310014511901bd61cc5f7680cb5de1faef Author: Xiaoguang Chen Date: Tue Mar 21 10:54:21 2017 +0800 drm/i915/gvt: set shadow entry to scratch page while p2m failed Sometimes guest driver will only update partial of the GGTT entry then access it. In this situation a failure will happen while translating the gpa to hpa. Now in this situation we let the corresponding shadow entry pointing to a scratch page. Signed-off-by: Zhi Wang Signed-off-by: Xiaoguang Chen Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gtt.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 14f5ba26aa7060b4cad9c4c288b9a785bd0cd1a8 Author: Xu Han Date: Tue Mar 21 10:00:59 2017 +0800 drm/i915/gvt: Fix guest fail to read EDID leading to black guest console issue. It appears missing slaves on the i2c should cause 0xff to be returned rather than 0. So, when the Windows driver tried to address a slave at 0x40 and got 0’s back rather than 0xff’s it must have confused it. Signed-off-by: Paul Durrant Signed-off-by: Xu Han Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/edid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 4a53148868493bd5e0b18a9814aaa20bf74e3b26 Author: Chuanxiao Dong Date: Tue Mar 21 09:32:19 2017 +0800 drm/i915/gvt: fix wrong offset when loading RCS mocs Fix the wrong offset of the RCS specific mocs Fixes: 178657139307 ("drm/i915/gvt: vGPU context switch") Signed-off-by: Chuanxiao Dong Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/render.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 814a585038e36cd158bee4ef964e579136cf24c6 Author: Vineet Gupta Date: Mon Mar 20 18:46:15 2017 -0700 ARCv2: make unimplemented vectors as no-ops rather than halt core Signed-off-by: Vineet Gupta arch/arc/kernel/entry-arcv2.S | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 4296f23ed49a15d36949458adcc66ff993dee2a8 Author: Rafael J. Wysocki Date: Sun Mar 19 14:30:02 2017 +0100 cpufreq: schedutil: Fix per-CPU structure initialization in sugov_start() sugov_start() only initializes struct sugov_cpu per-CPU structures for shared policies, but it should do that for single-CPU policies too. That in particular makes the IO-wait boost mechanism work in the cases when cpufreq policies correspond to individual CPUs. Fixes: 21ca6d2c52f8 (cpufreq: schedutil: Add iowait boosting) Signed-off-by: Rafael J. Wysocki Acked-by: Viresh Kumar Cc: 4.9+ # 4.9+ kernel/sched/cpufreq_schedutil.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) commit c3104aae5d8cc443556f8613466e16737326e215 Author: Arnd Bergmann Date: Mon Mar 13 17:36:25 2017 +0100 remoteproc: qcom: fix QCOM_SMD dependencies qcom_smd_register_edge() is provided by either QCOM_SMD or RPMSG_QCOM_SMD, and if both of them are disabled, it does nothing. The check for the PIL drivers however only checks for QCOM_SMD, so it breaks with QCOM_SMD=n && RPMSG_QCOM_SMD=m: drivers/remoteproc/built-in.o: In function `smd_subdev_remove': qcom_wcnss_iris.c:(.text+0x231c): undefined reference to `qcom_smd_unregister_edge' drivers/remoteproc/built-in.o: In function `smd_subdev_probe': qcom_wcnss_iris.c:(.text+0x2344): undefined reference to `qcom_smd_register_edge' drivers/remoteproc/built-in.o: In function `smd_subdev_probe': qcom_q6v5_pil.c:(.text+0x3538): undefined reference to `qcom_smd_register_edge' qcom_q6v5_pil.c:(.text+0x3538): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `qcom_smd_register_edge' This clarifies the Kconfig dependency. Fixes: 4b48921a8f74 ("remoteproc: qcom: Use common SMD edge handler") Signed-off-by: Arnd Bergmann Signed-off-by: Bjorn Andersson drivers/remoteproc/Kconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 0d963b6e650d9d5533223f3dbcde7dda466df65c Author: Joe Thornber Date: Mon Mar 20 11:54:11 2017 -0400 dm cache metadata: fix metadata2 format's blocks_are_clean_separate_dirty The dm_bitset_cursor_begin() call was using the incorrect nr_entries. Also, the last dm_bitset_cursor_next() must be avoided if we're at the end of the cursor. Fixes: 7f1b21591a6 ("dm cache metadata: use cursor api in blocks_are_clean_separate_dirty()") Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/dm-cache-metadata.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 3aa53859d23e1b9cf1a60f82a9008e35ef10bd6a Author: Luiz Capitulino Date: Mon Mar 13 09:08:20 2017 -0400 KVM: Documentation: document MCE ioctls Signed-off-by: Luiz Capitulino Reviewed-by: David Hildenbrand Signed-off-by: Radim Krčmář Documentation/virtual/kvm/api.txt | 63 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) commit 6d1b3ad2cd87150fc89bad2331beab173a8ad24d Author: Wanpeng Li Date: Sun Mar 12 00:53:52 2017 -0800 KVM: nVMX: don't reset kvm mmu twice kvm mmu is reset once successfully loading CR3 as part of emulating vmentry in nested_vmx_load_cr3(). We should not reset kvm mmu twice. Cc: Paolo Bonzini Cc: Radim Krčmář Signed-off-by: Wanpeng Li Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 2 -- 1 file changed, 2 deletions(-) commit 49e190ec332e96ba28f24b86f7a92f614707819b Author: kbuild test robot Date: Sat Jan 28 05:01:51 2017 +0800 PTP: fix ptr_ret.cocci warnings drivers/ptp/ptp_kvm.c:229:1-3: WARNING: PTR_ERR_OR_ZERO can be used Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR Generated by: scripts/coccinelle/api/ptr_ret.cocci CC: Marcelo Tosatti Signed-off-by: Fengguang Wu Signed-off-by: Radim Krčmář drivers/ptp/ptp_kvm.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 3863dff0c3dd72984395c93b12383b393c5c3989 Author: Dmitry Vyukov Date: Tue Jan 24 14:06:48 2017 +0100 kvm: fix usage of uninit spinlock in avic_vm_destroy() If avic is not enabled, avic_vm_init() does nothing and returns early. However, avic_vm_destroy() still tries to destroy what hasn't been created. The only bad consequence of this now is that avic_vm_destroy() uses svm_vm_data_hash_lock that hasn't been initialized (and is not meant to be used at all if avic is not enabled). Return early from avic_vm_destroy() if avic is not enabled. It has nothing to destroy. Signed-off-by: Dmitry Vyukov Cc: Joerg Roedel Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: David Hildenbrand Cc: kvm@vger.kernel.org Cc: syzkaller@googlegroups.com Reviewed-by: David Hildenbrand Signed-off-by: Radim Krčmář arch/x86/kvm/svm.c | 3 +++ 1 file changed, 3 insertions(+) commit 6c6c5e0311c83ffe75e14260fb83e05e21e1d488 Author: Radim Krčmář Date: Fri Jan 13 18:59:04 2017 +0100 KVM: VMX: downgrade warning on unexpected exit code We never needed the call trace and we better rate-limit if it can be triggered by a guest. Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6be3b6cce1e225f189b68b4e84fc711d19b4277b Author: Ryan Hsu Date: Mon Mar 13 15:49:03 2017 -0700 ath10k: fix incorrect wlan_mac_base in qca6174_regs In the 'commit ebee76f7fa46 ("ath10k: allow setting coverage class")', it inherits the design and the address offset from ath9k, but the address is not applicable to QCA6174, which leads to a random crash while doing the resume() operation, since the set_coverage_class.ops will be called from ieee80211_reconfig() when resume() (if the wow is not configured). Fix the incorrect address offset here to avoid the random crash. Verified on QCA6174/hw3.0 with firmware WLAN.RM.4.4-00022-QCARMSWPZ-2. kvalo: this also seems to fix a regression with firmware restart. Fixes: ebee76f7fa46 ("ath10k: allow setting coverage class") Cc: # v4.10 Signed-off-by: Ryan Hsu Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/hw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7041d5d286fb54635f540c1bb3b43980ed65513a Author: Chao Yu Date: Wed Mar 8 20:07:49 2017 +0800 f2fs: combine nat_bits and free_nid_bitmap cache Both nat_bits cache and free_nid_bitmap cache provide same functionality as a intermediate cache between free nid cache and disk, but with different granularity of indicating free nid range, and different persistence policy. nat_bits cache provides better persistence ability, and free_nid_bitmap provides better granularity. In this patch we combine advantage of both caches, so finally policy of the intermediate cache would be: - init: load free nid status from nat_bits into free_nid_bitmap - lookup: scan free_nid_bitmap before load NAT blocks - update: update free_nid_bitmap in real-time - persistence: udpate and persist nat_bits in checkpoint This patch also resolves performance regression reported by lkp-robot. commit: 4ac912427c4214d8031d9ad6fbc3bc75e71512df ("f2fs: introduce free nid bitmap") d00030cf9cd0bb96fdccc41e33d3c91dcbb672ba ("f2fs: use __set{__clear}_bit_le") 1382c0f3f9d3f936c8bc42ed1591cf7a593ef9f7 ("f2fs: combine nat_bits and free_nid_bitmap cache") 4ac912427c4214d8 d00030cf9cd0bb96fdccc41e33 1382c0f3f9d3f936c8bc42ed15 ---------------- -------------------------- -------------------------- %stddev %change %stddev %change %stddev \ | \ | \ 77863 ± 0% +2.1% 79485 ± 1% +50.8% 117404 ± 0% aim7.jobs-per-min 231.63 ± 0% -2.0% 227.01 ± 1% -33.6% 153.80 ± 0% aim7.time.elapsed_time 231.63 ± 0% -2.0% 227.01 ± 1% -33.6% 153.80 ± 0% aim7.time.elapsed_time.max 896604 ± 0% -0.8% 889221 ± 3% -20.2% 715260 ± 1% aim7.time.involuntary_context_switches 2394 ± 1% +4.6% 2503 ± 1% +3.7% 2481 ± 2% aim7.time.maximum_resident_set_size 6240 ± 0% -1.5% 6145 ± 1% -14.1% 5360 ± 1% aim7.time.system_time 1111357 ± 3% +1.9% 1132509 ± 2% -6.2% 1041932 ± 2% aim7.time.voluntary_context_switches ... Signed-off-by: Chao Yu Tested-by: Xiaolong Ye Signed-off-by: Jaegeuk Kim fs/f2fs/node.c | 125 ++++++++++++++++++++++----------------------------------- 1 file changed, 47 insertions(+), 78 deletions(-) commit 586d1492f301982e349797cfb05d9f343002ffa2 Author: Chao Yu Date: Wed Mar 1 17:09:07 2017 +0800 f2fs: skip scanning free nid bitmap of full NAT blocks This patch adds to account free nids for each NAT blocks, and while scanning all free nid bitmap, do check count and skip lookuping in full NAT block. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/debug.c | 1 + fs/f2fs/f2fs.h | 2 ++ fs/f2fs/node.c | 33 +++++++++++++++++++++++++++------ 3 files changed, 30 insertions(+), 6 deletions(-) commit 23380b8568b85cd4b7a056891f4dbf131f7b871d Author: Jaegeuk Kim Date: Tue Mar 7 14:11:06 2017 -0800 f2fs: use __set{__clear}_bit_le This patch uses __set{__clear}_bit_le for highter speed. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/dir.c | 2 +- fs/f2fs/node.c | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) commit 9f7e4a2c49fd166f17cf4125766a68dce8716764 Author: Jaegeuk Kim Date: Fri Mar 10 09:39:57 2017 -0800 f2fs: declare static functions This is to avoid build warning reported by kbuild test robot. Signed-off-by: Fengguang Wu Signed-off-by: Jaegeuk Kim fs/f2fs/node.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 720037f939fa50fc3531035ae61b4cf4b0ff35e5 Author: Jaegeuk Kim Date: Mon Mar 6 11:59:56 2017 -0800 f2fs: don't overwrite node block by SSR This patch fixes that SSR can overwrite previous warm node block consisting of a node chain since the last checkpoint. Fixes: 5b6c6be2d878 ("f2fs: use SSR for warm node as well") Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 9702c67c6066f583b629cf037d2056245bb7a8e6 Author: John Garry Date: Thu Mar 16 23:07:28 2017 +0800 scsi: libsas: fix ata xfer length The total ata xfer length may not be calculated properly, in that we do not use the proper method to get an sg element dma length. According to the code comment, sg_dma_len() should be used after dma_map_sg() is called. This issue was found by turning on the SMMUv3 in front of the hisi_sas controller in hip07. Multiple sg elements were being combined into a single element, but the original first element length was being use as the total xfer length. Cc: Fixes: ff2aeb1eb64c8a4770a6 ("libata: convert to chained sg") Signed-off-by: John Garry Signed-off-by: Martin K. Petersen drivers/scsi/libsas/sas_ata.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fdfe4a393e9cd8c92f4489ca207d410f44d05043 Author: Stafford Horne Date: Mon Mar 13 23:45:21 2017 +0900 generic syscalls: Wire up statx syscall The new syscall statx is implemented as generic code, so enable it for architectures like openrisc which use the generic syscall table. Fixes: a528d35e8bfcc ("statx: Add a system call to make enhanced file info available") Cc: Thomas Gleixner Cc: Al Viro Cc: David Howells Cc: Catalin Marinas Cc: Will Deacon Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Stafford Horne Signed-off-by: Will Deacon include/uapi/asm-generic/unistd.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 83749abaafed348cdac6a63b5f76aa9b1b42409b Author: Bard Liao Date: Mon Mar 20 10:20:53 2017 +0800 ASoC: rt5665: fix wrong shift rt5665_if2_1_adc_in_enum The shift is RT5665_IF2_1_ADC_IN_SFT not RT5665_IF3_ADC_IN_SFT. Signed-off-by: Bard Liao Signed-off-by: Mark Brown sound/soc/codecs/rt5665.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cc3a47a248d7791ef0d2c81a35c46769e55e4c6c Author: Jaroslav Kysela Date: Thu Mar 9 13:30:09 2017 +0100 ALSA: hda - add support for docking station for HP 840 G3 This tested patch adds missing initialization for Line-In/Out PINs for the docking station for HP 840 G3. Signed-off-by: Jaroslav Kysela Signed-off-by: Takashi Iwai sound/pci/hda/patch_conexant.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 04d5466a976b096364a39a63ac264c1b3a5f8fa1 Author: Jaroslav Kysela Date: Thu Mar 9 13:29:13 2017 +0100 ALSA: hda - add support for docking station for HP 820 G2 This tested patch adds missing initialization for Line-In/Out PINs for the docking station for HP 820 G2. Signed-off-by: Jaroslav Kysela Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) commit 72f310481a08db821b614e7b5d00febcc9064b36 Author: Marc Zyngier Date: Thu Mar 16 18:20:50 2017 +0000 arm/arm64: KVM: Take mmap_sem in kvm_arch_prepare_memory_region We don't hold the mmap_sem while searching for VMAs (via find_vma), in kvm_arch_prepare_memory_region, which can end up in expected failures. Fixes: commit 8eef91239e57 ("arm/arm64: KVM: map MMIO regions at creation time") Cc: Ard Biesheuvel Cc: Eric Auger Cc: stable@vger.kernel.org # v3.18+ Reviewed-by: Christoffer Dall [ Handle dirty page logging failure case ] Signed-off-by: Suzuki K Poulose Signed-off-by: Marc Zyngier arch/arm/kvm/mmu.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 90f6e150e44a0dc3883110eeb3ab35d1be42b6bb Author: Marc Zyngier Date: Thu Mar 16 18:20:49 2017 +0000 arm/arm64: KVM: Take mmap_sem in stage2_unmap_vm We don't hold the mmap_sem while searching for the VMAs when we try to unmap each memslot for a VM. Fix this properly to avoid unexpected results. Fixes: commit 957db105c997 ("arm/arm64: KVM: Introduce stage2_unmap_vm") Cc: stable@vger.kernel.org # v3.19+ Reviewed-by: Christoffer Dall Signed-off-by: Suzuki K Poulose Signed-off-by: Marc Zyngier arch/arm/kvm/mmu.c | 2 ++ 1 file changed, 2 insertions(+) commit e3b1ebd673876f2cdb0b84205e52a33b94a9860f Author: Geert Uytterhoeven Date: Mon Mar 6 11:04:22 2017 +0100 m68k: Wire up statx Signed-off-by: Geert Uytterhoeven arch/m68k/include/asm/unistd.h | 2 +- arch/m68k/include/uapi/asm/unistd.h | 1 + arch/m68k/kernel/syscalltable.S | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) commit 3820ed470e71d7aa3d355495f7fd1cd8457e7c96 Author: Geert Uytterhoeven Date: Mon Mar 6 10:40:02 2017 +0100 m68k/defconfig: Update defconfigs for v4.11-rc1 Signed-off-by: Geert Uytterhoeven arch/m68k/configs/amiga_defconfig | 14 +++++++++++++- arch/m68k/configs/apollo_defconfig | 14 +++++++++++++- arch/m68k/configs/atari_defconfig | 14 +++++++++++++- arch/m68k/configs/bvme6000_defconfig | 14 +++++++++++++- arch/m68k/configs/hp300_defconfig | 14 +++++++++++++- arch/m68k/configs/mac_defconfig | 14 +++++++++++++- arch/m68k/configs/multi_defconfig | 14 +++++++++++++- arch/m68k/configs/mvme147_defconfig | 14 +++++++++++++- arch/m68k/configs/mvme16x_defconfig | 14 +++++++++++++- arch/m68k/configs/q40_defconfig | 14 +++++++++++++- arch/m68k/configs/sun3_defconfig | 14 +++++++++++++- arch/m68k/configs/sun3x_defconfig | 14 +++++++++++++- 12 files changed, 156 insertions(+), 12 deletions(-) commit 066def56dc712329561abadcea15be9cad7393b6 Author: Geert Uytterhoeven Date: Mon Jan 2 13:51:43 2017 +0100 m68k/bitops: Correct signature of test_bit() mm/filemap.c: In function ‘clear_bit_unlock_is_negative_byte’: mm/filemap.c:933: warning: passing argument 2 of ‘test_bit’ discards qualifiers from pointer target type Make the bitmask pointed to by the "vaddr" parameter volatile to fix this, like is done on other architectures. Signed-off-by: Geert Uytterhoeven arch/m68k/include/asm/bitops.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f13eed7abba7f3df76287e084e7d46c24935dd61 Merge: b7048ea 2958b90 Author: Jani Nikula Date: Mon Mar 20 12:10:26 2017 +0200 Merge tag 'gvt-fixes-2017-03-17' of https://github.com/01org/gvt-linux into drm-intel-fixes gvt-fixes-2017-03-17 - force_nonpriv reg handling in cmd parser (Yan) - gvt error message cleanup (Tina) - i915_wait_request fix from Chris - KVM srcu warning fix (Changbin) - ensure shadow ctx pinned (Chuanxiao) - critical gvt scheduler interval time fix (Zhenyu) - etc. Signed-off-by: Jani Nikula commit 6d98ce0be541d4a3cfbb52cd75072c0339ebb500 Author: Nicholas Piggin Date: Fri Mar 17 15:13:20 2017 +1000 powerpc/64s: Fix idle wakeup potential to clobber registers We concluded there may be a window where the idle wakeup code could get to pnv_wakeup_tb_loss() (which clobbers non-volatile GPRs), but the hardware may set SRR1[46:47] to 01b (no state loss) which would result in the wakeup code failing to restore non-volatile GPRs. I was not able to trigger this condition with trivial tests on real hardware or simulator, but the ISA (at least 2.07) seems to allow for it, and Gautham says that it can happen if there is an exception pending when the sleep/winkle instruction is executed. Fixes: 1706567117ba ("powerpc/kvm: make hypervisor state restore a function") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Nicholas Piggin Acked-by: Gautham R. Shenoy Signed-off-by: Michael Ellerman arch/powerpc/kernel/idle_book3s.S | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) commit b467e08a15563dede0d37d3233baa24fb97a7310 Author: Icenowy Zheng Date: Sat Mar 18 04:19:43 2017 +0800 clk: sunxi-ng: fix recalc_rate formula of NKMP clocks In commit e66f81bbd746 ("clk: sunxi-ng: Implement factors offsets"), the final formula of NKMP clocks' recalc_rate is refactored; however, the refactored formula broke the calculation due to some C language operand priority problem -- the priority of operand >> is lower than * and /, makes the formula being parsed as "(parent_rate * n * k) >> (p / m)", but it should be "(parent_rate * n * k >> p) / m". Add the pair of parentheses to fix up this issue. This pair of parentheses used to exist in the old formula. Fixes: e66f81bbd746 ("clk: sunxi-ng: Implement factors offsets") Signed-off-by: Icenowy Zheng Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/ccu_nkmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 07f5ab6002a4f0b633f3495157166f9f6180871b Author: Vaibhav Jain Date: Thu Feb 23 08:57:26 2017 +0530 cxl: Route eeh events to all slices for pci_channel_io_perm_failure state Fix a boundary condition where in some cases an eeh event with state == pci_channel_io_perm_failure wont be passed on to a driver attached to the virtual PCI device associated with a slice. This will happen in case the slice just before (n-1) doesn't have any vPHB bus associated with it, that results in an early return from cxl_pci_error_detected() callback. With state == pci_channel_io_perm_failure, the adapter will be removed irrespective of the return value of cxl_vphb_error_detected(). So we now always return PCI_ERS_RESULT_DISCONNECTED for this case i.e even if the AFU isn't using a vPHB (currently returns PCI_ERS_RESULT_NONE). Fixes: e4f5fc001a6("cxl: Do not create vPHB if there are no AFU configuration records") Signed-off-by: Vaibhav Jain Reviewed-by: Matthew R. Ochs Reviewed-by: Andrew Donnellan Acked-by: Frederic Barrat Signed-off-by: Michael Ellerman drivers/misc/cxl/pci.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit f363a06642f28caaa78cb6446bbad90c73fe183c Author: Takashi Iwai Date: Mon Mar 20 10:08:19 2017 +0100 ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call In the commit [15c75b09f8d1: ALSA: ctxfi: Fallback DMA mask to 32bit], I forgot to put "!" at dam_set_mask() call check in cthw20k1.c (while cthw20k2.c is OK). This patch fixes that obvious bug. (As a side note: although the original commit was completely wrong, it's still working for most of machines, as it sets to 32bit DMA mask in the end. So the bug severity is low.) Fixes: 15c75b09f8d1 ("ALSA: ctxfi: Fallback DMA mask to 32bit") Cc: Signed-off-by: Takashi Iwai sound/pci/ctxfi/cthw20k1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fe686babf4cf62b9b214b99847c735baa35a9fa2 Author: Philipp Tomsich Date: Wed Mar 15 12:23:58 2017 +0100 clk: sunxi-ng: Fix div/mult settings for osc12M on A64 The mult/div for osc12M was previously backwards (giving a 48M rate for osc12M). Fix it. Signed-off-by: Philipp Tomsich Tested-by: Christoph Muellner Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 975629c3f76ce3d86e1f943db9847e0312a98daf Author: Pei Zhang Date: Mon Mar 20 23:49:19 2017 +0800 drm/i915/gvt: add write handler for mmio mbctl Guest will write mmio mbctl which need a special handler in gvt to clear the bit 4 to inidcate the write operation success. V2: use bit definition macro to make code readable. Signed-off-by: Pei Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 9693219aa61dc7a75ac015e5c011e889cb821eec Author: Icenowy Zheng Date: Sat Mar 18 05:23:15 2017 +0800 ARM: sun8i: a23/a33: drop bl_en_pin GPIO pinmux in reference design DTSI The bl_en_pin GPIO pinmux is configured as "gpio_in", which makes it conflicts with the real GPIO usage (out), and makes the backlight not usable. Drop the GPIO pinmux for it, thus this GPIO can be correctly used. Signed-off-by: Icenowy Zheng Signed-off-by: Maxime Ripard arch/arm/boot/dts/sun8i-reference-design-tablet.dtsi | 7 ------- 1 file changed, 7 deletions(-) commit 0cdefd5b5485ee6eb3512a75739d09a4090176ed Author: Florian Fainelli Date: Sat Mar 18 21:53:20 2017 -0700 ARM: dts: sun7i: lamobo-r1: Fix CPU port RGMII settings The CPU port of the BCM53125 is configured with RGMII (no delays) but this should actually be RGMII with transmit delay (rgmii-txid) because STMMAC takes care of inserting the transmitter delay. This fixes occasional packet loss encountered. Fixes: d7b9eaff5f0c ("ARM: dts: sun7i: Add BCM53125 switch nodes to the lamobo-r1 board") Reported-by: Hartmut Knaack Signed-off-by: Florian Fainelli Signed-off-by: Maxime Ripard arch/arm/boot/dts/sun7i-a20-lamobo-r1.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 93a15b58cfb8a24e666ffca432f19fe65c1cd7d1 Author: Alex Williamson Date: Sun Mar 19 20:38:40 2017 -0600 drm/i915/kvmgt: Hold struct kvm reference The kvmgt code keeps a pointer to the struct kvm associated with the device, but doesn't actually hold a reference to it. If we do unclean shutdown testing (ie. killing the user process), then we can see the kvm association to the device unset, which causes kvmgt to trigger a device release via a work queue. Naturally we cannot guarantee that the cached struct kvm pointer is still valid at this point without holding a reference. The observed failure in this case is a stuck cpu trying to acquire the spinlock from the invalid reference, but other failure modes are clearly possible. Hold a reference to avoid this. Signed-off-by: Alex Williamson Cc: stable@vger.kernel.org #v4.10 Cc: Jike Song Cc: Paolo Bonzini Cc: Zhenyu Wang Cc: Zhi Wang Reviewed-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 2 ++ 1 file changed, 2 insertions(+) commit 97da3854c526d3a6ee05c849c96e48d21527606c Author: Linus Torvalds Date: Sun Mar 19 19:09:39 2017 -0700 Linux 4.11-rc3 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 452b94b8c8c7eb7dd0d0fa9a9776e0d02cd73b97 Author: Linus Torvalds Date: Sun Mar 19 19:00:47 2017 -0700 mm/swap: don't BUG_ON() due to uninitialized swap slot cache This BUG_ON() triggered for me once at shutdown, and I don't see a reason for the check. The code correctly checks whether the swap slot cache is usable or not, so an uninitialized swap slot cache is not actually problematic afaik. I've temporarily just switched the BUG_ON() to a WARN_ON_ONCE(), since I'm not sure why that seemingly pointless check was there. I suspect the real fix is to just remove it entirely, but for now we'll warn about it but not bring the machine down. Cc: "Huang, Ying" Cc: Tim Chen Cc: Michal Hocko Cc: Andrew Morton Signed-off-by: Linus Torvalds mm/swap_slots.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a07a6e4121f1d4e1bbaead8210404a7f37139267 Merge: 4571bc5 8971e1c Author: Linus Torvalds Date: Sun Mar 19 18:49:28 2017 -0700 Merge tag 'powerpc-4.11-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull more powerpc fixes from Michael Ellerman: "A couple of minor powerpc fixes for 4.11: - wire up statx() syscall - don't print a warning on memory hotplug when HPT resizing isn't available Thanks to: David Gibson, Chandan Rajendra" * tag 'powerpc-4.11-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/pseries: Don't give a warning when HPT resizing isn't available powerpc: Wire up statx() syscall commit 4571bc5abfba3bed8cb18f640bfcaf336473aee3 Merge: 8aa3417 73580da Author: Linus Torvalds Date: Sun Mar 19 18:11:13 2017 -0700 Merge branch 'parisc-4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fixes from Helge Deller: - Mikulas Patocka added support for R_PARISC_SECREL32 relocations in modules with CONFIG_MODVERSIONS. - Dave Anglin optimized the cache flushing for vmap ranges. - Arvind Yadav provided a fix for a potential NULL pointer dereference in the parisc perf code (and some code cleanups). - I wired up the new statx system call, fixed some compiler warnings with the access_ok() macro and fixed shutdown code to really halt a system at shutdown instead of crashing & rebooting. * 'parisc-4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Fix system shutdown halt parisc: perf: Fix potential NULL pointer dereference parisc: Avoid compiler warnings with access_ok() parisc: Wire up statx system call parisc: Optimize flush_kernel_vmap_range and invalidate_kernel_vmap_range parisc: support R_PARISC_SECREL32 relocation in modules commit 8aa3417255fababc0cab7128dd7520d3af344ab8 Merge: 1b8df61 6c611d1 Author: Linus Torvalds Date: Sun Mar 19 18:06:31 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending Pull SCSI target fixes from Nicholas Bellinger: "The bulk of the changes are in qla2xxx target driver code to address various issues found during Cavium/QLogic's internal testing (stable CC's included), along with a few other stability and smaller miscellaneous improvements. There are also a couple of different patch sets from Mike Christie, which have been a result of his work to use target-core ALUA logic together with tcm-user backend driver. Finally, a patch to address some long standing issues with pass-through SCSI export of TYPE_TAPE + TYPE_MEDIUM_CHANGER devices, which will make folks using physical (or virtual) magnetic tape happy" * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (28 commits) qla2xxx: Update driver version to 9.00.00.00-k qla2xxx: Fix delayed response to command for loop mode/direct connect. qla2xxx: Change scsi host lookup method. qla2xxx: Add DebugFS node to display Port Database qla2xxx: Use IOCB interface to submit non-critical MBX. qla2xxx: Add async new target notification qla2xxx: Export DIF stats via debugfs qla2xxx: Improve T10-DIF/PI handling in driver. qla2xxx: Allow relogin to proceed if remote login did not finish qla2xxx: Fix sess_lock & hardware_lock lock order problem. qla2xxx: Fix inadequate lock protection for ABTS. qla2xxx: Fix request queue corruption. qla2xxx: Fix memory leak for abts processing qla2xxx: Allow vref count to timeout on vport delete. tcmu: Convert cmd_time_out into backend device attribute tcmu: make cmd timeout configurable tcmu: add helper to check if dev was configured target: fix race during implicit transition work flushes target: allow userspace to set state to transitioning target: fix ALUA transition timeout handling ... commit 1b8df61908bde12946877b4c079bb73fc0bd3409 Merge: 93afaa4 52084f8 Author: Linus Torvalds Date: Sun Mar 19 15:45:02 2017 -0700 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull device-dax fixes from Dan Williams: "The device-dax driver was not being careful to handle falling back to smaller fault-granularity sizes. The driver already fails fault attempts that are smaller than the device's alignment, but it also needs to handle the cases where a larger page mapping could be established. For simplicity of the immediate fix the implementation just signals VM_FAULT_FALLBACK until fault-size == device-alignment. One fix is for -stable to address pmd-to-pte fallback from the original implementation, another fix is for the new (introduced in 4.11-rc1) pud-to-pmd regression, and a typo fix comes along for the ride. These have received a build success notification from the kbuild robot" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: device-dax: fix debug output typo device-dax: fix pud fault fallback handling device-dax: fix pmd/pte fault fallback handling commit 0aeccdfe220c360ab888816da06b8eb67d910ff6 Author: Bart Van Assche Date: Fri Mar 17 17:02:03 2017 -0700 scsi: scsi_dh_alua: Warn if the first argument of alua_rtpg_queue() is NULL Callers must provide a valid port group to alua_rtpg_queue(). Issue a kernel warning if that is not the case. Signed-off-by: Bart Van Assche Cc: Hannes Reinecke Cc: Tang Junhui Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/device_handler/scsi_dh_alua.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7cb689fe42927281b8d98606ae5450173fcc66a9 Author: Bart Van Assche Date: Fri Mar 17 17:02:02 2017 -0700 scsi: scsi_dh_alua: Ensure that alua_activate() calls the completion function Callers of scsi_dh_activate(), e.g. dm-mpath, assume that this function either returns an error code or calls the completion function. Make alua_activate() call the completion function even if scsi_device_get() fails. Signed-off-by: Bart Van Assche Cc: Hannes Reinecke Cc: Tang Junhui Cc: Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/device_handler/scsi_dh_alua.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) commit 625fe857e4fac6518716f3c0ff5e5deb8ec6d238 Author: Bart Van Assche Date: Fri Mar 17 17:02:01 2017 -0700 scsi: scsi_dh_alua: Check scsi_device_get() return value Do not queue ALUA work nor call scsi_device_put() if the scsi_device_get() call fails. This patch fixes the following crash: general protection fault: 0000 [#1] SMP RIP: 0010:scsi_device_put+0xb/0x30 Call Trace: scsi_disk_put+0x2d/0x40 sd_release+0x3d/0xb0 __blkdev_put+0x29e/0x360 blkdev_put+0x49/0x170 dm_put_table_device+0x58/0xc0 [dm_mod] dm_put_device+0x70/0xc0 [dm_mod] free_priority_group+0x92/0xc0 [dm_multipath] free_multipath+0x70/0xc0 [dm_multipath] multipath_dtr+0x19/0x20 [dm_multipath] dm_table_destroy+0x67/0x120 [dm_mod] dev_suspend+0xde/0x240 [dm_mod] ctl_ioctl+0x1f5/0x520 [dm_mod] dm_ctl_ioctl+0xe/0x20 [dm_mod] do_vfs_ioctl+0x8f/0x700 SyS_ioctl+0x3c/0x70 entry_SYSCALL_64_fastpath+0x18/0xad Fixes: commit 03197b61c5ec ("scsi_dh_alua: Use workqueue for RTPG") Signed-off-by: Bart Van Assche Cc: Hannes Reinecke Cc: Tang Junhui Cc: Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/device_handler/scsi_dh_alua.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 6985bd5e21901c2d2bfc924b114887e20c002901 Author: Lorenzo Bianconi Date: Tue Mar 14 22:05:20 2017 +0100 iio: imu: st_lsm6dsx: fix FIFO_CTRL2 overwrite during watermark configuration Fixes: 290a6ce11d93 (iio: imu: add support to lsm6dsx driver) Signed-off-by: Lorenzo Bianconi Signed-off-by: Jonathan Cameron drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6c611d18f386d37cce3afbd921568e2a895bd86e Author: Himanshu Madhani Date: Wed Mar 15 09:48:56 2017 -0700 qla2xxx: Update driver version to 9.00.00.00-k Signed-off-by: Himanshu Madhani signed-off-by: Giridhar Malavali Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_version.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit ec7193e26055112bc824929fd943035f9a30b06f Author: Quinn Tran Date: Wed Mar 15 09:48:55 2017 -0700 qla2xxx: Fix delayed response to command for loop mode/direct connect. Current driver wait for FW to be in the ready state before processing in-coming commands. For Arbitrated Loop or Point-to- Point (not switch), FW Ready state can take a while. FW will transition to ready state after all Nports have been logged in. In the mean time, certain initiators have completed the login and starts IO. Driver needs to start processing all queues if FW is already started. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_def.h | 10 ++++++++-- drivers/scsi/qla2xxx/qla_init.c | 12 ++++++++++++ drivers/scsi/qla2xxx/qla_isr.c | 14 +++++++++++++- drivers/scsi/qla2xxx/qla_mbx.c | 6 +++--- drivers/scsi/qla2xxx/qla_os.c | 21 ++++++++++++++++++++- drivers/scsi/qla2xxx/qla_target.c | 38 +++++++++++++++++++++++++------------- 6 files changed, 81 insertions(+), 20 deletions(-) commit 482c9dc79204bb83c3433a59680c787a0b98c000 Author: Quinn Tran Date: Wed Mar 15 09:48:54 2017 -0700 qla2xxx: Change scsi host lookup method. For target mode, when new scsi command arrive, driver first performs a look up of the SCSI Host. The current look up method is based on the ALPA portion of the NPort ID. For Cisco switch, the ALPA can not be used as the index. Instead, the new search method is based on the full value of the Nport_ID via btree lib. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/Kconfig | 1 + drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_gbl.h | 2 + drivers/scsi/qla2xxx/qla_init.c | 14 +++--- drivers/scsi/qla2xxx/qla_mbx.c | 28 ++++-------- drivers/scsi/qla2xxx/qla_os.c | 1 + drivers/scsi/qla2xxx/qla_target.c | 92 +++++++++++++++++++++++++++++++++------ 7 files changed, 100 insertions(+), 40 deletions(-) commit c423437e3ff41b8ca551ab6621baf11538dbfe9d Author: Himanshu Madhani Date: Wed Mar 15 09:48:53 2017 -0700 qla2xxx: Add DebugFS node to display Port Database Signed-off-by: Himanshu Madhani Signed-off-by: Giridhar Malavali Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_def.h | 2 + drivers/scsi/qla2xxx/qla_dfs.c | 92 ++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 90 insertions(+), 4 deletions(-) commit 15f30a5752287f20c7de428423c34bc51cfbe465 Author: Quinn Tran Date: Wed Mar 15 09:48:52 2017 -0700 qla2xxx: Use IOCB interface to submit non-critical MBX. The Mailbox interface is currently over subscribed. We like to reserve the Mailbox interface for the chip managment and link initialization. Any non essential Mailbox command will be routed through the IOCB interface. The IOCB interface is able to absorb more commands. Following commands are being routed through IOCB interface - Get ID List (007Ch) - Get Port DB (0064h) - Get Link Priv Stats (006Dh) Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_def.h | 12 +- drivers/scsi/qla2xxx/qla_gbl.h | 10 +- drivers/scsi/qla2xxx/qla_init.c | 46 +------ drivers/scsi/qla2xxx/qla_isr.c | 2 +- drivers/scsi/qla2xxx/qla_mbx.c | 270 ++++++++++++++++++++++++++++++++++++-- drivers/scsi/qla2xxx/qla_target.c | 4 +- 6 files changed, 279 insertions(+), 65 deletions(-) commit f1443eebca7792b3b8b41b27652d67ddc5d31fa2 Author: Quinn Tran Date: Wed Mar 15 09:48:51 2017 -0700 qla2xxx: Add async new target notification Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_target.c | 6 +++--- drivers/scsi/qla2xxx/qla_target.h | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) commit 54b9993c8cf2d77c0f23be828a22e0817f742442 Author: Anil Gurumurthy Date: Wed Mar 15 09:48:50 2017 -0700 qla2xxx: Export DIF stats via debugfs Signed-off-by: Anil Gurumurthy Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_def.h | 12 ++++++++++++ drivers/scsi/qla2xxx/qla_dfs.c | 15 +++++++++++++++ 2 files changed, 27 insertions(+) commit be25152c0d9e236076323abbe9def9714234b761 Author: Quinn Tran Date: Wed Mar 15 09:48:49 2017 -0700 qla2xxx: Improve T10-DIF/PI handling in driver. Add routines to support T10 DIF tag. Signed-off-by: Quinn Tran Signed-off-by: Anil Gurumurthy Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_dbg.h | 1 + drivers/scsi/qla2xxx/qla_def.h | 10 + drivers/scsi/qla2xxx/qla_gbl.h | 6 +- drivers/scsi/qla2xxx/qla_iocb.c | 13 +- drivers/scsi/qla2xxx/qla_target.c | 540 ++++++++++++++++++++++--------------- drivers/scsi/qla2xxx/qla_target.h | 38 ++- drivers/scsi/qla2xxx/tcm_qla2xxx.c | 49 ++-- 7 files changed, 406 insertions(+), 251 deletions(-) commit 5b33469a055c77001fd2c62b0f985c991b0e5b65 Author: Quinn Tran Date: Wed Mar 15 09:48:48 2017 -0700 qla2xxx: Allow relogin to proceed if remote login did not finish If the remote port have started the login process, then the PLOGI and PRLI should be back to back. Driver will allow the remote port to complete the process. For the case where the remote port decide to back off from sending PRLI, this local port sets an expiration timer for the PRLI. Once the expiration time passes, the relogin retry logic is allowed to go through and perform login with the remote port. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_def.h | 2 ++ drivers/scsi/qla2xxx/qla_init.c | 12 ++++++++++-- drivers/scsi/qla2xxx/qla_isr.c | 25 +++++++++++++++++++------ drivers/scsi/qla2xxx/qla_target.c | 1 + 4 files changed, 32 insertions(+), 8 deletions(-) commit f159b3c7cd45c550d0f73806451a10b6b6bc08ae Author: Quinn Tran Date: Wed Mar 15 09:48:47 2017 -0700 qla2xxx: Fix sess_lock & hardware_lock lock order problem. The main lock that needs to be held for CMD or TMR submission to upper layer is the sess_lock. The sess_lock is used to serialize cmd submission and session deletion. The addition of hardware_lock being held is not necessary. This patch removes hardware_lock dependency from CMD/TMR submission. Use hardware_lock only for error response in this case. Path1 CPU0 CPU1 ---- ---- lock(&(&ha->tgt.sess_lock)->rlock); lock(&(&ha->hardware_lock)->rlock); lock(&(&ha->tgt.sess_lock)->rlock); lock(&(&ha->hardware_lock)->rlock); Path2/deadlock *** DEADLOCK *** Call Trace: dump_stack+0x85/0xc2 print_circular_bug+0x1e3/0x250 __lock_acquire+0x1425/0x1620 lock_acquire+0xbf/0x210 _raw_spin_lock_irqsave+0x53/0x70 qlt_sess_work_fn+0x21d/0x480 [qla2xxx] process_one_work+0x1f4/0x6e0 Cc: Cc: Bart Van Assche Reported-by: Bart Van Assche Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_target.c | 41 +++++++++++++++++---------------------- 1 file changed, 18 insertions(+), 23 deletions(-) commit 8f6fc8d4e7ae2347d6261d11a7eb2b247d2954d8 Author: Quinn Tran Date: Wed Mar 15 09:48:46 2017 -0700 qla2xxx: Fix inadequate lock protection for ABTS. Normally, ABTS is sent to Target Core as Task MGMT command. In the case of error, qla2xxx needs to send response, hardware_lock is required to prevent request queue corruption. Cc: Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_target.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 8b666809e10cda9814af3e8be339d35b83909056 Author: Quinn Tran Date: Wed Mar 15 09:48:45 2017 -0700 qla2xxx: Fix request queue corruption. When FW notify driver or driver detects low FW resource, driver tries to send out Busy SCSI Status to tell Initiator side to back off. During the send process, the lock was not held. Cc: Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_target.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit ae940f2c472a62904dc18234de5cf3ed28f195ee Author: Quinn Tran Date: Wed Mar 15 09:48:44 2017 -0700 qla2xxx: Fix memory leak for abts processing Cc: Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_target.c | 2 ++ 1 file changed, 2 insertions(+) commit c4a9b538ab2a109c5f9798bea1f8f4bf93aadfb9 Author: Joe Carnuccio Date: Wed Mar 15 09:48:43 2017 -0700 qla2xxx: Allow vref count to timeout on vport delete. Cc: Signed-off-by: Joe Carnuccio Signed-off-by: Himanshu Madhani Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_attr.c | 4 +--- drivers/scsi/qla2xxx/qla_def.h | 6 +++++- drivers/scsi/qla2xxx/qla_init.c | 1 + drivers/scsi/qla2xxx/qla_mid.c | 14 ++++++++------ drivers/scsi/qla2xxx/qla_os.c | 1 + 5 files changed, 16 insertions(+), 10 deletions(-) commit 7d7a743543905a8297dce53b36e793e5307da5d7 Author: Nicholas Bellinger Date: Sat Mar 18 15:04:13 2017 -0700 tcmu: Convert cmd_time_out into backend device attribute Instead of putting cmd_time_out under ../target/core/user_0/foo/control, which has historically been used by parameters needed for initial backend device configuration, go ahead and move cmd_time_out into a backend device attribute. In order to do this, tcmu_module_init() has been updated to create a local struct configfs_attribute **tcmu_attrs, that is based upon the existing passthrough_attrib_attrs along with the new cmd_time_out attribute. Once **tcm_attrs has been setup, go ahead and point it at tcmu_ops->tb_dev_attrib_attrs so it's picked up by target-core. Also following MNC's previous change, ->cmd_time_out is stored in milliseconds but exposed via configfs in seconds. Also, note this patch restricts the modification of ->cmd_time_out to before + after the TCMU device has been configured, but not while it has active fabric exports. Cc: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 94 ++++++++++++++++++++++++++++----------- 1 file changed, 68 insertions(+), 26 deletions(-) commit af980e46a26ac8805685bb70c8572dbc47abb126 Author: Mike Christie Date: Thu Mar 9 02:42:09 2017 -0600 tcmu: make cmd timeout configurable A single daemon could implement multiple types of devices using multuple types of real devices that may not support restarting from crashes and/or handling tcmu timeouts. This makes the cmd timeout configurable, so handlers that do not support it can turn if off for now. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 41 +++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) commit 972c7f167974fa41ea8a2eed4b857cc59f59c42c Author: Mike Christie Date: Thu Mar 9 02:42:08 2017 -0600 tcmu: add helper to check if dev was configured This adds a helper to check if the dev was configured. It will be used in the next patch to prevent updates to some config settings after the device has been setup. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 93afaa4513bb08e69a3d6988ab4c3bf6c7cf07d3 Merge: 3e51f89 363dad5 Author: Linus Torvalds Date: Sat Mar 18 15:50:39 2017 -0700 Merge tag 'openrisc-for-linus' of git://github.com/openrisc/linux Pull OpenRISC fixes from Stafford Horne: "OpenRISC fixes for build issues that were exposed by kbuild robots after 4.11 merge. All from allmodconfig builds. This includes: - bug in the handling of 8-byte get_user() calls - module build failure due to multile missing symbol exports" * tag 'openrisc-for-linus' of git://github.com/openrisc/linux: openrisc: Export symbols needed by modules openrisc: fix issue handling 8 byte get_user calls openrisc: xchg: fix `computed is not used` warning commit 760bf578edf8122f2503a3a6a3f4b0de3b6ce0bb Author: Mike Christie Date: Thu Mar 2 04:59:50 2017 -0600 target: fix race during implicit transition work flushes This fixes the following races: 1. core_alua_do_transition_tg_pt could have read tg_pt_gp_alua_access_state and gone into this if chunk: if (!explicit && atomic_read(&tg_pt_gp->tg_pt_gp_alua_access_state) == ALUA_ACCESS_STATE_TRANSITION) { and then core_alua_do_transition_tg_pt_work could update the state. core_alua_do_transition_tg_pt would then only set tg_pt_gp_alua_pending_state and the tg_pt_gp_alua_access_state would not get updated with the second calls state. 2. core_alua_do_transition_tg_pt could be setting tg_pt_gp_transition_complete while the tg_pt_gp_transition_work is already completing. core_alua_do_transition_tg_pt then waits on the completion that will never be called. To handle these issues, we just call flush_work which will return when core_alua_do_transition_tg_pt_work has completed so there is no need to do the complete/wait. And, if core_alua_do_transition_tg_pt_work was running, instead of trying to sneak in the state change, we just schedule up another core_alua_do_transition_tg_pt_work call. Note that this does not handle a possible race where there are multiple threads call core_alua_do_transition_tg_pt at the same time. I think we need a mutex in target_tg_pt_gp_alua_access_state_store. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_alua.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) commit 1ca4d4fa3bfcbe8964f81e5818a9b90436466eb0 Author: Mike Christie Date: Thu Mar 2 04:59:49 2017 -0600 target: allow userspace to set state to transitioning Userspace target_core_user handlers like tcmu-runner may want to set the ALUA state to transitioning while it does implicit transitions. This patch allows that state when set from configfs. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_alua.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) commit d7175373f2745ed4abe5b388d5aabd06304f801e Author: Mike Christie Date: Thu Mar 2 04:59:48 2017 -0600 target: fix ALUA transition timeout handling The implicit transition time tells initiators the min time to wait before timing out a transition. We currently schedule the transition to occur in tg_pt_gp_implicit_trans_secs seconds so there is no room for delays. If core_alua_do_transition_tg_pt_work->core_alua_update_tpg_primary_metadata needs to write out info to a remote file, then the initiator can easily time out the operation. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_alua.c | 23 ++++++++--------------- include/target/target_core_base.h | 2 +- 2 files changed, 9 insertions(+), 16 deletions(-) commit 207ee84133c00a8a2a5bdec94df4a5b37d78881c Author: Mike Christie Date: Wed Mar 1 23:13:26 2017 -0600 target: Use system workqueue for ALUA transitions If tcmu-runner is processing a STPG and needs to change the kernel's ALUA state then we cannot use the same work queue for task management requests and ALUA transitions, because we could deadlock. The problem occurs when a STPG times out before tcmu-runner is able to call into target_tg_pt_gp_alua_access_state_store-> core_alua_do_port_transition -> core_alua_do_transition_tg_pt -> queue_work. In this case, the tmr is on the work queue waiting for the STPG to complete, but the STPG transition is now queued behind the waiting tmr. Note: This bug will also be fixed by this patch: http://www.spinics.net/lists/target-devel/msg14560.html which switches the tmr code to use the system workqueues. For both, I am not sure if we need a dedicated workqueue since it is not a performance path and I do not think we need WQ_MEM_RECLAIM to make forward progress to free up memory like the block layer does. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_alua.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 0a4145729871ef29afe8b0c57560a1f5bd736416 Author: Mike Christie Date: Wed Mar 1 23:13:25 2017 -0600 target: fail ALUA transitions for pscsi We do not setup the LU group for pscsi devices, so if you write a state to alua_access_state that will cause a transition you will get a NULL pointer dereference. This patch will fail attempts to try and transition the path for backend devices that set the TRANSPORT_FLAG_PASSTHROUGH_ALUA flag. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_alua.c | 3 +++ 1 file changed, 3 insertions(+) commit 530c6891b1220cba780b6c18f4691d85a3435080 Author: Mike Christie Date: Wed Mar 1 23:13:24 2017 -0600 target: allow ALUA setup for some passthrough backends This patch allows passthrough backends to use the core/base LIO ALUA setup and state checks, but still handle the execution of commands. This will allow the target_core_user module to execute STPG and RTPG in userspace, and not have to duplicate the ALUA state checks, path information (needed so we can check if command is executable on specific paths) and setup (rtslib sets/updates the configfs ALUA interface like it does for iblock or file). For STPG, the target_core_user userspace daemon, tcmu-runner will still execute the STPG, and to update the core/base LIO state it will use the existing configfs interface. For RTPG, tcmu-runner will loop over configfs and/or cache the state. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_alua.c | 9 +++++---- drivers/target/target_core_pscsi.c | 3 ++- drivers/target/target_core_tpg.c | 3 ++- include/target/target_core_backend.h | 7 ++++++- 4 files changed, 15 insertions(+), 7 deletions(-) commit 2579325ca0acc598fdf41ba12b2871d3467f28df Author: Mike Christie Date: Wed Mar 1 23:14:40 2017 -0600 tcmu: return on first Opt parse failure We only were returing failure if the last opt to be parsed failed. This has a return failure when we first detect a failure. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 3 +++ 1 file changed, 3 insertions(+) commit 3abaa2bfdb1e6bb33d38a2e82cf3bb82ec0197bf Author: Mike Christie Date: Wed Mar 1 23:14:39 2017 -0600 tcmu: allow hw_max_sectors greater than 128 tcmu hard codes the hw_max_sectors to 128 which is a litle small. Userspace uses the max_sectors to report the optimal IO size and some initiators perform better with larger IOs (open-iscsi seems to do better with 256 to 512 depending on the test). (Fix do not display hw max sectors twice - MNC) Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_user.c | 54 +++++++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 19 deletions(-) commit 9c28ca4ff8bad7486182291a55b4f67a70af718d Author: Nicholas Bellinger Date: Wed Mar 8 00:09:59 2017 -0800 target: Drop pointless tfo->check_stop_free check All in-tree fabric drivers provide a tfo->check_stop_free(), so there is no need to do the extra check within existing transport_cmd_check_stop_to_fabric() code. Just to be sure, add a check in target_fabric_tf_ops_check() to notify any out-of-tree drivers that might be missing it. Signed-off-by: Nicholas Bellinger drivers/target/target_core_configfs.c | 4 ++++ drivers/target/target_core_transport.c | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) commit 73580dac7618e4bcd21679f553cf3c97323fec46 Author: Helge Deller Date: Sat Mar 18 17:13:27 2017 +0100 parisc: Fix system shutdown halt On those parisc machines which don't provide a software power off function, the system currently kills the init process at the end of a shutdown and unexpectedly restarts insteads of halting. Fix it by adding a loop which will not return. Signed-off-by: Helge Deller Cc: stable@vger.kernel.org # 4.9+ arch/parisc/kernel/process.c | 2 ++ 1 file changed, 2 insertions(+) commit 74e3f6e63da6c8e8246fba1689e040bc926b4a1a Author: Arvind Yadav Date: Tue Mar 14 15:24:51 2017 +0530 parisc: perf: Fix potential NULL pointer dereference Fix potential NULL pointer dereference and clean up coding style errors (code indent, trailing whitespaces). Signed-off-by: Arvind Yadav Signed-off-by: Helge Deller arch/parisc/kernel/perf.c | 94 ++++++++++++++++++++++++----------------------- 1 file changed, 49 insertions(+), 45 deletions(-) commit 3e51f893de98296ba64a88d93a94d17e3df5de0b Merge: 8d94099 dc434e0 Author: Linus Torvalds Date: Sat Mar 18 08:33:44 2017 -0700 Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull CPU hotplug fix from Thomas Gleixner: "A single fix preventing the concurrent execution of the CPU hotplug callback install/invocation machinery. Long standing bug caused by a massive brain slip of that Gleixner dude, which went unnoticed for almost a year" * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Serialize callback invocations proper commit 436ecf5519d892397af133a79ccd38a17c25fa51 Author: Bjørn Mork Date: Fri Mar 17 17:21:28 2017 +0100 USB: serial: qcserial: add Dell DW5811e This is a Dell branded Sierra Wireless EM7455. Cc: Signed-off-by: Bjørn Mork Signed-off-by: Johan Hovold drivers/usb/serial/qcserial.c | 2 ++ 1 file changed, 2 insertions(+) commit 8d940990f51df8b18b89f8ca0592904cfe02f556 Merge: 8841b5f 8b766e0 Author: Linus Torvalds Date: Fri Mar 17 17:25:14 2017 -0700 Merge tag 'pm-4.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix a few more intel_pstate issues and one small issue in the cpufreq core. Specifics: - Fix breakage in the intel_pstate's debugfs interface for PID controller tuning (Rafael Wysocki) - Fix computations related to P-state limits in intel_pstate to avoid excessive rounding errors leading to visible inaccuracies (Srinivas Pandruvada, Rafael Wysocki) - Add a missing newline to a message printed by one function in the cpufreq core and clean up that function (Rafael Wysocki)" * tag 'pm-4.11-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: Fix and clean up show_cpuinfo_cur_freq() cpufreq: intel_pstate: Avoid percentages in limits-related computations cpufreq: intel_pstate: Correct frequency setting in the HWP mode cpufreq: intel_pstate: Update pid_params.sample_rate_ns in pid_param_set() commit 7de32556dfc62b9e1203730cc26b71292da8a244 Author: Rafael J. Wysocki Date: Sat Mar 18 00:57:39 2017 +0100 cpufreq: intel_pstate: One set of global limits in active mode In the active mode intel_pstate currently uses two sets of global limits, each associated with one of the possible scaling_governor settings in that mode: "powersave" or "performance". The driver switches over from one of those sets to the other depending on the scaling_governor setting for the last CPU whose per-policy cpufreq interface in sysfs was last used to change parameters exposed in there. That obviously leads to no end of issues when the scaling_governor settings differ between CPUs. The most recent issue was introduced by commit a240c4aa5d0f (cpufreq: intel_pstate: Do not reinit performance limits in ->setpolicy) that eliminated the reinitialization of "performance" limits in intel_pstate_set_policy() preventing the max limit from being set to anything below 100, among other things. Namely, an undesirable side effect of commit a240c4aa5d0f is that now, after setting scaling_governor to "performance" in the active mode, the per-policy limits for the CPU in question go to the highest level and stay there even when it is switched back to "powersave" later. As it turns out, some distributions set scaling_governor to "performance" temporarily for all CPUs to speed-up system initialization, so that change causes them to misbehave later. To fix that, get rid of the performance/powersave global limits split and use just one set of global limits for everything. From the user's persepctive, after this modification, when scaling_governor is switched from "performance" to "powersave" or the other way around on one CPU, the limits settings (ie. the global max/min_perf_pct and per-policy scaling_max/min_freq for any CPUs) will not change. Still, switching from "performance" to "powersave" or the other way around changes the way in which P-states are selected and in particular "performance" causes the driver to always request the highest P-state it is allowed to ask for for the given CPU. Fixes: a240c4aa5d0f (cpufreq: intel_pstate: Do not reinit performance limits in ->setpolicy) Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 142 +++++++++++++---------------------------- 1 file changed, 46 insertions(+), 96 deletions(-) commit 8b766e05d8ec80b6b1daa2675509adcab6519038 Merge: 9b4f603 e4c204c Author: Rafael J. Wysocki Date: Sat Mar 18 00:45:09 2017 +0100 Merge branches 'pm-cpufreq-fixes' and 'intel_pstate-fixes' * pm-cpufreq-fixes: cpufreq: Fix and clean up show_cpuinfo_cur_freq() * intel_pstate-fixes: cpufreq: intel_pstate: Avoid percentages in limits-related computations cpufreq: intel_pstate: Correct frequency setting in the HWP mode cpufreq: intel_pstate: Update pid_params.sample_rate_ns in pid_param_set() commit 47e6fb4212d09f325c0847d05985dd3d71553095 Author: Masaki Ota Date: Fri Mar 17 14:19:40 2017 -0700 Input: ALPS - fix trackstick button handling on V8 devices Alps stick devices always have physical buttons, so we should not check ALPS_BUTTONPAD flag to decide whether we should report them. Fixes: 4777ac220c43 ("Input: ALPS - add touchstick support for SS5 hardware") Signed-off-by: Masaki Ota Acked-by: Pali Rohar Tested-by: Paul Donohue Tested-by: Nick Fletcher Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/mouse/alps.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit e7348396c6d51b57c95c6646c390cd078e038e19 Author: Masaki Ota Date: Fri Mar 17 14:10:57 2017 -0700 Input: ALPS - fix V8+ protocol handling (73 03 28) Devices identified as E7="73 03 28" use slightly modified version of V8 protocol, with lower count per electrode, different offsets, and different feature bits in OTP data. Fixes: aeaa881f9b17 ("Input: ALPS - set DualPoint flag for 74 03 28 devices") Signed-off-by: Masaki Ota Acked-by: Pali Rohar Tested-by: Paul Donohue Tested-by: Nick Fletcher Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/mouse/alps.c | 66 +++++++++++++++++++++++++++++++++++----------- drivers/input/mouse/alps.h | 11 ++++++++ 2 files changed, 61 insertions(+), 16 deletions(-) commit 8841b5f0cdc71a0b8e42ef93d6eee9a081c67309 Merge: eab60d4 da066f3 Author: Linus Torvalds Date: Fri Mar 17 14:16:22 2017 -0700 Merge tag 'nfs-for-4.11-2' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client fixes from Anna Schumaker: "We have a handful of stable fixes to fix kernel warnings and other bugs that have been around for a while. We've also found a few other reference counting bugs and memory leaks since the initial 4.11 pull. Stable Bugfixes: - Fix decrementing nrequests in NFS v4.2 COPY to fix kernel warnings - Prevent a double free in async nfs4_exchange_id() - Squelch a kbuild sparse complaint for xprtrdma Other Bugfixes: - Fix a typo (NFS_ATTR_FATTR_GROUP_NAME) that causes a memory leak - Fix a reference leak that causes kernel warnings - Make nfs4_cb_sv_ops static to fix a sparse warning - Respect a server's max size in CREATE_SESSION - Handle errors from nfs4_pnfs_ds_connect - Flexfiles layout shouldn't mark devices as unavailable" * tag 'nfs-for-4.11-2' of git://git.linux-nfs.org/projects/anna/linux-nfs: pNFS/flexfiles: never nfs4_mark_deviceid_unavailable pNFS: return status from nfs4_pnfs_ds_connect NFSv4.1 respect server's max size in CREATE_SESSION NFS prevent double free in async nfs4_exchange_id nfs: make nfs4_cb_sv_ops static xprtrdma: Squelch kbuild sparse complaint NFS: fix the fault nrequests decreasing for nfs_inode COPY NFSv4: fix a reference leak caused WARNING messages nfs4: fix a typo of NFS_ATTR_FATTR_GROUP_NAME commit eab60d4e5bcc8990b7901829069b22e3b99e5889 Merge: ae13373 6bce725 Author: Linus Torvalds Date: Fri Mar 17 14:05:03 2017 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "An assorted pile of fixes along with some hardware enablement: - a fix for a KASAN / branch profiling related boot failure - some more fallout of the PUD rework - a fix for the Always Running Timer which is not initialized when the TSC frequency is known at boot time (via MSR/CPUID) - a resource leak fix for the RDT filesystem - another unwinder corner case fixup - removal of the warning for duplicate NMI handlers because there are legitimate cases where more than one handler can be registered at the last level - make a function static - found by sparse - a set of updates for the Intel MID platform which got delayed due to merge ordering constraints. It's hardware enablement for a non mainstream platform, so there is no risk" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mpx: Make unnecessarily global function static x86/intel_rdt: Put group node in rdtgroup_kn_unlock x86/unwind: Fix last frame check for aligned function stacks mm, x86: Fix native_pud_clear build error x86/kasan: Fix boot with KASAN=y and PROFILE_ANNOTATED_BRANCHES=y x86/platform/intel-mid: Add power button support for Merrifield x86/platform/intel-mid: Use common power off sequence x86/platform: Remove warning message for duplicate NMI handlers x86/tsc: Fix ART for TSC_KNOWN_FREQ x86/platform/intel-mid: Correct MSI IRQ line for watchdog device commit ae13373319606fed3f84e1f6d27b40c7f0df6231 Merge: a7fc726 a77d6cd Author: Linus Torvalds Date: Fri Mar 17 14:01:40 2017 -0700 Merge branch 'x86-acpi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 acpi fixes from Thomas Gleixner: "This update deals with the fallout of the recent work to make cpuid/node mappings persistent. It turned out that the boot time ACPI based mapping tripped over ACPI inconsistencies and caused regressions. It's partially reverted and the fragile part replaced by an implementation which makes the mapping persistent when a CPU goes online for the first time" * 'x86-acpi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: acpi/processor: Check for duplicate processor ids at hotplug time acpi/processor: Implement DEVICE operator for processor enumeration x86/acpi: Restore the order of CPU IDs Revert"x86/acpi: Enable MADT APIs to return disabled apicids" Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" commit a7fc726bb2e3ab3e960064392aa7cb66999d6927 Merge: cd21deb a01851f Author: Linus Torvalds Date: Fri Mar 17 13:59:52 2017 -0700 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Thomas Gleixner: "A set of perf related fixes: - fix a CR4.PCE propagation issue caused by usage of mm instead of active_mm and therefore propagated the wrong value. - perf core fixes, which plug a use-after-free issue and make the event inheritance on fork more robust. - a tooling fix for symbol handling" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf symbols: Fix symbols__fixup_end heuristic for corner cases x86/perf: Clarify why x86_pmu_event_mapped() isn't racy x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm perf/core: Better explain the inherit magic perf/core: Simplify perf_event_free_task() perf/core: Fix event inheritance on fork() perf/core: Fix use-after-free in perf_release() commit e1699d2d7bf6e6cce3e1baff19f9dd4595a58664 Author: Zygo Blaxell Date: Fri Mar 10 16:45:44 2017 -0500 btrfs: add missing memset while reading compressed inline extents This is a story about 4 distinct (and very old) btrfs bugs. Commit c8b978188c ("Btrfs: Add zlib compression support") added three data corruption bugs for inline extents (bugs #1-3). Commit 93c82d5750 ("Btrfs: zero page past end of inline file items") fixed bug #1: uncompressed inline extents followed by a hole and more extents could get non-zero data in the hole as they were read. The fix was to add a memset in btrfs_get_extent to zero out the hole. Commit 166ae5a418 ("btrfs: fix inline compressed read err corruption") fixed bug #2: compressed inline extents which contained non-zero bytes might be replaced with zero bytes in some cases. This patch removed an unhelpful memset from uncompress_inline, but the case where memset is required was missed. There is also a memset in the decompression code, but this only covers decompressed data that is shorter than the ram_bytes from the extent ref record. This memset doesn't cover the region between the end of the decompressed data and the end of the page. It has also moved around a few times over the years, so there's no single patch to refer to. This patch fixes bug #3: compressed inline extents followed by a hole and more extents could get non-zero data in the hole as they were read (i.e. bug #3 is the same as bug #1, but s/uncompressed/compressed/). The fix is the same: zero out the hole in the compressed case too, by putting a memset back in uncompress_inline, but this time with correct parameters. The last and oldest bug, bug #0, is the cause of the offending inline extent/hole/extent pattern. Bug #0 is a subtle and mostly-harmless quirk of behavior somewhere in the btrfs write code. In a few special cases, an inline extent and hole are allowed to persist where they normally would be combined with later extents in the file. A fast reproducer for bug #0 is presented below. A few offending extents are also created in the wild during large rsync transfers with the -S flag. A Linux kernel build (git checkout; make allyesconfig; make -j8) will produce a handful of offending files as well. Once an offending file is created, it can present different content to userspace each time it is read. Bug #0 is at least 4 and possibly 8 years old. I verified every vX.Y kernel back to v3.5 has this behavior. There are fossil records of this bug's effects in commits all the way back to v2.6.32. I have no reason to believe bug #0 wasn't present at the beginning of btrfs compression support in v2.6.29, but I can't easily test kernels that old to be sure. It is not clear whether bug #0 is worth fixing. A fix would likely require injecting extra reads into currently write-only paths, and most of the exceptional cases caused by bug #0 are already handled now. Whether we like them or not, bug #0's inline extents followed by holes are part of the btrfs de-facto disk format now, and we need to be able to read them without data corruption or an infoleak. So enough about bug #0, let's get back to bug #3 (this patch). An example of on-disk structure leading to data corruption found in the wild: item 61 key (606890 INODE_ITEM 0) itemoff 9662 itemsize 160 inode generation 50 transid 50 size 47424 nbytes 49141 block group 0 mode 100644 links 1 uid 0 gid 0 rdev 0 flags 0x0(none) item 62 key (606890 INODE_REF 603050) itemoff 9642 itemsize 20 inode ref index 3 namelen 10 name: DB_File.so item 63 key (606890 EXTENT_DATA 0) itemoff 8280 itemsize 1362 inline extent data size 1341 ram 4085 compress(zlib) item 64 key (606890 EXTENT_DATA 4096) itemoff 8227 itemsize 53 extent data disk byte 5367308288 nr 20480 extent data offset 0 nr 45056 ram 45056 extent compression(zlib) Different data appears in userspace during each read of the 11 bytes between 4085 and 4096. The extent in item 63 is not long enough to fill the first page of the file, so a memset is required to fill the space between item 63 (ending at 4085) and item 64 (beginning at 4096) with zero. Here is a reproducer from Liu Bo, which demonstrates another method of creating the same inline extent and hole pattern: Using 'page_poison=on' kernel command line (or enable CONFIG_PAGE_POISONING) run the following: # touch foo # chattr +c foo # xfs_io -f -c "pwrite -W 0 1000" foo # xfs_io -f -c "falloc 4 8188" foo # od -x foo # echo 3 >/proc/sys/vm/drop_caches # od -x foo This produce the following on my box: Correct output: file contains 1000 data bytes followed by zeros: 0000000 cdcd cdcd cdcd cdcd cdcd cdcd cdcd cdcd * 0001740 cdcd cdcd cdcd cdcd 0000 0000 0000 0000 0001760 0000 0000 0000 0000 0000 0000 0000 0000 * 0020000 Actual output: the data after the first 1000 bytes will be different each run: 0000000 cdcd cdcd cdcd cdcd cdcd cdcd cdcd cdcd * 0001740 cdcd cdcd cdcd cdcd 6c63 7400 635f 006d 0001760 5f74 6f43 7400 435f 0053 5f74 7363 7400 0002000 435f 0056 5f74 6164 7400 645f 0062 5f74 (...) Signed-off-by: Zygo Blaxell Reviewed-by: Liu Bo Reviewed-by: Chris Mason Signed-off-by: Chris Mason fs/btrfs/inode.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 49d4a334727057af57048ded99697d17b016d91b Author: Liu Bo Date: Mon Mar 6 18:20:56 2017 -0800 Btrfs: fix regression in lock_delalloc_pages The bug is a regression after commit (da2c7009f6ca "btrfs: teach __process_pages_contig about PAGE_LOCK operation") and commit (76c0021db8fd "Btrfs: use helper to simplify lock/unlock pages"). So if the dirty pages which are under writeback got truncated partially before we lock the dirty pages, we couldn't find all pages mapping to the delalloc range, and the bug didn't return an error so it kept going on and found that the delalloc range got truncated and got to unlock the dirty pages, and then the ASSERT could caught the error, and showed ----------------------------------------------------------------------------- assertion failed: page_ops & PAGE_LOCK, file: fs/btrfs/extent_io.c, line: 1716 ----------------------------------------------------------------------------- This fixes the bug by returning the proper -EAGAIN. Cc: David Sterba Reported-by: Dave Jones Signed-off-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/extent_io.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit cd21debe5318842a0bbd38c0327cfde2a3b90d65 Merge: b5f1308 2317d5f Author: Linus Torvalds Date: Fri Mar 17 13:19:07 2017 -0700 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Thomas Gleixner: "From the scheduler departement: - a bunch of sched deadline related fixes which deal with various buglets and corner cases. - two fixes for the loadavg spikes which are caused by the delayed NOHZ accounting" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/deadline: Use deadline instead of period when calculating overflow sched/deadline: Throttle a constrained deadline task activated after the deadline sched/deadline: Make sure the replenishment timer fires in the next period sched/loadavg: Use {READ,WRITE}_ONCE() for sample window sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting sched/deadline: Add missing update_rq_clock() in dl_task_timer() commit b5f13082b19dc09378660226011ebfb033358ea6 Merge: 18f48c9 17fcbd5 Author: Linus Torvalds Date: Fri Mar 17 13:16:24 2017 -0700 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking fixes from Thomas Gleixner: "Three fixes related to locking: - fix a SIGKILL issue for RWSEM_GENERIC_SPINLOCK which has been fixed for the XCHGADD variant already - plug a potential use after free in the futex code - prevent leaking a held spinlock in an futex error handling code path" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/rwsem: Fix down_write_killable() for CONFIG_RWSEM_GENERIC_SPINLOCK=y futex: Add missing error handling to FUTEX_REQUEUE_PI futex: Fix potential use-after-free in FUTEX_REQUEUE_PI commit 18f48c9f3c88ec9fbf50c8a193f81969847ebb21 Merge: 57fd0b7 33d8c15 Author: Linus Torvalds Date: Fri Mar 17 13:13:35 2017 -0700 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Thomas Gleixner: "Just a simple revert of a new sched_clock implementation which turned out to be buggy" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: Revert "clocksource/drivers/tcb_clksrc: Use 32 bit tcb as sched_clock" commit da066f3f039eba3e72e97b2ccad0dd8b45ba84bd Author: Weston Andros Adamson Date: Thu Mar 9 12:56:49 2017 -0500 pNFS/flexfiles: never nfs4_mark_deviceid_unavailable The flexfiles layout should never mark a device unavailable. Move nfs4_mark_deviceid_unavailable out of nfs4_pnfs_ds_connect and call directly from files layout where it's still needed. The flexfiles driver still handles marked devices in error paths, but will now print a rate limited warning. Signed-off-by: Weston Andros Adamson Signed-off-by: Anna Schumaker fs/nfs/filelayout/filelayoutdev.c | 1 + fs/nfs/flexfilelayout/flexfilelayout.h | 14 +++++++++++++- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 2 +- fs/nfs/pnfs_nfs.c | 24 ++++++++++++++++-------- 4 files changed, 31 insertions(+), 10 deletions(-) commit a33e4b036d4612f62220f37a9fa29d273b6fd0ca Author: Weston Andros Adamson Date: Thu Mar 9 12:56:48 2017 -0500 pNFS: return status from nfs4_pnfs_ds_connect The nfs4_pnfs_ds_connect path can call rpc_create which can fail or it can wait on another context to reach the same failure. This checks that the rpc_create succeeded and returns the error to the caller. When an error is returned, both the files and flexfiles layouts will return NULL from _prepare_ds(). The flexfiles layout will also return the layout with the error NFS4ERR_NXIO. Signed-off-by: Weston Andros Adamson Signed-off-by: Anna Schumaker fs/nfs/client.c | 25 ++++++++++++++++++++++++- fs/nfs/filelayout/filelayoutdev.c | 7 ++++++- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 3 ++- fs/nfs/internal.h | 2 ++ fs/nfs/pnfs.h | 2 +- fs/nfs/pnfs_nfs.c | 15 +++++++++++++-- 6 files changed, 48 insertions(+), 6 deletions(-) commit 033853325fe3bdc70819a8b97915bd3bca41d3af Author: Olga Kornievskaia Date: Wed Mar 8 14:39:15 2017 -0500 NFSv4.1 respect server's max size in CREATE_SESSION Currently client doesn't respect max sizes server returns in CREATE_SESSION. nfs4_session_set_rwsize() gets called and server->rsize, server->wsize are 0 so they never get set to the sizes returned by the server. Signed-off-by: Olga Kornievskaia Signed-off-by: Anna Schumaker fs/nfs/nfs4client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 63513232f8cd219dcaa5eafae028740ed3067d83 Author: Olga Kornievskaia Date: Mon Mar 13 10:36:19 2017 -0400 NFS prevent double free in async nfs4_exchange_id Since rpc_task is async, the release function should be called which will free the impl_id, scope, and owner. Trond pointed at 2 more problems: -- use of client pointer after free in the nfs4_exchangeid_release() function -- cl_count mismatch if rpc_run_task() isn't run Fixes: 8d89bd70bc9 ("NFS setup async exchange_id") Signed-off-by: Olga Kornievskaia Cc: stable@vger.kernel.org # 4.9 Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 05fae7bbc237bc7de0ee9c3dcf85b2572a80e3b5 Author: Jason Yan Date: Fri Mar 10 10:48:13 2017 +0800 nfs: make nfs4_cb_sv_ops static Fixes the following sparse warning: fs/nfs/callback.c:235:21: warning: symbol 'nfs4_cb_sv_ops' was not declared. Should it be static? Signed-off-by: Jason Yan Signed-off-by: Anna Schumaker fs/nfs/callback.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit eed50879d64ab1b9f76445dbab822e43a098b309 Author: Chuck Lever Date: Sat Mar 11 15:52:47 2017 -0500 xprtrdma: Squelch kbuild sparse complaint New complaint from kbuild for 4.9.y: net/sunrpc/xprtrdma/verbs.c:489:19: sparse: incompatible types in comparison expression (different type sizes) verbs.c: 489 max_sge = min(ia->ri_device->attrs.max_sge, RPCRDMA_MAX_SEND_SGES); I can't reproduce this running sparse here. Likewise, "make W=1 net/sunrpc/xprtrdma/verbs.o" never indicated any issue. A little poking suggests that because the range of its values is small, gcc can make the actual width of RPCRDMA_MAX_SEND_SGES smaller than the width of an unsigned integer. Fixes: 16f906d66cd7 ("xprtrdma: Reduce required number of send SGEs") Signed-off-by: Chuck Lever Cc: stable@kernel.org Signed-off-by: Anna Schumaker net/sunrpc/xprtrdma/verbs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 38a33101dd5fb8f07244e7e6dd04747a6cd2e3fb Author: Kinglong Mee Date: Thu Mar 9 11:36:36 2017 +0800 NFS: fix the fault nrequests decreasing for nfs_inode COPY The nfs_commit_file for NFSv4.2's COPY operation goes through the commit path for normal WRITE, but without increase nrequests, so, the nrequests decreased in nfs_commit_release_pages is fault. After that, the nrequests will be wrong. [ 5670.299881] ------------[ cut here ]------------ [ 5670.300295] WARNING: CPU: 0 PID: 27656 at fs/nfs/inode.c:127 nfs_clear_inode+0x66/0x90 [nfs] [ 5670.300558] Modules linked in: nfsv4(E) nfs(E) fscache(E) tun bridge stp llc fuse ip_set nfnetlink vmw_vsock_vmci_transport vsock snd_seq_midi snd_seq_midi_event ppdev f2fs coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_ens1371 intel_rapl_perf gameport snd_ac97_codec vmw_balloon ac97_bus snd_seq snd_pcm joydev snd_rawmidi snd_timer snd_seq_device snd soundcore nfit parport_pc parport acpi_cpufreq tpm_tis tpm_tis_core tpm i2c_piix4 vmw_vmci shpchp nfsd auth_rpcgss nfs_acl lockd grace sunrpc xfs libcrc32c vmwgfx drm_kms_helper ttm drm e1000 crc32c_intel mptspi scsi_transport_spi serio_raw mptscsih mptbase ata_generic pata_acpi fjes [last unloaded: fscache] [ 5670.302925] CPU: 0 PID: 27656 Comm: umount.nfs4 Tainted: G W E 4.11.0-rc1+ #519 [ 5670.303292] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015 [ 5670.304094] Call Trace: [ 5670.304510] dump_stack+0x63/0x86 [ 5670.304917] __warn+0xcb/0xf0 [ 5670.305276] warn_slowpath_null+0x1d/0x20 [ 5670.305661] nfs_clear_inode+0x66/0x90 [nfs] [ 5670.306093] nfs4_evict_inode+0x61/0x70 [nfsv4] [ 5670.306480] evict+0xbb/0x1c0 [ 5670.306888] dispose_list+0x4d/0x70 [ 5670.307233] evict_inodes+0x178/0x1a0 [ 5670.307579] generic_shutdown_super+0x44/0xf0 [ 5670.307985] nfs_kill_super+0x21/0x40 [nfs] [ 5670.308325] deactivate_locked_super+0x43/0x70 [ 5670.308698] deactivate_super+0x5a/0x60 [ 5670.309036] cleanup_mnt+0x3f/0x90 [ 5670.309407] __cleanup_mnt+0x12/0x20 [ 5670.309837] task_work_run+0x80/0xa0 [ 5670.310162] exit_to_usermode_loop+0x89/0x90 [ 5670.310497] syscall_return_slowpath+0xaa/0xb0 [ 5670.310875] entry_SYSCALL_64_fastpath+0xa7/0xa9 [ 5670.311197] RIP: 0033:0x7f1bb3617fe7 [ 5670.311545] RSP: 002b:00007ffecbabb828 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 5670.311906] RAX: 0000000000000000 RBX: 0000000001dca1f0 RCX: 00007f1bb3617fe7 [ 5670.312239] RDX: 000000000000000c RSI: 0000000000000001 RDI: 0000000001dc83c0 [ 5670.312653] RBP: 0000000001dc83c0 R08: 0000000000000001 R09: 0000000000000000 [ 5670.312998] R10: 0000000000000755 R11: 0000000000000206 R12: 00007ffecbabc66a [ 5670.313335] R13: 0000000001dc83a0 R14: 0000000000000000 R15: 0000000000000000 [ 5670.313758] ---[ end trace bf4bfe7764e4eb40 ]--- Cc: linux-kernel@vger.kernel.org Fixes: 67911c8f18 ("NFS: Add nfs_commit_file()") Signed-off-by: Kinglong Mee Cc: stable@vger.kernel.org # 4.7+ Signed-off-by: Anna Schumaker fs/nfs/write.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 79a21d572cf66968a2272fdf9711f835518256d9 Merge: d1eb981 822f584 Author: Thomas Gleixner Date: Fri Mar 17 20:34:30 2017 +0100 Merge tag 'efi-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi into efi/urgent Pull a single UEFI fix from Ard: - Reduce the severity of the notice that appears when the ESRT table points to memory that is not covered by the memory map. It is scaring our users and interfering with their nice splash screens. Note that the ESRT may still be perfectly usable, and is currently (to my knowledge) not widely used to begin with. commit 57fd0b77d659d5733434d3ce37cf606273abb1e8 Merge: c79d5ff c5051c7 Author: Linus Torvalds Date: Fri Mar 17 12:16:44 2017 -0700 Merge tag 'afs-20170316' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull AFS fixes from David Howells: "Fixes to the AFS filesystem in the kernel. They fix a variety of bugs. These include some issues fixed for consistency with other AFS implementations: - handle AFS mode bits better - use the client mtime rather than the server mtime in the protocol - handle the server returning more or less data than was requested in a FetchData call - distinguish mountpoints from symlinks based on the mode bits rather than preemptively reading every symlink to find out what it actually represents One other notable change for the user is that files are now flushed on close analogously with other network filesystems" * tag 'afs-20170316' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: (28 commits) afs: Don't wait for page writeback with the page lock held afs: ->writepage() shouldn't call clear_page_dirty_for_io() afs: Fix abort on signal while waiting for call completion afs: Fix an off-by-one error in afs_send_pages() afs: Fix afs_kill_pages() afs: Fix page leak in afs_write_begin() afs: Don't set PG_error on local EINTR or ENOMEM when filling a page afs: Populate and use client modification time afs: Better abort and net error handling afs: Invalid op ID should abort with RXGEN_OPCODE afs: Fix the maths in afs_fs_store_data() afs: Use a bvec rather than a kvec in afs_send_pages() afs: Make struct afs_read::remain 64-bit afs: Fix AFS read bug afs: Prevent callback expiry timer overflow afs: Migrate vlocation fields to 64-bit afs: security: Replace rcu_assign_pointer() with RCU_INIT_POINTER() afs: inode: Replace rcu_assign_pointer() with RCU_INIT_POINTER() afs: Distinguish mountpoints from symlinks by file mode alone afs: Flush outstanding writes when an fd is closed ... commit c79d5ff0e249824674e70e89142f55b52f261722 Merge: f89406c a1016e9 Author: Linus Torvalds Date: Fri Mar 17 12:14:49 2017 -0700 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fix from Russell King: "Just one change to add the statx syscall this time around" * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: wire up statx syscall commit 822f5845f710e57d7e2df1fd1ee00d6e19d334fe Author: Daniel Drake Date: Tue Feb 7 13:08:23 2017 -0600 efi/esrt: Cleanup bad memory map log messages The Intel Compute Stick STCK1A8LFC and Weibu F3C platforms both log 2 error messages during boot: efi: requested map not found. esrt: ESRT header is not in the memory map. Searching the web, this seems to affect many other platforms too. Since these messages are logged as errors, they appear on-screen during the boot process even when using the "quiet" boot parameter used by distros. Demote the ESRT error to a warning so that it does not appear on-screen, and delete the error logging from efi_mem_desc_lookup; both callsites of that function log more specific messages upon failure. Out of curiosity I looked closer at the Weibu F3C. There is no entry in the UEFI-provided memory map which corresponds to the ESRT pointer, but hacking the code to map it anyway, the ESRT does appear to be valid with 2 entries. Signed-off-by: Daniel Drake Cc: Matt Fleming Acked-by: Peter Jones Signed-off-by: Ard Biesheuvel drivers/firmware/efi/efi.c | 1 - drivers/firmware/efi/esrt.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) commit cf8c73afb3abf0f8905efbaddd4ce11a0deec9da Author: Evan Quan Date: Fri Mar 17 10:22:51 2017 +0800 drm/amd/amdgpu: add POLARIS12 PCI ID Signed-off-by: Evan Quan Reviewed-by: Junwei Zhang Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 1 + 1 file changed, 1 insertion(+) commit f89406ca1f454506f4177cfaa51de44e3247cd0d Merge: 102ed8c c5f7c5a Author: Linus Torvalds Date: Fri Mar 17 11:25:46 2017 -0700 Merge tag 'for-linus-4.11b-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fix from Juergen Gross: "A minor fix for using the appropriate refcount_t instead of atomic_t" * tag 'for-linus-4.11b-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: drivers, xen: convert grant_map.users from atomic_t to refcount_t commit 102ed8c35ab27e74b29f3050af50600d605e186d Merge: d528ae0 27b713c Author: Linus Torvalds Date: Fri Mar 17 11:19:52 2017 -0700 Merge tag 'drm-fixes-for-v4.11-rc3' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Bunch of fixes across the drivers, in a St Patrick's day pull request (please turn terminal colors to green on black or black on green for full effect). On the arm side, tilcdc, omap and malidp got fixes, while amd has some powermanagement fixes, and intel has a set of fixes across the driver. Nothing seems to bad or scary at this point" * tag 'drm-fixes-for-v4.11-rc3' of git://people.freedesktop.org/~airlied/linux: (27 commits) drm/amd/amdgpu: Fix debugfs reg read/write address width drm/amdgpu/si: add dpm quirk for Oland drm/radeon/si: add dpm quirk for Oland drm: amd: remove broken include path drm/amd/powerplay: fix copy error in smu7_clockpoweragting.c drm/tilcdc: Set framebuffer DMA address to HW only if CRTC is enabled drm/tilcdc: Fix hardcoded fail-return value in tilcdc_crtc_create() drm/i915: Fix forcewake active domain tracking drm/i915: Nuke skl_update_plane debug message from the pipe update critical section drm/i915: use correct node for handling cache domain eviction uapi: fix drm/omap_drm.h userspace compilation errors drm/omap: fix dmabuf mmap for dma_alloc'ed buffers drm/amdgpu: fix parser init error path to avoid crash in parser fini drm/amd/amdgpu: Disable GFX_PG on Carrizo until compute issues solved drm: mali-dp: Fix smart layer not going to composition drm: mali-dp: Remove mclk rate management drm/i915: Drain the freed state from the tail of the next commit drm/i915: Nuke debug messages from the pipe update critical section drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl drm/i915: Store a permanent error in obj->mm.pages ... commit 77f88796cee819b9c4562b0b6b44691b3b7755b1 Author: Tejun Heo Date: Thu Mar 16 16:54:24 2017 -0400 cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups Creation of a kthread goes through a couple interlocked stages between the kthread itself and its creator. Once the new kthread starts running, it initializes itself and wakes up the creator. The creator then can further configure the kthread and then let it start doing its job by waking it up. In this configuration-by-creator stage, the creator is the only one that can wake it up but the kthread is visible to userland. When altering the kthread's attributes from userland is allowed, this is fine; however, for cases where CPU affinity is critical, kthread_bind() is used to first disable affinity changes from userland and then set the affinity. This also prevents the kthread from being migrated into non-root cgroups as that can affect the CPU affinity and many other things. Unfortunately, the cgroup side of protection is racy. While the PF_NO_SETAFFINITY flag prevents further migrations, userland can win the race before the creator sets the flag with kthread_bind() and put the kthread in a non-root cgroup, which can lead to all sorts of problems including incorrect CPU affinity and starvation. This bug got triggered by userland which periodically tries to migrate all processes in the root cpuset cgroup to a non-root one. Per-cpu workqueue workers got caught while being created and ended up with incorrected CPU affinity breaking concurrency management and sometimes stalling workqueue execution. This patch adds task->no_cgroup_migration which disallows the task to be migrated by userland. kthreadd starts with the flag set making every child kthread start in the root cgroup with migration disallowed. The flag is cleared after the kthread finishes initialization by which time PF_NO_SETAFFINITY is set if the kthread should stay in the root cgroup. It'd be better to wait for the initialization instead of failing but I couldn't think of a way of implementing that without adding either a new PF flag, or sleeping and retrying from waiting side. Even if userland depends on changing cgroup membership of a kthread, it either has to be synchronized with kthread_create() or periodically repeat, so it's unlikely that this would break anything. v2: Switch to a simpler implementation using a new task_struct bit field suggested by Oleg. Signed-off-by: Tejun Heo Suggested-by: Oleg Nesterov Cc: Linus Torvalds Cc: Andrew Morton Cc: Peter Zijlstra (Intel) Cc: Thomas Gleixner Reported-and-debugged-by: Chris Mason Cc: stable@vger.kernel.org # v4.3+ (we can't close the race on < v4.3) Signed-off-by: Tejun Heo include/linux/cgroup.h | 21 +++++++++++++++++++++ include/linux/sched.h | 4 ++++ kernel/cgroup/cgroup.c | 9 +++++---- kernel/kthread.c | 3 +++ 4 files changed, 33 insertions(+), 4 deletions(-) commit a01851faab4b485e94c2ceaa1d0208a8d16ce367 Merge: 4b07372 e7ede72 Author: Ingo Molnar Date: Fri Mar 17 15:13:28 2017 +0100 Merge tag 'perf-urgent-for-mingo-4.11-20170317' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fix from Arnaldo Carvalho de Melo: - Fix symbols__fixup_end heuristic for corner cases, such as JITted eBPF programs, that are loaded at page aligned addresses, just after the kernel proper (Daniel Borkmann) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit e7ede72a6d40cb3a30c087142d79381ca8a31dab Author: Daniel Borkmann Date: Wed Mar 15 22:53:37 2017 +0100 perf symbols: Fix symbols__fixup_end heuristic for corner cases The current symbols__fixup_end() heuristic for the last entry in the rb tree is suboptimal as it leads to not being able to recognize the symbol in the call graph in a couple of corner cases, for example: i) If the symbol has a start address (f.e. exposed via kallsyms) that is at a page boundary, then the roundup(curr->start, 4096) for the last entry will result in curr->start == curr->end with a symbol length of zero. ii) If the symbol has a start address that is shortly before a page boundary, then also here, curr->end - curr->start will just be very few bytes, where it's unrealistic that we could perform a match against. Instead, change the heuristic to roundup(curr->start, 4096) + 4096, so that we can catch such corner cases and have a better chance to find that specific symbol. It's still just best effort as the real end of the symbol is unknown to us (and could even be at a larger offset than the current range), but better than the current situation. Alexei reported that he recently run into case i) with a JITed eBPF program (these are all page aligned) as the last symbol which wasn't properly shown in the call graph (while other eBPF program symbols in the rb tree were displayed correctly). Since this is a generic issue, lets try to improve the heuristic a bit. Reported-and-Tested-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann Fixes: 2e538c4a1847 ("perf tools: Improve kernel/modules symbol lookup") Link: http://lkml.kernel.org/r/bb5c80d27743be6f12afc68405f1956a330e1bc9.1489614365.git.daniel@iogearbox.net Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/symbol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2958b9013fcbabeeba221161d0712f5259f1e15d Author: Zhenyu Wang Date: Fri Mar 17 12:11:20 2017 +0800 drm/i915/gvt: Fix gvt scheduler interval time Fix to correctly assign 1ms for gvt scheduler interval time, as previous code using HZ is pretty broken. And use no delay for start gvt scheduler function. Fixes: 4b63960ebd3f ("drm/i915/gvt: vGPU schedule policy framework") Cc: Zhi Wang Cc: stable@vger.kernel.org # v4.10+ Acked-by: Chuanxiao Dong Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/sched_policy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3cd23b828b37bd5ccf4b40132f12dbf20d7afdb6 Author: Chuanxiao Dong Date: Thu Mar 16 09:47:58 2017 +0800 drm/i915/gvt: GVT pin/unpin shadow context When handling guest request, GVT needs to populate/update shadow_ctx with guest context. This behavior needs to make sure the shadow_ctx is pinned. The current implementation is relying on i195 allocate request to pin but this way cannot guarantee the i915 not to unpin the shadow_ctx when GVT update the guest context from shadow_ctx. So GVT should pin/unpin the shadow_ctx by itself. Signed-off-by: Chuanxiao Dong Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/scheduler.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) commit 17f1b1a6d4e5f41df161eb2a90af22c003a243fc Author: Tina Zhang Date: Wed Mar 15 23:16:01 2017 -0400 drm/i915/gvt: scan shadow indirect context image when valid The shadow indirect context image should be only scanned when valid. So far, Only RCS ring has the shadow indirect context image. This patch limits the scan logic only for RCS ring. v2. refine description of the subject v3. fix alignment. (Zhenyu) Signed-off-by: Tina Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/scheduler.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 5180edc2421117766fcb9c2d2dc6bfaeefdeb709 Author: Changbin Du Date: Thu Mar 16 09:45:09 2017 +0800 drm/i915/kvmgt: fix suspicious rcu dereference usage The srcu read lock must be held while accessing kvm memslots. This patch fix below warning for function kvmgt_rw_gpa(). [ 165.345093] [ ERR: suspicious RCU usage. ] [ 165.416538] Call Trace: [ 165.418989] dump_stack+0x85/0xc2 [ 165.422310] lockdep_rcu_suspicious+0xd7/0x110 [ 165.426769] kvm_read_guest_page+0x195/0x1b0 [kvm] [ 165.431574] kvm_read_guest+0x50/0x90 [kvm] [ 165.440492] kvmgt_rw_gpa+0x43/0xa0 [kvmgt] [ 165.444683] kvmgt_read_gpa+0x11/0x20 [kvmgt] [ 165.449061] gtt_get_entry64+0x4d/0xc0 [i915] [ 165.453438] ppgtt_populate_shadow_page_by_guest_entry+0x380/0xdc0 [i915] [ 165.460254] shadow_mm+0xd1/0x460 [i915] [ 165.472488] intel_vgpu_create_mm+0x1ab/0x210 [i915] [ 165.477472] intel_vgpu_g2v_create_ppgtt_mm+0x5f/0xc0 [i915] [ 165.483154] pvinfo_mmio_write+0x19b/0x1d0 [i915] [ 165.499068] intel_vgpu_emulate_mmio_write+0x3f9/0x600 [i915] [ 165.504827] intel_vgpu_rw+0x114/0x150 [kvmgt] [ 165.509281] intel_vgpu_write+0x16f/0x1a0 [kvmgt] [ 165.513993] vfio_mdev_write+0x20/0x30 [vfio_mdev] [ 165.518793] vfio_device_fops_write+0x24/0x30 [vfio] [ 165.523770] __vfs_write+0x28/0x120 [ 165.540529] vfs_write+0xce/0x1f0 v2: fix Cc format for stable Signed-off-by: Changbin Du Cc: # v4.10+ Reviewed-by: Xiao Guangrong Reviewed-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit cf2135ca3d50d6468e9216fef3d0d33c31af635b Author: Chuanxiao Dong Date: Thu Mar 9 23:07:12 2017 +0800 drm/i915/gvt: add enable_execlists check before enable gvt The GVT-g needs execlists to be enabled otherwise gvt should be disabled. Add a check for enable_execlists before enabling gvt. v2: use DRM_INFO in response to the user action Signed-off-by: Chuanxiao Dong Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/intel_gvt.c | 5 +++++ 1 file changed, 5 insertions(+) commit 3dce2aca02929f180ab66171b333fa48fe485a03 Author: Chris Wilson Date: Wed Mar 8 22:08:08 2017 +0000 drm/i915/gvt: Remove bogus retry around i915_wait_request commit 8f1117abb408 ("drm/i915/gvt: handle workload lifecycle properly") includes some nonsense to retry a indefinite wait - i915_wait_request() does not return until the request is completed when used from an uninterruptible context. Fixes: 8f1117abb408 ("drm/i915/gvt: handle workload lifecycle properly" Signed-off-by: Chris Wilson Cc: Chuanxiao Dong Cc: Zhenyu Wang Cc: Zhi Wang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/scheduler.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) commit 3f765a341798ebd4e0ece7cce34399a8fd4a7f9f Author: Yulei Zhang Date: Mon Mar 13 23:21:27 2017 +0800 drm/i915/gvt: correct the ggtt valid bit check in pipe control command GGTT valid bit in pipe control command move to DWORD1 after SNB, so change the valid check code correspondingly. v2: per Zhenyu's comment, replace the bit check with MACRO define PIPE_CONTROL_GLOBAL_GTT_IVB Signed-off-by: Yulei Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 695fbc08d80f93ecca18a1abd8f52c2ab77fdc8d Author: Tina Zhang Date: Fri Mar 10 04:26:53 2017 -0500 drm/i915/gvt: replace the gvt_err with gvt_vgpu_err gvt_err should be used only for the very few critical error message during host i915 drvier initialization. This patch 1. removes the redundant gvt_err; 2. creates a new gvt_vgpu_err to show errors caused by vgpu; 3. replaces the most gvt_err with gvt_vgpu_err; 4. leaves very few gvt_err for dumping gvt error during host gvt initialization. v2. change name to gvt_vgpu_err and add vgpu id to the message. (Kevin) add gpu id to gvt_vgpu_err. (Zhi) v3. remove gpu id from gvt_vgpu_err caller. (Zhi) v4. add vgpu check to the gvt_vgpu_err macro. (Zhiyuan) v5. add comments for v3 and v4. v6. split the big patch into two, with this patch only for checking gvt_vgpu_err. (Zhenyu) v7. rebase to staging branch v8. rebase to fix branch Signed-off-by: Tina Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/aperture_gm.c | 8 ++-- drivers/gpu/drm/i915/gvt/cmd_parser.c | 84 +++++++++++++++++++--------------- drivers/gpu/drm/i915/gvt/debug.h | 8 ++++ drivers/gpu/drm/i915/gvt/edid.c | 13 +++--- drivers/gpu/drm/i915/gvt/execlist.c | 29 ++++++------ drivers/gpu/drm/i915/gvt/gtt.c | 74 +++++++++++++++--------------- drivers/gpu/drm/i915/gvt/handlers.c | 28 ++++++------ drivers/gpu/drm/i915/gvt/kvmgt.c | 33 +++++++------ drivers/gpu/drm/i915/gvt/mmio.c | 38 +++++++-------- drivers/gpu/drm/i915/gvt/opregion.c | 10 ++-- drivers/gpu/drm/i915/gvt/render.c | 2 +- drivers/gpu/drm/i915/gvt/scheduler.c | 11 +++-- 12 files changed, 180 insertions(+), 158 deletions(-) commit 4938ca90166d6d3061793789e2eef42cd934fa97 Author: Zhao Yan Date: Thu Mar 9 10:09:44 2017 +0800 drm/i915/gvt: handle force-nonpriv registers, cmd parser part this patch adds force non-priv registers check in LRI cmds handler v4: transform is_force_nonpriv_mmio() from macro to inline fuction to eliminate checkpatch warning v3: per zhenyu's comment, fix some style warnings v2: per zhenyu's comment, refine the code to remove cascaded ifs Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cmd_parser.c | 23 +++++++++++++++++++++++ drivers/gpu/drm/i915/gvt/handlers.c | 17 +++++++++++++++++ drivers/gpu/drm/i915/gvt/mmio.h | 3 +++ 3 files changed, 43 insertions(+) commit 2cd29f2387be70de9feb4c9f8dbc7c0bd55748ce Author: Robert Middleton Date: Wed Mar 15 16:56:47 2017 -0400 gpio:mcp23s08 Fixed missing interrupts When an interrupt occurs on an MCP23S08 chip, the INTF register will only contain one bit as causing the interrupt. If more than two pins change at the same time on the chip, this causes one of the pins to not be reported. This patch fixes the logic for checking if a pin has changed, so that multiple pins will always cause more than one change. Cc: stable@vger.kernel.org Signed-off-by: Robert Middleton Tested-by: Phil Reid Signed-off-by: Linus Walleij drivers/gpio/gpio-mcp23s08.c | 65 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 60 insertions(+), 5 deletions(-) commit 4b07372a32c0c1505a7634ad7e607d83340ef645 Author: Andy Lutomirski Date: Thu Mar 16 12:59:40 2017 -0700 x86/perf: Clarify why x86_pmu_event_mapped() isn't racy Naively, it looks racy, but ->mmap_sem saves it. Add a comment and a lockdep assertion. Signed-off-by: Andy Lutomirski Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: H. Peter Anvin Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Link: http://lkml.kernel.org/r/03a1e629063899168dfc4707f3bb6e581e21f5c6.1489694270.git.luto@kernel.org Signed-off-by: Ingo Molnar arch/x86/events/core.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 5dc855d44c2ad960a86f593c60461f1ae1566b6d Author: Andy Lutomirski Date: Thu Mar 16 12:59:39 2017 -0700 x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm If one thread mmaps a perf event while another thread in the same mm is in some context where active_mm != mm (which can happen in the scheduler, for example), refresh_pce() would write the wrong value to CR4.PCE. This broke some PAPI tests. Reported-and-tested-by: Vince Weaver Signed-off-by: Andy Lutomirski Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: H. Peter Anvin Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: stable@vger.kernel.org Fixes: 7911d3f7af14 ("perf/x86: Only allow rdpmc if a perf_event is mapped") Link: http://lkml.kernel.org/r/0c5b38a76ea50e405f9abe07a13dfaef87c173a1.1489694270.git.luto@kernel.org Signed-off-by: Ingo Molnar arch/x86/events/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8971e1c79d3f6c9a5e6f7a65c50c41f434a4dae6 Author: Michael Ellerman Date: Fri Mar 17 16:02:35 2017 +1100 powerpc/pseries: Don't give a warning when HPT resizing isn't available As of commit 438cc81a41e8 ("powerpc/pseries: Automatically resize HPT for memory hot add/remove"), when running on the pseries platform, we always attempt to use the PAPR extension to resize the hashed page table (HPT) when we add or remove memory. This is fine, but when the extension is not available we'll give a harmless, but scary warning. Instead check if the firmware supports HPT resizing before populating the mmu_hash_ops.resize_hpt pointer. Signed-off-by: David Gibson Signed-off-by: Michael Ellerman arch/powerpc/platforms/pseries/lpar.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit a4a3e061149f09c075f108b6f1cf04d9739a6bc2 Author: Dmitry Vyukov Date: Sat Mar 4 13:46:12 2017 +0100 tty: fix data race in tty_ldisc_ref_wait() tty_ldisc_ref_wait() checks tty->ldisc under tty->ldisc_sem. But if ldisc==NULL it releases them sem and reloads tty->ldisc without holding the sem. This is wrong and can lead to returning non-NULL ldisc without protection. Don't reload tty->ldisc second time. Signed-off-by: Dmitry Vyukov Cc: syzkaller@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman Cc: Jiri Slaby Cc: Peter Hurley Cc: One Thousand Gnomes Signed-off-by: Greg Kroah-Hartman drivers/tty/tty_ldisc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 5362544bebe85071188dd9e479b5a5040841c895 Author: Dmitry Vyukov Date: Sat Mar 4 14:55:19 2017 +0100 tty: don't panic on OOM in tty_set_ldisc() If tty_ldisc_open() fails in tty_set_ldisc(), it tries to go back to the old discipline or N_TTY. But that can fail as well, in such case it panics. This is not a graceful way to handle OOM. Leave ldisc==NULL if all attempts fail instead. Also use existing tty_ldisc_reinit() helper function instead of tty_ldisc_restore(). Also don't WARN/BUG in tty_ldisc_reinit() if N_TTY fails, which would have the same net effect of bringing kernel down on OOM. Instead print a single line message about what has happened. Signed-off-by: Dmitry Vyukov Cc: syzkaller@googlegroups.com Cc: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman Cc: Jiri Slaby Cc: Peter Hurley Cc: One Thousand Gnomes Signed-off-by: Greg Kroah-Hartman drivers/tty/tty_ldisc.c | 85 ++++++++++--------------------------------------- 1 file changed, 16 insertions(+), 69 deletions(-) commit b767ad726c2aa6219318bf0da83fbe690e653d9a Author: Aleksey Makarov Date: Wed Mar 1 18:23:02 2017 +0300 Revert "tty: serial: pl011: add ttyAMA for matching pl011 console" The original patch makes the condition always true, so it is wrong. It masks (but not fixes) the bug described in the commit message but introduces a regression (no console is selected by SPCR) in regular (no 'console=ttyAMA') case. s/||/&&/ would not fix the problem as the root cause was identified incorrectly. This reverts commit aea9a80ba98a0c9b4de88850260e9fbdcc98360b. Signed-off-by: Aleksey Makarov Signed-off-by: Greg Kroah-Hartman Acked-by: Sudeep Holla Tested-by: Jayachandran C Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/amba-pl011.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit db7f00b8dba6d687b6ab1f2e9309acfd214fcb4b Author: Eric Dumazet Date: Thu Mar 16 15:43:19 2017 -0700 tcp: tcp_get_info() should read tcp_time_stamp later Commit b369e7fd41f7 ("tcp: make TCP_INFO more consistent") moved lock_sock_fast() earlier in tcp_get_info() This has the minor effect that jiffies value being sampled at the beginning of tcp_get_info() is more likely to be off by one, and we report big tcpi_last_data_sent values (like 0xFFFFFFFF). Since we lock the socket, fetching tcp_time_stamp right before doing the jiffies_to_msecs() calls is enough to remove these wrong values. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7b2db29fbb4e766fcd02207eb2e2087170bd6ebc Author: Guenter Roeck Date: Wed Mar 8 10:19:36 2017 -0800 usb: hub: Fix crash after failure to read BOS descriptor If usb_get_bos_descriptor() returns an error, usb->bos will be NULL. Nevertheless, it is dereferenced unconditionally in hub_set_initial_usb2_lpm_policy() if usb2_hw_lpm_capable is set. This results in a crash. usb 5-1: unable to get BOS descriptor ... Unable to handle kernel NULL pointer dereference at virtual address 00000008 pgd = ffffffc00165f000 [00000008] *pgd=000000000174f003, *pud=000000000174f003, *pmd=0000000001750003, *pte=00e8000001751713 Internal error: Oops: 96000005 [#1] PREEMPT SMP Modules linked in: uinput uvcvideo videobuf2_vmalloc cmac [ ... ] CPU: 5 PID: 3353 Comm: kworker/5:3 Tainted: G B 4.4.52 #480 Hardware name: Google Kevin (DT) Workqueue: events driver_set_config_work task: ffffffc0c3690000 ti: ffffffc0ae9a8000 task.ti: ffffffc0ae9a8000 PC is at hub_port_init+0xc3c/0xd10 LR is at hub_port_init+0xc3c/0xd10 ... Call trace: [] hub_port_init+0xc3c/0xd10 [] usb_reset_and_verify_device+0x15c/0x82c [] usb_reset_device+0xe4/0x298 [] rtl8152_probe+0x84/0x9b0 [r8152] [] usb_probe_interface+0x244/0x2f8 [] driver_probe_device+0x180/0x3b4 [] __device_attach_driver+0xb4/0xe0 [] bus_for_each_drv+0xb4/0xe4 [] __device_attach+0xd0/0x158 [] device_initial_probe+0x24/0x30 [] bus_probe_device+0x50/0xe4 [] device_add+0x414/0x738 [] usb_set_configuration+0x89c/0x914 [] driver_set_config_work+0xc0/0xf0 [] process_one_work+0x390/0x6b8 [] worker_thread+0x480/0x610 [] kthread+0x164/0x178 [] ret_from_fork+0x10/0x40 Since we don't know anything about LPM capabilities without BOS descriptor, don't attempt to enable LPM if it is not available. Fixes: 890dae886721 ("xhci: Enable LPM support only for hardwired ...") Cc: stable Cc: Mathias Nyman Signed-off-by: Guenter Roeck Acked-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/core/hub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e14b4db7a567ff507453ecd9c64da51bbc2b6d23 Author: stephen hemminger Date: Thu Mar 16 12:21:32 2017 -0700 netvsc: fix race during initialization When device is being setup on boot, there is a small race where network device callback is registered, but the netvsc_device pointer is not set yet. This can cause a NULL ptr dereference if packet arrives during this window. Fixes: 46b4f7f5d1f7 ("netvsc: eliminate per-device outstanding send counter") Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/netvsc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit d12c917691b45d9dffcfe7c2362d25caa40905fd Author: WANG Cong Date: Thu Mar 16 10:32:42 2017 -0700 bridge: resolve a false alarm of lockdep Andrei reported a false alarm of lockdep at net/bridge/br_fdb.c:109, this is because in Andrei's case, a spin_bug() was already triggered before this, therefore the debug_locks is turned off, lockdep_is_held() is no longer accurate after that. We should use lockdep_assert_held_once() instead of lockdep_is_held() to respect debug_locks. Fixes: 410b3d48f5111 ("bridge: fdb: add proper lock checks in searching functions") Reported-by: Andrei Vagin Signed-off-by: Cong Wang Acked-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_fdb.c | 2 +- net/bridge/br_private.h | 9 --------- 2 files changed, 1 insertion(+), 10 deletions(-) commit 4d4a6ac73e7466c2085c307fac41f74ce4568a45 Author: David Howells Date: Thu Mar 16 16:27:10 2017 +0000 rxrpc: Ignore BUSY packets on old calls If we receive a BUSY packet for a call we think we've just completed, the packet is handed off to the connection processor to deal with - but the connection processor doesn't expect a BUSY packet and so flags a protocol error. Fix this by simply ignoring the BUSY packet for the moment. The symptom of this may appear as a system call failing with EPROTO. This may be triggered by pressing ctrl-C under some circumstances. This comes about we abort calls due to interruption by a signal (which we shouldn't do, but that's going to be a large fix and mostly in fs/afs/). What happens is that we abort the call and may also abort follow up calls too (this needs offloading somehoe). So we see a transmission of something like the following sequence of packets: DATA for call N ABORT call N DATA for call N+1 ABORT call N+1 in very quick succession on the same channel. However, the peer may have deferred the processing of the ABORT from the call N to a background thread and thus sees the DATA message from the call N+1 coming in before it has cleared the channel. Thus it sends a BUSY packet[*]. [*] Note that some implementations (OpenAFS, for example) mark the BUSY packet with one plus the callNumber of the call prior to call N. Ordinarily, this would be call N, but there's no requirement for the calls on a channel to be numbered strictly sequentially (the number is required to increase). This is wrong and means that the callNumber in the BUSY packet should be ignored (it really ought to be N+1 since that's what it's in response to). Signed-off-by: David Howells Signed-off-by: David S. Miller net/rxrpc/conn_event.c | 4 ++++ 1 file changed, 4 insertions(+) commit 9501df3cd9204f5859f649182431616a31ee88a1 Author: Nathan Fontenot Date: Wed Mar 15 23:38:07 2017 -0400 ibmvnic: Free tx/rx scrq pointer array when releasing sub-crqs The pointer array for the tx/rx sub crqs should be free'ed when releasing the tx/rx sub crqs. Signed-off-by: Nathan Fontenot Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 2 ++ 1 file changed, 2 insertions(+) commit cdd7928df0d2efaa3270d711963773a08a4cc8ab Author: Oliver Neukum Date: Tue Mar 14 12:09:56 2017 +0100 ACM gadget: fix endianness in notifications The gadget code exports the bitfield for serial status changes over the wire in its internal endianness. The fix is to convert to little endian before sending it over the wire. Signed-off-by: Oliver Neukum Tested-by: 家瑋 CC: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/usb/gadget/function/f_acm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 2e47c53503eb9faff42b3cfa144a833344dd1f89 Author: Johan Hovold Date: Tue Mar 14 17:55:46 2017 +0100 USB: usbtmc: fix probe error path Make sure to initialise the return value to avoid having allocation failures going unnoticed when allocating interrupt-endpoint resources. This prevents use-after-free or worse when the device is later unbound. Fixes: dbf3e7f654c0 ("Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation.") Cc: stable # 4.6 Cc: Dave Penkler Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/class/usbtmc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 687e0687f71ec00e0132a21fef802dee88c2f1ad Author: Johan Hovold Date: Tue Mar 14 17:55:45 2017 +0100 USB: usbtmc: add missing endpoint sanity check USBTMC devices are required to have a bulk-in and a bulk-out endpoint, but the driver failed to verify this, something which could lead to the endpoint addresses being taken from uninitialised memory. Make sure to zero all private data as part of allocation, and add the missing endpoint sanity check. Note that this also addresses a more recently introduced issue, where the interrupt-in-presence flag would also be uninitialised whenever the optional interrupt-in endpoint is not present. This in turn could lead to an interrupt urb being allocated, initialised and submitted based on uninitialised values. Fixes: dbf3e7f654c0 ("Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE operation.") Fixes: 5b775f672cc9 ("USB: add USB test and measurement class driver") Cc: stable # 2.6.28 Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/class/usbtmc.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 4ee39733fbecf04cf9f346de2d64788c35028079 Author: David Ahern Date: Wed Mar 15 18:14:33 2017 -0700 net: ipv6: set route type for anycast routes Anycast routes have the RTF_ANYCAST flag set, but when dumping routes for userspace the route type is not set to RTN_ANYCAST. Make it so. Fixes: 58c4fb86eabcb ("[IPV6]: Flag RTF_ANYCAST for anycast routes") CC: Hideaki YOSHIFUJI Signed-off-by: David Ahern Signed-off-by: David S. Miller net/ipv6/route.c | 2 ++ 1 file changed, 2 insertions(+) commit 61733c91c454a61be0ffc93fe46a5d5f2f048c1c Author: David Ahern Date: Mon Mar 13 16:49:10 2017 -0700 net: mpls: Fix nexthop alive tracking on down events Alive tracking of nexthops can account for a link twice if the carrier goes down followed by an admin down of the same link rendering multipath routes useless. This is similar to 79099aab38c8 for UNREGISTER events and DOWN events. Fix by tracking number of alive nexthops in mpls_ifdown similar to the logic in mpls_ifup. Checking the flags per nexthop once after all events have been processed is simpler than trying to maintian a running count through all event combinations. Also, WRITE_ONCE is used instead of ACCESS_ONCE to set rt_nhn_alive per a comment from checkpatch: WARNING: Prefer WRITE_ONCE(, ) over ACCESS_ONCE() = Fixes: c89359a42e2a4 ("mpls: support for dead routes") Signed-off-by: David Ahern Acked-by: Robert Shearman Signed-off-by: David S. Miller net/mpls/af_mpls.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit bc9ab9231ec8c08352ea860480523d88a221a68f Author: David Arcari Date: Mon Mar 13 19:07:16 2017 -0400 net: ethernet: aquantia: set net_device mtu when mtu is changed When the aquantia device mtu is changed the net_device structure is not updated. As a result the ip command does not properly reflect the mtu change. Commit 5513e16421cb incorrectly assumed that __dev_set_mtu() was making the assignment ndev->mtu = new_mtu; This is not true in the case where the driver has a ndo_change_mtu routine. Fixes: 5513e16421cb ("net: ethernet: aquantia: Fixes for aq_ndev_change_mtu") Cc: Pavel Belous Signed-off-by: David Arcari Tested-by: Pavel Belous Reviewed-by: Jarod Wilson Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 + 1 file changed, 1 insertion(+) commit 4cbe4dac82e423ecc9a0ba46af24a860853259f4 Author: Jack Morgenstein Date: Mon Mar 13 19:29:08 2017 +0200 net/mlx4_core: Avoid delays during VF driver device shutdown Some Hypervisors detach VFs from VMs by instantly causing an FLR event to be generated for a VF. In the mlx4 case, this will cause that VF's comm channel to be disabled before the VM has an opportunity to invoke the VF device's "shutdown" method. For such Hypervisors, there is a race condition between the VF's shutdown method and its internal-error detection/reset thread. The internal-error detection/reset thread (which runs every 5 seconds) also detects a disabled comm channel. If the internal-error detection/reset flow wins the race, we still get delays (while that flow tries repeatedly to detect comm-channel recovery). The cited commit fixed the command timeout problem when the internal-error detection/reset flow loses the race. This commit avoids the unneeded delays when the internal-error detection/reset flow wins. Fixes: d585df1c5ccf ("net/mlx4_core: Avoid command timeouts during VF driver device shutdown") Signed-off-by: Jack Morgenstein Reported-by: Simon Xiao Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/cmd.c | 11 +++++++++++ drivers/net/ethernet/mellanox/mlx4/main.c | 11 +++++++++++ include/linux/mlx4/device.h | 1 + 3 files changed, 23 insertions(+) commit 966fa72a716ceafc69de901a31f7cc1f52b35f81 Author: Vaibhav Jain Date: Tue Mar 14 08:17:00 2017 +0530 kernfs: Check KERNFS_HAS_RELEASE before calling kernfs_release_file() Recently started seeing a kernel oops when a module tries removing a memory mapped sysfs bin_attribute. On closer investigation the root cause seems to be kernfs_release_file() trying to call kernfs_op.release() callback that's NULL for such sysfs bin_attributes. The oops occurs when kernfs_release_file() is called from kernfs_drain_open_files() to cleanup any open handles with active memory mappings. The patch fixes this by checking for flag KERNFS_HAS_RELEASE before calling kernfs_release_file() in function kernfs_drain_open_files(). On ppc64-le arch with cxl module the oops back-trace is of the form below: [ 861.381126] Unable to handle kernel paging request for instruction fetch [ 861.381360] Faulting instruction address: 0x00000000 [ 861.381428] Oops: Kernel access of bad area, sig: 11 [#1] .... [ 861.382481] NIP: 0000000000000000 LR: c000000000362c60 CTR: 0000000000000000 .... Call Trace: [c000000f1680b750] [c000000000362c34] kernfs_drain_open_files+0x104/0x1d0 (unreliable) [c000000f1680b790] [c00000000035fa00] __kernfs_remove+0x260/0x2c0 [c000000f1680b820] [c000000000360da0] kernfs_remove_by_name_ns+0x60/0xe0 [c000000f1680b8b0] [c0000000003638f4] sysfs_remove_bin_file+0x24/0x40 [c000000f1680b8d0] [c00000000062a164] device_remove_bin_file+0x24/0x40 [c000000f1680b8f0] [d000000009b7b22c] cxl_sysfs_afu_remove+0x144/0x170 [cxl] [c000000f1680b940] [d000000009b7c7e4] cxl_remove+0x6c/0x1a0 [cxl] [c000000f1680b990] [c00000000052f694] pci_device_remove+0x64/0x110 [c000000f1680b9d0] [c0000000006321d4] device_release_driver_internal+0x1f4/0x2b0 [c000000f1680ba20] [c000000000525cb0] pci_stop_bus_device+0xa0/0xd0 [c000000f1680ba60] [c000000000525e80] pci_stop_and_remove_bus_device+0x20/0x40 [c000000f1680ba90] [c00000000004a6c4] pci_hp_remove_devices+0x84/0xc0 [c000000f1680bad0] [c00000000004a688] pci_hp_remove_devices+0x48/0xc0 [c000000f1680bb10] [c0000000009dfda4] eeh_reset_device+0xb0/0x290 [c000000f1680bbb0] [c000000000032b4c] eeh_handle_normal_event+0x47c/0x530 [c000000f1680bc60] [c000000000032e64] eeh_handle_event+0x174/0x350 [c000000f1680bd10] [c000000000033228] eeh_event_handler+0x1e8/0x1f0 [c000000f1680bdc0] [c0000000000d384c] kthread+0x14c/0x190 [c000000f1680be30] [c00000000000b5a0] ret_from_kernel_thread+0x5c/0xbc Fixes: f83f3c515654 ("kernfs: fix locking around kernfs_ops->release() callback") Signed-off-by: Vaibhav Jain Acked-by: Tejun Heo Signed-off-by: Greg Kroah-Hartman fs/kernfs/file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d528ae0d3dfedea553812c957a6ed1e87feeed8a Merge: d11507e 15c9e10 Author: Linus Torvalds Date: Thu Mar 16 18:23:02 2017 -0700 Merge branch 'akpm' (patches from Andrew) Merge fixes from Andrew Morton: "6 fixes" * emailed patches from Andrew Morton : drivers core: remove assert_held_device_hotplug() mm: add private lock to serialize memory hotplug operations mm: don't warn when vmalloc() fails due to a fatal signal mm, x86: fix native_pud_clear build error kasan: add a prototype of task_struct to avoid warning z3fold: fix spinlock unlocking in page reclaim commit 15c9e10d9ad4d41d076148bbff1de7f659f68852 Author: Heiko Carstens Date: Thu Mar 16 16:40:33 2017 -0700 drivers core: remove assert_held_device_hotplug() The last caller of assert_held_device_hotplug() is gone, so remove it again. Link: http://lkml.kernel.org/r/20170314125226.16779-3-heiko.carstens@de.ibm.com Signed-off-by: Heiko Carstens Acked-by: Dan Williams Cc: Michal Hocko Cc: "Rafael J. Wysocki" Cc: Vladimir Davydov Cc: Ben Hutchings Cc: Gerald Schaefer Cc: Martin Schwidefsky Cc: Sebastian Ott Cc: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/base/core.c | 5 ----- include/linux/device.h | 1 - 2 files changed, 6 deletions(-) commit 55adc1d05dca9e949cdf46c747cb1e91c0e9143d Author: Heiko Carstens Date: Thu Mar 16 16:40:30 2017 -0700 mm: add private lock to serialize memory hotplug operations Commit bfc8c90139eb ("mem-hotplug: implement get/put_online_mems") introduced new functions get/put_online_mems() and mem_hotplug_begin/end() in order to allow similar semantics for memory hotplug like for cpu hotplug. The corresponding functions for cpu hotplug are get/put_online_cpus() and cpu_hotplug_begin/done() for cpu hotplug. The commit however missed to introduce functions that would serialize memory hotplug operations like they are done for cpu hotplug with cpu_maps_update_begin/done(). This basically leaves mem_hotplug.active_writer unprotected and allows concurrent writers to modify it, which may lead to problems as outlined by commit f931ab479dd2 ("mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}"). That commit was extended again with commit b5d24fda9c3d ("mm, devm_memremap_pages: hold device_hotplug lock over mem_hotplug_{begin, done}") which serializes memory hotplug operations for some call sites by using the device_hotplug lock. In addition with commit 3fc21924100b ("mm: validate device_hotplug is held for memory hotplug") a sanity check was added to mem_hotplug_begin() to verify that the device_hotplug lock is held. This in turn triggers the following warning on s390: WARNING: CPU: 6 PID: 1 at drivers/base/core.c:643 assert_held_device_hotplug+0x4a/0x58 Call Trace: assert_held_device_hotplug+0x40/0x58) mem_hotplug_begin+0x34/0xc8 add_memory_resource+0x7e/0x1f8 add_memory+0xda/0x130 add_memory_merged+0x15c/0x178 sclp_detect_standby_memory+0x2ae/0x2f8 do_one_initcall+0xa2/0x150 kernel_init_freeable+0x228/0x2d8 kernel_init+0x2a/0x140 kernel_thread_starter+0x6/0xc One possible fix would be to add more lock_device_hotplug() and unlock_device_hotplug() calls around each call site of mem_hotplug_begin/end(). But that would give the device_hotplug lock additional semantics it better should not have (serialize memory hotplug operations). Instead add a new memory_add_remove_lock which has the similar semantics like cpu_add_remove_lock for cpu hotplug. To keep things hopefully a bit easier the lock will be locked and unlocked within the mem_hotplug_begin/end() functions. Link: http://lkml.kernel.org/r/20170314125226.16779-2-heiko.carstens@de.ibm.com Signed-off-by: Heiko Carstens Reported-by: Sebastian Ott Acked-by: Dan Williams Acked-by: Rafael J. Wysocki Cc: Michal Hocko Cc: Vladimir Davydov Cc: Ben Hutchings Cc: Gerald Schaefer Cc: Martin Schwidefsky Cc: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/memremap.c | 4 ---- mm/memory_hotplug.c | 6 +++++- 2 files changed, 5 insertions(+), 5 deletions(-) commit 171012f561274784160f666f8398af8b42216e1f Author: Dmitry Vyukov Date: Thu Mar 16 16:40:27 2017 -0700 mm: don't warn when vmalloc() fails due to a fatal signal When vmalloc() fails it prints a very lengthy message with all the details about memory consumption assuming that it happened due to OOM. However, vmalloc() can also fail due to fatal signal pending. In such case the message is quite confusing because it suggests that it is OOM but the numbers suggest otherwise. The messages can also pollute console considerably. Don't warn when vmalloc() fails due to fatal signal pending. Link: http://lkml.kernel.org/r/20170313114425.72724-1-dvyukov@google.com Signed-off-by: Dmitry Vyukov Reviewed-by: Matthew Wilcox Acked-by: Kirill A. Shutemov Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d0f33ac9ae7b2a727fb678235ae37baf1d0608d5 Author: Arnd Bergmann Date: Thu Mar 16 16:40:24 2017 -0700 mm, x86: fix native_pud_clear build error We still get a build error in random configurations, after this has been modified a few times: In file included from include/linux/mm.h:68:0, from include/linux/suspend.h:8, from arch/x86/kernel/asm-offsets.c:12: arch/x86/include/asm/pgtable.h:66:26: error: redefinition of 'native_pud_clear' #define pud_clear(pud) native_pud_clear(pud) My interpretation is that the build error comes from a typo in __PAGETABLE_PUD_FOLDED, so fix that typo now, and remove the incorrect #ifdef around the native_pud_clear definition. Fixes: 3e761a42e19c ("mm, x86: fix HIGHMEM64 && PARAVIRT build config for native_pud_clear()") Fixes: a00cc7d9dd93 ("mm, x86: add support for PUD-sized transparent hugepages") Link: http://lkml.kernel.org/r/20170314121330.182155-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Ackedy-by: Dave Jiang Cc: Matthew Wilcox Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Garnier Cc: Kees Cook Cc: Dave Hansen Cc: Hugh Dickins Cc: Borislav Petkov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/include/asm/pgtable-3level.h | 3 --- arch/x86/include/asm/pgtable.h | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) commit 5be9b730b09c45c358bbfe7f51d254e306cccc07 Author: Masami Hiramatsu Date: Thu Mar 16 16:40:21 2017 -0700 kasan: add a prototype of task_struct to avoid warning Add a prototype of task_struct to fix below warning on arm64. In file included from arch/arm64/kernel/probes/kprobes.c:19:0: include/linux/kasan.h:81:132: error: 'struct task_struct' declared inside parameter list will not be visible outside of this definition or declaration [-Werror] static inline void kasan_unpoison_task_stack(struct task_struct *task) {} As same as other types (kmem_cache, page, and vm_struct) this adds a prototype of task_struct data structure on top of kasan.h. [arnd] A related warning was fixed before, but now appears in a different line in the same file in v4.11-rc2. The patch from Masami Hiramatsu still seems appropriate, so let's take his version. Fixes: 71af2ed5eeea ("kasan, sched/headers: Remove from ") Link: https://patchwork.kernel.org/patch/9569839/ Link: http://lkml.kernel.org/r/20170313141517.3397802-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Signed-off-by: Masami Hiramatsu Acked-by: Alexander Potapenko Acked-by: Andrey Ryabinin Cc: Dmitry Vyukov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kasan.h | 1 + 1 file changed, 1 insertion(+) commit 271df90e4e530c17f237b27034d6341cb2c2f536 Author: Vitaly Wool Date: Thu Mar 16 16:40:19 2017 -0700 z3fold: fix spinlock unlocking in page reclaim Commmit 5a27aa822029 ("z3fold: add kref refcounting") introduced a bug in z3fold_reclaim_page() with function exit that may leave pool->lock spinlock held. Here comes the trivial fix. Fixes: 5a27aa822029 ("z3fold: add kref refcounting") Link: http://lkml.kernel.org/r/20170311222239.7b83d8e7ef1914e05497649f@gmail.com Reported-by: Alexey Khoroshilov Signed-off-by: Vitaly Wool Cc: Dan Streetman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/z3fold.c | 1 + 1 file changed, 1 insertion(+) commit bf33f87dd04c371ea33feb821b60d63d754e3124 Author: peter chang Date: Wed Feb 15 14:11:54 2017 -0800 scsi: sg: check length passed to SG_NEXT_CMD_LEN The user can control the size of the next command passed along, but the value passed to the ioctl isn't checked against the usable max command size. Cc: Signed-off-by: Peter Chang Acked-by: Douglas Gilbert Signed-off-by: Martin K. Petersen drivers/scsi/sg.c | 2 ++ 1 file changed, 2 insertions(+) commit acfa28b3649ec07775efaac0c00de2db39d71634 Author: Jon Mason Date: Wed Mar 1 18:02:28 2017 -0500 ARM: dts: NSP: GPIO reboot open-source The libgpio code pre-sets the GPIO values for the gpio-reset in the device tree. This results in the device being reset during bringup. To prevent this pre-setting, use the "open-source" flag in the device tree. Signed-off-by: Jon Mason Fixes: b1aaf88 ("ARM: dts: NSP: Add GPIO reboot method to bcm958625hr DTS file") Fixes: 10baed1 ("ARM: dts: NSP: Add GPIO reboot method to bcm958625xmc DTS file") Fixes: 088e3148 ("ARM: dts: NSP: Add new DT file for bcm958522er") Fixes: e3227c1 ("ARM: dts: NSP: Add new DT file for bcm958525er") Fixes: 2f8bc00 ("ARM: dts: NSP: Add new DT file for bcm958622hr") Fixes: d454c37 ("ARM: dts: NSP: Add new DT file for bcm958623hr") Fixes: f27eacf ("ARM: dts: NSP: Add new DT file for bcm988312hr") Signed-off-by: Florian Fainelli arch/arm/boot/dts/bcm958522er.dts | 1 + arch/arm/boot/dts/bcm958525er.dts | 1 + arch/arm/boot/dts/bcm958525xmc.dts | 1 + arch/arm/boot/dts/bcm958622hr.dts | 1 + arch/arm/boot/dts/bcm958623hr.dts | 1 + arch/arm/boot/dts/bcm958625hr.dts | 1 + arch/arm/boot/dts/bcm988312hr.dts | 1 + 7 files changed, 7 insertions(+) commit 92461f5d723037530c1f36cce93640770037812c Author: Johan Hovold Date: Thu Mar 16 11:43:09 2017 -0700 Input: sur40 - validate number of endpoints before using them Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory that lie beyond the end of the endpoint array should a malicious device lack the expected endpoints. Fixes: bdb5c57f209c ("Input: add sur40 driver for Samsung SUR40... ") Signed-off-by: Johan Hovold Cc: stable@vger.kernel.org # 3.13 Signed-off-by: Dmitry Torokhov drivers/input/touchscreen/sur40.c | 3 +++ 1 file changed, 3 insertions(+) commit cb1b494663e037253337623bf1ef2df727883cb7 Author: Johan Hovold Date: Thu Mar 16 11:41:55 2017 -0700 Input: kbtab - validate number of endpoints before using them Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Signed-off-by: Johan Hovold Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/tablet/kbtab.c | 3 +++ 1 file changed, 3 insertions(+) commit ba340d7b83703768ce566f53f857543359aa1b98 Author: Johan Hovold Date: Thu Mar 16 11:39:29 2017 -0700 Input: hanwang - validate number of endpoints before using them Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: bba5394ad3bd ("Input: add support for Hanwang tablets") Signed-off-by: Johan Hovold Cc: stable@vger.kernel.org # 2.6.37 Signed-off-by: Dmitry Torokhov drivers/input/tablet/hanwang.c | 3 +++ 1 file changed, 3 insertions(+) commit 5cc4a1a9f5c179795c8a1f2b0f4361829d6a070e Author: Johan Hovold Date: Thu Mar 16 11:37:01 2017 -0700 Input: yealink - validate number of endpoints before using them Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: aca951a22a1d ("[PATCH] input-driver-yealink-P1K-usb-phone") Signed-off-by: Johan Hovold Cc: stable@vger.kernel.org # 2.6.14 Signed-off-by: Dmitry Torokhov drivers/input/misc/yealink.c | 4 ++++ 1 file changed, 4 insertions(+) commit 1916d319271664241b7aa0cd2b05e32bdb310ce9 Author: Johan Hovold Date: Thu Mar 16 11:36:13 2017 -0700 Input: ims-pcu - validate number of endpoints before using them Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack control-interface endpoints. Fixes: 628329d52474 ("Input: add IMS Passenger Control Unit driver") Signed-off-by: Johan Hovold Cc: stable@vger.kernel.org # 3.10 Signed-off-by: Dmitry Torokhov drivers/input/misc/ims-pcu.c | 4 ++++ 1 file changed, 4 insertions(+) commit ac2ee9ba953afe88f7a673e1c0c839227b1d7891 Author: Johan Hovold Date: Thu Mar 16 11:35:12 2017 -0700 Input: cm109 - validate number of endpoints before using them Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: c04148f915e5 ("Input: add driver for USB VoIP phones with CM109...") Signed-off-by: Johan Hovold Cc: stable@vger.kernel.org # 2.6.28 Signed-off-by: Dmitry Torokhov drivers/input/misc/cm109.c | 4 ++++ 1 file changed, 4 insertions(+) commit 59cf8bed44a79ec42303151dd014fdb6434254bb Author: Johan Hovold Date: Thu Mar 16 11:34:02 2017 -0700 Input: iforce - validate number of endpoints before using them Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory that lie beyond the end of the endpoint array should a malicious device lack the expected endpoints. Signed-off-by: Johan Hovold Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/joystick/iforce/iforce-usb.c | 3 +++ 1 file changed, 3 insertions(+) commit d11507e197242aaab172d7f1d0fe4771fbffa530 Merge: 325513d 630a04e Author: Linus Torvalds Date: Thu Mar 16 12:30:43 2017 -0700 Merge tag 'xfs-4.11-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fix from Darrick Wong: "Here's a single fix for -rc3 to improve input validation on inline directory data to prevent buffer overruns due to corrupt metadata" * tag 'xfs-4.11-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: verify inline directory data forks commit b124f413323e90398b868a9848e63149d0fed8ce Merge: 8f3dbfd7 1a9070e Author: David S. Miller Date: Thu Mar 16 12:05:38 2017 -0700 Merge tag 'batadv-net-for-davem-20170316' of git://git.open-mesh.org/linux-merge Simon Wunderlich says: ==================== Here are two batman-adv bugfixes: - Keep fragments equally sized, avoids some problems with too small fragments, by Sven Eckelmann - Initialize gateway class correctly when BATMAN V is compiled in, by Sven Eckelmann ==================== Signed-off-by: David S. Miller commit 8f3dbfd79ed9ef9770305a7cc4e13dfd31ad2cd0 Author: Kris Murphy Date: Thu Mar 16 10:51:28 2017 -0500 openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD Added a case for OVS_TUNNEL_KEY_ATTR_PAD to the switch statement in ip_tun_from_nlattr in order to prevent the default case returning an error. Fixes: b46f6ded906e ("libnl: nla_put_be64(): align on a 64-bit area") Signed-off-by: Kris Murphy Acked-by: Joe Stringer Signed-off-by: David S. Miller net/openvswitch/flow_netlink.c | 2 ++ 1 file changed, 2 insertions(+) commit 325513d9b54cae3a4439948f6b17039850aeac66 Merge: 3009b30 0e4c0e6 Author: Linus Torvalds Date: Thu Mar 16 11:47:28 2017 -0700 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes/cleanups from Catalin Marinas: "In Will's absence I'm sending the arm64 fixes he queued for 4.11-rc3: - fix arm64 kernel boot warning when DEBUG_VIRTUAL and KASAN are enabled - enable KEYS_COMPAT for keyctl compat support - use cpus_have_const_cap() for system_uses_ttbr0_pan() (slight performance improvement) - update kerneldoc for cpu_suspend() rename - remove the arm64-specific kprobe_exceptions_notify (weak generic variant defined)" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: kernel: Update kerneldoc for cpu_suspend() rename arm64: use const cap for system_uses_ttbr0_pan() arm64: support keyctl() system call in 32-bit mode arm64: kasan: avoid bad virt_to_pfn() arm64: kprobes: remove kprobe_exceptions_notify commit 3009b303b0f9868295205d5f750a2d088e3965ce Merge: 69eea5a 11353b9 Author: Linus Torvalds Date: Thu Mar 16 11:43:48 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md Pull MD fixes from Shaohua Li: - fix a parity calculation bug of raid5 cache by Song - fix a potential deadlock issue by me - fix two endian issues by Jason - fix a disk limitation issue by Neil - other small fixes and cleanup * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: md/raid1: fix a trivial typo in comments md/r5cache: fix set_syndrome_sources() for data in cache md: fix incorrect use of lexx_to_cpu in does_sb_need_changing md: fix super_offset endianness in super_1_rdev_size_change md/raid1/10: fix potential deadlock md: don't impose the MD_SB_DISKS limit on arrays without metadata. md: move funcs from pers->resize to update_size md-cluster: remove useless memset from gather_all_resync_info md-cluster: free md_cluster_info if node leave cluster md: delete dead code md/raid10: submit bio directly to replacement disk commit b334e19ae9381f12a7521976883022385d2b7eef Author: Arnd Bergmann Date: Fri Jan 13 16:40:01 2017 +0100 Kbuild: use cc-disable-warning consistently for maybe-uninitialized In commit a76bcf557ef4 ("Kbuild: enable -Wmaybe-uninitialized warning for "make W=1""), I reverted another change that happened to fix a problem with old compilers, and now we get this report again with old compilers (prior to gcc-4.8) and GCOV enabled: cc1: warnings being treated as errors drivers/gpu/drm/i915/intel_ringbuffer.c: In function 'intel_ring_setup_status_page': drivers/gpu/drm/i915/intel_ringbuffer.c:438: error: 'mmio.reg' may be used uninitialized in this function At top level: >> cc1: error: unrecognized command line option "-Wno-maybe-uninitialized" The problem is that we turn off the warning conditionally in a number of places as we should, but one of them does it unconditionally. Instead, change it to call cc-disable-warning as we do elsewhere. The original patch that caused it was merged into linux-4.7, then 4.8 removed the change and 4.9 brought it back, so we probably want a backport to 4.9 once this is merged. Use a ':=' assignment instead of '=' to force the cc-disable-warning call to only be evaluated once instead of every time. Cc: stable@vger.kernel.org Fixes: a76bcf557ef4 ("Kbuild: enable -Wmaybe-uninitialized warning for "make W=1"") Fixes: e72e2dfe7c16 ("gcov: disable -Wmaybe-uninitialized warning") Reported-by: kbuild test robot Signed-off-by: Arnd Bergmann Signed-off-by: Masahiro Yamada Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b25634e2a051bef4b2524b11adddfbfa6448f6cd Author: Sagi Grimberg Date: Thu Mar 9 13:45:52 2017 +0200 nvmet-rdma: Fix a possible uninitialized variable dereference When handling a new recv command, we grab a new rsp resource and check for the queue state being live. In case the queue is not in live state, we simply restore the rsp back to the free list. However in this flow we didn't set rsp->queue yet, so we cannot dereference it. Instead, make sure to initialize rsp->queue (and other rsp members) as soon as possible so we won't reference uninitialized variables. Reported-by: Yi Zhang Reported-by: Raju Rangoju Reviewed-by: Christoph Hellwig Tested-by: Raju Rangoju Signed-off-by: Sagi Grimberg drivers/nvme/target/rdma.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit d11ea004a458b982e19b188c386e25a9b66ec446 Author: Sagi Grimberg Date: Mon Mar 6 18:46:20 2017 +0200 nvmet: confirm sq percpu has scheduled and switched to atomic percpu_ref_kill is not enough to prevent subsequent percpu_ref_tryget_live from failing. Hence call perfcpu_ref_kill_confirm to make it safe. Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/target/core.c | 11 ++++++++++- drivers/nvme/target/nvmet.h | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) commit e4c5d3762e2d6d274bd1cc948c47063becfa2103 Author: Sagi Grimberg Date: Mon Feb 27 18:44:45 2017 +0200 nvme-loop: fix a possible use-after-free when destroying the admin queue we need to destroy the nvmet sq and let it finish gracefully before continue to cleanup the queue. Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/target/loop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c5051c7bc777dffa5661569dec5997f432b9a34a Author: David Howells Date: Thu Mar 16 16:27:49 2017 +0000 afs: Don't wait for page writeback with the page lock held Drop the page lock before waiting for page writeback. Signed-off-by: David Howells fs/afs/write.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 65a151094edeb04e8f5f6f1502028e2383e81bb8 Author: David Howells Date: Thu Mar 16 16:27:49 2017 +0000 afs: ->writepage() shouldn't call clear_page_dirty_for_io() The ->writepage() op shouldn't call clear_page_dirty_for_io() as that has already been called by the caller. Fix afs_writepage() by moving the call out of afs_write_back_from_locked_page() to afs_writepages_region() where it is needed. Signed-off-by: David Howells fs/afs/write.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 954cd6dc02a65065aecb7150962c0870c5b0e322 Author: David Howells Date: Thu Mar 16 16:27:49 2017 +0000 afs: Fix abort on signal while waiting for call completion Fix the way in which a call that's in progress and being waited for is aborted in the case that EINTR is detected. We should be sending RX_USER_ABORT rather than RX_CALL_DEAD as the abort code. Note that since the only two ways out of the loop are if the call completes or if a signal happens, the kill-the-call clause after the loop has finished can only happen in the case of EINTR. This means that we only have one abort case to deal with, not two, and the "KWC" case can never happen and so can be deleted. Note further that simply aborting the call isn't necessarily the best thing here since at this point: the request has been entirely sent and it's likely the server will do the operation anyway - whether we abort it or not. In future, we should punt the handling of the remainder of the call off to a background thread. Reported-by: Marc Dionne Signed-off-by: David Howells fs/afs/rxrpc.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) commit 445783d0ec173a52bef2e9b129de7d716a19b9fa Author: David Howells Date: Thu Mar 16 16:27:48 2017 +0000 afs: Fix an off-by-one error in afs_send_pages() afs_send_pages() should only put the call into the AFS_CALL_AWAIT_REPLY state if it has sent all the pages - but the check it makes is incorrect and sometimes it will finish the loop early. Signed-off-by: David Howells fs/afs/rxrpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7286a35e893176169b09715096a4aca557e2ccd2 Author: David Howells Date: Thu Mar 16 16:27:48 2017 +0000 afs: Fix afs_kill_pages() Fix afs_kill_pages() in two ways: (1) If a writeback has been partially flushed, then if we try and kill the pages it contains, some of them may no longer be undergoing writeback and end_page_writeback() will assert. Fix this by checking to see whether the page in question is actually undergoing writeback before ending that writeback. (2) The loop that scans for pages to kill doesn't increase the first page index, and so the loop may not terminate, but it will try to process the same pages over and over again. Fix this by increasing the first page index to one after the last page we processed. Signed-off-by: David Howells fs/afs/write.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 6d06b0d25209c80e99c1e89700f1e09694a3766b Author: David Howells Date: Thu Mar 16 16:27:48 2017 +0000 afs: Fix page leak in afs_write_begin() afs_write_begin() leaks a ref and a lock on a page if afs_fill_page() fails. Fix the leak by unlocking and releasing the page in the error path. Signed-off-by: David Howells fs/afs/write.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 68ae849d7e674b83610bc7fdf74b21621a09b9ac Author: David Howells Date: Thu Mar 16 16:27:48 2017 +0000 afs: Don't set PG_error on local EINTR or ENOMEM when filling a page Don't set PG_error on a page if we get local EINTR or ENOMEM when filling a page for writing. Signed-off-by: David Howells fs/afs/file.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit ab94f5d0dd6fd82e7eeca5e7c8096eaea0a0261f Author: Marc Dionne Date: Thu Mar 16 16:27:47 2017 +0000 afs: Populate and use client modification time The inode timestamps should be set from the client time in the status received from the server, rather than the server time which is meant for internal server use. Set AFS_SET_MTIME and populate the mtime for operations that take an input status, such as file/dir creation and StoreData. If an input time is not provided the server will set the vnode times based on the current server time. In a situation where the server has some skew with the client, this could lead to the client seeing a timestamp in the future for a file that it just created or wrote. Signed-off-by: Marc Dionne Signed-off-by: David Howells fs/afs/fsclient.c | 18 +++++++++--------- fs/afs/inode.c | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) commit 70af0e3bd65142f9e674961c975451638a7ce1d5 Author: David Howells Date: Thu Mar 16 16:27:47 2017 +0000 afs: Better abort and net error handling If we receive a network error, a remote abort or a protocol error whilst we're still transmitting data, make sure we return an appropriate error to the caller rather than ESHUTDOWN or ECONNABORTED. Signed-off-by: David Howells fs/afs/rxrpc.c | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) commit 1157f153f37a8586765034470e4f00a4a6c4ce6f Author: David Howells Date: Thu Mar 16 16:27:47 2017 +0000 afs: Invalid op ID should abort with RXGEN_OPCODE When we are given an invalid operation ID, we should abort that with RXGEN_OPCODE rather than RX_INVALID_OPERATION. Also map RXGEN_OPCODE to -ENOTSUPP. Signed-off-by: David Howells fs/afs/misc.c | 2 ++ fs/afs/rxrpc.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) commit 146a1192783697810b63a1e41c4d59fc93387340 Author: David Howells Date: Thu Mar 16 16:27:47 2017 +0000 afs: Fix the maths in afs_fs_store_data() afs_fs_store_data() works out of the size of the write it's going to make, but it uses 32-bit unsigned subtraction in one place that gets automatically cast to loff_t. However, if to < offset, then the number goes negative, but as the result isn't signed, this doesn't get sign-extended to 64-bits when placed in a loff_t. Fix by casting the operands to loff_t. Signed-off-by: David Howells fs/afs/fsclient.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2f5705a5c805e7f761f2228820656bb9363a3d8c Author: David Howells Date: Thu Mar 16 16:27:46 2017 +0000 afs: Use a bvec rather than a kvec in afs_send_pages() Use a bvec rather than a kvec in afs_send_pages() as we don't then have to call kmap() in advance. This allows us to pass the array of contiguous pages that we extracted through to rxrpc in one go rather than passing a single page at a time. Signed-off-by: David Howells fs/afs/rxrpc.c | 97 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 52 insertions(+), 45 deletions(-) commit 6a0e3999e5cb3daa0468073fcdee0767422a4056 Author: David Howells Date: Thu Mar 16 16:27:46 2017 +0000 afs: Make struct afs_read::remain 64-bit Make struct afs_read::remain 64-bit so that it can handle huge transfers if we ever request them or the server decides to give us a bit extra data (the other fields there are already 64-bit). Signed-off-by: David Howells Tested-by: Marc Dionne fs/afs/fsclient.c | 8 ++++---- fs/afs/internal.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) commit 29f069853287dcb46eaf45a50dbf1232c1444ac6 Author: David Howells Date: Thu Mar 16 16:27:46 2017 +0000 afs: Fix AFS read bug Fix a bug in AFS read whereby the request page afs_read::index isn't incremented after calling ->page_done() if ->remain reaches 0, indicating that the data read is complete. Without this a NULL pointer exception happens when ->page_done() is called twice for the last page because the page clearing loop will call it also and afs_readpages_page_done() clears the current entry in the page list. BUG: unable to handle kernel NULL pointer dereference at (null) IP: afs_readpages_page_done+0x21/0xa4 [kafs] PGD 0 Oops: 0002 [#1] SMP Modules linked in: kafs(E) CPU: 2 PID: 3002 Comm: md5sum Tainted: G E 4.10.0-fscache #485 Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 task: ffff8804017d86c0 task.stack: ffff8803fc1d8000 RIP: 0010:afs_readpages_page_done+0x21/0xa4 [kafs] RSP: 0018:ffff8803fc1db978 EFLAGS: 00010282 RAX: ffff880405d39af8 RBX: 0000000000000000 RCX: ffff880407d83ed4 RDX: 0000000000000000 RSI: ffff880405d39a00 RDI: ffff880405c6f400 RBP: ffff8803fc1db988 R08: 0000000000000000 R09: 0000000000000001 R10: ffff8803fc1db820 R11: ffff88040cf56000 R12: ffff8804088f1780 R13: ffff8804017d86c0 R14: ffff8804088f1780 R15: 0000000000003840 FS: 00007f8154469700(0000) GS:ffff88041fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000004016ec000 CR4: 00000000001406e0 Call Trace: afs_deliver_fs_fetch_data+0x5b9/0x60e [kafs] ? afs_make_call+0x316/0x4e8 [kafs] ? afs_make_call+0x359/0x4e8 [kafs] afs_deliver_to_call+0x173/0x2e8 [kafs] ? afs_make_call+0x316/0x4e8 [kafs] afs_make_call+0x37a/0x4e8 [kafs] ? wake_up_q+0x4f/0x4f ? __init_waitqueue_head+0x36/0x49 afs_fs_fetch_data+0x21c/0x227 [kafs] ? afs_fs_fetch_data+0x21c/0x227 [kafs] afs_vnode_fetch_data+0xf3/0x1d2 [kafs] afs_readpages+0x314/0x3fd [kafs] __do_page_cache_readahead+0x208/0x2c5 ondemand_readahead+0x3a2/0x3b7 ? ondemand_readahead+0x3a2/0x3b7 page_cache_async_readahead+0x5e/0x67 generic_file_read_iter+0x23b/0x70c ? __inode_security_revalidate+0x2f/0x62 __vfs_read+0xc4/0xe8 vfs_read+0xd1/0x15a SyS_read+0x4c/0x89 do_syscall_64+0x80/0x191 entry_SYSCALL64_slow_path+0x25/0x25 Reported-by: Marc Dionne Signed-off-by: David Howells Tested-by: Marc Dionne fs/afs/fsclient.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 56e714312e7dbd6bb83b2f78d3ec19a404c7649f Author: Tina Ruchandani Date: Thu Mar 16 16:27:46 2017 +0000 afs: Prevent callback expiry timer overflow get_seconds() returns real wall-clock seconds. On 32-bit systems this value will overflow in year 2038 and beyond. This patch changes afs_vnode record to use ktime_get_real_seconds() instead, for the fields cb_expires and cb_expires_at. Signed-off-by: Tina Ruchandani Signed-off-by: David Howells fs/afs/fsclient.c | 2 +- fs/afs/inode.c | 7 ++++--- fs/afs/internal.h | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) commit 8a79790bf0b7da216627ffb85f52cfb4adbf1e4e Author: Tina Ruchandani Date: Thu Mar 16 16:27:46 2017 +0000 afs: Migrate vlocation fields to 64-bit get_seconds() returns real wall-clock seconds. On 32-bit systems this value will overflow in year 2038 and beyond. This patch changes afs's vlocation record to use ktime_get_real_seconds() instead, for the fields time_of_death and update_at. Signed-off-by: Tina Ruchandani Signed-off-by: David Howells fs/afs/callback.c | 7 ++++--- fs/afs/internal.h | 7 ++++--- fs/afs/server.c | 6 +++--- fs/afs/vlocation.c | 16 +++++++++------- 4 files changed, 20 insertions(+), 16 deletions(-) commit df8a09d1b8f9e693ec3f6b7e0162fc817f2cf0db Author: Andreea-Cristina Bernat Date: Thu Mar 16 16:27:45 2017 +0000 afs: security: Replace rcu_assign_pointer() with RCU_INIT_POINTER() The use of "rcu_assign_pointer()" is NULLing out the pointer. According to RCU_INIT_POINTER()'s block comment: "1. This use of RCU_INIT_POINTER() is NULLing out the pointer" it is better to use it instead of rcu_assign_pointer() because it has a smaller overhead. The following Coccinelle semantic patch was used: @@ @@ - rcu_assign_pointer + RCU_INIT_POINTER (..., NULL) Signed-off-by: Andreea-Cristina Bernat Signed-off-by: David Howells fs/afs/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1d7e4ebf291d3103466006926329e39aa355944f Author: Andreea-Cristina Bernat Date: Thu Mar 16 16:27:45 2017 +0000 afs: inode: Replace rcu_assign_pointer() with RCU_INIT_POINTER() The use of "rcu_assign_pointer()" is NULLing out the pointer. According to RCU_INIT_POINTER()'s block comment: "1. This use of RCU_INIT_POINTER() is NULLing out the pointer" it is better to use it instead of rcu_assign_pointer() because it has a smaller overhead. The following Coccinelle semantic patch was used: @@ @@ - rcu_assign_pointer + RCU_INIT_POINTER (..., NULL) Signed-off-by: Andreea-Cristina Bernat Signed-off-by: David Howells fs/afs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 944c74f472f926785b1948efa0e73e2f1b3b539b Author: David Howells Date: Thu Mar 16 16:27:45 2017 +0000 afs: Distinguish mountpoints from symlinks by file mode alone In AFS, mountpoints appear as symlinks with mode 0644 and normal symlinks have mode 0777, so use this to distinguish them rather than reading the content and parsing it. In the case of a mountpoint, the symlink body is a formatted string indicating the location of the target volume. Note that with this, kAFS no longer 'pre-fetches' the contents of symlinks, so afs_readpage() may fail with an access-denial because when the VFS calls d_automount(), it wraps the call in an credentials override that sets the initial creds - thereby preventing access to the caller's keyrings and the authentication keys held therein. To this end, a patch reverting that change to the VFS is required also. Reported-by: Jeffrey Altman Signed-off-by: David Howells fs/afs/inode.c | 29 +++++++++++++++-------------- fs/afs/internal.h | 1 - fs/afs/mntpt.c | 53 ----------------------------------------------------- 3 files changed, 15 insertions(+), 68 deletions(-) commit 58fed94dfb17e89556b5705f20f90e5b2971b6a1 Author: David Howells Date: Thu Mar 16 16:27:45 2017 +0000 afs: Flush outstanding writes when an fd is closed Flush outstanding writes in afs when an fd is closed. This is what NFS and CIFS do. Reported-by: Marc Dionne Signed-off-by: David Howells fs/afs/file.c | 1 + fs/afs/internal.h | 1 + fs/afs/write.c | 14 ++++++++++++++ 3 files changed, 16 insertions(+) commit e8e581a88c5f5fc7cf1f636d122b77fbcfc8c2f6 Author: David Howells Date: Thu Mar 16 16:27:44 2017 +0000 afs: Handle a short write to an AFS page Handle the situation where afs_write_begin() is told to expect that a full-page write will be made, but this doesn't happen (EFAULT, CTRL-C, etc.), and so afs_write_end() sees a partial write took place. Currently, no attempt is to deal with the discrepency. Fix this by loading the gap from the server. Reported-by: Al Viro Signed-off-by: David Howells fs/afs/fsclient.c | 4 +++- fs/afs/internal.h | 2 +- fs/afs/write.c | 28 +++++++++++++++++++--------- 3 files changed, 23 insertions(+), 11 deletions(-) commit 3448e6521755862446aed28e29abf12565d8844e Author: David Howells Date: Thu Mar 16 16:27:44 2017 +0000 afs: Kill struct afs_read::pg_offset Kill struct afs_read::pg_offset as nothing uses it. It's unnecessary as pos can be masked off. Signed-off-by: David Howells fs/afs/internal.h | 1 - 1 file changed, 1 deletion(-) commit 6db3ac3c4bc552837d232ec794559a2fae2815a0 Author: David Howells Date: Thu Mar 16 16:27:44 2017 +0000 afs: Handle better the server returning excess or short data When an AFS server is given an FS.FetchData{,64} request to read data from a file, it is permitted by the protocol to return more or less than was requested. kafs currently relies on the latter behaviour in readpage{,s} to handle a partial page at the end of the file (we just ask for a whole page and clear space beyond the short read). However, we don't handle all cases. Add: (1) Handle excess data by discarding it rather than aborting. Note that we use a common static buffer to discard into so that the decryption algorithm advances the PCBC state. (2) Handle a short read that affects more than just the last page. Note that if a read comes up unexpectedly short of long, it's possible that the server's copy of the file changed - in which case the data version number will have been incremented and the callback will have been broken - in which case all the pages currently attached to the inode will be zapped anyway at some point. Signed-off-by: David Howells fs/afs/file.c | 7 +++++-- fs/afs/fsclient.c | 49 +++++++++++++++++++++++++++++++++++-------------- 2 files changed, 40 insertions(+), 16 deletions(-) commit bcd89270d93b7edebb5de5e5e7dca1a77a33496e Author: Marc Dionne Date: Thu Mar 16 16:27:44 2017 +0000 afs: Deal with an empty callback array Servers may send a callback array that is the same size as the FID array, or an empty array. If the callback count is 0, the code would attempt to read (fid_count * 12) bytes of data, which would fail and result in an unmarshalling error. This would lead to stale data for remotely modified files or directories. Store the callback array size in the internal afs_call structure and use that to determine the amount of data to read. Signed-off-by: Marc Dionne fs/afs/cmservice.c | 11 +++++------ fs/afs/internal.h | 5 ++++- 2 files changed, 9 insertions(+), 7 deletions(-) commit 627f46943ff90bcc32ddeb675d881c043c6fa2ae Author: Marc Dionne Date: Thu Mar 16 16:27:44 2017 +0000 afs: Adjust mode bits processing Mode bits for an afs file should not be enforced in the usual way. For files, the absence of user bits can restrict file access with respect to what is granted by the server. These bits apply regardless of the owner or the current uid; the rest of the mode bits (group, other) are ignored. Signed-off-by: Marc Dionne Signed-off-by: David Howells fs/afs/security.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 6186f0788b31f44affceeedc7b48eb10faea120d Author: Marc Dionne Date: Thu Mar 16 16:27:43 2017 +0000 afs: Populate group ID from vnode status The group was hard coded to GLOBAL_ROOT_GID; use the group ID that was received from the server. Signed-off-by: Marc Dionne Signed-off-by: David Howells fs/afs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5611ef280d814042825ee17688f5751266fc538b Author: David Howells Date: Thu Mar 16 16:27:43 2017 +0000 afs: Fix page overput in afs_fill_page() afs_fill_page() loads the page it wants to fill into the afs_read request without incrementing its refcount - but then calls afs_put_read() to clean up afterwards, which then releases a ref on the page. Fix this by getting a ref on the page before calling afs_vnode_fetch_data(). This causes sync after a write to hang in afs_writepages_region() because find_get_pages_tag() gets confused and doesn't return. Fixes: 196ee9cd2d04 ("afs: Make afs_fs_fetch_data() take a list of pages") Reported-by: Marc Dionne Signed-off-by: David Howells Tested-by: Marc Dionne fs/afs/write.c | 1 + 1 file changed, 1 insertion(+) commit 29c8bbbd6e21daa0997d1c3ee886b897ee7ad652 Author: David Howells Date: Thu Mar 16 16:27:43 2017 +0000 afs: Fix missing put_page() In afs_writepages_region(), inside the loop where we find dirty pages to deal with, one of the if-statements is missing a put_page(). Signed-off-by: David Howells fs/afs/write.c | 1 + 1 file changed, 1 insertion(+) commit efd4b81abbe1ac753717f2f10cd3dab8bed6c103 Author: Omar Sandoval Date: Thu Mar 16 09:46:14 2017 -0600 blk-stat: fix blk_stat_sum() if all samples are batched We need to flush the batch _before_ we check the number of samples, otherwise we'll miss all of the batched samples. Fixes: cf43e6b ("block: add scalable completion tracking of requests") Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-stat.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 181302dc7239add8ab1449c23ecab193f52ee6ab Author: Johan Hovold Date: Mon Mar 13 13:40:22 2017 +0100 mmc: ushc: fix NULL-deref at probe Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: 53f3a9e26ed5 ("mmc: USB SD Host Controller (USHC) driver") Cc: stable # 2.6.37 Cc: David Vrabel Signed-off-by: Johan Hovold Signed-off-by: Ulf Hansson drivers/mmc/host/ushc.c | 3 +++ 1 file changed, 3 insertions(+) commit 2ce0c7b65505e0d915e99389cced45b478dc935d Author: Romain Izard Date: Thu Mar 9 16:18:20 2017 +0100 mmc: sdhci-of-at91: Support external regulators The SDHCI controller in the SAMA5D2 chip requires a valid voltage set in the power control register, otherwise commands will fail with a timeout error. When using the regulator framework to specify the regulator used by the mmc device, the voltage is not configured, and it is not possible to use the connected device. Implement a custom 'set_power' function for this specific hardware, that configures the voltage in the register in all cases. Signed-off-by: Romain Izard Acked-by: Ludovic Desroches Cc: stable@vger.kernel.org #4.9+ Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-at91.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit 8bcd37d8b21de13d068414c018c9599281294a01 Author: Winkler, Tomas Date: Thu Mar 9 16:58:21 2017 +0200 mmc: core: mmc_blk_rw_cmd_err - remove unused variable Fix compilation warning: drivers/mmc/core/block.c:1563:24: warning: variable ‘mq_rq’ set but not used [-Wunused-but-set-variable] struct mmc_queue_req *mq_rq; Signed-off-by: Tomas Winkler Signed-off-by: Ulf Hansson drivers/mmc/core/block.c | 3 --- 1 file changed, 3 deletions(-) commit 763811987d5088d0461164f80e9d16869847a040 Author: Bard Liao Date: Thu Mar 16 13:58:40 2017 +0800 ASoC: rt5665: fix define of RT5665_HP_DRIVER_5X It is (0x3 << 2), not (0x2 << 2). Signed-off-by: Bard Liao Signed-off-by: Mark Brown sound/soc/codecs/rt5665.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9986943ef5d61a9bea3c86000d91d3b789f0060e Author: Kuninori Morimoto Date: Thu Mar 16 04:22:09 2017 +0000 ASoC: rcar: dma: remove unnecessary "volatile" commit 2a3af642eb20("ASoC: rcar: clear DE bit only in PDMACHCR...") added rsnd_dmapp_bset(), but it used copy-paste. Thus, it had unnecessary "volatile", and had below warning on x86. This patch fix it. sound/soc/sh/rcar/dma.c: In function 'rsnd_dmapp_bset': >> sound/soc/sh/rcar/dma.c:463:21: warning: passing argument 1 of \ 'ioread32' discards 'volatile' qualifier from pointer target \ type [-Wdiscarded-qualifiers] u32 val = ioread32(addr); ^~~~ In file included from arch/x86/include/asm/io.h:203:0, from arch/x86/include/asm/realmode.h:5, from arch/x86/include/asm/acpi.h:33, from arch/x86/include/asm/fixmap.h:19, from arch/x86/include/asm/apic.h:10, from arch/x86/include/asm/smp.h:12, from include/linux/smp.h:59, from include/linux/topology.h:33, from include/linux/gfp.h:8, from include/linux/idr.h:16, from include/linux/kernfs.h:14, from include/linux/sysfs.h:15, from include/linux/kobject.h:21, from include/linux/of.h:21, from include/linux/of_dma.h:16, from sound/soc/sh/rcar/dma.c:12: include/asm-generic/iomap.h:31:21: note: expected 'void *' \ but argument is of type 'volatile void *' extern unsigned int ioread32(void __iomem *); ^~~~~~~~ Signed-off-by: Kuninori Morimoto Signed-off-by: Mark Brown sound/soc/sh/rcar/dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 60a970a6c58dedb4c6b2d90b75f8d6ad7c7b34dc Author: Huang Rui Date: Wed Mar 15 10:13:32 2017 +0800 drm/amdgpu: fix the clearing wb size The clearing wb size should be the one that it is assigned. Signed-off-by: Huang Rui Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e11ddff68a7c455e63c4b46154a3e75c699a7b55 Author: Alex Deucher Date: Wed Mar 15 21:13:25 2017 -0400 drm/amdgpu: reinstate oland workaround for sclk Higher sclks seem to be unstable on some boards. bug: https://bugs.freedesktop.org/show_bug.cgi?id=100222 Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si_dpm.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 66822d815ae61ecb2d9dba9031517e8a8476969d Author: Alex Deucher Date: Wed Mar 15 21:11:46 2017 -0400 drm/radeon: reinstate oland workaround for sclk Higher sclks seem to be unstable on some boards. bug: https://bugs.freedesktop.org/show_bug.cgi?id=100222 Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/si_dpm.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit f1a880a93baaadb14c10a348fd199f1cdb6bcccd Author: Sami Tolvanen Date: Wed Mar 15 15:12:23 2017 -0700 dm verity fec: limit error correction recursion If the hash tree itself is sufficiently corrupt in addition to data blocks, it's possible for error correction to end up in a deep recursive loop, which eventually causes a kernel panic. This change limits the recursion to a reasonable level during a single I/O operation. Fixes: a739ff3f543a ("dm verity: add support for forward error correction") Signed-off-by: Sami Tolvanen Signed-off-by: Mike Snitzer Cc: stable@vger.kernel.org # v4.5+ drivers/md/dm-verity-fec.c | 12 +++++++++++- drivers/md/dm-verity-fec.h | 4 ++++ 2 files changed, 15 insertions(+), 1 deletion(-) commit d8a8cfc76919b6c830305266b23ba671623f37ff Author: Peter Zijlstra Date: Thu Mar 16 13:47:51 2017 +0100 perf/core: Better explain the inherit magic While going through the event inheritance code Oleg got confused. Add some comments to better explain the silent dissapearance of orphaned events. So what happens is that at perf_event_release_kernel() time; when an event looses its connection to userspace (and ceases to exist from the user's perspective) we can still have an arbitrary amount of inherited copies of the event. We want to synchronously find and remove all these child events. Since that requires a bit of lock juggling, there is the possibility that concurrent clone()s will create new child events. Therefore we first mark the parent event as DEAD, which marks all the extant child events as orphaned. We then avoid copying orphaned events; in order to avoid getting more of them. Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Dmitry Vyukov Cc: Jiri Olsa Cc: Linus Torvalds Cc: Mathieu Desnoyers Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: fweisbec@gmail.com Link: http://lkml.kernel.org/r/20170316125823.289567442@infradead.org Signed-off-by: Ingo Molnar kernel/events/core.c | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) commit 15121c789e001168decac6483d192bdb7ea29e74 Author: Peter Zijlstra Date: Thu Mar 16 13:47:50 2017 +0100 perf/core: Simplify perf_event_free_task() We have ctx->event_list that contains all events; no need to repeatedly iterate the group lists to find them all. Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Dmitry Vyukov Cc: Jiri Olsa Cc: Linus Torvalds Cc: Mathieu Desnoyers Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: fweisbec@gmail.com Link: http://lkml.kernel.org/r/20170316125823.239678244@infradead.org Signed-off-by: Ingo Molnar kernel/events/core.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) commit e7cc4865f0f31698ef2f7aac01a50e78968985b7 Author: Peter Zijlstra Date: Thu Mar 16 13:47:49 2017 +0100 perf/core: Fix event inheritance on fork() While hunting for clues to a use-after-free, Oleg spotted that perf_event_init_context() can loose an error value with the result that fork() can succeed even though we did not fully inherit the perf event context. Spotted-by: Oleg Nesterov Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Dmitry Vyukov Cc: Frederic Weisbecker Cc: Jiri Olsa Cc: Linus Torvalds Cc: Mathieu Desnoyers Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: oleg@redhat.com Cc: stable@vger.kernel.org Fixes: 889ff0150661 ("perf/core: Split context's event group list into pinned and non-pinned lists") Link: http://lkml.kernel.org/r/20170316125823.190342547@infradead.org Signed-off-by: Ingo Molnar kernel/events/core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit e552a8389aa409e257b7dcba74f67f128f979ccc Author: Peter Zijlstra Date: Thu Mar 16 13:47:48 2017 +0100 perf/core: Fix use-after-free in perf_release() Dmitry reported syzcaller tripped a use-after-free in perf_release(). After much puzzlement Oleg spotted the below scenario: Task1 Task2 fork() perf_event_init_task() /* ... */ goto bad_fork_$foo; /* ... */ perf_event_free_task() mutex_lock(ctx->lock) perf_free_event(B) perf_event_release_kernel(A) mutex_lock(A->child_mutex) list_for_each_entry(child, ...) { /* child == B */ ctx = B->ctx; get_ctx(ctx); mutex_unlock(A->child_mutex); mutex_lock(A->child_mutex) list_del_init(B->child_list) mutex_unlock(A->child_mutex) /* ... */ mutex_unlock(ctx->lock); put_ctx() /* >0 */ free_task(); mutex_lock(ctx->lock); mutex_lock(A->child_mutex); /* ... */ mutex_unlock(A->child_mutex); mutex_unlock(ctx->lock) put_ctx() /* 0 */ ctx->task && !TOMBSTONE put_task_struct() /* UAF */ This patch closes the hole by making perf_event_free_task() destroy the task <-> ctx relation such that perf_event_release_kernel() will no longer observe the now dead task. Spotted-by: Oleg Nesterov Reported-by: Dmitry Vyukov Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Mathieu Desnoyers Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: fweisbec@gmail.com Cc: oleg@redhat.com Cc: stable@vger.kernel.org Fixes: c6e5b73242d2 ("perf: Synchronously clean up child events") Link: http://lkml.kernel.org/r/20170314155949.GE32474@worktop Link: http://lkml.kernel.org/r/20170316125823.140295131@infradead.org Signed-off-by: Ingo Molnar kernel/events/core.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 40ceda09c8c84694c2ca6b00bcc6dc71e8e62d96 Author: yong mao Date: Sat Mar 4 15:10:03 2017 +0800 mmc: mediatek: Fixed bug where clock frequency could be set wrong This patch can fix two issues: Issue 1: In previous code, div may be overflow when setting clock frequency as f_min. We can use DIV_ROUND_UP to fix this boundary related issue. Issue 2: In previous code, we can not set the correct clock frequency when div equals 0xff. Signed-off-by: Yong Mao Signed-off-by: Chaotian Jing Reviewed-by: Daniel Kurtz Signed-off-by: Ulf Hansson drivers/mmc/host/mtk-sd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5c71ad17f97e84d6d7e11a8e193d5d96890ed2ed Author: Tony Luck Date: Thu Mar 9 01:45:39 2017 +0800 EDAC, pnd2_edac: Add new EDAC driver for Intel SoC platforms Initial target for this driver is the Intel Apollo Lake platform and Denverton micro-server, they use the same internal memory controller IP called Pondicherry2. Memory controller registers are not in PCI config space like earlier Intel memory controllers. For Apollo Lake platform they are accessed via a "side-band" interface, for Denverton micro-server they are access via PCI config space and memory map I/O. This driver is for Apollo Lake and Denverton, but only the Denverton is fully enabled while we wait for the sideband driver. Apollo lake driver and initial cut at Denverton driver by Tony Luck. Extensive cleanup, refactoring and basic verification by Qiuxu Zhuo. Signed-off-by: Tony Luck Signed-off-by: Qiuxu Zhuo Cc: linux-edac Link: http://lkml.kernel.org/r/20170308174539.14432-1-qiuxu.zhuo@intel.com Signed-off-by: Borislav Petkov MAINTAINERS | 6 + drivers/edac/Kconfig | 9 + drivers/edac/Makefile | 1 + drivers/edac/pnd2_edac.c | 1542 ++++++++++++++++++++++++++++++++++++++++++++++ drivers/edac/pnd2_edac.h | 301 +++++++++ 5 files changed, 1859 insertions(+) commit f717629c7f834ab2efa05c7dbf0826f1d7c32ade Author: Chandan Rajendra Date: Thu Mar 16 14:37:11 2017 +0530 powerpc: Wire up statx() syscall Test runs on a ppc64 BE guest succeeded. linux/samples/statx/test-statx program was executed on the following file types, 1. Regular file 2. Directory 3. device file 4. symlink 5. Named pipe The test run also included invoking test-statx with the runtime options provided in the main() function of test-statx.c Signed-off-by: Chandan Rajendra Signed-off-by: Michael Ellerman arch/powerpc/include/asm/systbl.h | 1 + arch/powerpc/include/asm/unistd.h | 2 +- arch/powerpc/include/uapi/asm/unistd.h | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) commit 8c75704ebcac2ffa31ee7bcc359baf701b52bf00 Author: Prarit Bhargava Date: Tue Mar 14 07:36:02 2017 -0400 hwrng: geode - Revert managed API changes After commit e9afc746299d ("hwrng: geode - Use linux/io.h instead of asm/io.h") the geode-rng driver uses devres with pci_dev->dev to keep track of resources, but does not actually register a PCI driver. This results in the following issues: 1. The driver leaks memory because the driver does not attach to a device. The driver only uses the PCI device as a reference. devm_*() functions will release resources on driver detach, which the geode-rng driver will never do. As a result, 2. The driver cannot be reloaded because there is always a use of the ioport and region after the first load of the driver. Revert the changes made by e9afc746299d ("hwrng: geode - Use linux/io.h instead of asm/io.h"). Cc: Signed-off-by: Prarit Bhargava Fixes: 6e9b5e76882c ("hwrng: geode - Migrate to managed API") Cc: Matt Mackall Cc: Corentin LABBE Cc: PrasannaKumar Muralidharan Cc: Wei Yongjun Cc: linux-crypto@vger.kernel.org Cc: linux-geode@lists.infradead.org Signed-off-by: Herbert Xu drivers/char/hw_random/geode-rng.c | 50 ++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 15 deletions(-) commit 69db7009318758769d625b023402161c750f7876 Author: Prarit Bhargava Date: Tue Mar 14 07:36:01 2017 -0400 hwrng: amd - Revert managed API changes After commit 31b2a73c9c5f ("hwrng: amd - Migrate to managed API"), the amd-rng driver uses devres with pci_dev->dev to keep track of resources, but does not actually register a PCI driver. This results in the following issues: 1. The message WARNING: CPU: 2 PID: 621 at drivers/base/dd.c:349 driver_probe_device+0x38c is output when the i2c_amd756 driver loads and attempts to register a PCI driver. The PCI & device subsystems assume that no resources have been registered for the device, and the WARN_ON() triggers since amd-rng has already do so. 2. The driver leaks memory because the driver does not attach to a device. The driver only uses the PCI device as a reference. devm_*() functions will release resources on driver detach, which the amd-rng driver will never do. As a result, 3. The driver cannot be reloaded because there is always a use of the ioport and region after the first load of the driver. Revert the changes made by 31b2a73c9c5f ("hwrng: amd - Migrate to managed API"). Cc: Signed-off-by: Prarit Bhargava Fixes: 31b2a73c9c5f ("hwrng: amd - Migrate to managed API"). Cc: Matt Mackall Cc: Corentin LABBE Cc: PrasannaKumar Muralidharan Cc: Wei Yongjun Cc: linux-crypto@vger.kernel.org Cc: linux-geode@lists.infradead.org Signed-off-by: Herbert Xu drivers/char/hw_random/amd-rng.c | 42 ++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) commit 7c468447f40645fbf2a033dfdaa92b1957130d50 Author: Gary R Hook Date: Fri Mar 10 12:28:18 2017 -0600 crypto: ccp - Assign DMA commands to the channel's CCP The CCP driver generally uses a round-robin approach when assigning operations to available CCPs. For the DMA engine, however, the DMA mappings of the SGs are associated with a specific CCP. When an IOMMU is enabled, the IOMMU is programmed based on this specific device. If the DMA operations are not performed by that specific CCP then addressing errors and I/O page faults will occur. Update the CCP driver to allow a specific CCP device to be requested for an operation and use this in the DMA engine support. Cc: # 4.9.x- Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-dev.c | 5 ++++- drivers/crypto/ccp/ccp-dmaengine.c | 1 + include/linux/ccp.h | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) commit ea90e0dc8cecba6359b481e24d9c37160f6f524f Author: Johannes Berg Date: Wed Mar 15 14:26:04 2017 +0100 nl80211: fix dumpit error path RTNL deadlocks Sowmini pointed out Dmitry's RTNL deadlock report to me, and it turns out to be perfectly accurate - there are various error paths that miss unlock of the RTNL. To fix those, change the locking a bit to not be conditional in all those nl80211_prepare_*_dump() functions, but make those require the RTNL to start with, and fix the buggy error paths. This also let me use sparse (by appropriately overriding the rtnl_lock/rtnl_unlock functions) to validate the changes. Cc: stable@vger.kernel.org Reported-by: Sowmini Varadhan Reported-by: Dmitry Vyukov Signed-off-by: Johannes Berg net/wireless/nl80211.c | 127 ++++++++++++++++++++++--------------------------- 1 file changed, 56 insertions(+), 71 deletions(-) commit 2317d5f1c34913bac5971d93d69fb6c31bb74670 Author: Steven Rostedt (VMware) Date: Thu Mar 2 15:10:59 2017 +0100 sched/deadline: Use deadline instead of period when calculating overflow I was testing Daniel's changes with his test case, and tweaked it a little. Instead of having the runtime equal to the deadline, I increased the deadline ten fold. Daniel's test case had: attr.sched_runtime = 2 * 1000 * 1000; /* 2 ms */ attr.sched_deadline = 2 * 1000 * 1000; /* 2 ms */ attr.sched_period = 2 * 1000 * 1000 * 1000; /* 2 s */ To make it more interesting, I changed it to: attr.sched_runtime = 2 * 1000 * 1000; /* 2 ms */ attr.sched_deadline = 20 * 1000 * 1000; /* 20 ms */ attr.sched_period = 2 * 1000 * 1000 * 1000; /* 2 s */ The results were rather surprising. The behavior that Daniel's patch was fixing came back. The task started using much more than .1% of the CPU. More like 20%. Looking into this I found that it was due to the dl_entity_overflow() constantly returning true. That's because it uses the relative period against relative runtime vs the absolute deadline against absolute runtime. runtime / (deadline - t) > dl_runtime / dl_period There's even a comment mentioning this, and saying that when relative deadline equals relative period, that the equation is the same as using deadline instead of period. That comment is backwards! What we really want is: runtime / (deadline - t) > dl_runtime / dl_deadline We care about if the runtime can make its deadline, not its period. And then we can say "when the deadline equals the period, the equation is the same as using dl_period instead of dl_deadline". After correcting this, now when the task gets enqueued, it can throttle correctly, and Daniel's fix to the throttling of sleeping deadline tasks works even when the runtime and deadline are not the same. Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Daniel Bristot de Oliveira Cc: Juri Lelli Cc: Linus Torvalds Cc: Luca Abeni Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Romulo Silva de Oliveira Cc: Steven Rostedt Cc: Thomas Gleixner Cc: Tommaso Cucinotta Link: http://lkml.kernel.org/r/02135a27f1ae3fe5fd032568a5a2f370e190e8d7.1488392936.git.bristot@redhat.com Signed-off-by: Ingo Molnar kernel/sched/deadline.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit df8eac8cafce7d086be3bd5cf5a838fa37594dfb Author: Daniel Bristot de Oliveira Date: Thu Mar 2 15:10:58 2017 +0100 sched/deadline: Throttle a constrained deadline task activated after the deadline During the activation, CBS checks if it can reuse the current task's runtime and period. If the deadline of the task is in the past, CBS cannot use the runtime, and so it replenishes the task. This rule works fine for implicit deadline tasks (deadline == period), and the CBS was designed for implicit deadline tasks. However, a task with constrained deadline (deadine < period) might be awakened after the deadline, but before the next period. In this case, replenishing the task would allow it to run for runtime / deadline. As in this case deadline < period, CBS enables a task to run for more than the runtime / period. In a very loaded system, this can cause a domino effect, making other tasks miss their deadlines. To avoid this problem, in the activation of a constrained deadline task after the deadline but before the next period, throttle the task and set the replenishing timer to the begin of the next period, unless it is boosted. Reproducer: --------------- %< --------------- int main (int argc, char **argv) { int ret; int flags = 0; unsigned long l = 0; struct timespec ts; struct sched_attr attr; memset(&attr, 0, sizeof(attr)); attr.size = sizeof(attr); attr.sched_policy = SCHED_DEADLINE; attr.sched_runtime = 2 * 1000 * 1000; /* 2 ms */ attr.sched_deadline = 2 * 1000 * 1000; /* 2 ms */ attr.sched_period = 2 * 1000 * 1000 * 1000; /* 2 s */ ts.tv_sec = 0; ts.tv_nsec = 2000 * 1000; /* 2 ms */ ret = sched_setattr(0, &attr, flags); if (ret < 0) { perror("sched_setattr"); exit(-1); } for(;;) { /* XXX: you may need to adjust the loop */ for (l = 0; l < 150000; l++); /* * The ideia is to go to sleep right before the deadline * and then wake up before the next period to receive * a new replenishment. */ nanosleep(&ts, NULL); } exit(0); } --------------- >% --------------- On my box, this reproducer uses almost 50% of the CPU time, which is obviously wrong for a task with 2/2000 reservation. Signed-off-by: Daniel Bristot de Oliveira Signed-off-by: Peter Zijlstra (Intel) Cc: Juri Lelli Cc: Linus Torvalds Cc: Luca Abeni Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Romulo Silva de Oliveira Cc: Steven Rostedt Cc: Thomas Gleixner Cc: Tommaso Cucinotta Link: http://lkml.kernel.org/r/edf58354e01db46bf42df8d2dd32418833f68c89.1488392936.git.bristot@redhat.com Signed-off-by: Ingo Molnar kernel/sched/deadline.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) commit 5ac69d37784b237707a7b15d199cdb6c6fdb6780 Author: Daniel Bristot de Oliveira Date: Thu Mar 2 15:10:57 2017 +0100 sched/deadline: Make sure the replenishment timer fires in the next period Currently, the replenishment timer is set to fire at the deadline of a task. Although that works for implicit deadline tasks because the deadline is equals to the begin of the next period, that is not correct for constrained deadline tasks (deadline < period). For instance: f.c: --------------- %< --------------- int main (void) { for(;;); } --------------- >% --------------- # gcc -o f f.c # trace-cmd record -e sched:sched_switch \ -e syscalls:sys_exit_sched_setattr \ chrt -d --sched-runtime 490000000 \ --sched-deadline 500000000 \ --sched-period 1000000000 0 ./f # trace-cmd report | grep "{pid of ./f}" After setting parameters, the task is replenished and continue running until being throttled: f-11295 [003] 13322.113776: sys_exit_sched_setattr: 0x0 The task is throttled after running 492318 ms, as expected: f-11295 [003] 13322.606094: sched_switch: f:11295 [-1] R ==> watchdog/3:32 [0] But then, the task is replenished 500719 ms after the first replenishment: -0 [003] 13322.614495: sched_switch: swapper/3:0 [120] R ==> f:11295 [-1] Running for 490277 ms: f-11295 [003] 13323.104772: sched_switch: f:11295 [-1] R ==> swapper/3:0 [120] Hence, in the first period, the task runs 2 * runtime, and that is a bug. During the first replenishment, the next deadline is set one period away. So the runtime / period starts to be respected. However, as the second replenishment took place in the wrong instant, the next replenishment will also be held in a wrong instant of time. Rather than occurring in the nth period away from the first activation, it is taking place in the (nth period - relative deadline). Signed-off-by: Daniel Bristot de Oliveira Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Luca Abeni Reviewed-by: Steven Rostedt (VMware) Reviewed-by: Juri Lelli Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Romulo Silva de Oliveira Cc: Steven Rostedt Cc: Thomas Gleixner Cc: Tommaso Cucinotta Link: http://lkml.kernel.org/r/ac50d89887c25285b47465638354b63362f8adff.1488392936.git.bristot@redhat.com Signed-off-by: Ingo Molnar kernel/sched/deadline.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit c3423563c68fc454b805b46cb69fd4816db933e2 Author: Christoph Hellwig Date: Fri Mar 3 07:58:06 2017 -0700 vmw_vmci: handle the return value from pci_alloc_irq_vectors correctly It returns the number of vectors allocated when successful, so check for a negative error only. Fixes: 3bb434cd ("vmw_vmci: switch to pci_irq_alloc_vectors") Signed-off-by: Christoph Hellwig Reported-by: Loïc Yhuel Signed-off-by: Greg Kroah-Hartman drivers/misc/vmw_vmci/vmci_guest.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9a69645dde1188723d80745c1bc6ee9af2cbe2a7 Author: Sudip Mukherjee Date: Mon Mar 6 23:23:43 2017 +0000 ppdev: fix registering same device name Usually every parallel port will have a single pardev registered with it. But ppdev driver is an exception. This userspace parallel port driver allows to create multiple parrallel port devices for a single parallel port. And as a result we were having a big warning like: "sysfs: cannot create duplicate filename '/devices/parport0/ppdev0.0'". And with that many parallel port printers stopped working. We have been using the minor number as the id field while registering a parralel port device with a parralel port. But when there are multiple parrallel port device for one single parallel port, they all tried to register with the same name like 'pardev0.0' and everything started failing. Use an incremented index as the id instead of the minor number. Fixes: 8b7d3a9d903e ("ppdev: use new parport device model") Cc: stable # v4.9+ Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1414656 Bugzilla: https://bugs.archlinux.org/task/52322 Tested-by: James Feeney Signed-off-by: Sudip Mukherjee Signed-off-by: Greg Kroah-Hartman drivers/char/ppdev.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 03270c6ac6207fc55bbf9d20d195029dca210c79 Author: Sudip Mukherjee Date: Mon Mar 6 23:23:42 2017 +0000 parport: fix attempt to write duplicate procfiles Usually every parallel port will have a single pardev registered with it. But ppdev driver is an exception. This userspace parallel port driver allows to create multiple parrallel port devices for a single parallel port. And as a result we were having a nice warning like: "sysctl table check failed: /dev/parport/parport0/devices/ppdev0/timeslice Sysctl already exists" Use the same logic as used in parport_register_device() and register the proc files only once for each parallel port. Fixes: 6fa45a226897 ("parport: add device-model to parport subsystem") Cc: stable # v4.4+ Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1414656 Bugzilla: https://bugs.archlinux.org/task/52322 Tested-by: James Feeney Signed-off-by: Sudip Mukherjee Signed-off-by: Greg Kroah-Hartman drivers/parport/share.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 17fcbd590d0c3e35bd9646e2215f86586378bc42 Author: Niklas Cassel Date: Sat Feb 25 01:17:53 2017 +0100 locking/rwsem: Fix down_write_killable() for CONFIG_RWSEM_GENERIC_SPINLOCK=y We hang if SIGKILL has been sent, but the task is stuck in down_read() (after do_exit()), even though no task is doing down_write() on the rwsem in question: INFO: task libupnp:21868 blocked for more than 120 seconds. libupnp D 0 21868 1 0x08100008 ... Call Trace: __schedule() schedule() __down_read() do_exit() do_group_exit() __wake_up_parent() This bug has already been fixed for CONFIG_RWSEM_XCHGADD_ALGORITHM=y in the following commit: 04cafed7fc19 ("locking/rwsem: Fix down_write_killable()") ... however, this bug also exists for CONFIG_RWSEM_GENERIC_SPINLOCK=y. Signed-off-by: Niklas Cassel Signed-off-by: Peter Zijlstra (Intel) Cc: Cc: Cc: Andrew Morton Cc: Linus Torvalds Cc: Niklas Cassel Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: d47996082f52 ("locking/rwsem: Introduce basis for down_write_killable()") Link: http://lkml.kernel.org/r/1487981873-12649-1-git-send-email-niklass@axis.com Signed-off-by: Ingo Molnar kernel/locking/rwsem-spinlock.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit caeb5882979bc6f3c8766fcf59c6269b38f521bc Author: Matt Fleming Date: Fri Feb 17 12:07:31 2017 +0000 sched/loadavg: Use {READ,WRITE}_ONCE() for sample window 'calc_load_update' is accessed without any kind of locking and there's a clear assumption in the code that only a single value is read or written. Make this explicit by using READ_ONCE() and WRITE_ONCE(), and avoid unintentionally seeing multiple values, or having the load/stores split. Technically the loads in calc_global_*() don't require this since those are the only functions that update 'calc_load_update', but I've added the READ_ONCE() for consistency. Suggested-by: Peter Zijlstra Signed-off-by: Matt Fleming Signed-off-by: Peter Zijlstra (Intel) Cc: Frederic Weisbecker Cc: Linus Torvalds Cc: Mike Galbraith Cc: Mike Galbraith Cc: Morten Rasmussen Cc: Thomas Gleixner Cc: Vincent Guittot Link: http://lkml.kernel.org/r/20170217120731.11868-3-matt@codeblueprint.co.uk Signed-off-by: Ingo Molnar kernel/sched/loadavg.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) commit 6e5f32f7a43f45ee55c401c0b9585eb01f9629a8 Author: Matt Fleming Date: Fri Feb 17 12:07:30 2017 +0000 sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting If we crossed a sample window while in NO_HZ we will add LOAD_FREQ to the pending sample window time on exit, setting the next update not one window into the future, but two. This situation on exiting NO_HZ is described by: this_rq->calc_load_update < jiffies < calc_load_update In this scenario, what we should be doing is: this_rq->calc_load_update = calc_load_update [ next window ] But what we actually do is: this_rq->calc_load_update = calc_load_update + LOAD_FREQ [ next+1 window ] This has the effect of delaying load average updates for potentially up to ~9seconds. This can result in huge spikes in the load average values due to per-cpu uninterruptible task counts being out of sync when accumulated across all CPUs. It's safe to update the per-cpu active count if we wake between sample windows because any load that we left in 'calc_load_idle' will have been zero'd when the idle load was folded in calc_global_load(). This issue is easy to reproduce before, commit 9d89c257dfb9 ("sched/fair: Rewrite runnable load and utilization average tracking") just by forking short-lived process pipelines built from ps(1) and grep(1) in a loop. I'm unable to reproduce the spikes after that commit, but the bug still seems to be present from code review. Signed-off-by: Matt Fleming Signed-off-by: Peter Zijlstra (Intel) Cc: Frederic Weisbecker Cc: Linus Torvalds Cc: Mike Galbraith Cc: Mike Galbraith Cc: Morten Rasmussen Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Vincent Guittot Fixes: commit 5167e8d ("sched/nohz: Rewrite and fix load-avg computation -- again") Link: http://lkml.kernel.org/r/20170217120731.11868-2-matt@codeblueprint.co.uk Signed-off-by: Ingo Molnar kernel/sched/loadavg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit dcc3b5ffe1b32771c9a22e2c916fb94c4fcf5b79 Author: Wanpeng Li Date: Mon Mar 6 21:51:28 2017 -0800 sched/deadline: Add missing update_rq_clock() in dl_task_timer() The following warning can be triggered by hot-unplugging the CPU on which an active SCHED_DEADLINE task is running on: ------------[ cut here ]------------ WARNING: CPU: 7 PID: 0 at kernel/sched/sched.h:833 replenish_dl_entity+0x71e/0xc40 rq->clock_update_flags < RQCF_ACT_SKIP CPU: 7 PID: 0 Comm: swapper/7 Tainted: G B 4.11.0-rc1+ #24 Hardware name: LENOVO ThinkCentre M8500t-N000/SHARKBAY, BIOS FBKTC1AUS 02/16/2016 Call Trace: dump_stack+0x85/0xc4 __warn+0x172/0x1b0 warn_slowpath_fmt+0xb4/0xf0 ? __warn+0x1b0/0x1b0 ? debug_check_no_locks_freed+0x2c0/0x2c0 ? cpudl_set+0x3d/0x2b0 replenish_dl_entity+0x71e/0xc40 enqueue_task_dl+0x2ea/0x12e0 ? dl_task_timer+0x777/0x990 ? __hrtimer_run_queues+0x270/0xa50 dl_task_timer+0x316/0x990 ? enqueue_task_dl+0x12e0/0x12e0 ? enqueue_task_dl+0x12e0/0x12e0 __hrtimer_run_queues+0x270/0xa50 ? hrtimer_cancel+0x20/0x20 ? hrtimer_interrupt+0x119/0x600 hrtimer_interrupt+0x19c/0x600 ? trace_hardirqs_off+0xd/0x10 local_apic_timer_interrupt+0x74/0xe0 smp_apic_timer_interrupt+0x76/0xa0 apic_timer_interrupt+0x93/0xa0 The DL task will be migrated to a suitable later deadline rq once the DL timer fires and currnet rq is offline. The rq clock of the new rq should be updated. This patch fixes it by updating the rq clock after holding the new rq's rq lock. Signed-off-by: Wanpeng Li Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Matt Fleming Cc: Juri Lelli Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1488865888-15894-1-git-send-email-wanpeng.li@hotmail.com Signed-off-by: Ingo Molnar kernel/sched/deadline.c | 1 + 1 file changed, 1 insertion(+) commit 6bce725a78de1b171928ce66dec2bae4b569e5d1 Author: Tobias Klauser Date: Wed Mar 8 14:30:34 2017 +0100 x86/mpx: Make unnecessarily global function static Make the function get_user_bd_entry() static as it is not used outside of arch/x86/mm/mpx.c This fixes a sparse warning. Signed-off-by: Tobias Klauser Cc: Dave Hansen Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/x86/mm/mpx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cf8c44d42c4f4f38468a53e9ce2a0314e7ebeaa1 Author: Amitkumar Karwar Date: Tue Feb 28 18:54:31 2017 +0530 MAINTAINERS: update for mwifiex driver maintainers Ganapathi & Xinming are starting to take a more active role in the mwifiex driver maintainership here onwards on account of organizational changes. CC: Xinming Hu CC: Ganapathi Bhat Signed-off-by: Amitkumar Karwar Signed-off-by: Nishant Sarmukadam Signed-off-by: Cathy Luo Signed-off-by: Kalle Valo MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) commit 36908c4e5b1063eff3e11336fab544a76c625b69 Author: Brian Norris Date: Fri Mar 10 17:39:23 2017 -0800 mwifiex: uninit wakeup info when removing device We manually init wakeup info, but we don't detach it on device removal. This means that if we (for example) rmmod + modprobe the driver, the device framework might return -EEXIST the second time, and we'll complain in the logs: [ 839.311881] mwifiex_pcie 0000:01:00.0: fail to init wakeup for mwifiex AFAICT, there's no other negative effect. But we can fix this by disabling wakeup on remove, similar to what a few other drivers do (e.g., the power supply framework). This code (and bug) has existed on SDIO for a while, but it got moved around and enabled for PCIe with commit 853402a00823 ("mwifiex: Enable WoWLAN for both sdio and pcie"). Signed-off-by: Brian Norris Signed-off-by: Kalle Valo drivers/net/wireless/marvell/mwifiex/main.c | 3 +++ 1 file changed, 3 insertions(+) commit ba1c7e45ec224cc8d2df33ecaee1946d48e79231 Author: Brian Norris Date: Fri Mar 10 17:39:22 2017 -0800 mwifiex: set adapter->dev before starting to use mwifiex_dbg() The mwifiex_dbg() log handler utilizes the struct device in adapter->dev. Without it, it decides not to print anything. As of commit 2e02b5814217 ("mwifiex: Allow mwifiex early access to device structure"), we started assigning that pointer only after we finished mwifiex_register() -- this effectively neuters any mwifiex_dbg() logging done before this point. Let's move the device assignment into mwifiex_register(). Fixes: 2e02b5814217 ("mwifiex: Allow mwifiex early access to device structure") Cc: Rajat Jain Signed-off-by: Brian Norris Signed-off-by: Kalle Valo drivers/net/wireless/marvell/mwifiex/main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 4e841d3eb9294ce4137fdb5d0a88f1bceab9c212 Author: Brian Norris Date: Fri Mar 10 17:39:21 2017 -0800 mwifiex: pcie: don't leak DMA buffers when removing When PCIe FLR support was added, much of the remove/release code for PCIe was migrated to ->down_dev(), but ->down_dev() is never called for device removal. Let's refactor the cleanup to be done in both cases. Also, drop the comments above mwifiex_cleanup_pcie(), because they were clearly wrong, and it's better to have clear and obvious code than to detail the code steps in comments anyway. Fixes: 4c5dae59d2e9 ("mwifiex: add PCIe function level reset support") Cc: Signed-off-by: Brian Norris Signed-off-by: Kalle Valo drivers/net/wireless/marvell/mwifiex/pcie.c | 38 ++++++++++++++--------------- 1 file changed, 19 insertions(+), 19 deletions(-) commit abda288bb207e5c681306299126af8c022709c18 Author: Dmitry Torokhov Date: Sun Feb 19 16:33:35 2017 -0800 auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches The OF device table must be terminated, otherwise we'll be walking past it and into areas unknown. Fixes: 0cad855fbd08 ("auxdisplay: img-ascii-lcd: driver for simple ASCII...") Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov Tested-by: Fengguang Wu Signed-off-by: Greg Kroah-Hartman drivers/auxdisplay/img-ascii-lcd.c | 1 + 1 file changed, 1 insertion(+) commit b7048ea12fbb2724ee0cd30752d4fac43cab0651 Author: Ville Syrjälä Date: Wed Mar 15 16:31:58 2017 +0200 drm/i915: Do .init_clock_gating() earlier to avoid it clobbering watermarks Currently ILK-BDW explicitly disable LP1+ watermarks from their .init_clock_gating() hooks. Unfortunately that hook gets called way too late since by that time we've already initialized all the watermark state tracking which then gets out of sync with the hardware state. We may eventually want to consider killing off the explicit LP1+ disable from .init_clock_gating(). In the meantime however, we can avoid the problem by reordering the init sequence such that intel_modeset_init_hw()->intel_init_clock_gating() gets called prior to the hardware state takeover. I suppose prior to the two stage watermark programming we were magically saved by something that forced the watermarks to be reprogrammed fully after .init_clock_gating() got called. But now that no longer happens. Note that the diff might look a bit odd as it kills off one call of intel_update_cdclk(), but that's fine because intel_modeset_init_hw() does the exact same thing. Previously we just did it twice. Actually even this new init sequence is pretty bogus as .init_clock_gating() really should be called before any gem hardware init since it can configure various clock gating workarounds and whatnot that affect the GT side as well. Also intel_modeset_init() really should get split up into better defined init stages. Another "fun" detail is that intel_modeset_gem_init() is where RPS/RC6 gets configured. Why that is done from the display code is beyond me. I've decided to leave all this be for now, and just try to fix the init sequence enough for watermarks to work. Cc: stable@vger.kernel.org Cc: Gabriele Mazzotta Cc: David Purton Cc: Matt Roper Cc: Maarten Lankhorst Reported-by: Gabriele Mazzotta Reported-by: David Purton Tested-by: Gabriele Mazzotta Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96645 Fixes: ed4a6a7ca853 ("drm/i915: Add two-stage ILK-style watermark programming (v11)") Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20170220140443.30891-1-ville.syrjala@linux.intel.com Reviewed-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20170315143158.31780-1-ville.syrjala@linux.intel.com (cherry picked from commit 5be6e33400992d3450e1c8234a5af353e1560580) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 9a3fcf912ef7f5c6e18f9af6875dd13f7311f7aa Author: Sara Sharon Date: Tue Mar 14 09:50:35 2017 +0200 iwlwifi: mvm: cleanup pending frames in DQA mode When a station is asleep, the fw will set it as "asleep". All queues that are used only by one station will be stopped by the fw. In pre-DQA mode this was relevant for aggregation queues. However, in DQA mode a queue is owned by one station only, so all queues will be stopped. As a result, we don't expect to get filtered frames back to mac80211 and don't have to maintain the entire pending_frames state logic, the same way as we do in aggregations. The correct behavior is to align DQA behavior with the aggregation queue behaviour pre-DQA: - Don't count pending frames. - Let mac80211 know we have frames in these queues so that it can properly handle trigger frames. When a trigger frame is received, mac80211 tells the driver to send frames from the queues using release_buffered_frames. The driver will tell the fw to let frames out even if the station is asleep. This is done by iwl_mvm_sta_modify_sleep_tx_count. Reported-and-tested-by: Jens Axboe Reported-by: Linus Torvalds Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho Signed-off-by: Kalle Valo drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 5 +-- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 11 +++--- drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 41 ++++++++++------------- 4 files changed, 28 insertions(+), 31 deletions(-) commit 5e030d5ce9d99a899b648413139ff65bab12b038 Author: K. Y. Srinivasan Date: Sun Mar 12 20:00:30 2017 -0700 Drivers: hv: vmbus: Don't leak memory when a channel is rescinded When we close a channel that has been rescinded, we will leak memory since vmbus_teardown_gpadl() returns an error. Fix this so that we can properly cleanup the memory allocated to the ring buffers. Fixes: ccb61f8a99e6 ("Drivers: hv: vmbus: Fix a rescind handling bug") Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/channel.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 9a5476020a5f06a0fc6f17097efc80275d2f03cd Author: K. Y. Srinivasan Date: Mon Mar 13 15:57:09 2017 -0700 Drivers: hv: vmbus: Don't leak channel ids If we cannot allocate memory for the channel, free the relid associated with the channel. Signed-off-by: K. Y. Srinivasan Cc: Signed-off-by: Greg Kroah-Hartman drivers/hv/channel_mgmt.c | 1 + 1 file changed, 1 insertion(+) commit 5a16dfc855127906fcd2935fb039bc8989313915 Author: Dexuan Cui Date: Sat Mar 4 18:14:00 2017 -0700 Drivers: hv: util: don't forget to init host_ts.lock Without the patch, I always get a "BUG: spinlock bad magic" warning. Fixes: 3716a49a81ba ("hv_utils: implement Hyper-V PTP source") Signed-off-by: Dexuan Cui Cc: Vitaly Kuznetsov Cc: "K. Y. Srinivasan" Cc: Haiyang Zhang Cc: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/hv_util.c | 2 ++ 1 file changed, 2 insertions(+) commit e9c18ae6eb2b312f16c63e34b43ea23926daa398 Author: Vitaly Kuznetsov Date: Sat Mar 4 18:13:59 2017 -0700 Drivers: hv: util: move waiting for release to hv_utils_transport itself Waiting for release_event in all three drivers introduced issues on release as on_reset() hook is not always called. E.g. if the device was never opened we will never get the completion. Move the waiting code to hvutil_transport_destroy() and make sure it is only called when the device is open. hvt->lock serialization should guarantee the absence of races. Fixes: 5a66fecbf6aa ("Drivers: hv: util: kvp: Fix a rescind processing issue") Fixes: 20951c7535b5 ("Drivers: hv: util: Fcopy: Fix a rescind processing issue") Fixes: d77044d142e9 ("Drivers: hv: util: Backup: Fix a rescind processing issue") Reported-by: Dexuan Cui Tested-by: Dexuan Cui Signed-off-by: Vitaly Kuznetsov Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/hv_fcopy.c | 4 ---- drivers/hv/hv_kvp.c | 4 ---- drivers/hv/hv_snapshot.c | 4 ---- drivers/hv/hv_utils_transport.c | 12 ++++++++---- drivers/hv/hv_utils_transport.h | 1 + 5 files changed, 9 insertions(+), 16 deletions(-) commit dad72a1d28442b03aac86836a42de2d00a1014ab Author: Dexuan Cui Date: Sat Mar 4 18:13:58 2017 -0700 vmbus: remove hv_event_tasklet_disable/enable With the recent introduction of per-channel tasklet, we need to update the way we handle the 3 concurrency issues: 1. hv_process_channel_removal -> percpu_channel_deq vs. vmbus_chan_sched -> list_for_each_entry(..., percpu_list); 2. vmbus_process_offer -> percpu_channel_enq/deq vs. vmbus_chan_sched. 3. vmbus_close_internal vs. the per-channel tasklet vmbus_on_event; The first 2 issues can be handled by Stephen's recent patch "vmbus: use rcu for per-cpu channel list", and the third issue can be handled by calling tasklet_disable in vmbus_close_internal here. We don't need the original hv_event_tasklet_disable/enable since we now use per-channel tasklet instead of the previous per-CPU tasklet, and actually we must remove them due to the side effect now: vmbus_process_offer -> hv_event_tasklet_enable -> tasklet_schedule will start the per-channel callback prematurely, cauing NULL dereferencing (the channel may haven't been properly configured to run the callback yet). Fixes: 631e63a9f346 ("vmbus: change to per channel tasklet") Signed-off-by: Dexuan Cui Cc: "K. Y. Srinivasan" Cc: Haiyang Zhang Cc: Stephen Hemminger Tested-by: Vitaly Kuznetsov Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/channel.c | 12 ++++-------- drivers/hv/channel_mgmt.c | 19 ------------------- include/linux/hyperv.h | 3 --- 3 files changed, 4 insertions(+), 30 deletions(-) commit 8200f2085abe7f29a016381f3122000cc7b2a760 Author: Stephen Hemminger Date: Sat Mar 4 18:13:57 2017 -0700 vmbus: use rcu for per-cpu channel list The per-cpu channel list is now referred to in the interrupt routine. This is mostly safe since the host will not normally generate an interrupt when channel is being deleted but if it did then there would be a use after free problem. To solve, this use RCU protection on ther per-cpu list. Fixes: 631e63a9f346 ("vmbus: change to per channel tasklet") Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/channel_mgmt.c | 7 ++++--- drivers/hv/vmbus_drv.c | 6 +++++- include/linux/hyperv.h | 7 +++++++ 3 files changed, 16 insertions(+), 4 deletions(-) commit c6240cacdb2c3cb56a21fb3ea0c105154ab87a2a Author: Alexander Usyskin Date: Sun Mar 5 21:40:42 2017 +0200 mei: don't wait for os version message reply The driver still struggles with firmwares that do not replay to the OS version request. It is safe not waiting for the replay. First, the driver doesn't do anything with the replay second the connection is closed immediately, hence the packet will be just safely discarded in case it is received and last the driver won't get stuck if the firmware won't reply. Cc: #4.10+ Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/bus-fixup.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) commit a733ded50b6ea846200073e7381a302df71e13b3 Author: Tomas Winkler Date: Sun Mar 5 21:40:41 2017 +0200 mei: fix deadlock on mei reset This patch fixes 'mei: synchronize irq before initiating a reset' The patch had introduced a deadlock between irq thread and mei_reset() as they are both holding the same device lock. ---> device_lock: mei_reset() <---- interrupt thread device_lock ---> synchornize_irq() wait on interrupt thread == (dead lock) The fix is to call synchronize_irq prior to call locked mei_reset function. Cc: #4.10+ Fixes: f302bb0de6ac (mei: synchronize irq before initiating a reset) Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/init.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 603980cecc71564e1c6289cd4d0704f11788dc3a Merge: 4495c08 340837f Author: Greg Kroah-Hartman Date: Thu Mar 16 10:46:33 2017 +0900 Merge tag 'stm-fixes-for-greg-20170315' of git://git.kernel.org/pub/scm/linux/kernel/git/ash/stm into char-misc-linus Alexander writes: intel_th: Fixes for 4.11 These are: * fix for a module refcount leak * two new PCI IDs commit 27b713c2e08ef27d500a79166098d42b24977500 Merge: 4daad1b 801a6aa9a6 Author: Dave Airlie Date: Thu Mar 16 11:28:44 2017 +1000 Merge branch 'drm-fixes-4.11' of git://people.freedesktop.org/~agd5f/linux into drm-fixes A few amd fixes. * 'drm-fixes-4.11' of git://people.freedesktop.org/~agd5f/linux: drm/amd/amdgpu: Fix debugfs reg read/write address width drm/amdgpu/si: add dpm quirk for Oland drm/radeon/si: add dpm quirk for Oland drm: amd: remove broken include path drm/amd/powerplay: fix copy error in smu7_clockpoweragting.c drm/amdgpu: fix parser init error path to avoid crash in parser fini drm/amd/amdgpu: Disable GFX_PG on Carrizo until compute issues solved commit 69eea5a4ab9c705496e912b55a9d312325de19e6 Merge: 95422de 9c62110 Author: Linus Torvalds Date: Wed Mar 15 16:54:58 2017 -0700 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Four small fixes for this cycle: - followup fix from Neil for a fix that went in before -rc2, ensuring that we always see the full per-task bio_list. - fix for blk-mq-sched from me that ensures that we retain similar direct-to-issue behavior on running the queue. - fix from Sagi fixing a potential NULL pointer dereference in blk-mq on spurious CPU unplug. - a memory leak fix in writeback from Tahsin, fixing a case where device removal of a mounted device can leak a struct wb_writeback_work" * 'for-linus' of git://git.kernel.dk/linux-block: blk-mq-sched: don't run the queue async from blk_mq_try_issue_directly() writeback: fix memory leak in wb_queue_work() blk-mq: Fix tagset reinit in the presence of cpu hot-unplug blk: Ensure users for current->bio_list can see the full list. commit 9b4f603e7a9f4282aec451063ffbbb8bb410dcd9 Author: Rafael J. Wysocki Date: Wed Mar 15 00:12:16 2017 +0100 cpufreq: Fix and clean up show_cpuinfo_cur_freq() There is a missing newline in show_cpuinfo_cur_freq(), so add it, but while at it clean that function up somewhat too. Signed-off-by: Rafael J. Wysocki Acked-by: Viresh Kumar Cc: All applicable drivers/cpufreq/cpufreq.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 645b8ef5943f95b74240568105ce2be21c6640b4 Author: Tomas Winkler Date: Tue Mar 14 14:19:36 2017 +0200 scsi: ufshcd-platform: remove the useless cast in ERR_PTR/IS_ERR IS_ERR and ERR_PTR already forcefully cast their argument, hence there is no need for additional (complex) casting. Signed-off-by: Tomas Winkler Reviewed-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufshcd-pltfrm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 046885251ae24b0fa1adbc5e3ca4a4bc9930c1f3 Author: Manish Rangankar Date: Wed Mar 15 01:32:53 2017 -0700 scsi: qedi: Add PCI device-ID for QL41xxx adapters. Signed-off-by: Manish Rangankar Signed-off-by: Martin K. Petersen drivers/scsi/qedi/qedi_main.c | 1 + 1 file changed, 1 insertion(+) commit e498520edec6655e93ac5e768b04f4fd2299fe4d Author: Raghava Aditya Renukunta Date: Tue Mar 14 09:20:19 2017 -0700 scsi: aacraid: Fix potential null access Currently, command threads fails to return ioctls commands for older controller versions, since it returns when all the fibs have been allocated. Another issue is even all the fibs have not been allocated, the correct allocated fibs is not updated nor freed. Fixes: 113156bcea9ef1e6 (scsi: aacraid: Reworked aac_command_thread) Reported-by: Tomas Henzl Signed-off-by: Raghava Aditya Renukunta Reviewed-by: Dave Carroll Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commsup.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) commit 5f7c2beef819d9ea2d1b814edf6f5981420e9cf8 Author: Bill Kuzeja Date: Tue Mar 14 13:28:44 2017 -0400 scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr After a Qlogic card breaks when initializing (test case), the system can crash in qla2xxx_eh_abort if processing anything but a scsi command type srb. Fixes: 1535aa75a3d8 ("scsi: qla2xxx: fix invalid DMA access after command aborts in PCI device remove") Signed-off-by: Bill Kuzeja Acked-By: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 22a0e18eac7a9e986fec76c60fa4a2926d1291e2 Author: Eric Dumazet Date: Wed Mar 15 13:21:28 2017 -0700 net: properly release sk_frag.page I mistakenly added the code to release sk->sk_frag in sk_common_release() instead of sk_destruct() TCP sockets using sk->sk_allocation == GFP_ATOMIC do no call sk_common_release() at close time, thus leaking one (order-3) page. iSCSI is using such sockets. Fixes: 5640f7685831 ("net: use a per task frag allocator") Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/core/sock.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 622c36f143fc9566ba49d7cec994c2da1182d9e2 Author: Lendacky, Thomas Date: Wed Mar 15 15:11:23 2017 -0500 amd-xgbe: Fix jumbo MTU processing on newer hardware Newer hardware does not provide a cumulative payload length when multiple descriptors are needed to handle the data. Once the MTU increases beyond the size that can be handled by a single descriptor, the SKB does not get built properly by the driver. The driver will now calculate the size of the data buffers used by the hardware. The first buffer of the first descriptor is for packet headers or packet headers and data when the headers can't be split. Subsequent descriptors in a multi-descriptor chain will not use the first buffer. The second buffer is used by all the descriptors in the chain for payload data. Based on whether the driver is processing the first, intermediate, or last descriptor it can calculate the buffer usage and build the SKB properly. Tested and verified on both old and new hardware. Signed-off-by: Tom Lendacky Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-common.h | 6 +- drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 20 +++--- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 102 +++++++++++++++++----------- 3 files changed, 78 insertions(+), 50 deletions(-) commit 5371bbf4b295eea334ed453efa286afa2c3ccff3 Author: Florian Fainelli Date: Wed Mar 15 12:57:21 2017 -0700 net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled Suspending the PHY would be putting it in a low power state where it may no longer allow us to do Wake-on-LAN. Fixes: cc013fb48898 ("net: bcmgenet: correctly suspend and resume PHY device") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 88d339e2d3be955848a034970970931a7ed33956 Author: Pablo Neira Date: Wed Mar 15 18:39:46 2017 +0100 MAINTAINERS: remove MACVLAN and VLAN entries macvlan.c file seems to be both in VLAN and MACVLAN DRIVER, so remove the MACVLAN DRIVER since this is redundant. I propose with this patch to remove the VLAN (802.1Q) entry so this just falls into the NETWORKING [GENERAL]. Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller MAINTAINERS | 15 --------------- 1 file changed, 15 deletions(-) commit e11607aad5edf4c41617a27291731c660f7d519d Merge: 3d20f1f 4494dbc Author: David S. Miller Date: Wed Mar 15 15:13:13 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree, a rather large batch of fixes targeted to nf_tables, conntrack and bridge netfilter. More specifically, they are: 1) Don't track fragmented packets if the socket option IP_NODEFRAG is set. From Florian Westphal. 2) SCTP protocol tracker assumes that ICMP error messages contain the checksum field, what results in packet drops. From Ying Xue. 3) Fix inconsistent handling of AH traffic from nf_tables. 4) Fix new bitmap set representation with big endian. Fix mismatches in nf_tables due to incorrect big endian handling too. Both patches from Liping Zhang. 5) Bridge netfilter doesn't honor maximum fragment size field, cap to largest fragment seen. From Florian Westphal. 6) Fake conntrack entry needs to be aligned to 8 bytes since the 3 LSB bits are now used to store the ctinfo. From Steven Rostedt. 7) Fix element comments with the bitmap set type. Revert the flush field in the nft_set_iter structure, not required anymore after fixing up element comments. 8) Missing error on invalid conntrack direction from nft_ct, also from Liping Zhang. ==================== Signed-off-by: David S. Miller commit 3d20f1f7bd575d147ffa75621fa560eea0aec690 Author: Or Gerlitz Date: Wed Mar 15 18:10:47 2017 +0200 net/openvswitch: Set the ipv6 source tunnel key address attribute correctly When dealing with ipv6 source tunnel key address attribute (OVS_TUNNEL_KEY_ATTR_IPV6_SRC) we are wrongly setting the tunnel dst ip, fix that. Fixes: 6b26ba3a7d95 ('openvswitch: netlink attributes for IPv6 tunneling') Signed-off-by: Or Gerlitz Reported-by: Paul Blakey Acked-by: Jiri Benc Acked-by: Joe Stringer Signed-off-by: David S. Miller net/openvswitch/flow_netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 186ecf14e58befba434f0774eea89e35f64d3c6a Author: Helge Deller Date: Wed Mar 15 21:48:42 2017 +0100 parisc: Avoid compiler warnings with access_ok() Commit 09b871ffd4d8 (parisc: Define access_ok() as macro) missed to mark uaddr as used, which then gives compiler warnings about unused variables. Fix it by comparing uaddr to uaddr which then gets optimized away by the compiler. Signed-off-by: Helge Deller Fixes: 09b871ffd4d8 ("parisc: Define access_ok() as macro") arch/parisc/include/asm/uaccess.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 801a6aa9a63c90724e8899982ad8c7f16be1e2cd Author: Tom St Denis Date: Wed Mar 15 05:34:25 2017 -0400 drm/amd/amdgpu: Fix debugfs reg read/write address width The MMIO space is wider now so we mask the lower 22 bits instead of 18. Signed-off-by: Tom St Denis Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 18a8de1bc37e97dff1c96ee6cf49adbd02a0f775 Author: Alex Deucher Date: Tue Mar 14 19:24:19 2017 -0400 drm/amdgpu/si: add dpm quirk for Oland OLAND 0x1002:0x6604 0x1028:0x066F 0x00 seems to have problems with higher sclks. Acked-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si_dpm.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 0f424de1fd9bc4ab24bd1fe5430ab5618e803e31 Author: Alex Deucher Date: Tue Mar 14 14:42:03 2017 -0400 drm/radeon/si: add dpm quirk for Oland OLAND 0x1002:0x6604 0x1028:0x066F 0x00 seems to have problems with higher sclks. Acked-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/si_dpm.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 63d32d1e09cb2fc65b084b261976c06b40d19115 Author: Helge Deller Date: Wed Mar 15 21:10:17 2017 +0100 parisc: Wire up statx system call Signed-off-by: Helge Deller arch/parisc/include/uapi/asm/unistd.h | 3 ++- arch/parisc/kernel/syscall_table.S | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) commit 316ec0624f951166daedbe446988ef92ae72b59f Author: John David Anglin Date: Sat Mar 11 18:03:34 2017 -0500 parisc: Optimize flush_kernel_vmap_range and invalidate_kernel_vmap_range The previously submitted patch did not resolve the random segmentation faults observed on the phantom buildd system. There are still unresolved problems with the Debian 4.8 and 4.9 kernels on C8000. The attached patch removes the flush of the offset map pages and does a whole data cache flush for large ranges. No other arch flushes the offset map in these routines as far as I can tell. I have not observed any random segmentation faults on rp3440 in two weeks of testing with 4.10.0 and 4.10.1. Signed-off-by: John David Anglin Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Helge Deller arch/parisc/include/asm/cacheflush.h | 23 ++--------------------- arch/parisc/kernel/cache.c | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+), 21 deletions(-) commit 5f655322b1ba4bd46e26e307d04098f9c84df764 Author: Mikulas Patocka Date: Tue Mar 14 11:47:29 2017 -0400 parisc: support R_PARISC_SECREL32 relocation in modules The parisc kernel doesn't work with CONFIG_MODVERSIONS since the commit 71810db27c1c853b335675bee335d893bc3d324b. It can't load modules with the error: "module unix: Unknown relocation: 41". The commit changes __kcrctab from 64-bit valus to 32-bit values. The assembler generates R_PARISC_SECREL32 secrel relocation for them and the module loader doesn't support this relocation. This patch adds the R_PARISC_SECREL32 relocation to the module loader. Signed-off-by: Mikulas Patocka Cc: stable@vger.kernel.org # v4.10+ Signed-off-by: Helge Deller arch/parisc/kernel/module.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit e83bb3e6f3efa21f4a9d883a25d0ecd9dfb431e1 Author: Michael Engl Date: Tue Oct 3 13:57:00 2017 +0100 iio: adc: ti_am335x_adc: fix fifo overrun recovery The tiadc_irq_h(int irq, void *private) function is handling FIFO overruns by clearing flags, disabling and enabling the ADC to recover. If the ADC is running in continuous mode a FIFO overrun happens regularly. If the disabling of the ADC happens concurrently with a new conversion. It might happen that the enabling of the ADC is ignored by the hardware. This stops the ADC permanently. No more interrupts are triggered. According to the AM335x Reference Manual (SPRUH73H October 2011 - Revised April 2013 - Chapter 12.4 and 12.5) it is necessary to check the ADC FSM bits in REG_ADCFSM before enabling the ADC again. Because the disabling of the ADC is done right after the current conversion has been finished. To trigger this bug it is necessary to run the ADC in continuous mode. The ADC values of all channels need to be read in an endless loop. The bug appears within the first 6 hours (~5.4 million handled FIFO overruns). The user space application will hang on reading new values from the character device. Fixes: ca9a563805f7a ("iio: ti_am335x_adc: Add continuous sampling support") Signed-off-by: Michael Engl Cc: Signed-off-by: Jonathan Cameron drivers/iio/adc/ti_am335x_adc.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit fe8daf5fa715f7214952f06a387e4b7de818c5be Author: Taku Izumi Date: Wed Mar 15 13:47:50 2017 +0900 fjes: Fix wrong netdevice feature flags This patch fixes netdev->features for Extended Socket network device. Currently Extended Socket network device's netdev->feature claims NETIF_F_HW_CSUM, however this is completely wrong. There's no feature of checksum offloading. That causes invalid TCP/UDP checksum and packet rejection when IP forwarding from Extended Socket network device to other network device. NETIF_F_HW_CSUM should be omitted. Signed-off-by: Taku Izumi Signed-off-by: David S. Miller drivers/net/fjes/fjes_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cd9cb405e0b948363811dc74dbb2890f56f2cb87 Author: Eric Biggers Date: Wed Mar 15 15:08:48 2017 -0400 jbd2: don't leak memory if setting up journal fails In journal_init_common(), if we failed to allocate the j_wbuf array, or if we failed to create the buffer_head for the journal superblock, we leaked the memory allocated for the revocation tables. Fix this. Cc: stable@vger.kernel.org # 4.9 Fixes: f0c9fd5458bacf7b12a9a579a727dc740cbe047e Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara fs/jbd2/journal.c | 22 +++++++++++----------- fs/jbd2/revoke.c | 1 + 2 files changed, 12 insertions(+), 11 deletions(-) commit b9cf625d6ecde0d372e23ae022feead72b4228a6 Author: Eric Biggers Date: Wed Mar 15 14:52:02 2017 -0400 ext4: mark inode dirty after converting inline directory If ext4_convert_inline_data() was called on a directory with inline data, the filesystem was left in an inconsistent state (as considered by e2fsck) because the file size was not increased to cover the new block. This happened because the inode was not marked dirty after i_disksize was updated. Fix this by marking the inode dirty at the end of ext4_finish_convert_inline_dir(). This bug was probably not noticed before because most users mark the inode dirty afterwards for other reasons. But if userspace executed FS_IOC_SET_ENCRYPTION_POLICY with invalid parameters, as exercised by 'kvm-xfstests -c adv generic/396', then the inode was never marked dirty after updating i_disksize. Cc: stable@vger.kernel.org # 3.10+ Fixes: 3c47d54170b6a678875566b1b8d6dcf57904e49b Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/ext4/inline.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit ca4a213db0b66513ba384d5f397fa60f1d0550d0 Merge: a11be42 7d70803 Author: James Bottomley Date: Wed Mar 15 11:28:54 2017 -0700 Merge remote-tracking branch 'mkp-scsi/4.11/scsi-fixes' into fixes commit 94840e3c802daa1a62985957f36ac48faf8ceedd Author: Eric Biggers Date: Wed Feb 22 13:25:14 2017 -0800 fscrypt: eliminate ->prepare_context() operation The only use of the ->prepare_context() fscrypt operation was to allow ext4 to evict inline data from the inode before ->set_context(). However, there is no reason why this cannot be done as simply the first step in ->set_context(), and in fact it makes more sense to do it that way because then the policy modes and flags get validated before any real work is done. Therefore, merge ext4_prepare_context() into ext4_set_context(), and remove ->prepare_context(). Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/crypto/policy.c | 7 ------- fs/ext4/super.c | 10 ++++------ include/linux/fscrypt_common.h | 1 - 3 files changed, 4 insertions(+), 14 deletions(-) commit 95422dec6bd4a7c57444743f7b1bb375335a6298 Merge: aabcf5f a11be42 Author: Linus Torvalds Date: Wed Mar 15 10:44:19 2017 -0700 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "This is a rather large set of fixes. The bulk are for lpfc correcting a lot of issues in the new NVME driver code which just went in in the merge window. The others are: - fix a hang in the vmware paravirt driver caused by incorrect handling of the new MSI vector allocation - long standing bug in storvsc, which recent block changes turned from being a harmless annoyance into a hang - yet more fallout (in mpt3sas) from the changes to device blocking The remainder are small fixes and updates" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (34 commits) scsi: lpfc: Add shutdown method for kexec scsi: storvsc: Workaround for virtual DVD SCSI version scsi: lpfc: revise version number to 11.2.0.10 scsi: lpfc: code cleanups in NVME initiator discovery scsi: lpfc: code cleanups in NVME initiator base scsi: lpfc: correct rdp diag portnames scsi: lpfc: remove dead sli3 nvme code scsi: lpfc: correct double print scsi: lpfc: Rename LPFC_MAX_EQ_DELAY to LPFC_MAX_EQ_DELAY_EQID_CNT scsi: lpfc: Rework lpfc Kconfig for NVME options scsi: lpfc: add transport eh_timed_out reference scsi: lpfc: Fix eh_deadline setting for sli3 adapters. scsi: lpfc: add NVME exchange aborts scsi: lpfc: Fix nvme allocation bug on failed nvme_fc_register_localport scsi: lpfc: Fix IO submission if WQ is full scsi: lpfc: Fix NVME CMD IU byte swapped word 1 problem scsi: lpfc: Fix RCTL value on NVME LS request and response scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters scsi: lpfc: fix missing spin_unlock on sql_list_lock scsi: lpfc: don't dereference dma_buf->iocbq before null check ... commit 7d7080335f8d93a51e8238b6e85be8af4ba452b6 Author: James Smart Date: Wed Mar 8 14:36:01 2017 -0800 scsi: lpfc: Finalize Kconfig options for nvme Reviewing the result of what was just added for Kconfig, we made a poor choice. It worked well for full kernel builds, but not so much for how it would be deployed on a distro. Here's the final result: - lpfc will compile in NVME initiator and/or NVME target support based on whether the kernel has the corresponding subsystem support. Kconfig is not used to drive this specifically for lpfc. - There is a module parameter, lpfc_enable_fc4_type, that indicates whether the ports will do FCP-only or FCP & NVME (NVME-only not yet possible due to dependency on fc transport). As FCP & NVME divvys up exchange resources, and given NVME will not be often initially, the default is changed to FCP only. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/Kconfig | 14 -------------- drivers/scsi/lpfc/lpfc_attr.c | 4 ++-- drivers/scsi/lpfc/lpfc_init.c | 7 +++++++ drivers/scsi/lpfc/lpfc_nvme.c | 8 ++++---- drivers/scsi/lpfc/lpfc_nvmet.c | 8 ++++---- 5 files changed, 17 insertions(+), 24 deletions(-) commit 949d7fa158b2b1af533bdb1af0dda8ab103ac58d Author: Tomas Winkler Date: Sun Mar 12 12:22:02 2017 +0200 scsi: ufs: don't check unsigned type for a negative value Fix compilation warning: drivers/scsi/ufs/ufshcd.c:7645:13: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits] if ((value < UFS_PM_LVL_0) || (value >= UFS_PM_LVL_MAX)) Signed-off-by: Tomas Winkler Reviewed-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufshcd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2ef2884980873081a4edae92f9d88dd580c85f6e Author: Don Brace Date: Fri Mar 10 14:35:23 2017 -0600 scsi: hpsa: do not timeout reset operations Resets can take longer than DEFAULT_TIMEOUT. Reviewed-by: Scott Benesh Reviewed-by: Scott Teel Reviewed-by: Tomas Henzl Signed-off-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/hpsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 87b9e6aa87d9411f1059aa245c0c79976bc557ac Author: Don Brace Date: Fri Mar 10 14:35:17 2017 -0600 scsi: hpsa: limit outstanding rescans Avoid rescan storms. No need to queue another if one is pending. Reviewed-by: Scott Benesh Reviewed-by: Scott Teel Reviewed-by: Tomas Henzl Signed-off-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/hpsa.c | 16 +++++++++++++++- drivers/scsi/hpsa.h | 1 + 2 files changed, 16 insertions(+), 1 deletion(-) commit 85b29008d8af6d94a0723aaa8d93cfb6e041158b Author: Don Brace Date: Fri Mar 10 14:35:11 2017 -0600 scsi: hpsa: update check for logical volume status - Add in a new case for volume offline. Resolves internal testing bug for multilun array management. - Return correct status for failed TURs. Reviewed-by: Scott Benesh Reviewed-by: Scott Teel Signed-off-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/hpsa.c | 35 ++++++++++++++++------------------- drivers/scsi/hpsa_cmd.h | 2 ++ 2 files changed, 18 insertions(+), 19 deletions(-) commit 62a10498afb27370ec6018e9d802b74850fd8d9a Author: Kuninori Morimoto Date: Tue Mar 14 09:34:49 2017 +0900 ASoC: rcar: clear DE bit only in PDMACHCR when it stops R-Car datasheet indicates "Clear DE in PDMACHCR" for transfer stop, but current code clears all bits in PDMACHCR. Because of this, DE bit might never been cleared, and it causes CMD overflow. This patch fixes this issue. Signed-off-by: Kuninori Morimoto Tested-by: Hiroyuki Yokoyama Signed-off-by: Mark Brown sound/soc/sh/rcar/dma.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit 1b53cf9815bb4744958d41f3795d5d5a1d365e2d Author: Eric Biggers Date: Tue Feb 21 15:07:11 2017 -0800 fscrypt: remove broken support for detecting keyring key revocation Filesystem encryption ostensibly supported revoking a keyring key that had been used to "unlock" encrypted files, causing those files to become "locked" again. This was, however, buggy for several reasons, the most severe of which was that when key revocation happened to be detected for an inode, its fscrypt_info was immediately freed, even while other threads could be using it for encryption or decryption concurrently. This could be exploited to crash the kernel or worse. This patch fixes the use-after-free by removing the code which detects the keyring key having been revoked, invalidated, or expired. Instead, an encrypted inode that is "unlocked" now simply remains unlocked until it is evicted from memory. Note that this is no worse than the case for block device-level encryption, e.g. dm-crypt, and it still remains possible for a privileged user to evict unused pages, inodes, and dentries by running 'sync; echo 3 > /proc/sys/vm/drop_caches', or by simply unmounting the filesystem. In fact, one of those actions was already needed anyway for key revocation to work even somewhat sanely. This change is not expected to break any applications. In the future I'd like to implement a real API for fscrypt key revocation that interacts sanely with ongoing filesystem operations --- waiting for existing operations to complete and blocking new operations, and invalidating and sanitizing key material and plaintext from the VFS caches. But this is a hard problem, and for now this bug must be fixed. This bug affected almost all versions of ext4, f2fs, and ubifs encryption, and it was potentially reachable in any kernel configured with encryption support (CONFIG_EXT4_ENCRYPTION=y, CONFIG_EXT4_FS_ENCRYPTION=y, CONFIG_F2FS_FS_ENCRYPTION=y, or CONFIG_UBIFS_FS_ENCRYPTION=y). Note that older kernels did not use the shared fs/crypto/ code, but due to the potential security implications of this bug, it may still be worthwhile to backport this fix to them. Fixes: b7236e21d55f ("ext4 crypto: reorganize how we store keys in the inode") Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Acked-by: Michael Halcrow fs/crypto/crypto.c | 10 +-------- fs/crypto/fname.c | 2 +- fs/crypto/fscrypt_private.h | 4 ---- fs/crypto/keyinfo.c | 52 ++++++++------------------------------------- 4 files changed, 11 insertions(+), 57 deletions(-) commit aabcf5fcd01b1841b2701e423a1e9c531e3e374d Merge: defc7d7 28ea06c Author: Linus Torvalds Date: Wed Mar 15 09:33:15 2017 -0700 Merge tag 'gfs2-4.11-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull gfs2 fix from Bob Peterson: "This is an emergency patch for 4.11-rc3 The GFS2 developers uncovered a really nasty problem that can lead to random corruption and kernel panic, much like the last one. Andreas Gruenbacher wrote a simple one-line patch to fix the problem." * tag 'gfs2-4.11-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Avoid alignment hole in struct lm_lockname commit defc7d752265c2d8d212aee9fb499243260883e9 Merge: ae50dfd 28b62b1 Author: Linus Torvalds Date: Wed Mar 15 09:26:04 2017 -0700 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: - self-test failure of crc32c on powerpc - regressions of ecb(aes) when used with xts/lrw in s5p-sss - a number of bugs in the omap RNG driver * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: s5p-sss - Fix spinlock recursion on LRW(AES) hwrng: omap - Do not access INTMASK_REG on EIP76 hwrng: omap - use devm_clk_get() instead of of_clk_get() hwrng: omap - write registers after enabling the clock crypto: s5p-sss - Fix completing crypto request in IRQ handler crypto: powerpc - Fix initialisation of crc32c context commit 4494dbc6dec37817f2cc2aa7604039a9e87ada18 Author: Liping Zhang Date: Wed Mar 15 22:22:08 2017 +0800 netfilter: nft_ct: do cleanup work when NFTA_CT_DIRECTION is invalid We should jump to invoke __nft_ct_set_destroy() instead of just return error. Fixes: edee4f1e9245 ("netfilter: nft_ct: add zone id set support") Signed-off-by: Liping Zhang Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_ct.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e4c204ced0ac25e02e58679f07096c5bac0b0d96 Author: Rafael J. Wysocki Date: Tue Mar 14 16:18:34 2017 +0100 cpufreq: intel_pstate: Avoid percentages in limits-related computations Currently, intel_pstate_update_perf_limits() first converts the policy minimum and maximum limits into percentages of the maximum turbo frequency (rounding up to an integer) and then converts these percentages to fractions (by using fixed-point arithmetic to divide them by 100). That introduces a rounding error unnecessarily, because the fractions can be obtained by carrying out fixed-point divisions directly on the input numbers. Rework the computations in intel_pstate_hwp_set() to use fractions instead of percentages (and drop redundant local variables from there) and modify intel_pstate_update_perf_limits() to compute the fractions directly and percentages out of them. While at it, introduce percent_ext_fp() for converting percentages to fractions (with extended number of fraction bits) and use it in the computations. Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 56 +++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 28 deletions(-) commit 363dad58e4a0f72dce0bf12d361d617239a80317 Author: Stafford Horne Date: Tue Mar 14 22:52:49 2017 +0900 openrisc: Export symbols needed by modules This was detected by allmodconfig, errors reported: ERROR: "empty_zero_page" [net/ceph/libceph.ko] undefined! ERROR: "__ucmpdi2" [lib/842/842_decompress.ko] undefined! ERROR: "empty_zero_page" [fs/nfs/objlayout/objlayoutdriver.ko] undefined! ERROR: "empty_zero_page" [fs/exofs/exofs.ko] undefined! ERROR: "empty_zero_page" [fs/crypto/fscrypto.ko] undefined! ERROR: "__ucmpdi2" [fs/btrfs/btrfs.ko] undefined! ERROR: "pm_power_off" [drivers/regulator/act8865-regulator.ko] undefined! ERROR: "__ucmpdi2" [drivers/media/i2c/adv7842.ko] undefined! ERROR: "__clear_user" [drivers/md/dm-mod.ko] undefined! ERROR: "__clear_user" [net/netfilter/x_tables.ko] undefined! Signed-off-by: Stafford Horne arch/openrisc/kernel/or32_ksyms.c | 4 ++++ arch/openrisc/kernel/process.c | 1 + 2 files changed, 5 insertions(+) commit 154e67cd8e8f964809d0e75e44bb121b169c75b3 Author: Stafford Horne Date: Mon Mar 13 07:44:45 2017 +0900 openrisc: fix issue handling 8 byte get_user calls Was getting the following error with allmodconfig: ERROR: "__get_user_bad" [lib/test_user_copy.ko] undefined! This was simply a missing break statement, causing an unwanted fall through. Signed-off-by: Stafford Horne arch/openrisc/include/asm/uaccess.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8af42949d1681379c1a97d230de9242c1f4f326a Author: Stafford Horne Date: Mon Mar 13 07:41:55 2017 +0900 openrisc: xchg: fix `computed is not used` warning When building allmodconfig this warning shows. fs/ocfs2/file.c: In function 'ocfs2_file_write_iter': ./arch/openrisc/include/asm/cmpxchg.h:81:3: warning: value computed is not used [-Wunused-value] ((typeof(*(ptr)))__xchg((unsigned long)(with), (ptr), sizeof(*(ptr)))) ^ Applying the same patch logic that was done to the cmpxchg macro. Signed-off-by: Stafford Horne arch/openrisc/include/asm/cmpxchg.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 28ea06c46fbcab63fd9a55531387b7928a18a590 Author: Andreas Gruenbacher Date: Mon Mar 6 12:58:42 2017 -0500 gfs2: Avoid alignment hole in struct lm_lockname Commit 88ffbf3e03 switches to using rhashtables for glocks, hashing over the entire struct lm_lockname instead of its individual fields. On some architectures, struct lm_lockname contains a hole of uninitialized memory due to alignment rules, which now leads to incorrect hash values. Get rid of that hole. Signed-off-by: Andreas Gruenbacher Signed-off-by: Bob Peterson CC: #v4.3+ fs/gfs2/incore.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 340837f985c2cb87ca0868d4aa9ce42b0fab3a21 Author: Alexander Shishkin Date: Thu Jun 30 16:10:51 2016 +0300 intel_th: pci: Add Gemini Lake support This adds Intel(R) Trace Hub PCI ID for Gemini Lake SOC. Signed-off-by: Alexander Shishkin drivers/hwtracing/intel_th/pci.c | 5 +++++ 1 file changed, 5 insertions(+) commit 5118ccd34780f4637a9360be580f41f4c1feab48 Author: Alexander Shishkin Date: Tue Sep 8 14:03:55 2015 +0300 intel_th: pci: Add Denverton SOC support This adds Intel(R) Trace Hub PCI ID for Denverton SOC. Signed-off-by: Alexander Shishkin drivers/hwtracing/intel_th/pci.c | 5 +++++ 1 file changed, 5 insertions(+) commit e609ccef5222c73b46b322be7d3796d60bff353d Author: Alexander Shishkin Date: Fri Feb 24 16:04:15 2017 +0200 intel_th: Don't leak module refcount on failure to activate Output 'activation' may fail for the reasons of the output driver, for example, if msc's buffer is not allocated. We forget, however, to drop the module reference in this case. So each attempt at activation in this case leaks a reference, preventing the module from ever unloading. This patch adds the missing module_put() in the activation error path. Signed-off-by: Alexander Shishkin Cc: stable@vger.kernel.org # v4.8+ drivers/hwtracing/intel_th/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit e67351d56a709853046fbe652b981fb7ca4c3dcc Author: Ander Conselvan de Oliveira Date: Wed Mar 15 11:57:47 2017 +0200 drm/i915/glk: Remove MODULE_FIRMWARE() tag from Geminilake's DMC Geminilake's DMC is not yet available in the linux-firmware repository. To prevent userspace tools such as mkinitramfs to complain about missing firmware, remove the MODULE_FIRMWARE() tag for now. Fixes: dbb28b5c3d3c ("drm/i915/DMC/GLK: Load DMC on GLK") Cc: Rodrigo Vivi Cc: Anusha Srivatsa Cc: Daniel Vetter Cc: Jani Nikula Cc: intel-gfx@lists.freedesktop.org Cc: Signed-off-by: Ander Conselvan de Oliveira Acked-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/20170306085651.14008-1-ander.conselvan.de.oliveira@intel.com Link: http://patchwork.freedesktop.org/patch/msgid/20170315095747.21845-1-ander.conselvan.de.oliveira@intel.com (cherry picked from commit d9321a03efcda867b3a8c6327e01808516f0acd7) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_csr.c | 1 - 1 file changed, 1 deletion(-) commit 630a04e79dd41ff746b545d4fc052e0abb836120 Author: Darrick J. Wong Date: Wed Mar 15 00:24:25 2017 -0700 xfs: verify inline directory data forks When we're reading or writing the data fork of an inline directory, check the contents to make sure we're not overflowing buffers or eating garbage data. xfs/348 corrupts an inline symlink into an inline directory, triggering a buffer overflow bug. Signed-off-by: Darrick J. Wong Reviewed-by: Brian Foster --- v2: add more checks consistent with _dir2_sf_check and make the verifier usable from anywhere. fs/xfs/libxfs/xfs_dir2_priv.h | 2 + fs/xfs/libxfs/xfs_dir2_sf.c | 87 ++++++++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_inode_fork.c | 26 +++++++++++-- fs/xfs/libxfs/xfs_inode_fork.h | 2 +- fs/xfs/xfs_dir2_readdir.c | 11 ------ fs/xfs/xfs_inode.c | 12 ++++-- 6 files changed, 122 insertions(+), 18 deletions(-) commit ae50dfd61665086e617cc9e554a1285d52765670 Merge: 352526f 1e6a1cd Author: Linus Torvalds Date: Tue Mar 14 21:31:23 2017 -0700 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Ensure that mtu is at least IPV6_MIN_MTU in ipv6 VTI tunnel driver, from Steffen Klassert. 2) Fix crashes when user tries to get_next_key on an LPM bpf map, from Alexei Starovoitov. 3) Fix detection of VLAN fitlering feature for bnx2x VF devices, from Michal Schmidt. 4) We can get a divide by zero when TCP socket are morphed into listening state, fix from Eric Dumazet. 5) Fix socket refcounting bugs in skb_complete_wifi_ack() and skb_complete_tx_timestamp(). From Eric Dumazet. 6) Use after free in dccp_feat_activate_values(), also from Eric Dumazet. 7) Like bonding team needs to use ETH_MAX_MTU as netdev->max_mtu, from Jarod Wilson. 8) Fix use after free in vrf_xmit(), from David Ahern. 9) Don't do UDP Fragmentation Offload on IPComp ipsec packets, from Alexey Kodanev. 10) Properly check napi_complete_done() return value in order to decide whether to re-enable IRQs or not in amd-xgbe driver, from Thomas Lendacky. 11) Fix double free of hwmon device in marvell phy driver, from Andrew Lunn. 12) Don't crash on malformed netlink attributes in act_connmark, from Etienne Noss. 13) Don't remove routes with a higher metric in ipv6 ECMP route replace, from Sabrina Dubroca. 14) Don't write into a cloned SKB in ipv6 fragmentation handling, from Florian Westphal. 15) Fix routing redirect races in dccp and tcp, basically the ICMP handler can't modify the socket's cached route in it's locked by the user at this moment. From Jon Maxwell. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (108 commits) qed: Enable iSCSI Out-of-Order qed: Correct out-of-bound access in OOO history qed: Fix interrupt flags on Rx LL2 qed: Free previous connections when releasing iSCSI qed: Fix mapping leak on LL2 rx flow qed: Prevent creation of too-big u32-chains qed: Align CIDs according to DORQ requirement mlxsw: reg: Fix SPVMLR max record count mlxsw: reg: Fix SPVM max record count net: Resend IGMP memberships upon peer notification. dccp: fix memory leak during tear-down of unsuccessful connection request tun: fix premature POLLOUT notification on tun devices dccp/tcp: fix routing redirect race ucc/hdlc: fix two little issue vxlan: fix ovs support net: use net->count to check whether a netns is alive or not bridge: drop netfilter fake rtable unconditionally ipv6: avoid write to a possibly cloned skb net: wimax/i2400m: fix NULL-deref at probe isdn/gigaset: fix NULL-deref at probe ... commit 4daad1b2b087eb43611653a7e1b0ecb01f4f7481 Merge: 490b898 6aef660 Author: Dave Airlie Date: Wed Mar 15 11:32:46 2017 +1000 Merge tag 'drm-intel-fixes-2017-03-14' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes drm/i915 fixes for v4.11-rc3 * tag 'drm-intel-fixes-2017-03-14' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: Fix forcewake active domain tracking drm/i915: Nuke skl_update_plane debug message from the pipe update critical section drm/i915: use correct node for handling cache domain eviction drm/i915: Drain the freed state from the tail of the next commit drm/i915: Nuke debug messages from the pipe update critical section drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl drm/i915: Store a permanent error in obj->mm.pages drm/i915: Move updating color management to before vblank evasion drm/i915/gen9: Increase PCODE request timeout to 50ms drm/i915: Avoid tweaking evaluation thresholds on Baytrail v3 drm/i915: Remove the vma from the drm_mm if binding fails drm/i915/fbdev: Stop repeating tile configuration on stagnation drm/i915/glk: Fix watermark computations for third sprite plane drm/i915: Squelch any ktime/jiffie rounding errors for wait-ioctl commit 490b89813c24f2362f46fea3bbc222a273a0a7a8 Merge: 6ed5117 d1479f6 Author: Dave Airlie Date: Wed Mar 15 11:30:46 2017 +1000 Merge branch 'for-upstream/malidp-fixes' of git://linux-arm.org/linux-ld into drm-fixes * 'for-upstream/malidp-fixes' of git://linux-arm.org/linux-ld: drm: mali-dp: Fix smart layer not going to composition drm: mali-dp: Remove mclk rate management commit 6ed511757702abaa1b9925fd87e049bae3489f05 Merge: e7bb405 337ba7f Author: Dave Airlie Date: Wed Mar 15 11:30:14 2017 +1000 Merge tag 'omapdrm-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux into drm-fixes omapdrm fixes for v4.11 - Fix types in omapdrm uapi header to avoid userspace compilation errors - Fix dmabuf mmap for dma_alloc'ed buffers * tag 'omapdrm-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: uapi: fix drm/omap_drm.h userspace compilation errors drm/omap: fix dmabuf mmap for dma_alloc'ed buffers commit e7bb40565c43e23956b4aada28008a4eb0628410 Merge: 4495c08 11abbc9 Author: Dave Airlie Date: Wed Mar 15 11:29:33 2017 +1000 Merge tag 'tilcdc-4.11-fixes' of https://github.com/jsarha/linux into drm-fixes drm/tilcdc fixes for Linux v4.11 * tag 'tilcdc-4.11-fixes' of https://github.com/jsarha/linux: drm/tilcdc: Set framebuffer DMA address to HW only if CRTC is enabled drm/tilcdc: Fix hardcoded fail-return value in tilcdc_crtc_create() commit 655d9ca9ac075da1ef2a45012ba48a39f6eb1f58 Author: Arnd Bergmann Date: Tue Mar 14 22:27:11 2017 +0100 drm: amd: remove broken include path The AMD ACP driver adds "-I../acp -I../acp/include" to the gcc command line, which makes no sense, since these are evaluated relative to the build directory. When we build with "make W=1", they instead cause a warning: cc1: error: ../acp/: No such file or directory [-Werror=missing-include-dirs] cc1: error: ../acp/include: No such file or directory [-Werror=missing-include-dirs] cc1: all warnings being treated as errors ../scripts/Makefile.build:289: recipe for target 'drivers/gpu/drm/amd/amdgpu/amdgpu_drv.o' failed ../scripts/Makefile.build:289: recipe for target 'drivers/gpu/drm/amd/amdgpu/amdgpu_device.o' failed ../scripts/Makefile.build:289: recipe for target 'drivers/gpu/drm/amd/amdgpu/amdgpu_kms.o' failed This removes the subdir-ccflags variable that evidently did not serve any purpose here. Signed-off-by: Arnd Bergmann Signed-off-by: Alex Deucher drivers/gpu/drm/amd/acp/Makefile | 2 -- 1 file changed, 2 deletions(-) commit 352526f45387cb96671f13b003bdd5b249e509bd Merge: 6517569 b6a6759 Author: Linus Torvalds Date: Tue Mar 14 15:11:19 2017 -0700 Merge branch 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup fixes from Tejun Heo: "Three cgroup fixes. Nothing critical: - the pids controller could trigger suspicious RCU warning spuriously. Fixed. - in the debug controller, %p -> %pK to protect kernel pointer from getting exposed. - documentation formatting fix" * 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: cgroups: censor kernel pointer in debug files cgroup/pids: remove spurious suspicious RCU usage warning cgroup: Fix indenting in PID controller documentation commit 6517569d4ef33fe52b0d0ce8161349a55f88dded Merge: bc25887 6022c5c Author: Linus Torvalds Date: Tue Mar 14 15:00:43 2017 -0700 Merge branch 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata fixes from Tejun Heo: "Three libata fixes: - fix for a circular reference bug in sysfs code which prevented pata_legacy devices from being released after probe failure, which in turn prevented devres from releasing the associated resources. - drop spurious WARN in the command issue path which can be triggered by a legitimate passthrough command. - an ahci_qoriq specific fix" * 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: ahci: qoriq: correct the sata ecc setting error libata: drop WARN from protocol error in ata_sff_qc_issue() libata: transport: Remove circular dependency at free time commit bc25887935dba31be8f253dd5129e5004a346d97 Merge: 83e6322 637fdba Author: Linus Torvalds Date: Tue Mar 14 14:52:08 2017 -0700 Merge branch 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq Pull workqueue fix from Tejun Heo: "If a delayed work is queued with NULL @wq, workqueue code explodes after the timer expires at which point it's difficult to tell who the culprit was. This actually happened and the offender was net/smc this time. Add an explicit sanity check for it in the queueing path" * 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq commit 83e632267591bc2e0d2d13e41b64340c2d3cedfe Merge: fb5fe0f 8a1df54 Author: Linus Torvalds Date: Tue Mar 14 14:48:50 2017 -0700 Merge branch 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu Pull percpu fixes from Tejun Heo: - the allocation path was updating pcpu_nr_empty_pop_pages without the required locking which can lead to incorrect handling of empty chunks (e.g. keeping too many around), which is buggy but shouldn't lead to critical failures. Fixed by adding the locking - a trivial patch to drop an unused param from pcpu_get_pages() * 'for-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: percpu: remove unused chunk_alloc parameter from pcpu_get_pages() percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages commit 49ec8f5b6ae3ab60385492cad900ffc8a523c895 Author: Jiri Olsa Date: Tue Mar 14 15:20:53 2017 +0100 x86/intel_rdt: Put group node in rdtgroup_kn_unlock The rdtgroup_kn_unlock waits for the last user to release and put its node. But it's calling kernfs_put on the node which calls the rdtgroup_kn_unlock, which might not be the group's directory node, but another group's file node. This race could be easily reproduced by running 2 instances of following script: mount -t resctrl resctrl /sys/fs/resctrl/ pushd /sys/fs/resctrl/ mkdir krava echo "krava" > krava/schemata rmdir krava popd umount /sys/fs/resctrl It triggers the slub debug error message with following command line config: slub_debug=,kernfs_node_cache. Call kernfs_put on the group's node to fix it. Fixes: 60cf5e101fd4 ("x86/intel_rdt: Add mkdir to resctrl file system") Signed-off-by: Jiri Olsa Cc: Fenghua Yu Cc: Peter Zijlstra Cc: Peter Zijlstra Cc: Mike Galbraith Cc: Shaohua Li Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1489501253-20248-1-git-send-email-jolsa@kernel.org Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 87a6b2975f0d340c75b7488d22d61d2f98fb8abf Author: Josh Poimboeuf Date: Mon Mar 13 23:27:47 2017 -0500 x86/unwind: Fix last frame check for aligned function stacks Pavel Machek reported the following warning on x86-32: WARNING: kernel stack frame pointer at f50cdf98 in swapper/2:0 has bad value (null) The warning is caused by the unwinder not realizing that it reached the end of the stack, due to an unusual prologue which gcc sometimes generates for aligned stacks. The prologue is based on a gcc feature called the Dynamic Realign Argument Pointer (DRAP). It's almost always enabled for aligned stacks when -maccumulate-outgoing-args isn't set. This issue is similar to the one fixed by the following commit: 8023e0e2a48d ("x86/unwind: Adjust last frame check for aligned function stacks") ... but that fix was specific to x86-64. Make the fix more generic to cover x86-32 as well, and also ensure that the return address referred to by the frame pointer is a copy of the original return address. Fixes: acb4608ad186 ("x86/unwind: Create stack frames for saved syscall registers") Reported-by: Pavel Machek Signed-off-by: Josh Poimboeuf Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/50d4924db716c264b14f1633037385ec80bf89d2.1489465609.git.jpoimboe@redhat.com Signed-off-by: Thomas Gleixner arch/x86/kernel/unwind_frame.c | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) commit 9bbb25afeb182502ca4f2c4f3f88af0681b34cae Author: Peter Zijlstra Date: Sat Mar 4 10:27:19 2017 +0100 futex: Add missing error handling to FUTEX_REQUEUE_PI Thomas spotted that fixup_pi_state_owner() can return errors and we fail to unlock the rt_mutex in that case. Reported-by: Thomas Gleixner Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Darren Hart Cc: juri.lelli@arm.com Cc: bigeasy@linutronix.de Cc: xlpang@redhat.com Cc: rostedt@goodmis.org Cc: mathieu.desnoyers@efficios.com Cc: jdesfossez@efficios.com Cc: dvhart@infradead.org Cc: bristot@redhat.com Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20170304093558.867401760@infradead.org Signed-off-by: Thomas Gleixner kernel/futex.c | 2 ++ 1 file changed, 2 insertions(+) commit c236c8e95a3d395b0494e7108f0d41cf36ec107c Author: Peter Zijlstra Date: Sat Mar 4 10:27:18 2017 +0100 futex: Fix potential use-after-free in FUTEX_REQUEUE_PI While working on the futex code, I stumbled over this potential use-after-free scenario. Dmitry triggered it later with syzkaller. pi_mutex is a pointer into pi_state, which we drop the reference on in unqueue_me_pi(). So any access to that pointer after that is bad. Since other sites already do rt_mutex_unlock() with hb->lock held, see for example futex_lock_pi(), simply move the unlock before unqueue_me_pi(). Reported-by: Dmitry Vyukov Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Darren Hart Cc: juri.lelli@arm.com Cc: bigeasy@linutronix.de Cc: xlpang@redhat.com Cc: rostedt@goodmis.org Cc: mathieu.desnoyers@efficios.com Cc: jdesfossez@efficios.com Cc: dvhart@infradead.org Cc: bristot@redhat.com Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20170304093558.801744246@infradead.org Signed-off-by: Thomas Gleixner kernel/futex.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit d434936e4cbb10181463622962f30b989d3e9e19 Author: Arnd Bergmann Date: Tue Mar 14 13:12:53 2017 +0100 mm, x86: Fix native_pud_clear build error We still get a build error in random configurations, after this has been modified a few times: In file included from include/linux/mm.h:68:0, from include/linux/suspend.h:8, from arch/x86/kernel/asm-offsets.c:12: arch/x86/include/asm/pgtable.h:66:26: error: redefinition of 'native_pud_clear' #define pud_clear(pud) native_pud_clear(pud) My interpretation is that the build error comes from a typo in __PAGETABLE_PUD_FOLDED, so fix that typo now, and remove the incorrect #ifdef around the native_pud_clear definition. Fixes: 3e761a42e19c ("mm, x86: fix HIGHMEM64 && PARAVIRT build config for native_pud_clear()") Fixes: a00cc7d9dd93 ("mm, x86: add support for PUD-sized transparent hugepages") Signed-off-by: Arnd Bergmann Acked-by: Dave Jiang Cc: Kees Cook Cc: Dave Hansen Cc: Hugh Dickins Cc: Andrew Morton Cc: Borislav Petkov Cc: Thomas Garnier Link: http://lkml.kernel.org/r/20170314121330.182155-1-arnd@arndb.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/pgtable-3level.h | 3 --- arch/x86/include/asm/pgtable.h | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) commit 1e6a1cd888de06b09d2341d782aadb20c6034210 Merge: a8aa395 6b116b1 Author: David S. Miller Date: Tue Mar 14 11:37:06 2017 -0700 Merge branch 'qed-fixes' Yuval Mintz says: ==================== qed: Fixes series This address several different issues in qed. The more significant portions: Patch #1 would cause timeout when qedr utilizes the highest CIDs availble for it [or when future qede adapters would utilize queues in some constellations]. Patch #4 fixes a leak of mapped addresses; When iommu is enabled, offloaded storage protocols might eventually run out of resources and fail to map additional buffers. Patches #6,#7 were missing in the initial iSCSI infrastructure submissions, and would hamper qedi's stability when it reaches out-of-order scenarios. ==================== Signed-off-by: David S. Miller commit 6b116b1d6a521a1907b3c18cb7a8592a655f660c Author: Mintz, Yuval Date: Tue Mar 14 15:26:04 2017 +0200 qed: Enable iSCSI Out-of-Order Missing in the initial submission, qed fails to propagate qedi's request to enable OOO to firmware. Fixes: fc831825f99e ("qed: Add support for hardware offloaded iSCSI") Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_iscsi.c | 3 +++ 1 file changed, 3 insertions(+) commit db31d330e8b0ad8926725eb2af6f6422c07ca7ab Author: Mintz, Yuval Date: Tue Mar 14 15:26:03 2017 +0200 qed: Correct out-of-bound access in OOO history Need to set the number of entries in database, otherwise the logic would quickly surpass the array. Fixes: 1d6cff4fca43 ("qed: Add iSCSI out of order packet handling") Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_ooo.c | 2 ++ 1 file changed, 2 insertions(+) commit 1df2adedcce17ad4a39fba74f0e2b611f797fe10 Author: Ram Amrani Date: Tue Mar 14 15:26:02 2017 +0200 qed: Fix interrupt flags on Rx LL2 Before iterating over the the LL2 Rx ring, the ring's spinlock is taken via spin_lock_irqsave(). The actual processing of the packet [including handling by the protocol driver] is done without said lock, so qed releases the spinlock and re-claims it afterwards. Problem is that the final spin_lock_irqrestore() at the end of the iteration uses the original flags saved from the initial irqsave() instead of the flags from the most recent irqsave(). So it's possible that the interrupt status would be incorrect at the end of the processing. Fixes: 0a7fb11c23c0 ("qed: Add Light L2 support"); CC: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_ll2.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 4621ceb279d065151eb940ce8a4728b10c0646c7 Author: Mintz, Yuval Date: Tue Mar 14 15:26:01 2017 +0200 qed: Free previous connections when releasing iSCSI Fixes: fc831825f99e ("qed: Add support for hardware offloaded iSCSI") Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_iscsi.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) commit 752ecb2da11124a948567076b60767dc8034cfa5 Author: Mintz, Yuval Date: Tue Mar 14 15:26:00 2017 +0200 qed: Fix mapping leak on LL2 rx flow When receiving an Rx LL2 packet, qed fails to unmap the previous buffer. Fixes: 0a7fb11c23c0 ("qed: Add Light L2 support"); Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_ll2.c | 2 ++ 1 file changed, 2 insertions(+) commit 3ef310a7d99216e0fbdff29f0cb13bc54180373a Author: Tomer Tayar Date: Tue Mar 14 15:25:59 2017 +0200 qed: Prevent creation of too-big u32-chains Current Logic would allow the creation of a chain with U32_MAX + 1 elements, when the actual maximum supported by the driver infrastructure is U32_MAX. Fixes: a91eb52abb50 ("qed: Revisit chain implementation") Signed-off-by: Tomer Tayar Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_dev.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit f3e48119b97f56fb09310c95d49da122a27003d7 Author: Ram Amrani Date: Tue Mar 14 15:25:58 2017 +0200 qed: Align CIDs according to DORQ requirement The Doorbell HW block can be configured at a granularity of 16 x CIDs, so we need to make sure that the actual number of CIDs configured would be a multiplication of 16. Today, when RoCE is enabled - given that the number is unaligned, doorbelling the higher CIDs would fail to reach the firmware and would eventually timeout. Fixes: dbb799c39717 ("qed: Initialize hardware for new protocols") Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_cxt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a8aa39530269371c786391f3417d8cff07656676 Merge: 37c343b e9093b1 Author: David S. Miller Date: Tue Mar 14 11:35:11 2017 -0700 Merge branch 'mlxsw-small-fixes' Jiri Pirko says: ==================== mlxsw: Couple of fixes Couple or small fixes. ==================== Signed-off-by: David S. Miller commit e9093b1183bbac462d2caef3eac165778c0b1bf1 Author: Jiri Pirko Date: Tue Mar 14 14:00:01 2017 +0100 mlxsw: reg: Fix SPVMLR max record count The num_rec field is 8 bit, so the maximal count number is 255. This fixes vlans learning not being enabled for wider ranges than 255. Fixes: a4feea74cd7a ("mlxsw: reg: Add Switch Port VLAN MAC Learning register definition") Signed-off-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/reg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f004ec065b4879d6bc9ba0211af2169b3ce3097f Author: Jiri Pirko Date: Tue Mar 14 14:00:00 2017 +0100 mlxsw: reg: Fix SPVM max record count The num_rec field is 8 bit, so the maximal count number is 255. This fixes vlans not being enabled for wider ranges than 255. Fixes: b2e345f9a454 ("mlxsw: reg: Add Switch Port VID and Switch Port VLAN Membership registers definitions") Signed-off-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/reg.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 37c343b4f4e70e9dc328ab04903c0ec8d154c1a4 Author: Vlad Yasevich Date: Tue Mar 14 08:58:08 2017 -0400 net: Resend IGMP memberships upon peer notification. When we notify peers of potential changes, it's also good to update IGMP memberships. For example, during VM migration, updating IGMP memberships will redirect existing multicast streams to the VM at the new location. Signed-off-by: Vladislav Yasevich Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller net/core/dev.c | 1 + 1 file changed, 1 insertion(+) commit dc434e056fe1dada20df7ba07f32739d3a701adf Author: Sebastian Andrzej Siewior Date: Tue Mar 14 16:06:45 2017 +0100 cpu/hotplug: Serialize callback invocations proper The setup/remove_state/instance() functions in the hotplug core code are serialized against concurrent CPU hotplug, but unfortunately not serialized against themself. As a consequence a concurrent invocation of these function results in corruption of the callback machinery because two instances try to invoke callbacks on remote cpus at the same time. This results in missing callback invocations and initiator threads waiting forever on the completion. The obvious solution to replace get_cpu_online() with cpu_hotplug_begin() is not possible because at least one callsite calls into these functions from a get_online_cpu() locked region. Extend the protection scope of the cpuhp_state_mutex from solely protecting the state arrays to cover the callback invocation machinery as well. Fixes: 5b7aa87e0482 ("cpu/hotplug: Implement setup/removal interface") Reported-and-tested-by: Bart Van Assche Signed-off-by: Sebastian Andrzej Siewior Cc: hpa@zytor.com Cc: mingo@kernel.org Cc: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org Link: http://lkml.kernel.org/r/20170314150645.g4tdyoszlcbajmna@linutronix.de Signed-off-by: Thomas Gleixner kernel/cpu.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 11353b9d10392e79e32603d2178e75feb25eaf0d Author: Zhilong Liu Date: Tue Mar 14 15:52:26 2017 +0800 md/raid1: fix a trivial typo in comments raid1.c: fix a trivial typo in comments of freeze_array(). Cc: Jack Wang Cc: Guoqing Jiang Cc: John Stoffel Acked-by: Coly Li Signed-off-by: Zhilong Liu Signed-off-by: Shaohua Li drivers/md/raid1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8c53ad2139137dd4bf506a2c2b888de3816e8f75 Author: Rex Zhu Date: Mon Mar 13 15:14:08 2017 +0800 drm/amd/powerplay: fix copy error in smu7_clockpoweragting.c Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/smu7_clockpowergating.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9c62110454b088b4914ffe375c2dbc19643eac34 Author: Jens Axboe Date: Tue Mar 14 11:51:59 2017 -0600 blk-mq-sched: don't run the queue async from blk_mq_try_issue_directly() If we have scheduling enabled, we jump directly to insert-and-run. That's fine, but we run the queue async and we don't pass in information on whether we can block from this context or not. Fixup both these cases. Reviewed-by: Bart Van Assche Reviewed-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 0977762f6d15f13caccc20d71a5dec47d098907d Author: Song Liu Date: Mon Mar 13 13:44:35 2017 -0700 md/r5cache: fix set_syndrome_sources() for data in cache Before this patch, device InJournal will be included in prexor (SYNDROME_SRC_WANT_DRAIN) but not in reconstruct (SYNDROME_SRC_WRITTEN). So it will break parity calculation. With srctype == SYNDROME_SRC_WRITTEN, we need include both dev with non-null ->written and dev with R5_InJournal. This fixes logic in 1e6d690(md/r5cache: caching phase of r5cache) Cc: stable@vger.kernel.org (v4.10+) Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8ecc34448e24e9e8a8f3a9b37be70b43c6af5288 Author: Adrian Hunter Date: Mon Mar 13 14:36:33 2017 +0200 mmc: block: Fix cmd error reset failure path Commit 4e1f780032c5 ("mmc: block: break out mmc_blk_rw_cmd_abort()") assumed the request had not completed, but in one case it had. Fix that. Fixes: 4e1f780032c5 ("mmc: block: break out mmc_blk_rw_cmd_abort()") Signed-off-by: Adrian Hunter Reviewed-by: Linus Walleij Signed-off-by: Ulf Hansson drivers/mmc/core/block.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2602b740e45cc64feb55d5a9ee8db744ab3becbb Author: Adrian Hunter Date: Mon Mar 13 14:36:32 2017 +0200 mmc: block: Fix is_waiting_last_req set incorrectly Commit 15520111500c ("mmc: core: Further fix thread wake-up") allowed a queue to release the host with is_waiting_last_req set to true. A queue waiting to claim the host will not reset it, which can result in the queue getting stuck in a loop. Fixes: 15520111500c ("mmc: core: Further fix thread wake-up") Signed-off-by: Adrian Hunter Cc: stable@vger.kernel.org # v4.10+ Signed-off-by: Ulf Hansson drivers/mmc/core/block.c | 1 + 1 file changed, 1 insertion(+) commit 773dc118756b1f38766063e90e582016be868f09 Author: Guenter Roeck Date: Wed Mar 1 14:11:47 2017 -0800 mmc: core: Fix access to HS400-ES devices HS400-ES devices fail to initialize with the following error messages. mmc1: power class selection to bus width 8 ddr 0 failed mmc1: error -110 whilst initialising MMC card This was seen on Samsung Chromebook Plus. Code analysis points to commit 3d4ef329757c ("mmc: core: fix multi-bit bus width without high-speed mode"), which attempts to set the bus width for all but HS200 devices unconditionally. However, for HS400-ES, the bus width is already selected. Cc: Anssi Hannula Cc: Douglas Anderson Cc: Brian Norris Fixes: 3d4ef329757c ("mmc: core: fix multi-bit bus width ...") Signed-off-by: Guenter Roeck Reviewed-by: Douglas Anderson Reviewed-by: Shawn Lin Tested-by: Heiko Stuebner Cc: Signed-off-by: Ulf Hansson drivers/mmc/core/mmc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9c31b087348cb2b5e668261f2eee2f224b3780b5 Author: Ville Syrjälä Date: Mon Feb 13 19:58:18 2017 +0200 drm/i915: Reject HDMI 12bpc if the sink doesn't indicate support Check that the sink really declared 12bpc support before we enable it. This should not actually never happen since it's mandatory for HDMI sinks to support 12bpc if they support any deep color modes. But reality disagrees with the theory and there are actually sinks in the wild that violate the spec. v2: Fix the output_types check Update commit message to state that these things are in fact real Cc: stable@vger.kernel.org Cc: Nicholas Sielicki Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99250 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20170213175818.24958-1-ville.syrjala@linux.intel.com Reviewed-by: Shashank Sharma (cherry picked from commit c750bdd3e7e204cc88b32806c3864487a03cd84b) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_hdmi.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) commit 16681037e75ce08f2980ac5dbb03414429c7a55d Author: Anssi Hannula Date: Mon Feb 13 14:06:10 2017 +0200 mmc: sdhci-of-arasan: fix incorrect timeout clock sdhci_arasan_get_timeout_clock() divides the frequency it has with (1 << (13 + divisor)). However, the divisor is not some Arasan-specific value, but instead is just the Data Timeout Counter Value from the SDHCI Timeout Control Register. Applying it here like this is wrong as the sdhci driver already takes that value into account when calculating timeouts, and in fact it *sets* that register value based on how long a timeout is wanted. Additionally, sdhci core interprets the .get_timeout_clock callback return value as if it were read from hardware registers, i.e. the unit should be kHz or MHz depending on SDHCI_TIMEOUT_CLK_UNIT capability bit. This bit is set at least on the tested Zynq-7000 SoC. With the tested hardware (SDHCI_TIMEOUT_CLK_UNIT set) this results in too high a timeout clock rate being reported, causing the core to use longer-than-needed timeouts. Additionally, on a partitioned MMC (therefore having erase_group_def bit set) mmc_calc_max_discard() disables discard support as it looks like controller does not support the long timeouts needed for that. Do not apply the extra divisor and return the timeout clock in the expected unit. Tested with a Zynq-7000 SoC and a partitioned Toshiba THGBMAG5A1JBAWR eMMC card. Signed-off-by: Anssi Hannula Fixes: e3ec3a3d11ad ("mmc: arasan: Add driver for Arasan SDHCI") Cc: Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-of-arasan.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) commit 318465adace471387cfd5f768daa64bb4c623695 Author: Andy Yan Date: Mon Feb 13 19:02:39 2017 +0800 dt-bindings: rockchip-dw-mshc: rename RK1108 to RV1108 Rockchip finally named the SOC as RV1108, so change it. Signed-off-by: Andy Yan Acked-by: Rob Herring Reviewed-by: Heiko Stuebner Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/rockchip-dw-mshc.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fa23b9d1b89fdc34f296f02e496a20aeff5736be Author: Arnd Bergmann Date: Tue Mar 14 13:54:12 2017 +0100 irqchip/mvebu-odmi: Select GENERIC_MSI_IRQ_DOMAIN This driver uses the MSI domain but has no strict dependency on PCI_MSI, so we may run into a build failure when CONFIG_GENERIC_MSI_IRQ_DOMAIN is disabled: drivers/irqchip/irq-mvebu-odmi.c:152:15: error: variable 'odmi_msi_ops' has initializer but incomplete type static struct msi_domain_ops odmi_msi_ops = { ^~~~~~~~~~~~~~ drivers/irqchip/irq-mvebu-odmi.c:155:15: error: variable 'odmi_msi_domain_info' has initializer but incomplete type static struct msi_domain_info odmi_msi_domain_info = { ^~~~~~~~~~~~~~~ drivers/irqchip/irq-mvebu-odmi.c:156:3: error: 'struct msi_domain_info' has no member named 'flags' .flags = (MSI_FLAG_USE_DEF_DOM_OPS | MSI_FLAG_USE_DEF_CHIP_OPS), ^~~~~ drivers/irqchip/irq-mvebu-odmi.c:156:12: error: 'MSI_FLAG_USE_DEF_DOM_OPS' undeclared here (not in a function) .flags = (MSI_FLAG_USE_DEF_DOM_OPS | MSI_FLAG_USE_DEF_CHIP_OPS), ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/irqchip/irq-mvebu-odmi.c:156:39: error: 'MSI_FLAG_USE_DEF_CHIP_OPS' undeclared here (not in a function); did you mean 'MSI_FLAG_USE_DEF_DOM_OPS'? Selecting the option from this driver seems to solve this nicely, though I could not find any other instance of this in irqchip drivers. Signed-off-by: Arnd Bergmann Acked-by: Thomas Petazzoni Signed-off-by: Marc Zyngier drivers/irqchip/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 1b2e5ea0b7061be3ffdcd85918c2f428edace4ba Author: Chris Wilson Date: Sun Feb 12 17:19:59 2017 +0000 drm/i915: Always call i915_gem_reset_finish() following i915_gem_reset_prepare() As i915_gem_reset_finish() undoes the steps from i915_gem_reset_prepare() to leave the system in a fully-working state, e.g. to be able to free the breadcrumb signal threads, make sure that we always call it even on the error path. Fixes: da9a796f5475 ("drm/i915: Split GEM resetting into 3 phases") Signed-off-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/20170212172002.23072-2-chris@chris-wilson.co.uk Reviewed-by: Mika Kuoppala (cherry picked from commit 8d613c539c74fa9055f88f4116196d7c820bd98f) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 11abbc9f39e002a2b25657e00abac8056cb39e93 Author: Jyri Sarha Date: Wed Mar 1 10:30:28 2017 +0200 drm/tilcdc: Set framebuffer DMA address to HW only if CRTC is enabled Touching HW while clocks are off is a serious error and for instance breaks suspend functionality. After this patch tilcdc_crtc_update_fb() always updates the primary plane's framebuffer pointer, increases fb's reference count and stores vblank event. tilcdc_crtc_update_fb() only writes the fb's DMA address to HW if the crtc is enabled, as tilcdc_crtc_enable() takes care of writing the address on enable. This patch also refactors the tilcdc_crtc_update_fb() a bit. Number of subsequent small changes had made it almost unreadable. There should be no other functional changes but checking the CRTC's enable state. However, the locking goes a bit differently and some of the redundant checks have been removed in this new version. The enable_lock should be enough to protect the access to tilcdc_crtc->enabled. The irq_lock protects the access to last_vblank and next_fb. The check for vrefresh and last_vblank being valid is redundant, as the vrefresh should be always valid if the CRTC is enabled and now last_vblank should be too, because it is initialized to current time when CRTC raster is enabled. If for some reason the values are not correctly initialized the division by zero warning is quite appropriate. Signed-off-by: Jyri Sarha Reviewed-by: Tomi Valkeinen drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) commit abf8315f71dc5a2ee56fb60830dcb2861982dc91 Author: Jyri Sarha Date: Tue Jan 31 16:18:42 2017 +0200 drm/tilcdc: Fix hardcoded fail-return value in tilcdc_crtc_create() Fix badly hardcoded return return value under fail-label. All goto branches to the label set the "ret"-variable accordingly. Signed-off-by: Jyri Sarha Reviewed-by: Gabriel Krisman Bertazi drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8f68d591d4765b2e1ce9d916ac7bc5583285c4ad Author: Chris Wilson Date: Mon Mar 13 17:06:17 2017 +0000 drm/i915: Stop using RP_DOWN_EI on Baytrail On Baytrail, we manually calculate busyness over the evaluation interval to avoid issues with miscaluations with RC6 enabled. However, it turns out that the DOWN_EI interrupt generator is completely bust - it operates in two modes, continuous or never. Neither of which are conducive to good behaviour. Stop unmask the DOWN_EI interrupt and just compute everything from the UP_EI which does seem to correspond to the desired interval. v2: Fixup gen6_rps_pm_mask() as well v3: Inline vlv_c0_above() to combine the now identical elapsed calculation for up/down and simplify the threshold testing Fixes: 43cf3bf084ba ("drm/i915: Improved w/a for rps on Baytrail") Signed-off-by: Chris Wilson Cc: Mika Kuoppala Cc: # v4.1+ Link: http://patchwork.freedesktop.org/patch/msgid/20170309211232.28878-1-chris@chris-wilson.co.uk Reviewed-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20170313170617.31564-1-chris@chris-wilson.co.uk (cherry picked from commit e0e8c7cb6eb68e9256de2d8cbeb481d3701c05ac) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.h | 2 +- drivers/gpu/drm/i915/i915_irq.c | 73 ++++++++++++++++------------------------- drivers/gpu/drm/i915/intel_pm.c | 5 +-- 3 files changed, 32 insertions(+), 48 deletions(-) commit 0f5418e564ac6452b9086295646e602a9addc4bf Author: Kenneth Graunke Date: Mon Mar 13 17:04:33 2017 +0000 drm/i915: Drop support for I915_EXEC_CONSTANTS_* execbuf parameters. This patch makes the I915_PARAM_HAS_EXEC_CONSTANTS getparam return 0 (indicating the optional feature is not supported), and makes execbuf always return -EINVAL if the flags are used. Apparently, no userspace ever shipped which used this optional feature: I checked the git history of Mesa, xf86-video-intel, libva, and Beignet, and there were zero commits showing a use of these flags. Kernel commit 72bfa19c8deb4 apparently introduced the feature prematurely. According to Chris, the intention was to use this in cairo-drm, but "the use was broken for gen6", so I don't think it ever happened. 'relative_constants_mode' has always been tracked per-device, but this has actually been wrong ever since hardware contexts were introduced, as the INSTPM register is saved (and automatically restored) as part of the render ring context. The software per-device value could therefore get out of sync with the hardware per-context value. This meant that using them is actually unsafe: a client which tried to use them could damage the state of other clients, causing the GPU to interpret their BO offsets as absolute pointers, leading to bogus memory reads. These flags were also never ported to execlist mode, making them no-ops on Gen9+ (which requires execlists), and Gen8 in the default mode. On Gen8+, userspace can write these registers directly, achieving the same effect. On Gen6-7.5, it likely makes sense to extend the command parser to support them. I don't think anyone wants this on Gen4-5. Based on a patch by Dave Gordon. v3: Return -ENODEV for the getparam, as this is what we do for other obsolete features. Suggested by Chris Wilson. Cc: stable@vger.kernel.org Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=92448 Signed-off-by: Kenneth Graunke Reviewed-by: Joonas Lahtinen Reviewed-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/20170215093446.21291-1-kenneth@whitecape.org Acked-by: Daniel Vetter Signed-off-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/20170313170433.26843-1-chris@chris-wilson.co.uk (cherry picked from commit ef0f411f51475f4eebf9fc1b19a85be698af19ff) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 4 +-- drivers/gpu/drm/i915/i915_drv.h | 2 -- drivers/gpu/drm/i915/i915_gem.c | 2 -- drivers/gpu/drm/i915/i915_gem_execbuffer.c | 52 ++---------------------------- 4 files changed, 3 insertions(+), 57 deletions(-) commit 35a3abfd198e6c69a6644784bb09a2d951fc6b21 Author: Chris Wilson Date: Mon Mar 13 17:02:31 2017 +0000 drm/i915: Only enable hotplug interrupts if the display interrupts are enabled In order to prevent accessing the hpd registers outside of the display power wells, we should refrain from writing to the registers before the display interrupts are enabled. [ 4.740136] WARNING: CPU: 1 PID: 221 at drivers/gpu/drm/i915/intel_uncore.c:795 __unclaimed_reg_debug+0x44/0x50 [i915] [ 4.740155] Unclaimed read from register 0x1e1110 [ 4.740168] Modules linked in: i915(+) intel_gtt drm_kms_helper prime_numbers [ 4.740190] CPU: 1 PID: 221 Comm: systemd-udevd Not tainted 4.10.0-rc6+ #384 [ 4.740203] Hardware name: / , BIOS PYBSWCEL.86A.0027.2015.0507.1758 05/07/2015 [ 4.740220] Call Trace: [ 4.740236] dump_stack+0x4d/0x6f [ 4.740251] __warn+0xc1/0xe0 [ 4.740265] warn_slowpath_fmt+0x4a/0x50 [ 4.740281] ? insert_work+0x77/0xc0 [ 4.740355] ? fwtable_write32+0x90/0x130 [i915] [ 4.740431] __unclaimed_reg_debug+0x44/0x50 [i915] [ 4.740507] fwtable_read32+0xd8/0x130 [i915] [ 4.740575] i915_hpd_irq_setup+0xa5/0x100 [i915] [ 4.740649] intel_hpd_init+0x68/0x80 [i915] [ 4.740716] i915_driver_load+0xe19/0x1380 [i915] [ 4.740784] i915_pci_probe+0x32/0x90 [i915] [ 4.740799] pci_device_probe+0x8b/0xf0 [ 4.740815] driver_probe_device+0x2b6/0x450 [ 4.740828] __driver_attach+0xda/0xe0 [ 4.740841] ? driver_probe_device+0x450/0x450 [ 4.740853] bus_for_each_dev+0x5b/0x90 [ 4.740865] driver_attach+0x19/0x20 [ 4.740878] bus_add_driver+0x166/0x260 [ 4.740892] driver_register+0x5b/0xd0 [ 4.740906] ? 0xffffffffa0166000 [ 4.740920] __pci_register_driver+0x47/0x50 [ 4.740985] i915_init+0x5c/0x5e [i915] [ 4.740999] do_one_initcall+0x3e/0x160 [ 4.741015] ? __vunmap+0x7c/0xc0 [ 4.741029] ? kmem_cache_alloc+0xcf/0x120 [ 4.741045] do_init_module+0x55/0x1c4 [ 4.741060] load_module+0x1f3f/0x25b0 [ 4.741073] ? __symbol_put+0x40/0x40 [ 4.741086] ? kernel_read_file+0x100/0x190 [ 4.741100] SYSC_finit_module+0xbc/0xf0 [ 4.741112] SyS_finit_module+0x9/0x10 [ 4.741125] entry_SYSCALL_64_fastpath+0x17/0x98 [ 4.741135] RIP: 0033:0x7f8559a140f9 [ 4.741145] RSP: 002b:00007fff7509a3e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 4.741161] RAX: ffffffffffffffda RBX: 00007f855aba02d1 RCX: 00007f8559a140f9 [ 4.741172] RDX: 0000000000000000 RSI: 000055b6db0914f0 RDI: 0000000000000011 [ 4.741183] RBP: 0000000000020000 R08: 0000000000000000 R09: 000000000000000e [ 4.741193] R10: 0000000000000011 R11: 0000000000000246 R12: 000055b6db0854d0 [ 4.741204] R13: 000055b6db091150 R14: 0000000000000000 R15: 000055b6db035924 v2: Set dev_priv->display_irqs_enabled to true for all platforms other than vlv/chv that manually control the display power domain. Fixes: 19625e85c6ec ("drm/i915: Enable polling when we don't have hpd") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97798 Suggested-by: Ville Syrjälä Signed-off-by: Chris Wilson Cc: Lyude Cc: Daniel Vetter Cc: Ville Syrjälä Cc: Hans de Goede Cc: stable@vger.kernel.org Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20170215131547.5064-1-chris@chris-wilson.co.uk Link: http://patchwork.freedesktop.org/patch/msgid/20170313170231.18633-1-chris@chris-wilson.co.uk (cherry picked from commit 262fd485ac6b476479f41f00bb104f6a1766ae66) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_irq.c | 10 ++++++++++ drivers/gpu/drm/i915/intel_hotplug.c | 14 ++++++++------ 2 files changed, 18 insertions(+), 6 deletions(-) commit 4565bf58d45b8aded94e446666839955cdb5030c Author: Chris Wilson Date: Mon Mar 13 16:59:58 2017 +0000 drm/i915: Disable engine->irq_tasklet around resets When we restart the engines, and we have active requests, a request on the first engine may complete and queue a request to the second engine before we try to restart the second engine. That queueing of the request may race with the engine to restart, and so may corrupt the current state. Disabling the engine->irq_tasklet prevents the two paths from writing into ELSP simultaneously (and modifyin the execlists_port[] at the same time). Include fixup 1d309634bcf4 ("drm/i915: Kill the tasklet then disable") Fixes: 821ed7df6e2a ("drm/i915: Update reset path to fix incomplete requests") Testcase: igt/gem_exec_fence/await-hang Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: Mika Kuoppala Reviewed-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20170208143033.11651-3-chris@chris-wilson.co.uk Link: http://patchwork.freedesktop.org/patch/msgid/20170313165958.13970-2-chris@chris-wilson.co.uk (cherry picked from commit 1f7b847d72c3583df5048d83bd945d0c2c524c28) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit da9a796f5475b4d3a339083af719982b7ab4a12b Author: Chris Wilson Date: Mon Mar 13 16:59:57 2017 +0000 drm/i915: Split GEM resetting into 3 phases Currently we do a reset prepare/finish around the call to reset the GPU, but it looks like we need a later stage after the hw has been reinitialised to allow GEM to restart itself. Start by splitting the 2 GEM phases into 3: prepare - before the reset, check if GEM recovered, then stop GEM reset - after the reset, update GEM bookkeeping finish - after the re-initialisation following the reset, restart GEM Signed-off-by: Chris Wilson Cc: Mika Kuoppala Reviewed-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20170208143033.11651-2-chris@chris-wilson.co.uk Link: http://patchwork.freedesktop.org/patch/msgid/20170313165958.13970-1-chris@chris-wilson.co.uk (cherry picked from commit d80270931314a88d79d9bd5e0a5df93c12196375) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 3 ++- drivers/gpu/drm/i915/i915_drv.h | 1 + drivers/gpu/drm/i915/i915_gem.c | 7 ++++++- 3 files changed, 9 insertions(+), 2 deletions(-) commit 60b89f1928af80b546b5c3fd8714a62f6f4b8844 Author: Nicolas Ferre Date: Tue Mar 14 09:38:04 2017 +0100 ARM: at91: pm: cpu_idle: switch DDR to power-down mode On some DDR controllers, compatible with the sama5d3 one, the sequence to enter/exit/re-enter the self-refresh mode adds more constrains than what is currently written in the at91_idle driver. An actual access to the DDR chip is needed between exit and re-enter of this mode which is somehow difficult to implement. This sequence can completely hang the SoC. It is particularly experienced on parts which embed a L2 cache if the code run between IDLE calls fits in it... Moreover, as the intention is to enter and exit pretty rapidly from IDLE, the power-down mode is a good candidate. So now we use power-down instead of self-refresh. As we can simplify the code for sama5d3 compatible DDR controllers, we instantiate a new sama5d3_ddr_standby() function. Signed-off-by: Nicolas Ferre Cc: # v4.1+ Fixes: 017b5522d5e3 ("ARM: at91: Add new binding for sama5d3-ddramc") Signed-off-by: Alexandre Belloni arch/arm/mach-at91/pm.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) commit 6e9f44eaaef0df7b846e9316fa9ca72a02025d44 Author: Dan Williams Date: Thu Mar 9 11:32:28 2017 -0600 USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems Add Quectel UC15, UC20, EC21, and EC25. The EC20 is handled by qcserial due to a USB VID/PID conflict with an existing Acer device. Signed-off-by: Dan Williams Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/option.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) commit 0043c1dfbec7b6e2427409059b05347d6f51aa9f Author: Lee Jones Date: Wed Feb 8 09:24:25 2017 +0000 serial: st-asc: Use new GPIOD API to obtain RTS pin The commits mentioned below adapt the GPIO API to allow more information to be passed directly through devm_get_gpiod_from_child() in the first instance. This facilitates the removal of subsequent calls, such as gpiod_direction_output(). This patch firstly moves to utilise the new API and secondly removes the now superfluous call do set the direction. Reported-by: Stephen Rothwell Suggested-by: Boris Brezillon Signed-off-by: Lee Jones [Also drop the header file dummies that only this driver was using] Acked-by: Greg Kroah-Hartman Signed-off-by: Linus Walleij drivers/tty/serial/st-asc.c | 11 ++++++----- include/linux/gpio/consumer.h | 16 ---------------- 2 files changed, 6 insertions(+), 21 deletions(-) commit bc1e2154542071e3cfe1734b143af9b8bdacf8bd Author: Bin Liu Date: Fri Mar 10 14:43:37 2017 -0600 usb: musb: fix possible spinlock deadlock The DSPS glue calls del_timer_sync() in its musb_platform_disable() implementation, which requires the caller to not hold a lock. But musb_remove() calls musb_platform_disable() will musb->lock held. This could causes spinlock deadlock. So change musb_remove() to call musb_platform_disable() without holds musb->lock. This doesn't impact the musb_platform_disable implementation in other glue drivers. root@am335x-evm:~# modprobe -r musb-dsps [ 126.134879] musb-hdrc musb-hdrc.1: remove, state 1 [ 126.140465] usb usb2: USB disconnect, device number 1 [ 126.146178] usb 2-1: USB disconnect, device number 2 [ 126.416985] musb-hdrc musb-hdrc.1: USB bus 2 deregistered [ 126.423943] [ 126.425525] ====================================================== [ 126.431997] [ INFO: possible circular locking dependency detected ] [ 126.438564] 4.11.0-rc1-00003-g1557f13bca04-dirty #77 Not tainted [ 126.444852] ------------------------------------------------------- [ 126.451414] modprobe/778 is trying to acquire lock: [ 126.456523] (((&glue->timer))){+.-...}, at: [] del_timer_sync+0x0/0xd0 [ 126.464403] [ 126.464403] but task is already holding lock: [ 126.470511] (&(&musb->lock)->rlock){-.-...}, at: [] musb_remove+0x50/0x1 30 [musb_hdrc] [ 126.479965] [ 126.479965] which lock already depends on the new lock. [ 126.479965] [ 126.488531] [ 126.488531] the existing dependency chain (in reverse order) is: [ 126.496368] [ 126.496368] -> #1 (&(&musb->lock)->rlock){-.-...}: [ 126.502968] otg_timer+0x80/0xec [musb_dsps] [ 126.507990] call_timer_fn+0xb4/0x390 [ 126.512372] expire_timers+0xf0/0x1fc [ 126.516754] run_timer_softirq+0x80/0x178 [ 126.521511] __do_softirq+0xc4/0x554 [ 126.525802] irq_exit+0xe8/0x158 [ 126.529735] __handle_domain_irq+0x58/0xb8 [ 126.534583] __irq_usr+0x54/0x80 [ 126.538507] [ 126.538507] -> #0 (((&glue->timer))){+.-...}: [ 126.544636] del_timer_sync+0x40/0xd0 [ 126.549066] musb_remove+0x6c/0x130 [musb_hdrc] [ 126.554370] platform_drv_remove+0x24/0x3c [ 126.559206] device_release_driver_internal+0x14c/0x1e0 [ 126.565225] bus_remove_device+0xd8/0x108 [ 126.569970] device_del+0x1e4/0x308 [ 126.574170] platform_device_del+0x24/0x8c [ 126.579006] platform_device_unregister+0xc/0x20 [ 126.584394] dsps_remove+0x14/0x30 [musb_dsps] [ 126.589595] platform_drv_remove+0x24/0x3c [ 126.594432] device_release_driver_internal+0x14c/0x1e0 [ 126.600450] driver_detach+0x38/0x6c [ 126.604740] bus_remove_driver+0x4c/0xa0 [ 126.609407] SyS_delete_module+0x11c/0x1e4 [ 126.614252] __sys_trace_return+0x0/0x10 Fixes: ea2f35c01d5ea ("usb: musb: Fix sleeping function called from invalid context for hdrc glue") Cc: #4.9+ Acked-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6b7ad496084e3d8ffa844a02e0f7f76f3eb82203 Author: Bin Liu Date: Fri Mar 10 14:43:36 2017 -0600 usb: musb: dsps: fix iounmap in error and exit paths Cleanly iounmap the pointer in error and exit paths. Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_dsps.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 0090114d336a9604aa2d90bc83f20f7cd121b76c Author: Bin Liu Date: Fri Mar 10 14:43:35 2017 -0600 usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer The CPPI 4.1 driver polls register to workaround the premature TX interrupt issue, but it causes audio playback underrun when triggered in Isoch transfers. Isoch doesn't do back-to-back transfers, the TX should be done by the time the next transfer is scheduled. So skip this polling workaround for Isoch transfer. Fixes: a655f481d83d6 ("usb: musb: musb_cppi41: handle pre-mature TX complete interrupt") Cc: #4.1+ Reported-by: Alexandre Bailon Acked-by: Sebastian Andrzej Siewior Tested-by: Alexandre Bailon Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_cppi41.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) commit 3243367b209faed5c320a4e5f9a565ee2a2ba958 Author: Samuel Thibault Date: Mon Mar 13 20:50:08 2017 +0100 usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk Some USB 2.0 devices erroneously report millisecond values in bInterval. The generic config code manages to catch most of them, but in some cases it's not completely enough. The case at stake here is a USB 2.0 braille device, which wants to announce 10ms and thus sets bInterval to 10, but with the USB 2.0 computation that yields to 64ms. It happens that one can type fast enough to reach this interval and get the device buffers overflown, leading to problematic latencies. The generic config code does not catch this case because the 64ms is considered a sane enough value. This change thus adds a USB_QUIRK_LINEAR_FRAME_INTR_BINTERVAL quirk to mark devices which actually report milliseconds in bInterval, and marks Vario Ultra devices as needing it. Signed-off-by: Samuel Thibault Acked-by: Alan Stern Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/usb/core/config.c | 10 ++++++++++ drivers/usb/core/quirks.c | 8 ++++++++ include/linux/usb/quirks.h | 6 ++++++ 3 files changed, 24 insertions(+) commit 4ce362711d78a4999011add3115b8f4b0bc25e8c Author: Johan Hovold Date: Mon Mar 13 13:47:53 2017 +0100 uwb: i1480-dfu: fix NULL-deref at probe Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Note that the dereference happens in the cmd and wait_init_done callbacks which are called during probe. Fixes: 1ba47da52712 ("uwb: add the i1480 DFU driver") Cc: stable # 2.6.28 Cc: Inaky Perez-Gonzalez Cc: David Vrabel Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/uwb/i1480/dfu/usb.c | 3 +++ 1 file changed, 3 insertions(+) commit daf229b15907fbfdb6ee183aac8ca428cb57e361 Author: Johan Hovold Date: Mon Mar 13 13:47:52 2017 +0100 uwb: hwa-rc: fix NULL-deref at probe Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Note that the dereference happens in the start callback which is called during probe. Fixes: de520b8bd552 ("uwb: add HWA radio controller driver") Cc: stable # 2.6.28 Cc: Inaky Perez-Gonzalez Cc: David Vrabel Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/uwb/hwa-rc.c | 3 +++ 1 file changed, 3 insertions(+) commit 03ace948a4eb89d1cf51c06afdfc41ebca5fdb27 Author: Johan Hovold Date: Mon Mar 13 13:47:51 2017 +0100 USB: wusbcore: fix NULL-deref at probe Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory beyond the endpoint array should a malicious device lack the expected endpoints. This specifically fixes the NULL-pointer dereference when probing HWA HC devices. Fixes: df3654236e31 ("wusb: add the Wire Adapter (WA) core") Cc: stable # 2.6.28 Cc: Inaky Perez-Gonzalez Cc: David Vrabel Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/wusbcore/wa-hc.c | 3 +++ 1 file changed, 3 insertions(+) commit f259ca3eed6e4b79ac3d5c5c9fb259fb46e86217 Author: Johan Hovold Date: Mon Mar 13 13:47:50 2017 +0100 USB: uss720: fix NULL-deref at probe Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory beyond the endpoint array should a malicious device lack the expected endpoints. Note that the endpoint access that causes the NULL-deref is currently only used for debugging purposes during probe so the oops only happens when dynamic debugging is enabled. This means the driver could be rewritten to continue to accept device with only two endpoints, should such devices exist. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/misc/uss720.c | 5 +++++ 1 file changed, 5 insertions(+) commit 1dc56c52d2484be09c7398a5207d6b11a4256be9 Author: Johan Hovold Date: Mon Mar 13 13:47:49 2017 +0100 USB: lvtest: fix NULL-deref at probe Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should the probed device lack endpoints. Note that this driver does not bind to any devices by default. Fixes: ce21bfe603b3 ("USB: Add LVS Test device driver") Cc: stable # 3.17 Cc: Pratyush Anand Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/misc/lvstest.c | 4 ++++ 1 file changed, 4 insertions(+) commit b0addd3fa6bcd119be9428996d5d4522479ab240 Author: Johan Hovold Date: Mon Mar 13 13:47:48 2017 +0100 USB: idmouse: fix NULL-deref at probe Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/misc/idmouse.c | 3 +++ 1 file changed, 3 insertions(+) commit 72ef9c4125c7b257e3a714d62d778ab46583d6a3 Author: Hannes Frederic Sowa Date: Mon Mar 13 00:01:30 2017 +0100 dccp: fix memory leak during tear-down of unsuccessful connection request This patch fixes a memory leak, which happens if the connection request is not fulfilled between parsing the DCCP options and handling the SYN (because e.g. the backlog is full), because we forgot to free the list of ack vectors. Reported-by: Jianwen Ji Signed-off-by: Hannes Frederic Sowa Signed-off-by: David S. Miller net/dccp/ccids/ccid2.c | 1 + 1 file changed, 1 insertion(+) commit b20e2d54789c6acbf6bd0efdbec2cf5fa4d90ef1 Author: Hannes Frederic Sowa Date: Mon Mar 13 00:00:26 2017 +0100 tun: fix premature POLLOUT notification on tun devices aszlig observed failing ssh tunnels (-w) during initialization since commit cc9da6cc4f56e0 ("ipv6: addrconf: use stable address generator for ARPHRD_NONE"). We already had reports that the mentioned commit breaks Juniper VPN connections. I can't clearly say that the Juniper VPN client has the same problem, but it is worth a try to hint to this patch. Because of the early generation of link local addresses, the kernel now can start asking for routers on the local subnet much earlier than usual. Those router solicitation packets arrive inside the ssh channels and should be transmitted to the tun fd before the configuration scripts might have upped the interface and made it ready for transmission. ssh polls on the interface and receives back a POLL_OUT. It tries to send the earily router solicitation packet to the tun interface. Unfortunately it hasn't been up'ed yet by config scripts, thus failing with -EIO. ssh doesn't retry again and considers the tun interface broken forever. Link: https://bugzilla.kernel.org/show_bug.cgi?id=121131 Fixes: cc9da6cc4f56 ("ipv6: addrconf: use stable address generator for ARPHRD_NONE") Cc: Bjørn Mork Reported-by: Valdis Kletnieks Cc: Valdis Kletnieks Reported-by: Jonas Lippuner Cc: Jonas Lippuner Reported-by: aszlig Cc: aszlig Signed-off-by: Hannes Frederic Sowa Signed-off-by: David S. Miller drivers/net/tun.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) commit 45caeaa5ac0b4b11784ac6f932c0ad4c6b67cda0 Author: Jon Maxwell Date: Fri Mar 10 16:40:33 2017 +1100 dccp/tcp: fix routing redirect race As Eric Dumazet pointed out this also needs to be fixed in IPv6. v2: Contains the IPv6 tcp/Ipv6 dccp patches as well. We have seen a few incidents lately where a dst_enty has been freed with a dangling TCP socket reference (sk->sk_dst_cache) pointing to that dst_entry. If the conditions/timings are right a crash then ensues when the freed dst_entry is referenced later on. A Common crashing back trace is: #8 [] page_fault at ffffffff8163e648 [exception RIP: __tcp_ack_snd_check+74] . . #9 [] tcp_rcv_established at ffffffff81580b64 #10 [] tcp_v4_do_rcv at ffffffff8158b54a #11 [] tcp_v4_rcv at ffffffff8158cd02 #12 [] ip_local_deliver_finish at ffffffff815668f4 #13 [] ip_local_deliver at ffffffff81566bd9 #14 [] ip_rcv_finish at ffffffff8156656d #15 [] ip_rcv at ffffffff81566f06 #16 [] __netif_receive_skb_core at ffffffff8152b3a2 #17 [] __netif_receive_skb at ffffffff8152b608 #18 [] netif_receive_skb at ffffffff8152b690 #19 [] vmxnet3_rq_rx_complete at ffffffffa015eeaf [vmxnet3] #20 [] vmxnet3_poll_rx_only at ffffffffa015f32a [vmxnet3] #21 [] net_rx_action at ffffffff8152bac2 #22 [] __do_softirq at ffffffff81084b4f #23 [] call_softirq at ffffffff8164845c #24 [] do_softirq at ffffffff81016fc5 #25 [] irq_exit at ffffffff81084ee5 #26 [] do_IRQ at ffffffff81648ff8 Of course it may happen with other NIC drivers as well. It's found the freed dst_entry here: 224 static bool tcp_in_quickack_mode(struct sock *sk)↩ 225 {↩ 226 ▹ const struct inet_connection_sock *icsk = inet_csk(sk);↩ 227 ▹ const struct dst_entry *dst = __sk_dst_get(sk);↩ 228 ↩ 229 ▹ return (dst && dst_metric(dst, RTAX_QUICKACK)) ||↩ 230 ▹ ▹ (icsk->icsk_ack.quick && !icsk->icsk_ack.pingpong);↩ 231 }↩ But there are other backtraces attributed to the same freed dst_entry in netfilter code as well. All the vmcores showed 2 significant clues: - Remote hosts behind the default gateway had always been redirected to a different gateway. A rtable/dst_entry will be added for that host. Making more dst_entrys with lower reference counts. Making this more probable. - All vmcores showed a postitive LockDroppedIcmps value, e.g: LockDroppedIcmps 267 A closer look at the tcp_v4_err() handler revealed that do_redirect() will run regardless of whether user space has the socket locked. This can result in a race condition where the same dst_entry cached in sk->sk_dst_entry can be decremented twice for the same socket via: do_redirect()->__sk_dst_check()-> dst_release(). Which leads to the dst_entry being prematurely freed with another socket pointing to it via sk->sk_dst_cache and a subsequent crash. To fix this skip do_redirect() if usespace has the socket locked. Instead let the redirect take place later when user space does not have the socket locked. The dccp/IPv6 code is very similar in this respect, so fixing it there too. As Eric Garver pointed out the following commit now invalidates routes. Which can set the dst->obsolete flag so that ipv4_dst_check() returns null and triggers the dst_release(). Fixes: ceb3320610d6 ("ipv4: Kill routes during PMTU/redirect updates.") Cc: Eric Garver Cc: Hannes Sowa Signed-off-by: Jon Maxwell Signed-off-by: David S. Miller net/dccp/ipv4.c | 3 ++- net/dccp/ipv6.c | 8 +++++--- net/ipv4/tcp_ipv4.c | 3 ++- net/ipv6/tcp_ipv6.c | 8 +++++--- 4 files changed, 14 insertions(+), 8 deletions(-) commit 02bb56ddc6711639c549d81c7b9f6d845da243a9 Author: Zhao Qiang Date: Tue Mar 14 09:38:33 2017 +0800 ucc/hdlc: fix two little issue 1. modify bd_status from u32 to u16 in function hdlc_rx_done, because bd_status register is 16bits 2. write bd_length register before writing bd_status register Signed-off-by: Zhao Qiang Signed-off-by: David S. Miller drivers/net/wan/fsl_ucc_hdlc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 23f963e91fd81f44f6b316b1c24db563354c6be8 Author: Matthias Kaehlcke Date: Mon Mar 13 14:30:29 2017 -0700 dmaengine: Fix array index out of bounds warning in __get_unmap_pool() This fixes the following warning when building with clang and CONFIG_DMA_ENGINE_RAID=n : drivers/dma/dmaengine.c:1102:11: error: array index 2 is past the end of the array (which contains 1 element) [-Werror,-Warray-bounds] return &unmap_pool[2]; ^ ~ drivers/dma/dmaengine.c:1083:1: note: array 'unmap_pool' declared here static struct dmaengine_unmap_pool unmap_pool[] = { ^ drivers/dma/dmaengine.c:1104:11: error: array index 3 is past the end of the array (which contains 1 element) [-Werror,-Warray-bounds] return &unmap_pool[3]; ^ ~ drivers/dma/dmaengine.c:1083:1: note: array 'unmap_pool' declared here static struct dmaengine_unmap_pool unmap_pool[] = { Signed-off-by: Matthias Kaehlcke Reviewed-by: Dan Williams Signed-off-by: Vinod Koul drivers/dma/dmaengine.c | 2 ++ 1 file changed, 2 insertions(+) commit 22487b66594f18f2a7c211f3ab8bb02dec74d37b Author: Shivasharan S Date: Fri Mar 10 03:22:15 2017 -0800 scsi: megaraid_sas: Driver version upgrade Signed-off-by: Kashyap Desai Signed-off-by: Shivasharan S Reviewed-by: Tomas Henzl Signed-off-by: Martin K. Petersen drivers/scsi/megaraid/megaraid_sas.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 874d025da667d19b728141437ccbefe9dbaf9e7b Author: Shivasharan S Date: Fri Mar 10 03:22:14 2017 -0800 scsi: megaraid_sas: raid6 also require cpuSel check same as raid5 Without this fix, raid6 performance will not be optimal. Signed-off-by: Kashyap Desai Signed-off-by: Shivasharan S Reviewed-by: Tomas Henzl Signed-off-by: Martin K. Petersen drivers/scsi/megaraid/megaraid_sas_fusion.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 49524b3c6e12375627ddd870613fcc6b24909898 Author: Shivasharan S Date: Fri Mar 10 03:22:13 2017 -0800 scsi: megaraid_sas: add correct return type check for ldio hint logic for raid1 Return value check of atomic_dec_if_positive is required as it returns old value minus one. Without this fix, driver will send small ios to firmware path and that will be a performance issue. Not critical, but good to have r1_ldio_hint as default value in sdev private. Signed-off-by: Kashyap Desai Signed-off-by: Shivasharan S Reviewed-by: Tomas Henzl Signed-off-by: Martin K. Petersen drivers/scsi/megaraid/megaraid_sas_base.c | 3 +++ drivers/scsi/megaraid/megaraid_sas_fusion.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) commit 64ff64b90e62c860772fd0be50b7cfcef1d8a9b2 Author: Shivasharan S Date: Fri Mar 10 03:22:12 2017 -0800 scsi: megaraid_sas: enable intx only if msix request fails Without this fix, driver will enable INTx Interrupt pin even though MSI-x vectors are enabled. See below lspci output. DisINTx is unset for MSIx setup. lspci -s 85:00.0 -vvv |grep INT |grep Control Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- After applying this fix, driver will enable INTx Interrupt pin only if Legacy interrupt method is required. See below lspci output. DisINTx is set for MSIx setup. lspci -s 85:00.0 -vvv |grep INT |grep Control Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+ Signed-off-by: Kashyap Desai Reviewed-by: Tomas Henzl Signed-off-by: Martin K. Petersen drivers/scsi/megaraid/megaraid_sas_base.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit 3f8ed54aee491bbb83656592c2d0ad7b78d045ca Author: Srinivas Pandruvada Date: Mon Mar 13 18:30:12 2017 -0700 cpufreq: intel_pstate: Correct frequency setting in the HWP mode In the functions intel_pstate_hwp_set(), min/max range from HWP capability MSR along with max_perf_pct and min_perf_pct, is used to set the HWP request MSR. In some cases this doesn't result in the correct HWP max/min in HWP request. For example: In the following case: HWP capabilities from MSR 0x771 0x70a1220 Here cpufreq min/max frequencies from above MSR dump are 700MHz and 3.2GHz respectively. This will result in hwp_min = 0x07 hwp_max = 0x20 To limit max frequency to 2GHz: perf_limits->max_perf_pct = 63 (2GHz as a percent of 3.2GHz rounded up) With the current calculation: adj_range = max_perf_pct * range / 100; adj_range = 63 * (32 - 7) / 100 adj_range = 15 max = hw_min + adj_range; max = 7 + 15 = 22 This will result in HWP request of 0x160f, which will result in a frequency cap of 2.2GHz not 2GHz. The problem with the above calculation is that hwp_min of 7 is treated as 0% in the range. But max_perf_pct is calculated with respect to minimum as 0 and max as 3.2GHz or hwp_max, so adding hwp_min to it will result in more than the desired. Since the min_perf_pct and max_perf_pct is already a percent of max frequency or hwp_max, this min/max HWP request value can be calculated directly applying these percentage to hwp_max. Signed-off-by: Srinivas Pandruvada Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit 542ed784671d4678406c77ed6dd01593a0cdbea1 Author: Timur Tabi Date: Tue Feb 28 14:30:33 2017 -0600 tty: acpi/spcr: QDF2400 E44 checks for wrong OEM revision For Qualcomm Technologies QDF2400 SOCs that are affected by erratum E44, the ACPI oem_revision field is actually set to 1, not 0. Fixes: d8a4995bcea1 ("tty: pl011: Work around QDF2400 E44 stuck BUSY bit") Tested-by: Manoj Iyer Signed-off-by: Timur Tabi Signed-off-by: Greg Kroah-Hartman drivers/acpi/spcr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fb5fe0fd626c425ed41842c4318aa7ab6f3c2db7 Merge: 065f3e4 7b9f71f9 Author: Linus Torvalds Date: Mon Mar 13 19:48:22 2017 -0700 Merge tag 'powerpc-4.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull some more powerpc fixes from Michael Ellerman: "The main item is the addition of the Power9 Machine Check handler. This was delayed to make sure some details were correct, and is as minimal as possible. The rest is small fixes, two for the Power9 PMU, two dealing with obscure toolchain problems, two for the PowerNV IOMMU code (used by VFIO), and one to fix a crash on 32-bit machines with macio devices due to missing dma_ops. Thanks to: Alexey Kardashevskiy, Cyril Bur, Larry Finger, Madhavan Srinivasan, Nicholas Piggin" * tag 'powerpc-4.11-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64s: POWER9 machine check handler powerpc/64s: allow machine check handler to set severity and initiator powerpc/64s: fix handling of non-synchronous machine checks powerpc/pmac: Fix crash in dma-mapping.h with NULL dma_ops powerpc/powernv/ioda2: Update iommu table base on ownership change powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested selftests/powerpc: Replace stxvx and lxvx with stxvd2x/lxvd2x powerpc/perf: Handle sdar_mode for marked event in power9 powerpc/perf: Fix perf_get_data_addr() for power9 DD1 powerpc/boot: Fix zImage TOC alignment commit b15bfbe6427712d1b992bf806a6df9c05002a0a4 Author: James Hogan Date: Sat Mar 4 13:09:58 2017 +0000 serial: 8250_dw: Fix breakage when HAVE_CLK=n Commit 6a171b299379 ("serial: 8250_dw: Allow hardware flow control to be used") recently broke the 8250_dw driver on platforms which don't select HAVE_CLK, as dw8250_set_termios() gets confused by the behaviour of the fallback HAVE_CLK=n clock API in linux/clk.h which pretends everything is fine but returns (valid) NULL clocks and 0 HZ clock rates. That 0 rate is written into the uartclk resulting in a crash at boot, e.g. on Cavium Octeon III based UTM-8 we get something like this: 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 41, base_baud = 25000000) is a OCTEON ------------[ cut here ]------------ WARNING: CPU: 2 PID: 1 at drivers/tty/serial/serial_core.c:441 uart_get_baud_rate+0xfc/0x1f0 ... Call Trace: ... [] uart_get_baud_rate+0xfc/0x1f0 [] serial8250_do_set_termios+0xb0/0x440 [] uart_set_options+0xe8/0x190 [] serial8250_console_setup+0x84/0x158 [] univ8250_console_setup+0x54/0x70 [] register_console+0x1c8/0x418 [] uart_add_one_port+0x434/0x4b0 [] serial8250_register_8250_port+0x2d8/0x440 [] dw8250_probe+0x388/0x5e8 ... The clock API is defined such that NULL is a valid clock handle so it wouldn't be right to check explicitly for NULL. Instead treat a clk_round_rate() return value of 0 as an error which prevents uartclk being overwritten. Fixes: 6a171b299379 ("serial: 8250_dw: Allow hardware flow control to be used") Signed-off-by: James Hogan Cc: Kefeng Wang Cc: David Daney Cc: Russell King Cc: linux-serial@vger.kernel.org Cc: linux-clk@vger.kernel.org Cc: linux-mips@linux-mips.org Cc: bcm-kernel-feedback-list@broadcom.com Reviewed-by: Andy Shevchenko Reviewed-by: Jason Uy Reviewed-by: Heiko Stuebner Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_dw.c | 2 ++ 1 file changed, 2 insertions(+) commit 09498087f922bb623b66db9e89c6fd11a3799867 Author: Heiko Stuebner Date: Thu Mar 9 07:41:16 2017 +0100 serial: 8250_dw: Honor clk_round_rate errors in dw8250_set_termios clk_round_rate returns a signed long and may possibly return errors in it, for example if there is no possible rate. Till now dw8250_set_termios ignored any error, the signednes and would just use the value as input to clk_set_rate. This of course falls apart if there is an actual error, so check for errors and only try to set a rate if the value is actually valid. This turned up on some Rockchip platforms after commit 6a171b299379 ("serial: 8250_dw: Allow hardware flow control to be used") enabled set_termios callback in all cases, not only ACPI. Fixes: 6a171b299379 ("serial: 8250_dw: Allow hardware flow control to be used") Signed-off-by: Heiko Stuebner Reviewed-by: Andy Shevchenko Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_dw.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit c80498e36d4ef3e24599d363c622fbf22a1293cc Author: Nicolas Dichtel Date: Mon Mar 13 16:24:03 2017 +0100 vxlan: fix ovs support The required changes in the function vxlan_dev_create() were missing in commit 8bcdc4f3a20b. The vxlan device is not registered anymore after this patch and the error path causes an stack dump: WARNING: CPU: 3 PID: 1498 at net/core/dev.c:6713 rollback_registered_many+0x9d/0x3f0 Fixes: 8bcdc4f3a20b ("vxlan: add changelink support") CC: Roopa Prabhu Signed-off-by: Nicolas Dichtel Acked-by: Roopa Prabhu Signed-off-by: David S. Miller drivers/net/vxlan.c | 73 +++++++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 33 deletions(-) commit 91864f5852f9996210fad400cf70fb85af091243 Author: Andrey Vagin Date: Sun Mar 12 21:36:18 2017 -0700 net: use net->count to check whether a netns is alive or not The previous idea was to check whether a net namespace is in net_exit_list or not. It doesn't work, because net->exit_list is used in __register_pernet_operations and __unregister_pernet_operations where all namespaces are added to a temporary list to make cleanup in a error case, so list_empty(&net->exit_list) always returns false. Reported-by: Mantas Mikulėnas Fixes: 002d8a1a6c11 ("net: skip genenerating uevents for network namespaces that are exiting") Signed-off-by: Andrei Vagin Signed-off-by: David S. Miller net/core/net-sysfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit be3606ff739d1c1be36389f8737c577ad87e1f57 Author: Andrey Ryabinin Date: Mon Mar 13 19:33:37 2017 +0300 x86/kasan: Fix boot with KASAN=y and PROFILE_ANNOTATED_BRANCHES=y The kernel doesn't boot with both PROFILE_ANNOTATED_BRANCHES=y and KASAN=y options selected. With branch profiling enabled we end up calling ftrace_likely_update() before kasan_early_init(). ftrace_likely_update() is built with KASAN instrumentation, so calling it before kasan has been initialized leads to crash. Use DISABLE_BRANCH_PROFILING define to make sure that we don't call ftrace_likely_update() from early code before kasan_early_init(). Fixes: ef7f0d6a6ca8 ("x86_64: add KASan support") Reported-by: Fengguang Wu Signed-off-by: Andrey Ryabinin Cc: kasan-dev@googlegroups.com Cc: Alexander Potapenko Cc: stable@vger.kernel.org Cc: Andrew Morton Cc: lkp@01.org Cc: Dmitry Vyukov Link: http://lkml.kernel.org/r/20170313163337.1704-1-aryabinin@virtuozzo.com Signed-off-by: Thomas Gleixner arch/x86/kernel/head64.c | 1 + arch/x86/mm/kasan_init_64.c | 1 + 2 files changed, 2 insertions(+) commit 6e7408acd04d06c04981c0c0fb5a2462b16fae4f Author: Rafael J. Wysocki Date: Sun Mar 12 18:12:56 2017 +0100 cpufreq: intel_pstate: Update pid_params.sample_rate_ns in pid_param_set() Fix the debugfs interface for PID tuning to actually update pid_params.sample_rate_ns on PID parameters updates, as changing pid_params.sample_rate_ms via debugfs has no effect now. Fixes: a4675fbc4a7a (cpufreq: intel_pstate: Replace timers with utilization update callbacks) Signed-off-by: Rafael J. Wysocki Acked-by: Viresh Kumar drivers/cpufreq/intel_pstate.c | 1 + 1 file changed, 1 insertion(+) commit 42d5d460ada7d59e96d5f65497166ff3662eb7ea Merge: f40624e e24bce8 Author: Olof Johansson Date: Mon Mar 13 15:12:39 2017 -0700 Merge tag 'omap-for-v4.11/fixes-rc1-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Fixes for omaps for v4.11-rc cycle: - Fix smartreflex platform data regression where I accidentally removed legacy platform data still in use - Fix hypervisor mode for thumb2 kernel - Fix misplaced tpic2810 to move it to right bus - Enable INPUT_MOUSEDEV as a loadable module have mice working - Fix use of gpio-key,wakeup and use wakeup-source instead as this accidentally sneaked in during the merge window - Fix error handling for onenand to properly return error - Remove legacy gpmc-nand.c that's now dead code, this also removes dependency to the MTD tree for further driver changes - Fix device node reference count errors for omap3 and related to it also release device nodes after no longer needed * tag 'omap-for-v4.11/fixes-rc1-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: OMAP2+: Release device node after it is no longer needed. ARM: OMAP2+: Fix device node reference counts ARM: OMAP2+: Remove legacy gpmc-nand.c ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure ARM: dts: am335x-pcm953: Fix legacy wakeup source binding ARM: omap2plus_defconfig: Enable INPUT_MOUSEDEV as loadable modules ARM: dts: am57xx-idk: tpic2810 is on I2C bus, not SPI ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build ARM: OMAP3: Fix smartreflex platform data regression Signed-off-by: Olof Johansson commit f40624e85bfe44c789320d0901a7762411790170 Merge: 9aea151 0c2bf9f Author: Olof Johansson Date: Mon Mar 13 15:12:01 2017 -0700 Merge tag 'arm-soc/for-4.11/devicetree-fixes' of http://github.com/Broadcom/stblinux into fixes This pull request contains Broadcom ARM-based SoC Device Tree fixes for 4.11, please pull the following: - Jon fixes the UART output on the Broadcom bcm953012k reference board by using the proper clock reference instead of hard-coding the baud rate - Jon also fixes the memory map on the bcm953012k reference board by using the appropriate physical RAM start address - Jon finally fixes the interrupt type for the Cortex A9 global and local timers found in the BCM5301X SoC (Norsthar). * tag 'arm-soc/for-4.11/devicetree-fixes' of http://github.com/Broadcom/stblinux: ARM: dts: BCM5301X: Correct GIC_PPI interrupt flags ARM: dts: BCM5301X: Fix memory start address ARM: dts: BCM5301X: Fix UARTs on bcm953012k Signed-off-by: Olof Johansson commit 9aea151f282df2b82a44fd7058a239334437c266 Author: Linus Walleij Date: Sun Feb 26 01:02:09 2017 +0100 ARM: dts: add the AB8500 clocks to the device tree This adds the AB8500 clocks to the device tree using the new bindings from the clk subsystem, making audio work again. Cc: Lee Jones Cc: Ulf Hansson Signed-off-by: Linus Walleij Signed-off-by: Olof Johansson arch/arm/boot/dts/ste-dbx5x0.dtsi | 19 +++++++++++++++++++ arch/arm/boot/dts/ste-href.dtsi | 9 --------- arch/arm/boot/dts/ste-snowball.dts | 9 --------- 3 files changed, 19 insertions(+), 18 deletions(-) commit 859bb6d59066b96341020e0991f191631cabe59d Author: Andy Shevchenko Date: Wed Mar 8 13:24:22 2017 +0200 x86/platform/intel-mid: Add power button support for Merrifield Intel Merrifield platform has a Basin Cove PMIC to handle in particular power button events. Add necessary bits to enable it. Signed-off-by: Andy Shevchenko Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20170308112422.67533-2-andriy.shevchenko@linux.intel.com Signed-off-by: Thomas Gleixner arch/x86/platform/intel-mid/device_libs/Makefile | 1 + .../device_libs/platform_mrfld_power_btn.c | 82 ++++++++++++++++++++++ 2 files changed, 83 insertions(+) commit c836e5cf0d0880d6668966476c4ffe727f29f69a Author: Andy Shevchenko Date: Wed Mar 8 13:24:21 2017 +0200 x86/platform/intel-mid: Use common power off sequence Intel Medfield may use common for Intel MID devices power sequence. Remove unneded custom power off stub. While here, remove function forward declaration. Signed-off-by: Andy Shevchenko Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20170308112422.67533-1-andriy.shevchenko@linux.intel.com Signed-off-by: Thomas Gleixner arch/x86/platform/intel-mid/mfld.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) commit c42f8218610aa09d7d3795e5810387673c1f84b6 Author: Lars-Peter Clausen Date: Thu Mar 9 17:20:04 2017 +0100 iio: sw-device: Fix config group initialization Use the IS_ENABLED() helper macro to ensure that the configfs group is initialized either when configfs is built-in or when configfs is built as a module. Otherwise software device creation will result in undefined behaviour when configfs is built as a module since the configfs group for the device not properly initialized. Similar to commit b2f0c09664b7 ("iio: sw-trigger: Fix config group initialization"). Fixes: 0f3a8c3f34f7 ("iio: Add support for creating IIO devices via configfs") Reported-by: Miguel Robles Signed-off-by: Lars-Peter Clausen Acked-by: Daniel Baluta Cc: Signed-off-by: Jonathan Cameron include/linux/iio/sw_device.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 065f3e4951f11701729ad310ca0b610f61d91e2a Merge: ce70df0 d1c4e9b Author: Linus Torvalds Date: Mon Mar 13 13:23:43 2017 -0700 Merge tag 'platform-drivers-x86-v4.11-2' of git://git.infradead.org/linux-platform-drivers-x86 Pull x86 platform driver updates from Darren Hart: "Asus fixes for the airplane LED and a long awaited fujitsu cleanup. asus-wmi: - Remove quirk_no_rfkill - Detect quirk_no_rfkill from the DSDT fujitsu-laptop: - remove redundant MODULE_ALIAS entries - autodetect LCD interface on all models - simplify acpi_bus_register_driver() error handling - remove redundant forward declarations - replace numeric values with constants - rename FUNC_RFKILL to FUNC_FLAGS - make platform-related variables match naming convention - replace "hotkey" with "laptop" in symbol names - clearly denote backlight-related symbols" * tag 'platform-drivers-x86-v4.11-2' of git://git.infradead.org/linux-platform-drivers-x86: platform/x86: asus-wmi: Remove quirk_no_rfkill platform/x86: asus-wmi: Detect quirk_no_rfkill from the DSDT platform/x86: fujitsu-laptop: remove redundant MODULE_ALIAS entries platform/x86: fujitsu-laptop: autodetect LCD interface on all models platform/x86: fujitsu-laptop: simplify acpi_bus_register_driver() error handling platform/x86: fujitsu-laptop: remove redundant forward declarations platform/x86: fujitsu-laptop: replace numeric values with constants platform/x86: fujitsu-laptop: rename FUNC_RFKILL to FUNC_FLAGS platform/x86: fujitsu-laptop: make platform-related variables match naming convention platform/x86: fujitsu-laptop: replace "hotkey" with "laptop" in symbol names platform/x86: fujitsu-laptop: clearly denote backlight-related symbols commit a13b2082ece95247779b9995c4e91b4246bed023 Author: Florian Westphal Date: Mon Mar 13 17:38:17 2017 +0100 bridge: drop netfilter fake rtable unconditionally Andreas reports kernel oops during rmmod of the br_netfilter module. Hannes debugged the oops down to a NULL rt6info->rt6i_indev. Problem is that br_netfilter has the nasty concept of adding a fake rtable to skb->dst; this happens in a br_netfilter prerouting hook. A second hook (in bridge LOCAL_IN) is supposed to remove these again before the skb is handed up the stack. However, on module unload hooks get unregistered which means an skb could traverse the prerouting hook that attaches the fake_rtable, while the 'fake rtable remove' hook gets removed from the hooklist immediately after. Fixes: 34666d467cbf1e2e3c7 ("netfilter: bridge: move br_netfilter out of the core") Reported-by: Andreas Karis Debugged-by: Hannes Frederic Sowa Signed-off-by: Florian Westphal Acked-by: Pablo Neira Ayuso Signed-off-by: David S. Miller net/bridge/br_input.c | 1 + net/bridge/br_netfilter_hooks.c | 21 --------------------- 2 files changed, 1 insertion(+), 21 deletions(-) commit 79e49503efe53a8c51d8b695bedc8a346c5e4a87 Author: Florian Westphal Date: Mon Mar 13 16:24:28 2017 +0100 ipv6: avoid write to a possibly cloned skb ip6_fragment, in case skb has a fraglist, checks if the skb is cloned. If it is, it will move to the 'slow path' and allocates new skbs for each fragment. However, right before entering the slowpath loop, it updates the nexthdr value of the last ipv6 extension header to NEXTHDR_FRAGMENT, to account for the fragment header that will be inserted in the new ipv6-fragment skbs. In case original skb is cloned this munges nexthdr value of another skb. Avoid this by doing the nexthdr update for each of the new fragment skbs separately. This was observed with tcpdump on a bridge device where netfilter ipv6 reassembly is active: tcpdump shows malformed fragment headers as the l4 header (icmpv6, tcp, etc). is decoded as a fragment header. Cc: Hannes Frederic Sowa Reported-by: Andreas Karis Signed-off-by: Florian Westphal Signed-off-by: David S. Miller net/ipv6/ip6_output.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 0d443b70cc92d741cbc1dcbf1079897b3d8bc3cc Author: Mike Travis Date: Tue Mar 7 15:08:42 2017 -0600 x86/platform: Remove warning message for duplicate NMI handlers Remove the WARNING message associated with multiple NMI handlers as there are at least two that are legitimate. These are the KGDB and the UV handlers and both want to be called if the NMI has not been claimed by any other NMI handler. Use of the UNKNOWN NMI call chain dramatically lowers the NMI call rate when high frequency NMI tools are in use, notably the perf tools. It is required on systems that cannot sustain a high NMI call rate without adversely affecting the system operation. Signed-off-by: Mike Travis Reviewed-by: Dimitri Sivanich Cc: Don Zickus Cc: Peter Zijlstra Cc: Russ Anderson Cc: Frank Ramsay Cc: Tony Ernst Link: http://lkml.kernel.org/r/20170307210841.730959611@asylum.americas.sgi.com Signed-off-by: Thomas Gleixner arch/x86/kernel/nmi.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 6e526fdff7be4f13b24f929a04c0e9ae6761291e Author: Johan Hovold Date: Mon Mar 13 13:42:03 2017 +0100 net: wimax/i2400m: fix NULL-deref at probe Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer or accessing memory beyond the endpoint array should a malicious device lack the expected endpoints. The endpoints are specifically dereferenced in the i2400m_bootrom_init path during probe (e.g. in i2400mu_tx_bulk_out). Fixes: f398e4240fce ("i2400m/USB: probe/disconnect, dev init/shutdown and reset backends") Cc: Inaky Perez-Gonzalez Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/wimax/i2400m/usb.c | 3 +++ 1 file changed, 3 insertions(+) commit 68c32f9c2a36d410aa242e661506e5b2c2764179 Author: Johan Hovold Date: Mon Mar 13 13:39:01 2017 +0100 isdn/gigaset: fix NULL-deref at probe Make sure to check the number of endpoints to avoid dereferencing a NULL-pointer should a malicious device lack endpoints. Fixes: cf7776dc05b8 ("[PATCH] isdn4linux: Siemens Gigaset drivers - direct USB connection") Cc: stable # 2.6.17 Cc: Hansjoerg Lipp Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/isdn/gigaset/bas-gigaset.c | 3 +++ 1 file changed, 3 insertions(+) commit 67e194007be08d071294456274dd53e0a04fdf90 Author: Sabrina Dubroca Date: Mon Mar 13 13:28:09 2017 +0100 ipv6: make ECMP route replacement less greedy Commit 27596472473a ("ipv6: fix ECMP route replacement") introduced a loop that removes all siblings of an ECMP route that is being replaced. However, this loop doesn't stop when it has replaced siblings, and keeps removing other routes with a higher metric. We also end up triggering the WARN_ON after the loop, because after this nsiblings < 0. Instead, stop the loop when we have taken care of all routes with the same metric as the route being replaced. Reproducer: =========== #!/bin/sh ip netns add ns1 ip netns add ns2 ip -net ns1 link set lo up for x in 0 1 2 ; do ip link add veth$x netns ns2 type veth peer name eth$x netns ns1 ip -net ns1 link set eth$x up ip -net ns2 link set veth$x up done ip -net ns1 -6 r a 2000::/64 nexthop via fe80::0 dev eth0 \ nexthop via fe80::1 dev eth1 nexthop via fe80::2 dev eth2 ip -net ns1 -6 r a 2000::/64 via fe80::42 dev eth0 metric 256 ip -net ns1 -6 r a 2000::/64 via fe80::43 dev eth0 metric 2048 echo "before replace, 3 routes" ip -net ns1 -6 r | grep -v '^fe80\|^ff00' echo ip -net ns1 -6 r c 2000::/64 nexthop via fe80::4 dev eth0 \ nexthop via fe80::5 dev eth1 nexthop via fe80::6 dev eth2 echo "after replace, only 2 routes, metric 2048 is gone" ip -net ns1 -6 r | grep -v '^fe80\|^ff00' Fixes: 27596472473a ("ipv6: fix ECMP route replacement") Signed-off-by: Sabrina Dubroca Acked-by: Nicolas Dichtel Reviewed-by: Xin Long Reviewed-by: Michal Kubecek Signed-off-by: David S. Miller net/ipv6/ip6_fib.c | 2 ++ 1 file changed, 2 insertions(+) commit 44fee88cea43d3c2cac962e0439cb10a3cabff6d Author: Peter Zijlstra Date: Mon Mar 13 15:57:12 2017 +0100 x86/tsc: Fix ART for TSC_KNOWN_FREQ Subhransu reported that convert_art_to_tsc() isn't working for him. The ART to TSC relation is only set up for systems which use the refined TSC calibration. Systems with known TSC frequency (available via CPUID 15) are not using the refined calibration and therefor the ART to TSC relation is never established. Add the setup to the known frequency init path which skips ART calibration. The init code needs to be duplicated as for systems which use refined calibration the ART setup must be delayed until calibration has been done. The problem has been there since the ART support was introdduced, but only detected now because Subhransu tested the first time on hardware which has TSC frequency enumerated via CPUID 15. Note for stable: The conditional has changed from TSC_RELIABLE to TSC_KNOWN_FREQUENCY. [ tglx: Rewrote changelog and identified the proper 'Fixes' commit ] Fixes: f9677e0f8308 ("x86/tsc: Always Running Timer (ART) correlated clocksource") Reported-by: "Prusty, Subhransu S" Signed-off-by: Peter Zijlstra (Intel) Cc: stable@vger.kernel.org Cc: christopher.s.hall@intel.com Cc: kevin.b.stanton@intel.com Cc: john.stultz@linaro.org Cc: akataria@vmware.com Link: http://lkml.kernel.org/r/20170313145712.GI3312@twins.programming.kicks-ass.net Signed-off-by: Thomas Gleixner arch/x86/kernel/tsc.c | 2 ++ 1 file changed, 2 insertions(+) commit c5f7c5a9a0f84c511a8a336491f9b8a3060b6517 Author: Elena Reshetova Date: Mon Mar 6 16:21:16 2017 +0200 drivers, xen: convert grant_map.users from atomic_t to refcount_t refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova Signed-off-by: Hans Liljestrand Signed-off-by: Kees Cook Signed-off-by: David Windsor Signed-off-by: Boris Ostrovsky drivers/xen/gntdev.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 04166f48d9593af4513ae06c0f966c0cee300a20 Author: Pablo Neira Ayuso Date: Mon Mar 13 13:24:03 2017 +0100 Revert "netfilter: nf_tables: add flush field to struct nft_set_iter" This reverts commit 1f48ff6c5393aa7fe290faf5d633164f105b0aa7. This patch is not required anymore now that we keep a dummy list of set elements in the bitmap set implementation, so revert this before we forget this code has no clients. Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 1 - net/netfilter/nf_tables_api.c | 4 ---- 2 files changed, 5 deletions(-) commit ce70df089143c49385b4f32f39d41fb50fbf6a7c Author: Kirill A. Shutemov Date: Mon Mar 13 08:22:13 2017 +0300 mm, gup: fix typo in gup_p4d_range() gup_p4d_range() should call gup_pud_range(), not itself. [ This was not noticed on x86: this is the HAVE_GENERIC_RCU_GUP code used by arm[64] and powerpc - Linus ] Fixes: c2febafc6773 ("mm: convert generic code to 5-level paging") Signed-off-by: Kirill A. Shutemov Reported-by: Chris Packham Reported-by: Anton Blanchard Acked-by: Michal Hocko Acked-by: Mark Rutland Signed-off-by: Linus Torvalds mm/gup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6aef660370a9c246956ba6d01eebd8063c4214cb Author: Tvrtko Ursulin Date: Fri Mar 10 09:32:49 2017 +0000 drm/i915: Fix forcewake active domain tracking In commit 003342a50021 ("drm/i915: Keep track of active forcewake domains in a bitmask") I forgot to adjust the newly introduce fw_domains_active state across reset. This caused the assert_forcewakes_inactive to trigger during suspend and resume if there were user held forcewakes. v2: Bitmask checks are required since vfuncs are not always present. v3: Move bitmask tracking to get/put vfunc for simplicity. (Chris Wilson) Signed-off-by: Tvrtko Ursulin Fixes: 003342a50021 ("drm/i915: Keep track of active forcewake domains in a bitmask") Testcase: igt/drv_suspend/forcewake Cc: Tvrtko Ursulin Cc: "Paneri, Praveen" Cc: Chris Wilson Cc: Daniel Vetter Cc: Jani Nikula Cc: intel-gfx@lists.freedesktop.org Cc: v4.10+ Reviewed-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/20170310093249.4484-1-tvrtko.ursulin@linux.intel.com (cherry picked from commit b8473050805f35add97f3ff57570d55a01808df5) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_uncore.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 3a0d137de035cc8c70194d9988ded61825b5ff8a Author: Maarten Lankhorst Date: Wed Mar 8 13:00:07 2017 +0100 drm/i915: Nuke skl_update_plane debug message from the pipe update critical section printks are slow so we should not be doing them from the vblank evade critical section. These could explain why we sometimes seem to blow past our 100 usec deadline. The problem has been there ever since commit c331879ce8ea ("drm/i915: skylake sprite plane scaling using shared scalers.") but it may not have been readily visible until commit e1edbd44e23b ("drm/i915: Complain if we take too long under vblank evasion.") increased our chances of noticing it. Signed-off-by: Maarten Lankhorst Cc: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1488974407-25175-1-git-send-email-maarten.lankhorst@linux.intel.com Fixes: c331879ce8ea ("drm/i915: skylake sprite plane scaling using shared scalers") Cc: # v4.2+ Reviewed-by: Ville Syrjälä [mlankhorst: Add missing tags, point to the correct offending commit] (cherry picked from commit d38146b9ee16264ff9a88bf3391ab9f2f5af3646) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_sprite.c | 3 --- 1 file changed, 3 deletions(-) commit aac66bf5f916f645bd57029490a72c3f91f2c274 Author: Matthew Auld Date: Mon Mar 6 23:54:01 2017 +0000 drm/i915: use correct node for handling cache domain eviction It looks like we were incorrectly comparing vma->node against itself instead of the target node, when evicting for a node on systems where we need guard pages between regions with different cache domains. As a consequence we can end up trying to needlessly evict neighbouring nodes, even if they have the same cache domain, and if they were pinned we would fail the eviction. Fixes: 625d988acc28 ("drm/i915: Extract reserving space in the GTT to a helper") Signed-off-by: Matthew Auld Cc: Chris Wilson Cc: Joonas Lahtinen Reviewed-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/20170306235414.23407-3-matthew.auld@intel.com Signed-off-by: Chris Wilson (cherry picked from commit fe65cbdbc97929e4a522716ed279a36783656142) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_evict.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 366a1569bff3fe14abfdf9285e31e05e091745f5 Author: Kinglong Mee Date: Mon Mar 6 22:29:14 2017 +0800 NFSv4: fix a reference leak caused WARNING messages Because nfs4_opendata_access() has close the state when access is denied, so the state isn't leak. Rather than revert the commit a974deee47, I'd like clean the strange state close. [ 1615.094218] ------------[ cut here ]------------ [ 1615.094607] WARNING: CPU: 0 PID: 23702 at lib/list_debug.c:31 __list_add_valid+0x8e/0xa0 [ 1615.094913] list_add double add: new=ffff9d7901d9f608, prev=ffff9d7901d9f608, next=ffff9d7901ee8dd0. [ 1615.095458] Modules linked in: nfsv4(E) nfs(E) nfsd(E) tun bridge stp llc fuse ip_set nfnetlink vmw_vsock_vmci_transport vsock f2fs snd_seq_midi snd_seq_midi_event fscrypto coretemp ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_rapl_perf vmw_balloon snd_ens1371 joydev gameport snd_ac97_codec ac97_bus snd_seq snd_pcm snd_rawmidi snd_timer snd_seq_device snd soundcore nfit parport_pc parport acpi_cpufreq tpm_tis tpm_tis_core tpm i2c_piix4 vmw_vmci shpchp auth_rpcgss nfs_acl lockd(E) grace sunrpc(E) xfs libcrc32c vmwgfx drm_kms_helper ttm drm crc32c_intel mptspi e1000 serio_raw scsi_transport_spi mptscsih mptbase ata_generic pata_acpi fjes [last unloaded: nfs] [ 1615.097663] CPU: 0 PID: 23702 Comm: fstest Tainted: G W E 4.11.0-rc1+ #517 [ 1615.098015] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015 [ 1615.098807] Call Trace: [ 1615.099183] dump_stack+0x63/0x86 [ 1615.099578] __warn+0xcb/0xf0 [ 1615.099967] warn_slowpath_fmt+0x5f/0x80 [ 1615.100370] __list_add_valid+0x8e/0xa0 [ 1615.100760] nfs4_put_state_owner+0x75/0xc0 [nfsv4] [ 1615.101136] __nfs4_close+0x109/0x140 [nfsv4] [ 1615.101524] nfs4_close_state+0x15/0x20 [nfsv4] [ 1615.101949] nfs4_close_context+0x21/0x30 [nfsv4] [ 1615.102691] __put_nfs_open_context+0xb8/0x110 [nfs] [ 1615.103155] put_nfs_open_context+0x10/0x20 [nfs] [ 1615.103586] nfs4_file_open+0x13b/0x260 [nfsv4] [ 1615.103978] do_dentry_open+0x20a/0x2f0 [ 1615.104369] ? nfs4_copy_file_range+0x30/0x30 [nfsv4] [ 1615.104739] vfs_open+0x4c/0x70 [ 1615.105106] ? may_open+0x5a/0x100 [ 1615.105469] path_openat+0x623/0x1420 [ 1615.105823] do_filp_open+0x91/0x100 [ 1615.106174] ? __alloc_fd+0x3f/0x170 [ 1615.106568] do_sys_open+0x130/0x220 [ 1615.106920] ? __put_cred+0x3d/0x50 [ 1615.107256] SyS_open+0x1e/0x20 [ 1615.107588] entry_SYSCALL_64_fastpath+0x1a/0xa9 [ 1615.107922] RIP: 0033:0x7fab599069b0 [ 1615.108247] RSP: 002b:00007ffcf0600d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1615.108575] RAX: ffffffffffffffda RBX: 00007fab59bcfae0 RCX: 00007fab599069b0 [ 1615.108896] RDX: 0000000000000200 RSI: 0000000000000200 RDI: 00007ffcf060255e [ 1615.109211] RBP: 0000000000040010 R08: 0000000000000000 R09: 0000000000000016 [ 1615.109515] R10: 00000000000006a1 R11: 0000000000000246 R12: 0000000000041000 [ 1615.109806] R13: 0000000000040010 R14: 0000000000001000 R15: 0000000000002710 [ 1615.110152] ---[ end trace 96ed63b1306bf2f3 ]--- Fixes: a974deee47 ("NFSv4: Fix memory and state leak in...") Signed-off-by: Kinglong Mee Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 2 -- 1 file changed, 2 deletions(-) commit 6f1f622019f95d79d6e2f8bb3781144ad0aff75f Author: Kinglong Mee Date: Mon Mar 6 17:49:42 2017 +0800 nfs4: fix a typo of NFS_ATTR_FATTR_GROUP_NAME This typo cause a memory leak, and a bad client's group id. unreferenced object 0xffff96d8073998d0 (size 8): comm "kworker/0:3", pid 34224, jiffies 4295361338 (age 761.752s) hex dump (first 8 bytes): 30 00 39 07 d8 96 ff ff 0.9..... backtrace: [] kmemleak_alloc+0x4a/0xa0 [] __kmalloc+0x140/0x220 [] xdr_stream_decode_string_dup+0x7c/0x110 [sunrpc] [] decode_getfattr_attrs+0x940/0x1630 [nfsv4] [] decode_getfattr_generic.constprop.108+0x9b/0x100 [nfsv4] [] nfs4_xdr_dec_open+0xcf/0x100 [nfsv4] [] rpcauth_unwrap_resp+0xa7/0xe0 [sunrpc] [] call_decode+0x1e0/0x810 [sunrpc] [] __rpc_execute+0x8d/0x420 [sunrpc] [] rpc_async_schedule+0x12/0x20 [sunrpc] [] process_one_work+0x197/0x430 [] worker_thread+0x4e/0x4a0 [] kthread+0x101/0x140 [] ret_from_fork+0x2c/0x40 [] 0xffffffffffffffff Fixes: 686a816ab6 ("NFSv4: Clean up owner/group attribute decode") Signed-off-by: Kinglong Mee Signed-off-by: Anna Schumaker fs/nfs/nfs4xdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4a3a485b1ed0e109718cc8c9d094fa0f552de9b2 Author: Tahsin Erdogan Date: Fri Mar 10 12:09:49 2017 -0800 writeback: fix memory leak in wb_queue_work() When WB_registered flag is not set, wb_queue_work() skips queuing the work, but does not perform the necessary clean up. In particular, if work->auto_free is true, it should free the memory. The leak condition can be reprouced by following these steps: mount /dev/sdb /mnt/sdb /* In qemu console: device_del sdb */ umount /dev/sdb Above will result in a wb_queue_work() call on an unregistered wb and thus leak memory. Reported-by: John Sperbeck Signed-off-by: Tahsin Erdogan Reviewed-by: Jan Kara Signed-off-by: Jens Axboe fs/fs-writeback.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) commit 0067d4b020ea07a58540acb2c5fcd3364bf326e0 Author: Sagi Grimberg Date: Mon Mar 13 16:10:11 2017 +0200 blk-mq: Fix tagset reinit in the presence of cpu hot-unplug In case cpu was unplugged, we need to make sure not to assume that the tags for that cpu are still allocated. so check for null tags when reinitializing a tagset. Reported-by: Yi Zhang Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe block/blk-mq-tag.c | 3 +++ 1 file changed, 3 insertions(+) commit a1c2ff53726907aff5feb37e4cfd45c1ff626431 Author: Hiroyuki Yokoyama Date: Wed Mar 1 03:51:00 2017 +0000 ASoC: rsnd: fix sound route path when using SRC6/SRC9 This patch fixes the problem that the missing value of the route path setting table and incorrect values are set in the CMD_ROUTE_SELECT register. Signed-off-by: Hiroyuki Yokoyama [Kuninori: shared data on MIX and non-MIX case] Signed-off-by: Kuninori Morimoto Signed-off-by: Mark Brown sound/soc/sh/rcar/cmd.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) commit e920dde5160887d07b738f5a7f593b1fa9b1e32e Author: Pablo Neira Ayuso Date: Fri Mar 10 18:32:31 2017 +0100 netfilter: nft_set_bitmap: keep a list of dummy elements Element comments may come without any prior set flag, so we have to keep a list of dummy struct nft_set_ext to keep this information around. This is only useful for set dumps to userspace. From the packet path, this set type relies on the bitmap representation. This patch simplifies the logic since we don't need to allocate the dummy nft_set_ext structure anymore on the fly at the cost of increasing memory consumption because of the list of dummy struct nft_set_ext. Fixes: 665153ff5752 ("netfilter: nf_tables: add bitmap set type") Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_set_bitmap.c | 146 +++++++++++++++++++---------------------- 1 file changed, 66 insertions(+), 80 deletions(-) commit 170a1fb9c01bc40b7e8fd57a32ac9a0e131ec5b6 Author: Steven Rostedt (VMware) Date: Sat Mar 11 00:25:26 2017 -0500 netfilter: Force fake conntrack entry to be at least 8 bytes aligned Since the nfct and nfctinfo have been combined, the nf_conn structure must be at least 8 bytes aligned, as the 3 LSB bits are used for the nfctinfo. But there's a fake nf_conn structure to denote untracked connections, which is created by a PER_CPU construct. This does not guarantee that it will be 8 bytes aligned and can break the logic in determining the correct nfctinfo. I triggered this on a 32bit machine with the following error: BUG: unable to handle kernel NULL pointer dereference at 00000af4 IP: nf_ct_deliver_cached_events+0x1b/0xfb *pdpt = 0000000031962001 *pde = 0000000000000000 Oops: 0000 [#1] SMP [Modules linked in: ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables ipv6 crc_ccitt ppdev r8169 parport_pc parport OK ] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.10.0-test+ #75 Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014 task: c126ec00 task.stack: c1258000 EIP: nf_ct_deliver_cached_events+0x1b/0xfb EFLAGS: 00010202 CPU: 0 EAX: 0021cd01 EBX: 00000000 ECX: 27b0c767 EDX: 32bcb17a ESI: f34135c0 EDI: f34135c0 EBP: f2debd60 ESP: f2debd3c DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 CR0: 80050033 CR2: 00000af4 CR3: 309a0440 CR4: 001406f0 Call Trace: ? ipv6_skip_exthdr+0xac/0xcb ipv6_confirm+0x10c/0x119 [nf_conntrack_ipv6] nf_hook_slow+0x22/0xc7 nf_hook+0x9a/0xad [ipv6] ? ip6t_do_table+0x356/0x379 [ip6_tables] ? ip6_fragment+0x9e9/0x9e9 [ipv6] ip6_output+0xee/0x107 [ipv6] ? ip6_fragment+0x9e9/0x9e9 [ipv6] dst_output+0x36/0x4d [ipv6] NF_HOOK.constprop.37+0xb2/0xba [ipv6] ? icmp6_dst_alloc+0x2c/0xfd [ipv6] ? local_bh_enable+0x14/0x14 [ipv6] mld_sendpack+0x1c5/0x281 [ipv6] ? mark_held_locks+0x40/0x5c mld_ifc_timer_expire+0x1f6/0x21e [ipv6] call_timer_fn+0x135/0x283 ? detach_if_pending+0x55/0x55 ? mld_dad_timer_expire+0x3e/0x3e [ipv6] __run_timers+0x111/0x14b ? mld_dad_timer_expire+0x3e/0x3e [ipv6] run_timer_softirq+0x1c/0x36 __do_softirq+0x185/0x37c ? test_ti_thread_flag.constprop.19+0xd/0xd do_softirq_own_stack+0x22/0x28 irq_exit+0x5a/0xa4 smp_apic_timer_interrupt+0x2a/0x34 apic_timer_interrupt+0x37/0x3c By using DEFINE/DECLARE_PER_CPU_ALIGNED we can enforce at least 8 byte alignment as all cache line sizes are at least 8 bytes or more. Fixes: a9e419dc7be6 ("netfilter: merge ctinfo into nfct pointer storage area") Signed-off-by: Steven Rostedt (VMware) Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_conntrack.h | 2 +- net/netfilter/nf_conntrack_core.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) commit 4ca60d08cbe65f501baad64af50fceba79c19fbb Author: Florian Westphal Date: Thu Mar 9 23:22:30 2017 +0100 netfilter: bridge: honor frag_max_size when refragmenting consider a bridge with mtu 9000, but end host sending smaller packets to another host with mtu < 9000. In this case, after reassembly, bridge+defrag would refragment, and then attempt to send the reassembled packet as long as it was below 9k. Instead we have to cap by the largest fragment size seen. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/bridge/br_netfilter_hooks.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit 10596608c4d62cb8c1c2b806debcbd32fe657e71 Author: Liping Zhang Date: Wed Mar 8 22:54:18 2017 +0800 netfilter: nf_tables: fix mismatch in big-endian system Currently, there are two different methods to store an u16 integer to the u32 data register. For example: u32 *dest = ®s->data[priv->dreg]; 1. *dest = 0; *(u16 *) dest = val_u16; 2. *dest = val_u16; For method 1, the u16 value will be stored like this, either in big-endian or little-endian system: 0 15 31 +-+-+-+-+-+-+-+-+-+-+-+-+ | Value | 0 | +-+-+-+-+-+-+-+-+-+-+-+-+ For method 2, in little-endian system, the u16 value will be the same as listed above. But in big-endian system, the u16 value will be stored like this: 0 15 31 +-+-+-+-+-+-+-+-+-+-+-+-+ | 0 | Value | +-+-+-+-+-+-+-+-+-+-+-+-+ So later we use "memcmp(®s->data[priv->sreg], data, 2);" to do compare in nft_cmp, nft_lookup expr ..., method 2 will get the wrong result in big-endian system, as 0~15 bits will always be zero. For the similar reason, when loading an u16 value from the u32 data register, we should use "*(u16 *) sreg;" instead of "(u16)*sreg;", the 2nd method will get the wrong value in the big-endian system. So introduce some wrapper functions to store/load an u8 or u16 integer to/from the u32 data register, and use them in the right place. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 29 +++++++++++++++++++++++++++ net/ipv4/netfilter/nft_masq_ipv4.c | 8 ++++---- net/ipv4/netfilter/nft_redir_ipv4.c | 8 ++++---- net/ipv6/netfilter/nft_masq_ipv6.c | 8 ++++---- net/ipv6/netfilter/nft_redir_ipv6.c | 8 ++++---- net/netfilter/nft_ct.c | 18 +++++++++-------- net/netfilter/nft_meta.c | 40 +++++++++++++++++++------------------ net/netfilter/nft_nat.c | 8 ++++---- 8 files changed, 80 insertions(+), 47 deletions(-) commit fd89b23a4632d3cbdee398048497e026edadfb71 Author: Liping Zhang Date: Mon Mar 6 00:02:52 2017 +0800 netfilter: nft_set_bitmap: fetch the element key based on the set->klen Currently we just assume the element key as a u32 integer, regardless of the set key length. This is incorrect, for example, the tcp port number is only 16 bits. So when we use the nft_payload expr to get the tcp dport and store it to dreg, the dport will be stored at 0~15 bits, and 16~31 bits will be padded with zero. So the reg->data[dreg] will be looked like as below: 0 15 31 +-+-+-+-+-+-+-+-+-+-+-+-+ | tcp dport | 0 | +-+-+-+-+-+-+-+-+-+-+-+-+ But for these big-endian systems, if we treate this register as a u32 integer, the element key will be larger than 65535, so the following lookup in bitmap set will cause out of bound access. Another issue is that if we add element with comments in bitmap set(although the comments will be ignored eventually), the element will vanish strangely. Because we treate the element key as a u32 integer, so the comments will become the part of the element key, then the element key will also be larger than 65535 and out of bound access will happen: # nft add element t s { 1 comment test } Since set->klen is 1 or 2, it's fine to treate the element key as a u8 or u16 integer. Fixes: 665153ff5752 ("netfilter: nf_tables: add bitmap set type") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_set_bitmap.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) commit 337ba7fbf0fbc12242359c4af114878618b90951 Author: Dmitry V. Levin Date: Sat Feb 25 16:29:50 2017 +0300 uapi: fix drm/omap_drm.h userspace compilation errors Consistently use types from linux/types.h like in other uapi drm/*_drm.h header files to fix the following drm/omap_drm.h userspace compilation errors: /usr/include/drm/omap_drm.h:36:2: error: unknown type name 'uint64_t' uint64_t param; /* in */ /usr/include/drm/omap_drm.h:37:2: error: unknown type name 'uint64_t' uint64_t value; /* in (set_param), out (get_param) */ /usr/include/drm/omap_drm.h:56:2: error: unknown type name 'uint32_t' uint32_t bytes; /* (for non-tiled formats) */ /usr/include/drm/omap_drm.h:58:3: error: unknown type name 'uint16_t' uint16_t width; /usr/include/drm/omap_drm.h:59:3: error: unknown type name 'uint16_t' uint16_t height; /usr/include/drm/omap_drm.h:65:2: error: unknown type name 'uint32_t' uint32_t flags; /* in */ /usr/include/drm/omap_drm.h:66:2: error: unknown type name 'uint32_t' uint32_t handle; /* out */ /usr/include/drm/omap_drm.h:67:2: error: unknown type name 'uint32_t' uint32_t __pad; /usr/include/drm/omap_drm.h:77:2: error: unknown type name 'uint32_t' uint32_t handle; /* buffer handle (in) */ /usr/include/drm/omap_drm.h:78:2: error: unknown type name 'uint32_t' uint32_t op; /* mask of omap_gem_op (in) */ /usr/include/drm/omap_drm.h:82:2: error: unknown type name 'uint32_t' uint32_t handle; /* buffer handle (in) */ /usr/include/drm/omap_drm.h:83:2: error: unknown type name 'uint32_t' uint32_t op; /* mask of omap_gem_op (in) */ /usr/include/drm/omap_drm.h:88:2: error: unknown type name 'uint32_t' uint32_t nregions; /usr/include/drm/omap_drm.h:89:2: error: unknown type name 'uint32_t' uint32_t __pad; /usr/include/drm/omap_drm.h:93:2: error: unknown type name 'uint32_t' uint32_t handle; /* buffer handle (in) */ /usr/include/drm/omap_drm.h:94:2: error: unknown type name 'uint32_t' uint32_t pad; /usr/include/drm/omap_drm.h:95:2: error: unknown type name 'uint64_t' uint64_t offset; /* mmap offset (out) */ /usr/include/drm/omap_drm.h:102:2: error: unknown type name 'uint32_t' uint32_t size; /* virtual size for mmap'ing (out) */ /usr/include/drm/omap_drm.h:103:2: error: unknown type name 'uint32_t' uint32_t __pad; Fixes: ef6503e89194 ("drm: Kbuild: add omap_drm.h to the installed headers") Signed-off-by: Dmitry V. Levin Signed-off-by: Tomi Valkeinen include/uapi/drm/omap_drm.h | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) commit 9fa1d7537242bd580ffa99c4725a0407096aad26 Author: Tomi Valkeinen Date: Tue Feb 28 10:11:45 2017 +0200 drm/omap: fix dmabuf mmap for dma_alloc'ed buffers omap_gem_dmabuf_mmap() returns an error (with a WARN) when called for a buffer which is allocated with dma_alloc_*(). This prevents dmabuf mmap from working on SoCs without DMM, e.g. AM4 and OMAP3. I could not find any reason for omap_gem_dmabuf_mmap() rejecting such buffers, and just removing the if() fixes the limitation. Signed-off-by: Tomi Valkeinen drivers/gpu/drm/omapdrm/omap_gem_dmabuf.c | 3 --- 1 file changed, 3 deletions(-) commit 80354c29025833acd72ddac1ffa21c6cb50128cd Author: Andy Shevchenko Date: Sun Mar 12 17:07:44 2017 +0200 x86/platform/intel-mid: Correct MSI IRQ line for watchdog device The interrupt line used for the watchdog is 12, according to the official Intel Edison BSP code. And indeed after fixing it we start getting an interrupt and thus the watchdog starts working again: [ 191.699951] Kernel panic - not syncing: Kernel Watchdog Signed-off-by: Andy Shevchenko Cc: Borislav Petkov Cc: David Cohen Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 78a3bb9e408b ("x86: intel-mid: add watchdog platform code for Merrifield") Link: http://lkml.kernel.org/r/20170312150744.45493-1-andriy.shevchenko@linux.intel.com Signed-off-by: Ingo Molnar arch/x86/platform/intel-mid/device_libs/platform_mrfld_wdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 65869a47f3488253f5fd88cc4f14e0a4e2601a55 Author: Daniel Borkmann Date: Sat Mar 11 16:55:49 2017 +0100 bpf: improve read-only handling Improve bpf_{prog,jit_binary}_{un,}lock_ro() by throwing a one-time warning in case of an error when the image couldn't be set read-only, and also mark struct bpf_prog as locked when bpf_prog_lock_ro() was called. Reason for the latter is that bpf_prog_unlock_ro() is called from various places including error paths, and we shouldn't mess with page attributes when really not needed. For bpf_jit_binary_unlock_ro() this is not needed as jited flag implicitly indicates this, thus for archs with ARCH_HAS_SET_MEMORY we're guaranteed to have a previously locked image. Overall, this should also help us to identify any further potential issues with set_memory_*() helpers. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/filter.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit 1da8ac7c49fb2879ba95006d8bd1095e6870ea1a Author: Alexei Starovoitov Date: Fri Mar 10 22:05:55 2017 -0800 selftests/bpf: fix broken build Recent merge of 'linux-kselftest-4.11-rc1' tree broke bpf test build. None of the tests were building and test_verifier.c had tons of compiler errors. Fix it and add #ifdef CAP_IS_SUPPORTED to support old versions of libcap. Tested on centos 6.8 and 7 Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Tested-by: Daniel Borkmann Signed-off-by: David S. Miller tools/include/uapi/linux/bpf_perf_event.h | 18 ++++++++++++++++++ tools/testing/selftests/bpf/Makefile | 4 +++- tools/testing/selftests/bpf/test_verifier.c | 4 ++++ 3 files changed, 25 insertions(+), 1 deletion(-) commit 79099aab38c8f5c746748b066ae74ba984fe2cc8 Author: David Ahern Date: Fri Mar 10 14:11:39 2017 -0800 mpls: Do not decrement alive counter for unregister events Multipath routes can be rendered usesless when a device in one of the paths is deleted. For example: $ ip -f mpls ro ls 100 nexthop as to 200 via inet 172.16.2.2 dev virt12 nexthop as to 300 via inet 172.16.3.2 dev br0 101 nexthop as to 201 via inet6 2000:2::2 dev virt12 nexthop as to 301 via inet6 2000:3::2 dev br0 $ ip li del br0 When br0 is deleted the other hop is not considered in mpls_select_multipath because of the alive check -- rt_nhn_alive is 0. rt_nhn_alive is decremented once in mpls_ifdown when the device is taken down (NETDEV_DOWN) and again when it is deleted (NETDEV_UNREGISTER). For a 2 hop route, deleting one device drops the alive count to 0. Since devices are taken down before unregistering, the decrement on NETDEV_UNREGISTER is redundant. Fixes: c89359a42e2a4 ("mpls: support for dead routes") Signed-off-by: David Ahern Signed-off-by: David S. Miller net/mpls/af_mpls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b17075d5c1988b83f840d272c795ac17d57ce804 Author: Igor Druzhinin Date: Fri Mar 10 21:36:22 2017 +0000 xen-netback: fix race condition on XenBus disconnect In some cases during XenBus disconnect event handling and subsequent queue resource release there may be some TX handlers active on other processors. Use RCU in order to synchronize with them. Signed-off-by: Igor Druzhinin Signed-off-by: David S. Miller drivers/net/xen-netback/interface.c | 26 +++++++++++++++++--------- drivers/net/xen-netback/netback.c | 2 +- drivers/net/xen-netback/xenbus.c | 20 ++++++++++---------- 3 files changed, 28 insertions(+), 20 deletions(-) commit e37791ec1ad785b59022ae211f63a16189bacebf Author: David Ahern Date: Fri Mar 10 09:46:15 2017 -0800 mpls: Send route delete notifications when router module is unloaded When the mpls_router module is unloaded, mpls routes are deleted but notifications are not sent to userspace leaving userspace caches out of sync. Add the call to mpls_notify_route in mpls_net_exit as routes are freed. Fixes: 0189197f44160 ("mpls: Basic routing support") Signed-off-by: David Ahern Signed-off-by: David S. Miller net/mpls/af_mpls.c | 1 + 1 file changed, 1 insertion(+) commit 52491c7607c5527138095edf44c53169dc1ddb82 Author: Etienne Noss Date: Fri Mar 10 16:55:32 2017 +0100 act_connmark: avoid crashing on malformed nlattrs with null parms tcf_connmark_init does not check in its configuration if TCA_CONNMARK_PARMS is set, resulting in a null pointer dereference when trying to access it. [501099.043007] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 [501099.043039] IP: [] tcf_connmark_init+0x8b/0x180 [act_connmark] ... [501099.044334] Call Trace: [501099.044345] [] ? tcf_action_init_1+0x198/0x1b0 [501099.044363] [] ? tcf_action_init+0xb0/0x120 [501099.044380] [] ? tcf_exts_validate+0xc4/0x110 [501099.044398] [] ? u32_set_parms+0xa7/0x270 [cls_u32] [501099.044417] [] ? u32_change+0x680/0x87b [cls_u32] [501099.044436] [] ? tc_ctl_tfilter+0x4dd/0x8a0 [501099.044454] [] ? security_capable+0x41/0x60 [501099.044471] [] ? rtnetlink_rcv_msg+0xe1/0x220 [501099.044490] [] ? rtnl_newlink+0x870/0x870 [501099.044507] [] ? netlink_rcv_skb+0xa1/0xc0 [501099.044524] [] ? rtnetlink_rcv+0x24/0x30 [501099.044541] [] ? netlink_unicast+0x184/0x230 [501099.044558] [] ? netlink_sendmsg+0x2f8/0x3b0 [501099.044576] [] ? sock_sendmsg+0x30/0x40 [501099.044592] [] ? SYSC_sendto+0xd3/0x150 [501099.044608] [] ? __do_page_fault+0x2d1/0x510 [501099.044626] [] ? system_call_fast_compare_end+0xc/0x9b Fixes: 22a5dc0e5e3e ("net: sched: Introduce connmark action") Signed-off-by: Étienne Noss Signed-off-by: Victorien Molle Acked-by: Cong Wang Signed-off-by: David S. Miller net/sched/act_connmark.c | 3 +++ 1 file changed, 3 insertions(+) commit 88a7cddce2506b0b6c06a9f6e51379d0d275353b Author: Neil Jerram Date: Fri Mar 10 12:24:57 2017 +0000 Make IP 'forwarding' doc more precise It wasn't clear if the 'forwarding' setting needs to be enabled on the interface that packets are received from, or on the interface that packets are forwarded to, or both. In fact (according to my code reading) the setting is relevant on the interface that packets are received from, so this change updates the doc to say that. Signed-off-by: Neil Jerram Signed-off-by: David S. Miller Documentation/networking/ip-sysctl.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7ce101246655935b014b11d81f815342921f5654 Author: stephen hemminger Date: Thu Mar 9 14:58:29 2017 -0800 netvsc: handle select_queue when device is being removed Move the send indirection table from the inner device (netvsc) to the network device context. It is possible that netvsc_device is not present (remove in progress). This solves potential use after free issues when packet is being created during MTU change, shutdown, or queue count changes. Fixes: d8e18ee0fa96 ("netvsc: enhance transmit select_queue") Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/hyperv_net.h | 3 ++- drivers/net/hyperv/netvsc.c | 8 ++------ drivers/net/hyperv/netvsc_drv.c | 11 +++-------- 3 files changed, 7 insertions(+), 15 deletions(-) commit ecd052250b51c8cee4d9720adea05690dfc77c64 Author: David Arcari Date: Thu Mar 9 13:28:33 2017 -0500 net: ethernet: aquantia: call set_irq_affinity_hint before free_irq When a network interface controlled by the aquantia ethernet driver is brought down a warning is output in dmesg (see below). The problem is that aq_pci_func_free_irqs() is calling free_irq() before it is calling irq_set_affinity_hint(). WARNING: CPU: 4 PID: 10068 at kernel/irq/manage.c:1503 __free_irq+0x24d/0x2b0 Call Trace: dump_stack+0x63/0x87 __warn+0xd1/0xf0 warn_slowpath_null+0x1d/0x20 __free_irq+0x24d/0x2b0 free_irq+0x39/0x90 aq_pci_func_free_irqs+0x52/0xa0 [atlantic] aq_nic_stop+0xca/0xd0 [atlantic] aq_ndev_close+0x1d/0x40 [atlantic] __dev_close_many+0x99/0x100 __dev_close+0x67/0xb0 Fixes: 36a4a50f4048 ("net: ethernet: aquantia: switch to pci_alloc_irq_vectors") Cc: Christoph Hellwig Cc: Pavel Belous Signed-off-by: David Arcari Tested-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_pci_func.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bafa687dccbe16cbf9b1824409836d79d6dc6543 Author: Andy Shevchenko Date: Thu Feb 23 12:31:54 2017 +0200 extcon: int3496: Propagate error code of gpiod_to_irq() gpiod_to_irq() doesn't return 0. Thus, we just adjust condition and replace -EINVAL by actual error code it returns. Signed-off-by: Andy Shevchenko Signed-off-by: Chanwoo Choi drivers/extcon/extcon-intel-int3496.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3ea3217cf91804be6ed9b368ef4ac7911eb1dadc Author: Viresh Kumar Date: Tue Feb 7 09:40:05 2017 +0530 thermal: cpu_cooling: Check OPP for errors It is possible for dev_pm_opp_find_freq_exact() to return errors. It was all fine earlier as dev_pm_opp_get_voltage() had a check within it to check for invalid OPPs, but dev_pm_opp_put() doesn't have any similar checks and the callers need to make sure OPP is valid before calling them. Also update the later dev_warn_ratelimited() to not print the error message as the OPP is guaranteed to be valid now. Reported-by: Dan Carpenter Signed-off-by: Viresh Kumar Signed-off-by: Zhang Rui drivers/thermal/cpu_cooling.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 9aec9082bf3c0fb83020a0f562c9cc8078ac91f1 Author: Viresh Kumar Date: Tue Feb 7 09:40:04 2017 +0530 thermal: cpu_cooling: Replace dev_warn with dev_err There isn't much the user can do on seeing these warnings, as the hardware is actually okay. dev_err suits much better here. Signed-off-by: Viresh Kumar Signed-off-by: Zhang Rui drivers/thermal/cpu_cooling.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit afd1f4e0a76f0c56422af7056942f28578f1643e Author: Viresh Kumar Date: Tue Feb 7 09:40:03 2017 +0530 thermal: devfreq: Check OPP for errors It is possible for dev_pm_opp_find_freq_exact() to return errors. It was all fine earlier as dev_pm_opp_get_voltage() had a check within it to check for invalid OPPs, but dev_pm_opp_put() doesn't have any similar checks and the callers need to make sure OPP is valid before calling them. Also update the later dev_warn_ratelimited() to not print the error message as the OPP is guaranteed to be valid now. Reported-by: Dan Carpenter Signed-off-by: Viresh Kumar Signed-off-by: Zhang Rui drivers/thermal/devfreq_cooling.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 8327b830f293ff48eaade64b4fc2e247b7655615 Author: Viresh Kumar Date: Tue Feb 7 09:40:02 2017 +0530 thermal: devfreq_cooling: Replace dev_warn with dev_err There isn't much the user can do on seeing this warning, as the hardware is actually okay. dev_err suits much better here. Signed-off-by: Viresh Kumar Signed-off-by: Zhang Rui drivers/thermal/devfreq_cooling.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a4e49c9bc98d099b2a19933b9da55cd0ad1da421 Author: Viresh Kumar Date: Tue Feb 7 09:40:01 2017 +0530 thermal: devfreq: Simplify expression There is no need to check for IS_ERR() as we are looking for a very particular error value here. Drop the first check. Reported-by: Dan Carpenter Signed-off-by: Viresh Kumar Signed-off-by: Zhang Rui drivers/thermal/devfreq_cooling.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 088db931e065bd3b159fa2e588eab859ef0d9d23 Author: Matthew Wilcox Date: Fri Mar 10 18:33:28 2017 +0000 thermal: Fix potential deadlock in cpu_cooling cooling_list_lock is covering not just cpufreq_dev_count, but also the calls to cpufreq_register_notifier() and cpufreq_unregister_notifier(). Since cooling_list_lock is also used within cpufreq_thermal_notifier(), lockdep reports a potential deadlock. Fix it by testing the condition under cooling_list_lock and dropping the lock before calling cpufreq_register_notifier(). And variable cpufreq_dev_count is removed at the same time, because it's no longer needed after the fix. Fixes: ae606089621e ("thermal: convert cpu_cooling to use an IDA") Reported-and-Tested-by: Russell King Signed-off-by: Matthew Wilcox Acked-by: Rafael J. Wysocki drivers/thermal/cpu_cooling.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit d1c4e9bf73e739b937ddd9dc4cf0f6de2e6117da Author: João Paulo Rechi Vita Date: Mon Feb 20 14:50:23 2017 -0500 platform/x86: asus-wmi: Remove quirk_no_rfkill With the detection introduced in the previous patches, we don't need these static DMI-based quirks anymore. This reverts the following commits: 56a37a72002b "asus-wmi: Add quirk_no_rfkill_wapf4 for the Asus X456UA" a961a285b479 "asus-wmi: Add quirk_no_rfkill_wapf4 for the Asus X456UF" 6b7ff2af5286 "asus-wmi: Add quirk_no_rfkill for the Asus Z550MA" 02db9ff7af18 "asus-wmi: Add quirk_no_rfkill for the Asus U303LB" 2d735244b798 "asus-wmi: Add quirk_no_rfkill for the Asus N552VW" a977e59c0c67 "asus-wmi: Create quirk for airplane_mode LED" Signed-off-by: João Paulo Rechi Vita Signed-off-by: Andy Shevchenko [dvhart: minor commit message corrections] Signed-off-by: Darren Hart (VMware) drivers/platform/x86/asus-nb-wmi.c | 49 ++------------------------------------ drivers/platform/x86/asus-wmi.c | 5 +--- drivers/platform/x86/asus-wmi.h | 1 - 3 files changed, 3 insertions(+), 52 deletions(-) commit 4495c08e84729385774601b5146d51d9e5849f81 Author: Linus Torvalds Date: Sun Mar 12 14:47:08 2017 -0700 Linux 4.11-rc2 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 56b24d1bbcff213dc9e1625eea5b8e13bb50feb8 Merge: 5a45a5a 8bd49ac Author: Linus Torvalds Date: Sun Mar 12 14:22:25 2017 -0700 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: - four patches to get the new cputime code in shape for s390 - add the new statx system call - a few bug fixes * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390: wire up statx system call KVM: s390: Fix guest migration for huge guests resulting in panic s390/ipl: always use load normal for CCW-type re-IPL s390/timex: micro optimization for tod_to_ns s390/cputime: provide archicture specific cputime_to_nsecs s390/cputime: reset all accounting fields on fork s390/cputime: remove last traces of cputime_t s390: fix in-kernel program checks s390/crypt: fix missing unlock in ctr_paes_crypt on error path commit 5a45a5a881aeb82ce31dd1886afe04146965df23 Merge: ecade11 2c4ea6e Author: Linus Torvalds Date: Sun Mar 12 14:18:49 2017 -0700 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: - a fix for the kexec/purgatory regression which was introduced in the merge window via an innocent sparse fix. We could have reverted that commit, but on deeper inspection it turned out that the whole machinery is neither documented nor robust. So a proper cleanup was done instead - the fix for the TLB flush issue which was discovered recently - a simple typo fix for a reboot quirk * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/tlb: Fix tlb flushing when lguest clears PGE kexec, x86/purgatory: Unbreak it and clean it up x86/reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk commit ecade114250555720aa8a6232b09a2ce2e47ea99 Merge: 106e4da 920c634 Author: Linus Torvalds Date: Sun Mar 12 14:11:38 2017 -0700 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Thomas Gleixner: - a workaround for a GIC erratum - a missing stub function for CONFIG_IRQDOMAIN=n - fixes for a couple of type inconsistencies * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/crossbar: Fix incorrect type of register size irqchip/gicv3-its: Add workaround for QDF2400 ITS erratum 0065 irqdomain: Add empty irq_domain_check_msi_remap irqchip/crossbar: Fix incorrect type of local variables commit a11be42a278e6526d4d297ddf6676e934318d7c3 Merge: e2a3a673 85e8a23 Author: James Bottomley Date: Sun Mar 12 09:02:56 2017 -0700 Merge remote-tracking branch 'mkp-scsi/4.11/scsi-fixes' into fixes commit 2c4ea6e28dbf15ab93632c5c189f3948366b8885 Author: Daniel Borkmann Date: Sat Mar 11 01:31:19 2017 +0100 x86/tlb: Fix tlb flushing when lguest clears PGE Fengguang reported random corruptions from various locations on x86-32 after commits d2852a224050 ("arch: add ARCH_HAS_SET_MEMORY config") and 9d876e79df6a ("bpf: fix unlocking of jited image when module ronx not set") that uses the former. While x86-32 doesn't have a JIT like x86_64, the bpf_prog_lock_ro() and bpf_prog_unlock_ro() got enabled due to ARCH_HAS_SET_MEMORY, whereas Fengguang's test kernel doesn't have module support built in and therefore never had the DEBUG_SET_MODULE_RONX setting enabled. After investigating the crashes further, it turned out that using set_memory_ro() and set_memory_rw() didn't have the desired effect, for example, setting the pages as read-only on x86-32 would still let probe_kernel_write() succeed without error. This behavior would manifest itself in situations where the vmalloc'ed buffer was accessed prior to set_memory_*() such as in case of bpf_prog_alloc(). In cases where it wasn't, the page attribute changes seemed to have taken effect, leading to the conclusion that a TLB invalidate didn't happen. Moreover, it turned out that this issue reproduced with qemu in "-cpu kvm64" mode, but not for "-cpu host". When the issue occurs, change_page_attr_set_clr() did trigger a TLB flush as expected via __flush_tlb_all() through cpa_flush_range(), though. There are 3 variants for issuing a TLB flush: invpcid_flush_all() (depends on CPU feature bits X86_FEATURE_INVPCID, X86_FEATURE_PGE), cr4 based flush (depends on X86_FEATURE_PGE), and cr3 based flush. For "-cpu host" case in my setup, the flush used invpcid_flush_all() variant, whereas for "-cpu kvm64", the flush was cr4 based. Switching the kvm64 case to cr3 manually worked fine, and further investigating the cr4 one turned out that X86_CR4_PGE bit was not set in cr4 register, meaning the __native_flush_tlb_global_irq_disabled() wrote cr4 twice with the same value instead of clearing X86_CR4_PGE in the first write to trigger the flush. It turned out that X86_CR4_PGE was cleared from cr4 during init from lguest_arch_host_init() via adjust_pge(). The X86_FEATURE_PGE bit is also cleared from there due to concerns of using PGE in guest kernel that can lead to hard to trace bugs (see bff672e630a0 ("lguest: documentation V: Host") in init()). The CPU feature bits are cleared in dynamic boot_cpu_data, but they never propagated to __flush_tlb_all() as it uses static_cpu_has() instead of boot_cpu_has() for testing which variant of TLB flushing to use, meaning they still used the old setting of the host kernel. Clearing via setup_clear_cpu_cap(X86_FEATURE_PGE) so this would propagate to static_cpu_has() checks is too late at this point as sections have been patched already, so for now, it seems reasonable to switch back to boot_cpu_has(X86_FEATURE_PGE) as it was prior to commit c109bf95992b ("x86/cpufeature: Remove cpu_has_pge"). This lets the TLB flush trigger via cr3 as originally intended, properly makes the new page attributes visible and thus fixes the crashes seen by Fengguang. Fixes: c109bf95992b ("x86/cpufeature: Remove cpu_has_pge") Reported-by: Fengguang Wu Signed-off-by: Daniel Borkmann Cc: bp@suse.de Cc: Kees Cook Cc: "David S. Miller" Cc: netdev@vger.kernel.org Cc: Rusty Russell Cc: Alexei Starovoitov Cc: Linus Torvalds Cc: lkp@01.org Cc: Laura Abbott Cc: stable@vger.kernel.org Link: http://lkml.kernrl.org/r/20170301125426.l4nf65rx4wahohyl@wfg-t540p.sh.intel.com Link: http://lkml.kernel.org/r/25c41ad9eca164be4db9ad84f768965b7eb19d9e.1489191673.git.daniel@iogearbox.net Signed-off-by: Thomas Gleixner arch/x86/include/asm/tlbflush.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f5fe1b51905df7cfe4fdfd85c5fb7bc5b71a094f Author: NeilBrown Date: Fri Mar 10 17:00:47 2017 +1100 blk: Ensure users for current->bio_list can see the full list. Commit 79bd99596b73 ("blk: improve order of bio handling in generic_make_request()") changed current->bio_list so that it did not contain *all* of the queued bios, but only those submitted by the currently running make_request_fn. There are two places which walk the list and requeue selected bios, and others that check if the list is empty. These are no longer correct. So redefine current->bio_list to point to an array of two lists, which contain all queued bios, and adjust various code to test or walk both lists. Signed-off-by: NeilBrown Fixes: 79bd99596b73 ("blk: improve order of bio handling in generic_make_request()") Signed-off-by: Jens Axboe block/bio.c | 12 +++++++++--- block/blk-core.c | 30 ++++++++++++++++++------------ drivers/md/dm.c | 29 ++++++++++++++++------------- drivers/md/raid10.c | 3 ++- 4 files changed, 45 insertions(+), 29 deletions(-) commit 106e4da60209b508894956b6adf4688f84c1766d Merge: 4b050f2 6a29b51 Author: Linus Torvalds Date: Sat Mar 11 14:24:58 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "ARM updates from Marc Zyngier: - vgic updates: - Honour disabling the ITS - Don't deadlock when deactivating own interrupts via MMIO - Correctly expose the lact of IRQ/FIQ bypass on GICv3 - I/O virtualization: - Make KVM_CAP_NR_MEMSLOTS big enough for large guests with many PCIe devices - General bug fixes: - Gracefully handle exception generated with syndroms that the host doesn't understand - Properly invalidate TLBs on VHE systems x86: - improvements in emulation of VMCLEAR, VMX MSR bitmaps, and VCPU reset * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: nVMX: do not warn when MSR bitmap address is not backed KVM: arm64: Increase number of user memslots to 512 KVM: arm/arm64: Remove KVM_PRIVATE_MEM_SLOTS definition that are unused KVM: arm/arm64: Enable KVM_CAP_NR_MEMSLOTS on arm/arm64 KVM: Add documentation for KVM_CAP_NR_MEMSLOTS KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled arm64: KVM: Survive unknown traps from guests arm: KVM: Survive unknown traps from guests KVM: arm/arm64: Let vcpu thread modify its own active state KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset kvm: nVMX: VMCLEAR should not cause the vCPU to shut down KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass arm64: KVM: VHE: Clear HCR_TGE when invalidating guest TLBs commit 4b050f22b5c68fab3f96641249a364ebfe354493 Merge: 84c37c1 0acf611 Author: Linus Torvalds Date: Sat Mar 11 14:16:50 2017 -0800 Merge tag 'extable-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux Pull extable.h fix from Paul Gortmaker: "Fixup for arch/score after extable.h introduction. It seems that Guenter is the only one on the planet doing builds for arch/score -- we don't have compile coverage for it in linux-next or in the kbuild-bot either. Guenter couldn't even recall where he got his toolchain, but was kind enough to share it with me so I could validate this change and also add arch/score to my build coverage. I sat on this a bit in case there was any other fallout in other arch dirs, but since this still seems to be the only one, I might as well send it on its way" * tag 'extable-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux: score: Fix implicit includes now failing build after extable change commit 33d8c15559df4f0bce25d7e16ebb5879e249f2e7 Author: Romain Izard Date: Thu Mar 9 17:58:38 2017 +0100 Revert "clocksource/drivers/tcb_clksrc: Use 32 bit tcb as sched_clock" This reverts commit 7b9f1d16e6d1 ("clocksource/drivers/tcb_clksrc: Use 32 bit tcb as sched_clock"). In the current state, the kernel warns against a late registration of the new sched_clock, the printk clock resets after only a few minutes, and it seems that scheduling can be affected as well. Signed-off-by: Romain Izard Signed-off-by: Daniel Lezcano drivers/clocksource/tcb_clksrc.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) commit 84c37c168c0e49a412d7021cda3183a72adac0d0 Merge: 434fd63 db61ffe Author: Linus Torvalds Date: Sat Mar 11 09:08:47 2017 -0800 Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random Pull random updates from Ted Ts'o: "Change get_random_{int,log} to use the CRNG used by /dev/urandom and getrandom(2). It's faster and arguably more secure than cut-down MD5 that we had been using. Also do some code cleanup" * tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block random: convert get_random_int/long into get_random_u32/u64 random: use chacha20 for get_random_int/long random: fix comment for unused random_min_urandom_seed random: remove variable limit random: remove stale urandom_init_wait random: remove stale maybe_reseed_primary_crng commit 0acf611997d9d05dbfb559c3c6e379c861eb5957 Author: Guenter Roeck Date: Wed Feb 22 11:07:57 2017 -0800 score: Fix implicit includes now failing build after extable change After changing from module.h to extable.h, score builds fail with: arch/score/kernel/traps.c: In function 'do_ri': arch/score/kernel/traps.c:248:4: error: implicit declaration of function 'user_disable_single_step' arch/score/mm/extable.c: In function 'fixup_exception': arch/score/mm/extable.c:32:38: error: dereferencing pointer to incomplete type arch/score/mm/extable.c:34:24: error: dereferencing pointer to incomplete type because extable.h doesn't drag in the same amount of headers as the module.h did. Add in the headers which were implicitly expected. Fixes: 90858794c960 ("module.h: remove extable.h include now users have migrated") Signed-off-by: Guenter Roeck [PG: tweak commit log; refresh for sched header refactoring.] Signed-off-by: Paul Gortmaker arch/score/kernel/traps.c | 1 + arch/score/mm/extable.c | 2 ++ 2 files changed, 3 insertions(+) commit a77d6cd968497792e072b74dff45b891ba778ddb Author: Dou Liyang Date: Fri Mar 3 16:02:27 2017 +0800 acpi/processor: Check for duplicate processor ids at hotplug time The check for duplicate processor ids happens at boot time based on the ACPI table contents, but the final sanity checks for a processor happen at hotplug time. At hotplug time, where the physical information is available, which might differ from the ACPI table information, a check for duplicate processor ids is missing. Add it to the hotplug checks and rename the function so it better reflects its purpose. Signed-off-by: Dou Liyang Tested-by: Xiaolong Ye Cc: rjw@rjwysocki.net Cc: linux-acpi@vger.kernel.org Cc: guzheng1@huawei.com Cc: izumi.taku@jp.fujitsu.com Cc: lenb@kernel.org Link: http://lkml.kernel.org/r/1488528147-2279-6-git-send-email-douly.fnst@cn.fujitsu.com Signed-off-by: Thomas Gleixner drivers/acpi/acpi_processor.c | 13 ++++++++++--- include/linux/acpi.h | 2 +- 2 files changed, 11 insertions(+), 4 deletions(-) commit 8c8cb30f49b86333d8e036e1945cf1a78c03577e Author: Dou Liyang Date: Fri Mar 3 16:02:26 2017 +0800 acpi/processor: Implement DEVICE operator for processor enumeration ACPI allows to declare processors either with the PROCESSOR or with the DEVICE operator. The current implementation handles only the PROCESSOR operator. On a system which uses the DEVICE operator for processor enumeration the evaluation fails. Check for the ACPI type of the ACPI handle and evaluate PROCESSOR and DEVICE types separately. Signed-off-by: Dou Liyang Tested-by: Xiaolong Ye Cc: rjw@rjwysocki.net Cc: linux-acpi@vger.kernel.org Cc: guzheng1@huawei.com Cc: izumi.taku@jp.fujitsu.com Cc: lenb@kernel.org Link: http://lkml.kernel.org/r/1488528147-2279-5-git-send-email-douly.fnst@cn.fujitsu.com Signed-off-by: Thomas Gleixner drivers/acpi/acpi_processor.c | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) commit 2b85b3d22920db7473e5fed5719e7955c0ec323e Author: Dou Liyang Date: Fri Mar 3 16:02:25 2017 +0800 x86/acpi: Restore the order of CPU IDs The following commits: f7c28833c2 ("x86/acpi: Enable acpi to register all possible cpus at boot time") and 8f54969dc8 ("x86/acpi: Introduce persistent storage for cpuid <-> apicid mapping") ... registered all the possible CPUs at boot time via ACPI tables to make the mapping of cpuid <-> apicid fixed. Both enabled and disabled CPUs could have a logical CPU ID after boot time. But, ACPI tables are unreliable. the number amd order of Local APIC entries which depends on the firmware is often inconsistent with the physical devices. Even if they are consistent, The disabled CPUs which take up some logical CPU IDs will also make the order discontinuous. Revert the part of disabled CPUs registration, keep the allocation logic of logical CPU IDs and also keep some code location changes. Signed-off-by: Dou Liyang Tested-by: Xiaolong Ye Cc: rjw@rjwysocki.net Cc: linux-acpi@vger.kernel.org Cc: guzheng1@huawei.com Cc: izumi.taku@jp.fujitsu.com Cc: lenb@kernel.org Link: http://lkml.kernel.org/r/1488528147-2279-4-git-send-email-douly.fnst@cn.fujitsu.com Signed-off-by: Thomas Gleixner arch/x86/kernel/acpi/boot.c | 7 ++++++- arch/x86/kernel/apic/apic.c | 26 +++++++------------------- 2 files changed, 13 insertions(+), 20 deletions(-) commit 09c3f2bd5c7e5f18687663acb6adc6b167484ca5 Author: Dou Liyang Date: Fri Mar 3 16:02:24 2017 +0800 Revert"x86/acpi: Enable MADT APIs to return disabled apicids" Revert: 8ad893faf2ea ("x86/acpi: Enable MADT APIs to return disabled apicids") Remove the leftovers of the boot time 'cpuid <-> nodeid' mapping approach. Signed-off-by: Dou Liyang Tested-by: Xiaolong Ye Cc: rjw@rjwysocki.net Cc: linux-acpi@vger.kernel.org Cc: guzheng1@huawei.com Cc: izumi.taku@jp.fujitsu.com Cc: lenb@kernel.org Link: http://lkml.kernel.org/r/1488528147-2279-3-git-send-email-douly.fnst@cn.fujitsu.com Signed-off-by: Thomas Gleixner drivers/acpi/processor_core.c | 60 ++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 38 deletions(-) commit c962cff17dfa11f4a8227ac16de2b28aea3312e4 Author: Dou Liyang Date: Fri Mar 3 16:02:23 2017 +0800 Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" Revert: dc6db24d2476 ("x86/acpi: Set persistent cpuid <-> nodeid mapping when booting") The mapping of "cpuid <-> nodeid" is established at boot time via ACPI tables to keep associations of workqueues and other node related items consistent across cpu hotplug. But, ACPI tables are unreliable and failures with that boot time mapping have been reported on machines where the ACPI table and the physical information which is retrieved at actual hotplug is inconsistent. Revert the mapping implementation so it can be replaced with a less error prone approach. Signed-off-by: Dou Liyang Tested-by: Xiaolong Ye Cc: rjw@rjwysocki.net Cc: linux-acpi@vger.kernel.org Cc: guzheng1@huawei.com Cc: izumi.taku@jp.fujitsu.com Cc: lenb@kernel.org Link: http://lkml.kernel.org/r/1488528147-2279-2-git-send-email-douly.fnst@cn.fujitsu.com Signed-off-by: Thomas Gleixner arch/x86/kernel/acpi/boot.c | 2 +- drivers/acpi/acpi_processor.c | 5 --- drivers/acpi/bus.c | 1 - drivers/acpi/processor_core.c | 73 ------------------------------------------- include/linux/acpi.h | 3 -- 5 files changed, 1 insertion(+), 83 deletions(-) commit 434fd6353b4c83938029ca6ea7dfa4fc82d602bd Merge: 8529880 f98c7bc Author: Linus Torvalds Date: Sat Mar 11 00:20:12 2017 -0800 Merge tag 'tty-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes frpm Greg KH: "Here are two bugfixes for tty stuff for 4.11-rc2. One of them resolves the pretty bad bug in the n_hdlc code that Alexander Popov found and fixed and has been reported everywhere. The other just fixes a samsung serial driver issue when DMA fails on some systems. Both have been in linux-next with no reported issues" * tag 'tty-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: serial: samsung: Continue to work if DMA request fails tty: n_hdlc: get rid of racy n_hdlc.tbuf commit 85298808617299fe713ed3e03114058883ce3d8a Merge: 46552bf 69eb159 Author: Linus Torvalds Date: Sat Mar 11 00:13:28 2017 -0800 Merge tag 'staging-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging driver fixes from Greg KH: "Here are two small build warning fixes for some staging drivers that Arnd has found on his valiant quest to get the kernel to build properly with no warnings. Both of these have been in linux-next this week and resolve the reported issues" * tag 'staging-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: octeon: remove unused variable staging/vc04_services: add CONFIG_OF dependency commit 46552bf4337b99322c0cc65f6003e59b7f36bf15 Merge: cb853a8 dcc7620 Author: Linus Torvalds Date: Sat Mar 11 00:08:39 2017 -0800 Merge tag 'usb-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here is a number of different USB fixes for 4.11-rc2. Seems like there were a lot of unresolved issues that people have been finding for this subsystem, and a bunch of good security auditing happening as well from Johan Hovold. There's the usual batch of gadget driver fixes and xhci issues resolved as well. All of these have been in linux-next with no reported issues" * tag 'usb-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (35 commits) usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers usb: host: xhci-dbg: HCIVERSION should be a binary number usb: xhci: remove dummy extra_priv_size for size of xhci_hcd struct usb: xhci-mtk: check hcc_params after adding primary hcd USB: serial: digi_acceleport: fix OOB-event processing MAINTAINERS: usb251xb: remove reference inexistent file doc: dt-bindings: usb251xb: mark reg as required usb: usb251xb: dt: add unit suffix to oc-delay and power-on-time usb: usb251xb: remove max_{power,current}_{sp,bp} properties usb-storage: Add ignore-residue quirk for Initio INIC-3619 USB: iowarrior: fix NULL-deref in write USB: iowarrior: fix NULL-deref at probe usb: phy: isp1301: Add OF device ID table usb: ohci-at91: Do not drop unhandled USB suspend control requests USB: serial: safe_serial: fix information leak in completion handler USB: serial: io_ti: fix information leak in completion handler USB: serial: omninet: drop open callback USB: serial: omninet: fix reference leaks at open USB: serial: io_ti: fix NULL-deref in interrupt callback usb: dwc3: gadget: make to increment req->remaining in all cases ... commit cb853a82dfe48a60b63831191e8d1d8a1b8b116c Merge: 24c534b 96e1ce8 Author: Linus Torvalds Date: Sat Mar 11 00:06:18 2017 -0800 Merge tag 'pinctrl-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pinctrl fixes from Linus Walleij: "Two smaller pin control fixes for the v4.11 series: - Add a get_direction() function to the qcom driver - Fix two pin names in the uniphier driver" * tag 'pinctrl-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: uniphier: change pin names of aio/xirq for LD11 pinctrl: qcom: add get_direction function commit 52084f89b38cdd896b59627c629915ef1a7bf615 Author: Dave Jiang Date: Thu Mar 9 16:56:01 2017 -0700 device-dax: fix debug output typo The debug output for return the return data of pgoff_to_phys() in the fault handlers has 'phys' and 'pgoff' incorrectly swapped. Reported-by: Jeff Moyer Signed-off-by: Dave Jiang Signed-off-by: Dan Williams drivers/dax/dax.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 70b085b06c4560a69e95607f77bb4c2b2e41943c Author: Dave Jiang Date: Fri Mar 10 13:24:27 2017 -0700 device-dax: fix pud fault fallback handling Jeff Moyer reports: With a device dax alignment of 4KB or 2MB, I get sigbus when running the attached fio job file for the current kernel (4.11.0-rc1+). If I specify an alignment of 1GB, it works. I turned on debug output, and saw that it was failing in the huge fault code. dax dax1.0: dax_open dax dax1.0: dax_mmap dax dax1.0: dax_dev_huge_fault: fio: write (0x7f08f0a00000 - dax dax1.0: __dax_dev_pud_fault: phys_to_pgoff(0xffffffffcf60) dax dax1.0: dax_release fio config for reproduce: [global] ioengine=dev-dax direct=0 filename=/dev/dax0.0 bs=2m [write] rw=write [read] stonewall rw=read The driver fails to fallback when taking a fault that is larger than the device alignment, or handling a larger fault when a smaller mapping is already established. While we could support larger mappings for a device with a smaller alignment, that change is too large for the immediate fix. The simplest change is to force fallback until the fault size matches the alignment. Reported-by: Jeff Moyer Signed-off-by: Dave Jiang Signed-off-by: Dan Williams drivers/dax/dax.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 4607ebf04b8190d2c7aa5504959e9fddfc0cd736 Author: Allan, Bruce W Date: Tue Mar 7 15:48:23 2017 -0800 kbuild: external module build warnings when KBUILD_OUTPUT set and W=1 Commit db547ef19064 ("Kbuild: don't add obj tree in additional includes") causes warnings (-Wmissing-include-dirs) when compiling external modules with KBUILD_OUTPUT set and W=1. This is because $src can be an absolute path to the external module source which when prefixed with -I$(srctree)/ generates an incorrect directory path. Signed-off-by: Bruce Allan Acked-by: Arnd Bergmann Signed-off-by: Masahiro Yamada scripts/Makefile.lib | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0134ed4fb9e78672ee9f7b18007114404c81e63f Author: Dave Jiang Date: Fri Mar 10 13:24:22 2017 -0700 device-dax: fix pmd/pte fault fallback handling Jeff Moyer reports: With a device dax alignment of 4KB or 2MB, I get sigbus when running the attached fio job file for the current kernel (4.11.0-rc1+). If I specify an alignment of 1GB, it works. I turned on debug output, and saw that it was failing in the huge fault code. dax dax1.0: dax_open dax dax1.0: dax_mmap dax dax1.0: dax_dev_huge_fault: fio: write (0x7f08f0a00000 - dax dax1.0: __dax_dev_pud_fault: phys_to_pgoff(0xffffffffcf60 dax dax1.0: dax_release fio config for reproduce: [global] ioengine=dev-dax direct=0 filename=/dev/dax0.0 bs=2m [write] rw=write [read] stonewall rw=read The driver fails to fallback when taking a fault that is larger than the device alignment, or handling a larger fault when a smaller mapping is already established. While we could support larger mappings for a device with a smaller alignment, that change is too large for the immediate fix. The simplest change is to force fallback until the fault size matches the alignment. Fixes: dee410792419 ("/dev/dax, core: file operations and dax-mmap") Cc: Reported-by: Jeff Moyer Signed-off-by: Dave Jiang Signed-off-by: Dan Williams drivers/dax/dax.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 92ef6f97a66e580189a41a132d0f8a9f78d6ddce Author: Matjaz Hegedic Date: Fri Mar 10 14:33:09 2017 -0800 Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw EeeBook X205TA is yet another ASUS device with a special touchpad firmware that needs to be accounted for during initialization, or else the touchpad will go into an invalid state upon suspend/resume. Adding the appropriate ic_type and product_id check fixes the problem. Signed-off-by: Matjaz Hegedic Acked-by: KT Liao Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/mouse/elan_i2c_core.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit a4c2a13129f7c5bcf81704c06851601593303fd5 Author: Dmitry Torokhov Date: Tue Feb 28 17:14:41 2017 -0800 Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list TUXEDO BU1406 does not implement active multiplexing mode properly, and takes around 550 ms in i8042_set_mux_mode(). Given that the device does not have external AUX port, there is no downside in disabling the MUX mode. Reported-by: Paul Menzel Suggested-by: Vojtech Pavlik Reviewed-by: Marcos Paulo de Souza Signed-off-by: Dmitry Torokhov drivers/input/serio/i8042-x86ia64io.h | 7 +++++++ 1 file changed, 7 insertions(+) commit 800a938f0bf9130c8256116649c0cc5806bfb2fd Author: NeilBrown Date: Fri Mar 10 11:36:39 2017 +1100 NFSD: fix nfsd_reset_versions for NFSv4. If you write "-2 -3 -4" to the "versions" file, it will notice that no versions are enabled, and nfsd_reset_versions() is called. This enables all major versions, not no minor versions. So we lose the invariant that NFSv4 is only advertised when at least one minor is enabled. Fix the code to explicitly enable minor versions for v4, change it to use nfsd_vers() to test and set, and simplify the code. Signed-off-by: NeilBrown Signed-off-by: J. Bruce Fields fs/nfsd/nfssvc.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) commit 928c6fb3a9bfd6c5b287aa3465226add551c13c0 Author: NeilBrown Date: Fri Mar 10 11:36:39 2017 +1100 NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) Current code will return 1 if the version is supported, and -1 if it isn't. This is confusing and inconsistent with the one place where this is used. So change to return 1 if it is supported, and zero if not. i.e. an error is never returned. Signed-off-by: NeilBrown Signed-off-by: J. Bruce Fields fs/nfsd/nfssvc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit abcb4dacb098a1baca746406a8775e9930f47f3f Author: NeilBrown Date: Fri Mar 10 11:36:39 2017 +1100 NFSD: further refinement of content of /proc/fs/nfsd/versions Prior to e35659f1b03c ("NFSD: correctly range-check v4.x minor version when setting versions.") v4.0 could not be disabled without disabling all NFSv4 protocols. So the 'versions' file contained ±4 ±4.1 ±4.2. Writing "-4" would disable all v4 completely. Writing +4 would enabled those minor versions that are currently enabled, either by default or otherwise. After that commit, it was possible to disable v4.0 independently. To maximize backward compatibility with use cases which never disabled v4.0, the "versions" file would never contain "+4.0" - that was implied by "+4", unless explicitly negated by "-4.0". This introduced an inconsistency in that it was possible to disable all minor versions, but still have the major version advertised. e.g. "-4.0 -4.1 -4.2 +4" would result in NFSv4 support being advertised, but all attempts to use it rejected. Commit d3635ff07e8c ("nfsd: fix configuration of supported minor versions") and following removed this inconsistency. If all minor version were disabled, the major would be disabled too. If any minor was enabled, the major would be disabled. This patch also treated "+4" as equivalent to "+4.0" and "-4" as "-4.0". A consequence of this is that writing "-4" would only disable 4.0. This is a regression against the earlier behaviour, in a use case that rpc.nfsd actually uses. The command "rpc.nfsd -N 4" will write "+2 +3 -4" to the versions files. Previously, that would disable v4 completely. Now it will only disable v4.0. Also "4.0" never appears in the "versions" file when read. So if only v4.1 is available, the previous kernel would have reported "+4 -4.0 +4.1 -4.2" the current kernel reports "-4 +4.1 -4.2" which could easily confuse. This patch restores the implication that "+4" and "-4" apply more globals and do not imply "4.0". Specifically: writing "-4" will disable all 4.x minor versions. writing "+4" will enable all 4.1 minor version if none are currently enabled. rpc.nfsd will list minor versions before major versions, so rpc.nfsd -V 4.2 -N 4.1 will write "-4.1 +4.2 +2 +3 +4" so it would be a regression for "+4" to enable always all versions. reading "-4" implies that no v4.x are enabled reading "+4" implies that some v4.x are enabled, and that v4.0 is enabled unless "-4.0" is also present. All other minor versions will explicitly be listed. Signed-off-by: NeilBrown Signed-off-by: J. Bruce Fields fs/nfsd/nfsctl.c | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) commit c952cd4e949ab3d07287efc2e80246e03727d15d Author: Kinglong Mee Date: Fri Mar 10 09:52:20 2017 +0800 nfsd: map the ENOKEY to nfserr_perm for avoiding warning Now that Ext4 and f2fs filesystems support encrypted directories and files, attempts to access those files may return ENOKEY, resulting in the following WARNING. Map ENOKEY to nfserr_perm instead of nfserr_io. [ 1295.411759] ------------[ cut here ]------------ [ 1295.411787] WARNING: CPU: 0 PID: 12786 at fs/nfsd/nfsproc.c:796 nfserrno+0x74/0x80 [nfsd] [ 1295.411806] nfsd: non-standard errno: -126 [ 1295.411816] Modules linked in: nfsd nfs_acl auth_rpcgss nfsv4 nfs lockd fscache tun bridge stp llc fuse ip_set nfnetlink vmw_vsock_vmci_transport vsock snd_seq_midi snd_seq_midi_event coretemp crct10dif_pclmul crc32_generic crc32_pclmul snd_ens1371 gameport ghash_clmulni_intel snd_ac97_codec f2fs intel_rapl_perf ac97_bus snd_seq ppdev snd_pcm snd_rawmidi snd_timer vmw_balloon snd_seq_device snd joydev soundcore parport_pc parport nfit acpi_cpufreq tpm_tis vmw_vmci tpm_tis_core tpm shpchp i2c_piix4 grace sunrpc xfs libcrc32c vmwgfx drm_kms_helper ttm drm crc32c_intel e1000 mptspi scsi_transport_spi serio_raw mptscsih mptbase ata_generic pata_acpi fjes [last unloaded: nfs_acl] [ 1295.412522] CPU: 0 PID: 12786 Comm: nfsd Tainted: G W 4.11.0-rc1+ #521 [ 1295.412959] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015 [ 1295.413814] Call Trace: [ 1295.414252] dump_stack+0x63/0x86 [ 1295.414666] __warn+0xcb/0xf0 [ 1295.415087] warn_slowpath_fmt+0x5f/0x80 [ 1295.415502] ? put_filp+0x42/0x50 [ 1295.415927] nfserrno+0x74/0x80 [nfsd] [ 1295.416339] nfsd_open+0xd7/0x180 [nfsd] [ 1295.416746] nfs4_get_vfs_file+0x367/0x3c0 [nfsd] [ 1295.417182] ? security_inode_permission+0x41/0x60 [ 1295.417591] nfsd4_process_open2+0x9b2/0x1200 [nfsd] [ 1295.418007] nfsd4_open+0x481/0x790 [nfsd] [ 1295.418409] nfsd4_proc_compound+0x395/0x680 [nfsd] [ 1295.418812] nfsd_dispatch+0xb8/0x1f0 [nfsd] [ 1295.419233] svc_process_common+0x4d9/0x830 [sunrpc] [ 1295.419631] svc_process+0xfe/0x1b0 [sunrpc] [ 1295.420033] nfsd+0xe9/0x150 [nfsd] [ 1295.420420] kthread+0x101/0x140 [ 1295.420802] ? nfsd_destroy+0x60/0x60 [nfsd] [ 1295.421199] ? kthread_park+0x90/0x90 [ 1295.421598] ret_from_fork+0x2c/0x40 [ 1295.421996] ---[ end trace 0d5a969cd7852e1f ]--- Signed-off-by: Kinglong Mee Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields fs/nfsd/nfsproc.c | 1 + 1 file changed, 1 insertion(+) commit 1345921393ba23b60d3fcf15933e699232ad25ae Author: Jason Yan Date: Fri Mar 10 11:49:12 2017 +0800 md: fix incorrect use of lexx_to_cpu in does_sb_need_changing The sb->layout is of type __le32, so we shoud use le32_to_cpu. Signed-off-by: Jason Yan Signed-off-by: Shaohua Li drivers/md/md.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3fb632e40d7667d8bedfabc28850ac06d5493f54 Author: Jason Yan Date: Fri Mar 10 11:27:23 2017 +0800 md: fix super_offset endianness in super_1_rdev_size_change The sb->super_offset should be big-endian, but the rdev->sb_start is in host byte order, so fix this by adding cpu_to_le64. Signed-off-by: Jason Yan Signed-off-by: Shaohua Li drivers/md/md.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 40c50c1fecdf012a3bf055ec813f0ef2eda2749c Author: Thomas Gleixner Date: Fri Mar 10 13:17:18 2017 +0100 kexec, x86/purgatory: Unbreak it and clean it up The purgatory code defines global variables which are referenced via a symbol lookup in the kexec code (core and arch). A recent commit addressing sparse warnings made these static and thereby broke kexec_file. Why did this happen? Simply because the whole machinery is undocumented and lacks any form of forward declarations. The variable names are unspecific and lack a prefix, so adding forward declarations creates shadow variables in the core code. Aside of that the code relies on magic constants and duplicate struct definitions with no way to ensure that these things stay in sync. The section placement of the purgatory variables happened by chance and not by design. Unbreak kexec and cleanup the mess: - Add proper forward declarations and document the usage - Use common struct definition - Use the proper common defines instead of magic constants - Add a purgatory_ prefix to have a proper name space - Use ARRAY_SIZE() instead of a homebrewn reimplementation - Add proper sections to the purgatory variables [ From Mike ] Fixes: 72042a8c7b01 ("x86/purgatory: Make functions and variables static") Reported-by: Mike Galbraith < Signed-off-by: Thomas Gleixner Cc: Nicholas Mc Guire Cc: Borislav Petkov Cc: Vivek Goyal Cc: "Tobin C. Harding" Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1703101315140.3681@nanos Signed-off-by: Thomas Gleixner arch/powerpc/purgatory/trampoline.S | 12 ++++++------ arch/x86/include/asm/purgatory.h | 20 ++++++++++++++++++++ arch/x86/kernel/machine_kexec_64.c | 9 ++++++--- arch/x86/purgatory/purgatory.c | 35 +++++++++++++++++------------------ arch/x86/purgatory/purgatory.h | 8 -------- arch/x86/purgatory/setup-x86_64.S | 2 +- arch/x86/purgatory/sha256.h | 1 - include/linux/purgatory.h | 23 +++++++++++++++++++++++ kernel/kexec_file.c | 8 ++++---- kernel/kexec_internal.h | 6 +----- 10 files changed, 78 insertions(+), 46 deletions(-) commit 607523d19c9d67ba4cf7bdaced644f11ed04992c Author: Dave Airlie Date: Fri Mar 10 12:13:04 2017 +1000 drm/amdgpu: fix parser init error path to avoid crash in parser fini If we don't reset the chunk info in the error path, the subsequent fini path will double free. Reviewed-by: Christian König Signed-off-by: Dave Airlie Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 ++ 1 file changed, 2 insertions(+) commit d8a8ed9758241e138933c67e40db2db2790eca19 Author: Tom St Denis Date: Thu Mar 9 13:21:07 2017 -0500 drm/amd/amdgpu: Disable GFX_PG on Carrizo until compute issues solved Currently compute jobs will stall if GFX_PG is enabled. Until this is resolved we'll disable GFX_PG. Signed-off-by: Tom St Denis Reviewed-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/vi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 24c534bb161b8c95f261b34cbe44bbd043e829fc Merge: 2baf380 7cc5e38 Author: Linus Torvalds Date: Fri Mar 10 11:05:47 2017 -0800 Merge tag 'ceph-for-4.11-rc2' of git://github.com/ceph/ceph-client Pull ceph fixes from Ilya Dryomov: - a fix for the recently discovered misdirected requests bug present in jewel and later on the server side and all stable kernels - a fixup for -rc1 CRUSH changes - two usability enhancements: osd_request_timeout option and supported_features bus attribute. * tag 'ceph-for-4.11-rc2' of git://github.com/ceph/ceph-client: libceph: osd_request_timeout option rbd: supported_features bus attribute libceph: don't set weight to IN when OSD is destroyed libceph: fix crush_decode() for older maps commit a03849e7210277fa212779b7cd9c30e1ab6194b2 Author: Oleksandr Tyshchenko Date: Mon Feb 27 14:30:26 2017 +0200 iommu/io-pgtable-arm-v7s: Check for leaf entry before dereferencing it Do a check for already installed leaf entry at the current level before dereferencing it in order to avoid walking the page table down with wrong pointer to the next level. Signed-off-by: Oleksandr Tyshchenko CC: Will Deacon CC: Robin Murphy Signed-off-by: Will Deacon drivers/iommu/io-pgtable-arm-v7s.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit ed46e66cc1b3d684042f92dfa2ab15ee917b4cac Author: Oleksandr Tyshchenko Date: Mon Feb 27 14:30:25 2017 +0200 iommu/io-pgtable-arm: Check for leaf entry before dereferencing it Do a check for already installed leaf entry at the current level before dereferencing it in order to avoid walking the page table down with wrong pointer to the next level. Signed-off-by: Oleksandr Tyshchenko CC: Will Deacon CC: Robin Murphy Signed-off-by: Will Deacon drivers/iommu/io-pgtable-arm.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit b6573da139ecbee6f2c77392b51266d4521d50ac Author: Benjamin Tissoires Date: Fri Mar 10 10:10:54 2017 -0800 Input: synaptics-rmi4 - prevent null pointer dereference in f30 If the platform data has f30_data.disable set, f30 in rmi_f30_config() might be null. Prevent a kernel oops by checking for non-null f30. Signed-off-by: Benjamin Tissoires Signed-off-by: Dmitry Torokhov drivers/input/rmi4/rmi_f30.c | 4 ++++ 1 file changed, 4 insertions(+) commit 0e4c0e6ea7d4a988a5ae2791c7cb5769b5256dad Author: Geert Uytterhoeven Date: Fri Feb 17 15:25:08 2017 +0100 arm64: kernel: Update kerneldoc for cpu_suspend() rename Commit af391b15f7b56ce1 ("arm64: kernel: rename __cpu_suspend to keep it aligned with arm") renamed cpu_suspend() to arm_cpuidle_suspend(), but forgot to update the kerneldoc header. Fixes: af391b15f7b56ce1 ("arm64: kernel: rename __cpu_suspend to keep it aligned with arm") Signed-off-by: Geert Uytterhoeven Signed-off-by: Will Deacon arch/arm64/kernel/cpuidle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 609a807a95301cec7edb446241a35b402f85b4c3 Merge: 702f2ac ea29bd3 Author: David S. Miller Date: Fri Mar 10 10:03:27 2017 -0800 Merge branch 'mlx5-fixes' Saeed Mahameed says: ==================== Mellanox mlx5 fixes 2017-03-09 This series contains some mlx5 core and ethernet driver fixes. For -stable: net/mlx5e: remove IEEE/CEE mode check when setting DCBX mode (for kernel >= 4.10) net/mlx5e: Avoid wrong identification of rules on deletion (for kernel >= 4.9) net/mlx5: Don't save PCI state when PCI error is detected (for kernel >= 4.9) net/mlx5: Fix create autogroup prev initializer (for kernel >=4.9) ==================== Signed-off-by: David S. Miller commit ea29bd304d7b522f6162a36f394e690c579b5a63 Author: Eugenia Emantayev Date: Fri Mar 10 14:33:05 2017 +0200 net/mlx5e: Fix loopback selftest Change packet type handler to ETH_P_IP instead of ETH_P_ALL since we are already expecting an IP packet. Also, using ETH_P_ALL will cause the loopback test packet type handler to be called on all outgoing packets, especially our own self loopback test SKB, which will be validated on xmit as well, and we don't want that. Tested with: ethtool -t ethX validated that the loopback test passes. Fixes: 0952da791c97 ('net/mlx5e: Add support for loopback selftest') Signed-off-by: Eugenia Emantayev Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_selftest.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 65ba8fb7d5c6803ec236bb8d6650465fed7f9769 Author: Or Gerlitz Date: Fri Mar 10 14:33:04 2017 +0200 net/mlx5e: Avoid wrong identification of rules on deletion When deleting offloaded TC flows, we must correctly identify E-switch rules. The current check could get us wrong w.r.t to rules set on the PF. Since it's possible to set NIC rules on the PF, switch to SRIOV offloads mode and then attempt to delete a NIC rule. To solve that, we add a flags field to offloaded rules, set it on creation time and use that over the code where currently needed. Fixes: 8b32580df1cb ('net/mlx5e: Add TC vlan action for SRIOV offloads') Signed-off-by: Or Gerlitz Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 33 ++++++++++++++----------- 1 file changed, 18 insertions(+), 15 deletions(-) commit 33e21c59526e9147d7c68913995298f10c35cd6f Author: Huy Nguyen Date: Fri Mar 10 14:33:03 2017 +0200 net/mlx5e: remove IEEE/CEE mode check when setting DCBX mode Currently, the function setdcbx fails if the request dcbx mode is either IEEE or CEE. We remove the IEEE/CEE mode check because we support both IEEE and CEE interfaces. Fixes: 3a6a931dfb8e ("net/mlx5e: Support DCBX CEE API") Signed-off-by: Huy Nguyen Reviewed-by: Daniel Jurgens Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 5d47f6c89d568ab61712d8c40676fbb020b68752 Author: Daniel Jurgens Date: Fri Mar 10 14:33:02 2017 +0200 net/mlx5: Don't save PCI state when PCI error is detected When a PCI error is detected the PCI state could be corrupt, don't save it in that flow. Save the state after initialization. After restoring the PCI state during slot reset save it again, restoring the state destroys the previously saved state info. Fixes: 05ac2c0b7438 ('net/mlx5: Fix race between PCI error handlers and health work') Signed-off-by: Daniel Jurgens Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit af36370569eb37420e1e78a2e60c277b781fcd00 Author: Paul Blakey Date: Fri Mar 10 14:33:01 2017 +0200 net/mlx5: Fix create autogroup prev initializer The autogroups list is a list of non overlapping group boundaries sorted by their start index. If the autogroups list wasn't empty and an empty group slot was found at the start of the list, the new group was added to the end of the list instead of the beginning, as the prev initializer was incorrect. When this was repeated, it caused multiple groups to have overlapping boundaries. Fixed that by correctly initializing the prev pointer to the start of the list. Fixes: eccec8da3b4e ('net/mlx5: Keep autogroups list ordered') Signed-off-by: Paul Blakey Reviewed-by: Mark Bloch Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2baf38095cd79bb18108bc6131aec84ea85ae368 Merge: 7c7fba9 806dbb2 Author: Linus Torvalds Date: Fri Mar 10 09:56:16 2017 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Here are some driver bugfixes from I2C. Unusual this time are the two reverts. One because I accidently picked a patch from the list which I should have pulled from my co-maintainer instead ("missing of_node_put"). And one which I wrongly assumed to be an easy fix but it turned out already that it needs more iterations ("copy device properties")" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: Revert "i2c: copy device properties when using i2c_register_board_info()" Revert "i2c: add missing of_node_put in i2c_mux_del_adapters" i2c: exynos5: Avoid transaction timeouts due TRANSFER_DONE_AUTO not set i2c: designware: add reset interface i2c: meson: fix wrong variable usage in meson_i2c_put_data i2c: copy device properties when using i2c_register_board_info() i2c: m65xx: drop superfluous quirk structure i2c: brcmstb: Fix START and STOP conditions i2c: add missing of_node_put in i2c_mux_del_adapters i2c: riic: fix restart condition i2c: add missing of_node_put in i2c_mux_del_adapters commit 7c7fba984d39077a5c3d7a3cb9dcacf21be7508b Merge: baeedc71 3f81e13 Author: Linus Torvalds Date: Fri Mar 10 09:53:00 2017 -0800 Merge tag 'drm-fixes-for-4.11-rc2' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Intel, amd and mxsfb fixes. These are the drm fixes I've collected for rc2. Mostly i915 GVT only fixes, along with a single EDID fix, some mxsfb fixes and a few minor amd fixes" * tag 'drm-fixes-for-4.11-rc2' of git://people.freedesktop.org/~airlied/linux: (38 commits) drm: mxsfb: Implement drm_panel handling drm: mxsfb_crtc: Fix the framebuffer misplacement drm: mxsfb: Fix crash when provided invalid DT bindings drm: mxsfb: fix pixel clock polarity drm: mxsfb: use bus_format to determine LCD bus width drm/amdgpu: bump driver version for some new features drm/amdgpu: validate paramaters in the gem ioctl drm/amd/amdgpu: fix console deadlock if late init failed drm/i915/gvt: change some gvt_err to gvt_dbg_cmd drm/i915/gvt: protect RO and Rsvd bits of virtual vgpu configuration space drm/i915/gvt: handle workload lifecycle properly drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058 drm/i915/gvt: fix an error for F_RO flag drm/i915/gvt: use pfn_valid for better checking drm/i915/gvt: set SFUSE_STRAP properly for vitual monitor detection drm/i915/gvt: fix an error for one register drm/i915/gvt: add more registers into handlers list drm/i915/gvt: have more registers with F_CMD_ACCESS flags set drm/i915/gvt: add some new MMIOs to cmd_access white list drm/i915/gvt: fix pcode mailbox write emulation of BDW ... commit 14088540ad63c648e5cdf490412033f792d16b6b Author: Mark Rutland Date: Fri Mar 10 17:44:18 2017 +0000 arm64: use const cap for system_uses_ttbr0_pan() Since commit 4b65a5db362783ab ("arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1"), system_uses_ttbr0_pan() has used cpus_have_cap() to determine whether PAN is present. Since commit a4023f682739439b ("arm64: Add hypervisor safe helper for checking constant capabilities"), which was introduced around the same time, cpus_have_cap() doesn't try to use a static key, and must always perform a load, test, and consitional branch (likely a tbnz for the latter two). Elsewhere, we moved to using cpus_have_const_cap(), which can use a static key (i.e. a non-conditional branch), which is patched at runtime when the feature is detected. This patch makes system_uses_ttbr0_pan() use cpus_have_const_cap(). The static key is likely a win for hot-paths like the uacccess primitives, and this makes our usage consistent regardless. Signed-off-by: Mark Rutland Reviewed-by: Suzuki K Poulose Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Will Deacon arch/arm64/include/asm/cpufeature.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5c2a625937ba49bc691089370638223d310cda9a Author: Eric Biggers Date: Wed Mar 8 16:27:04 2017 -0800 arm64: support keyctl() system call in 32-bit mode As is the case for a number of other architectures that have a 32-bit compat mode, enable KEYS_COMPAT if both COMPAT and KEYS are enabled. This allows AArch32 programs to use the keyctl() system call when running on an AArch64 kernel. Signed-off-by: Eric Biggers Signed-off-by: Will Deacon arch/arm64/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) commit b0de0ccc8b9edd8846828e0ecdc35deacdf186b0 Author: Mark Rutland Date: Mon Mar 6 19:06:40 2017 +0000 arm64: kasan: avoid bad virt_to_pfn() Booting a v4.11-rc1 kernel with DEBUG_VIRTUAL and KASAN enabled produces the following splat (trimmed for brevity): [ 0.000000] virt_to_phys used for non-linear address: ffff200008080000 (0xffff200008080000) [ 0.000000] WARNING: CPU: 0 PID: 0 at arch/arm64/mm/physaddr.c:14 __virt_to_phys+0x48/0x70 [ 0.000000] PC is at __virt_to_phys+0x48/0x70 [ 0.000000] LR is at __virt_to_phys+0x48/0x70 [ 0.000000] Call trace: [ 0.000000] [] __virt_to_phys+0x48/0x70 [ 0.000000] [] kasan_init+0x1c0/0x498 [ 0.000000] [] setup_arch+0x2fc/0x948 [ 0.000000] [] start_kernel+0xb8/0x570 [ 0.000000] [] __primary_switched+0x6c/0x74 This is because we use virt_to_pfn() on a kernel image address when trying to figure out its nid, so that we can allocate its shadow from the same node. As with other recent changes, this patch uses lm_alias() to solve this. We could instead use NUMA_NO_NODE, as x86 does for all shadow allocations, though we'll likely want the "real" memory shadow to be backed from its corresponding nid anyway, so we may as well be consistent and find the nid for the image shadow. Cc: Catalin Marinas Cc: Will Deacon Acked-by: Laura Abbott Signed-off-by: Mark Rutland Signed-off-by: Will Deacon arch/arm64/mm/kasan_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cb6950b7152fb3760942f9cb16bd2a35e5a1bfd1 Author: Naveen N. Rao Date: Tue Mar 7 00:34:57 2017 +0530 arm64: kprobes: remove kprobe_exceptions_notify Commit fc62d0207ae0 ("kprobes: Introduce weak variant of kprobe_exceptions_notify()") introduces a generic empty version of the function for architectures that don't need special handling, like arm64. As such, remove the arch/arm64/ specific handler. Signed-off-by: Naveen N. Rao Signed-off-by: Will Deacon arch/arm64/kernel/probes/kprobes.c | 6 ------ 1 file changed, 6 deletions(-) commit 702f2ac87a9a8da23bf8506466bc70175fc970b2 Author: David Howells Date: Fri Mar 10 07:48:49 2017 +0000 rxrpc: Wake up the transmitter if Rx window size increases on the peer The RxRPC ACK packet may contain an extension that includes the peer's current Rx window size for this call. We adjust the local Tx window size to match. However, the transmitter can stall if the receive window is reduced to 0 by the peer and then reopened. This is because the normal way that the transmitter is re-energised is by dropping something out of our Tx queue and thus making space. When a single gap is made, the transmitter is woken up. However, because there's nothing in the Tx queue at this point, this doesn't happen. To fix this, perform a wake_up() any time we see the peer's Rx window size increasing. The observable symptom is that calls start failing on ETIMEDOUT and the following: kAFS: SERVER DEAD state=-62 appears in dmesg. Signed-off-by: David Howells Signed-off-by: David S. Miller net/rxrpc/input.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit baeedc7158da5b0f489d04125ba6adfba532a6f7 Merge: 8fe3cca 90eceff Author: Linus Torvalds Date: Fri Mar 10 08:59:07 2017 -0800 Merge branch 'prep-for-5level' Merge 5-level page table prep from Kirill Shutemov: "Here's relatively low-risk part of 5-level paging patchset. Merging it now will make x86 5-level paging enabling in v4.12 easier. The first patch is actually x86-specific: detect 5-level paging support. It boils down to single define. The rest of patchset converts Linux MMU abstraction from 4- to 5-level paging. Enabling of new abstraction in most cases requires adding single line of code in arch-specific code. The rest is taken care by asm-generic/. Changes to mm/ code are mostly mechanical: add support for new page table level -- p4d_t -- where we deal with pud_t now. v2: - fix build on microblaze (Michal); - comment for __ARCH_HAS_5LEVEL_HACK in kasan_populate_zero_shadow(); - acks from Michal" * emailed patches from Kirill A Shutemov : mm: introduce __p4d_alloc() mm: convert generic code to 5-level paging asm-generic: introduce arch, mm: convert all architectures to use 5level-fixup.h asm-generic: introduce __ARCH_USE_5LEVEL_HACK asm-generic: introduce 5level-fixup.h x86/cpufeature: Add 5-level paging detection commit 8fe3ccaed080a7804bc459c42e0419253973be92 Merge: 9db61d6 2378cd6 Author: Linus Torvalds Date: Fri Mar 10 08:34:42 2017 -0800 Merge branch 'akpm' (patches from Andrew) Merge fixes from Andrew Morton: "26 fixes" * emailed patches from Andrew Morton : (26 commits) userfaultfd: remove wrong comment from userfaultfd_ctx_get() fat: fix using uninitialized fields of fat_inode/fsinfo_inode sh: cayman: IDE support fix kasan: fix races in quarantine_remove_cache() kasan: resched in quarantine_remove_cache() mm: do not call mem_cgroup_free() from within mem_cgroup_alloc() thp: fix another corner case of munlock() vs. THPs rmap: fix NULL-pointer dereference on THP munlocking mm/memblock.c: fix memblock_next_valid_pfn() userfaultfd: selftest: vm: allow to build in vm/ directory userfaultfd: non-cooperative: userfaultfd_remove revalidate vma in MADV_DONTNEED userfaultfd: non-cooperative: fix fork fctx->new memleak mm/cgroup: avoid panic when init with low memory drivers/md/bcache/util.h: remove duplicate inclusion of blkdev.h mm/vmstats: add thp_split_pud event for clarity include/linux/fs.h: fix unsigned enum warning with gcc-4.2 userfaultfd: non-cooperative: release all ctx in dup_userfaultfd_complete userfaultfd: non-cooperative: robustness check userfaultfd: non-cooperative: rollback userfaultfd_exit x86, mm: unify exit paths in gup_pte_range() ... commit 8b38f890eff6efc153130254a96452570f971159 Author: Masahiro Yamada Date: Fri Mar 10 10:41:50 2017 +0900 MAINTAINERS: add Masahiro Yamada as a Kbuild maintainer It has been difficult lately for Michal to work on Kbuild on his regular basis. We discussed the maintainership of Kbuild, and I decided to be a co-maintainer. Add myself to the maintainer field, and replace the repository with my own. Signed-off-by: Masahiro Yamada Acked-by: Michal Marek MAINTAINERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d1479f6108006555fe33d7cfe8db4f95ad614b9a Author: Mihail Atanassov Date: Thu Feb 9 11:32:00 2017 +0000 drm: mali-dp: Fix smart layer not going to composition Use rectangle 1 as a generic plane. Existing code already sets the smart layer bounding box size + offset. The rectangles' offsets are relative to the bounding box, so there is no need to set R1's offset (reset value is 0), just its size which is the same as the bounding box. Signed-off-by: Mihail Atanassov Signed-off-by: Liviu Dudau drivers/gpu/drm/arm/malidp_hw.c | 2 +- drivers/gpu/drm/arm/malidp_planes.c | 18 ++++++++++++++++-- drivers/gpu/drm/arm/malidp_regs.h | 1 + 3 files changed, 18 insertions(+), 3 deletions(-) commit 9a8b0a230aca55ee142fd76f4765f1da1799da93 Author: Mihail Atanassov Date: Wed Feb 15 14:00:15 2017 +0000 drm: mali-dp: Remove mclk rate management The rate of mclk depends on the use-case. If no downscaling is required, then mclk == pxlclk is a valid option; with downscaling however, the rate at which mclk runs determines how much a plane can be downscaled before composition. This is a system integration + power management issue that is more suited to firmware rather than this driver. Signed-off-by: Mihail Atanassov Signed-off-by: Liviu Dudau drivers/gpu/drm/arm/malidp_crtc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit bba8376aea1dcbbe22bbda118c52abee317c7609 Author: Matjaz Hegedic Date: Thu Mar 9 14:00:17 2017 +0100 x86/reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk The reboot quirk for ASUS EeeBook X205TA contains a typo in DMI_PRODUCT_NAME, improperly referring to X205TAW instead of X205TA, which prevents the quirk from being triggered. The model X205TAW already has a reboot quirk of its own. This fix simply removes the inappropriate final letter W. Fixes: 90b28ded88dd ("x86/reboot/quirks: Add ASUS EeeBook X205TA reboot quirk") Signed-off-by: Matjaz Hegedic Link: http://lkml.kernel.org/r/1489064417-7445-1-git-send-email-matjaz.hegedic@gmail.com Signed-off-by: Thomas Gleixner arch/x86/kernel/reboot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a1016e94cce9fb6ea56d7602263783e2d95d6e92 Author: Russell King Date: Thu Mar 9 17:14:32 2017 +0000 ARM: wire up statx syscall Wire up the new statx syscall for ARM. Signed-off-by: Russell King arch/arm/tools/syscall.tbl | 1 + 1 file changed, 1 insertion(+) commit 296739839fa2851e6badc77dcfc45050094cb102 Author: Andrew Lunn Date: Thu Mar 9 20:53:31 2017 +0100 net: phy: marvell: Fix double free of hwmon device The hwmon temperature sensor devices is registered using a devm_hwmon API call. The marvell_release() would then manually free the device, not using a devm_hmon API, resulting in the device being removed twice, leading to a crash in kernfs_find_ns() during the second removal. Remove the manual removal, which makes marvell_release() empty, so remove it as well. Signed-off-by: Andrew Lunn Fixes: 0b04680fdae4 ("phy: marvell: Add support for temperature sensor") Acked-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/marvell.c | 15 --------------- 1 file changed, 15 deletions(-) commit 7b9f71f974a12740e79e918cfd58c2fce0b5b580 Author: Nicholas Piggin Date: Tue Feb 28 12:00:48 2017 +1000 powerpc/64s: POWER9 machine check handler Add POWER9 machine check handler. There are several new types of errors added, so logging messages for those are also added. This doesn't attempt to reuse any of the P7/8 defines or functions, because that becomes too complex. The better option in future is to use a table driven approach. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/include/asm/bitops.h | 4 + arch/powerpc/include/asm/mce.h | 105 +++++++++++++++++ arch/powerpc/kernel/cputable.c | 3 + arch/powerpc/kernel/mce.c | 83 ++++++++++++++ arch/powerpc/kernel/mce_power.c | 231 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 426 insertions(+) commit c1bbf387d6191e6e18f3adc4db45b922822c2ba4 Author: Nicholas Piggin Date: Tue Feb 28 12:00:47 2017 +1000 powerpc/64s: allow machine check handler to set severity and initiator Currently severity and initiator are always set to MCE_SEV_ERROR_SYNC and MCE_INITIATOR_CPU in the core mce code. Allow them to be set by the machine specific mce handlers. No functional change for existing handlers. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/include/asm/mce.h | 3 ++- arch/powerpc/kernel/mce.c | 5 +++-- arch/powerpc/kernel/mce_power.c | 6 ++++++ 3 files changed, 11 insertions(+), 3 deletions(-) commit 1363875bdb6317a2d0798284d7aaf320f0782f6d Author: Nicholas Piggin Date: Tue Feb 28 12:00:46 2017 +1000 powerpc/64s: fix handling of non-synchronous machine checks A synchronous machine check is an exception raised by the attempt to execute the current instruction. If the error can't be corrected, it can make sense to SIGBUS the currently running process. In other cases, the error condition is not related to the current instruction, so killing the current process is not the right thing to do. Today, all machine checks are MCE_SEV_ERROR_SYNC, so this has no practical change. It will be used to handle POWER9 asynchronous machine checks. Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/opal.c | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) commit 46f401c4297a2232a037ad8801b6c83c90414cf7 Author: Larry Finger Date: Thu Mar 9 20:33:51 2017 -0600 powerpc/pmac: Fix crash in dma-mapping.h with NULL dma_ops Commit 5657933dbb6e ("treewide: Move dma_ops from struct dev_archdata into struct device") introduced a crash for macio devices, an example backtrace being: kernel BUG at ./include/linux/dma-mapping.h:465! Oops: Exception in kernel mode, sig: 5 [#1] ... NIP [c031ddb0] dmam_alloc_coherent+0x74/0x140 LR [c031de70] dmam_alloc_coherent+0x134/0x140 Call Trace: dmam_alloc_coherent+0x134/0x140 (unreliable) pata_macio_port_start+0x3c/0x8c ata_host_start.part.5+0xfc/0x208 ata_host_activate+0x128/0x154 pata_macio_common_init+0x2f0/0x538 pata_macio_attach+0xd8/0x180 macio_device_probe+0x5c/0xec driver_probe_device+0x21c/0x314 __driver_attach+0xcc/0xd0 bus_for_each_dev+0x68/0xb4 bus_add_driver+0x1dc/0x244 driver_register+0x88/0x130 pata_macio_init+0x5c/0x88 do_one_initcall+0x40/0x170 kernel_init_freeable+0x134/0x1d0 kernel_init+0x18/0x110 ret_from_kernel_thread+0x5c/0x64 This was caused by the device having NULL dma_ops, triggering the BUG_ON(). Previously the device inherited its dma_ops via the assignment to dev->ofdev.dev.archdata. However after commit 5657933dbb6e the dma_ops are moved into dev->ofdev.dev, and so they need to be explicitly copied. Fixes: 5657933dbb6e ("treewide: Move dma_ops from struct dev_archdata into struct device") Signed-off-by: Larry Finger Suggested-by: Benjamin Herrenschmidt [mpe: Rewrite change log, add backtrace] Signed-off-by: Michael Ellerman drivers/macintosh/macio_asic.c | 1 + 1 file changed, 1 insertion(+) commit b3b8812e66511b7da3c4fed140da5f751c38cd7a Merge: d7aba64 6d22fe1 Author: David S. Miller Date: Thu Mar 9 18:39:03 2017 -0800 Merge branch 'bcmgenet-minor-bug-fixes' Doug Berger says: ==================== net: bcmgenet: minor bug fixes v2: Accidentally sent the wrong set after rebasing. This collection contains a number of fixes for minor issues with the bcmgenet driver most of which were present in the initial submission of the driver. Some bugs were uncovered by inspection prior to the upcoming update for GENETv5 support: net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values net: bcmgenet: correct MIB access of UniMAC RUNT counters net: bcmgenet: reserved phy revisions must be checked first net: bcmgenet: synchronize irq0 status between the isr and task Others bugs were found in power management testing: net: bcmgenet: power down internal phy if open or resume fails net: bcmgenet: Power up the internal PHY before probing the MII net: bcmgenet: decouple flow control from bcmgenet_tx_reclaim net: bcmgenet: add begin/complete ethtool ops Doug Berger (7): net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values net: bcmgenet: correct MIB access of UniMAC RUNT counters net: bcmgenet: reserved phy revisions must be checked first net: bcmgenet: power down internal phy if open or resume fails net: bcmgenet: synchronize irq0 status between the isr and task net: bcmgenet: Power up the internal PHY before probing the MII net: bcmgenet: decouple flow control from bcmgenet_tx_reclaim Edwin Chan (1): net: bcmgenet: add begin/complete ethtool ops ==================== Signed-off-by: David S. Miller commit 6d22fe14005ce66d1a120495ac16499b944feb95 Author: Doug Berger Date: Thu Mar 9 16:58:50 2017 -0800 net: bcmgenet: decouple flow control from bcmgenet_tx_reclaim The bcmgenet_tx_reclaim() function is used to reclaim transmit resources in different places within the driver. Most of them should not affect the state of the transmit flow control. This commit relocates the logic for waking tx queues based on freed resources to the napi polling function where it is more appropriate. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit 89316fa34ab8afac8d693f41a5bc268673f1da15 Author: Edwin Chan Date: Thu Mar 9 16:58:49 2017 -0800 net: bcmgenet: add begin/complete ethtool ops Make sure clock is enabled for ethtool ops. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Signed-off-by: Edwin Chan Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 6be371b053dc86f11465cc1abce2e99bda0a0574 Author: Doug Berger Date: Thu Mar 9 16:58:48 2017 -0800 net: bcmgenet: Power up the internal PHY before probing the MII When using the internal PHY it must be powered up when the MII is probed or the PHY will not be detected. Since the PHY is powered up at reset this has not been a problem. However, when the kernel is restarted with kexec the PHY will likely be powered down when the kernel starts so it will not be detected and the Ethernet link will not be established. This commit explicitly powers up the internal PHY when the GENET driver is probed to correct this behavior. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 07c52d6a0b955a8a28834f9354793cfc4b81d0e9 Author: Doug Berger Date: Thu Mar 9 16:58:47 2017 -0800 net: bcmgenet: synchronize irq0 status between the isr and task Add a spinlock to ensure that irq0_stat is not unintentionally altered as the result of preemption. Also removed unserviced irq0 interrupts and removed irq1_stat since there is no bottom half service for those interrupts. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 73 ++++++++++++++------------ drivers/net/ethernet/broadcom/genet/bcmgenet.h | 6 ++- 2 files changed, 44 insertions(+), 35 deletions(-) commit 7627409cc4970e8c8b9de6945ad86a575290a94e Author: Doug Berger Date: Thu Mar 9 16:58:46 2017 -0800 net: bcmgenet: power down internal phy if open or resume fails Since the internal PHY is powered up during the open and resume functions it should be powered back down if the functions fail. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 ++++ 1 file changed, 4 insertions(+) commit eca4bad73409aedc6ff22f823c18b67a4f08c851 Author: Doug Berger Date: Thu Mar 9 16:58:45 2017 -0800 net: bcmgenet: reserved phy revisions must be checked first The reserved gphy_rev value of 0x01ff must be tested before the old or new scheme for GPHY major versioning are tested, otherwise it will be treated as 0xff00 according to the old scheme. Fixes: b04a2f5b9ff5 ("net: bcmgenet: add support for new GENET PHY revision scheme") Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 1ad3d225e5a40ca6c586989b4baaca710544c15a Author: Doug Berger Date: Thu Mar 9 16:58:44 2017 -0800 net: bcmgenet: correct MIB access of UniMAC RUNT counters The gap between the Tx status counters and the Rx RUNT counters is now being added to allow correct reporting of the registers. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit ffff71328a3c321f7c14cc1edd33577717037744 Author: Doug Berger Date: Thu Mar 9 16:58:43 2017 -0800 net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values The location of the RBUF overflow and error counters has moved between different version of the GENET MAC. This commit corrects the driver to read from the correct locations depending on the version of the GENET MAC. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Signed-off-by: Doug Berger Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/genet/bcmgenet.c | 60 +++++++++++++++++++++++--- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 10 +++-- 2 files changed, 60 insertions(+), 10 deletions(-) commit d7aba644ffdebf756e51e26a2229055211838e89 Author: Lendacky, Thomas Date: Thu Mar 9 17:48:23 2017 -0600 amd-xgbe: Enable IRQs only if napi_complete_done() is true Depending on the hardware, the amd-xgbe driver may use disable_irq_nosync() and enable_irq() when an interrupt is received to process Rx packets. If the napi_complete_done() return value isn't checked an unbalanced enable for the IRQ could result, generating a warning stack trace. Update the driver to only enable interrupts if napi_complete_done() returns true. Reported-by: Jeremy Linton Signed-off-by: Tom Lendacky Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit 6fc166d62c6f9f6eda5ea300f671d34e89bdd3c8 Author: David Howells Date: Thu Mar 9 08:10:32 2017 +0000 rxrpc: rxrpc_kernel_send_data() needs to handle failed call better If rxrpc_kernel_send_data() is asked to send data through a call that has already failed (due to a remote abort, received protocol error or network error), then return the associated error code saved in the call rather than ESHUTDOWN. This allows the caller to work out whether to ask for the abort code or not based on this. Signed-off-by: David Howells Signed-off-by: David S. Miller net/rxrpc/sendmsg.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 4b3b45edba9222e518a1ec72df841eba3609fe34 Author: Alexey Kodanev Date: Thu Mar 9 13:56:46 2017 +0300 udp: avoid ufo handling on IP payload compression packets commit c146066ab802 ("ipv4: Don't use ufo handling on later transformed packets") and commit f89c56ce710a ("ipv6: Don't use ufo handling on later transformed packets") added a check that 'rt->dst.header_len' isn't zero in order to skip UFO, but it doesn't include IPcomp in transport mode where it equals zero. Packets, after payload compression, may not require further fragmentation, and if original length exceeds MTU, later compressed packets will be transmitted incorrectly. This can be reproduced with LTP udp_ipsec.sh test on veth device with enabled UFO, MTU is 1500 and UDP payload is 2000: * IPv4 case, offset is wrong + unnecessary fragmentation udp_ipsec.sh -p comp -m transport -s 2000 & tcpdump -ni ltp_ns_veth2 ... IP (tos 0x0, ttl 64, id 45203, offset 0, flags [+], proto Compressed IP (108), length 49) 10.0.0.2 > 10.0.0.1: IPComp(cpi=0x1000) IP (tos 0x0, ttl 64, id 45203, offset 1480, flags [none], proto UDP (17), length 21) 10.0.0.2 > 10.0.0.1: ip-proto-17 * IPv6 case, sending small fragments udp_ipsec.sh -6 -p comp -m transport -s 2000 & tcpdump -ni ltp_ns_veth2 ... IP6 (flowlabel 0x6b9ba, hlim 64, next-header Compressed IP (108) payload length: 37) fd00::2 > fd00::1: IPComp(cpi=0x1000) IP6 (flowlabel 0x6b9ba, hlim 64, next-header Compressed IP (108) payload length: 21) fd00::2 > fd00::1: IPComp(cpi=0x1000) Fix it by checking 'rt->dst.xfrm' pointer to 'xfrm_state' struct, skip UFO if xfrm is set. So the new check will include both cases: IPcomp and IPsec. Fixes: c146066ab802 ("ipv4: Don't use ufo handling on later transformed packets") Fixes: f89c56ce710a ("ipv6: Don't use ufo handling on later transformed packets") Signed-off-by: Alexey Kodanev Signed-off-by: David S. Miller net/ipv4/ip_output.c | 2 +- net/ipv6/ip6_output.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit cdfbabfb2f0ce983fdaa42f20e5f7842178fc01e Author: David Howells Date: Thu Mar 9 08:09:05 2017 +0000 net: Work around lockdep limitation in sockets that use sockets Lockdep issues a circular dependency warning when AFS issues an operation through AF_RXRPC from a context in which the VFS/VM holds the mmap_sem. The theory lockdep comes up with is as follows: (1) If the pagefault handler decides it needs to read pages from AFS, it calls AFS with mmap_sem held and AFS begins an AF_RXRPC call, but creating a call requires the socket lock: mmap_sem must be taken before sk_lock-AF_RXRPC (2) afs_open_socket() opens an AF_RXRPC socket and binds it. rxrpc_bind() binds the underlying UDP socket whilst holding its socket lock. inet_bind() takes its own socket lock: sk_lock-AF_RXRPC must be taken before sk_lock-AF_INET (3) Reading from a TCP socket into a userspace buffer might cause a fault and thus cause the kernel to take the mmap_sem, but the TCP socket is locked whilst doing this: sk_lock-AF_INET must be taken before mmap_sem However, lockdep's theory is wrong in this instance because it deals only with lock classes and not individual locks. The AF_INET lock in (2) isn't really equivalent to the AF_INET lock in (3) as the former deals with a socket entirely internal to the kernel that never sees userspace. This is a limitation in the design of lockdep. Fix the general case by: (1) Double up all the locking keys used in sockets so that one set are used if the socket is created by userspace and the other set is used if the socket is created by the kernel. (2) Store the kern parameter passed to sk_alloc() in a variable in the sock struct (sk_kern_sock). This informs sock_lock_init(), sock_init_data() and sk_clone_lock() as to the lock keys to be used. Note that the child created by sk_clone_lock() inherits the parent's kern setting. (3) Add a 'kern' parameter to ->accept() that is analogous to the one passed in to ->create() that distinguishes whether kernel_accept() or sys_accept4() was the caller and can be passed to sk_alloc(). Note that a lot of accept functions merely dequeue an already allocated socket. I haven't touched these as the new socket already exists before we get the parameter. Note also that there are a couple of places where I've made the accepted socket unconditionally kernel-based: irda_accept() rds_rcp_accept_one() tcp_accept_from_sock() because they follow a sock_create_kern() and accept off of that. Whilst creating this, I noticed that lustre and ocfs don't create sockets through sock_create_kern() and thus they aren't marked as for-kernel, though they appear to be internal. I wonder if these should do that so that they use the new set of lock keys. Signed-off-by: David Howells Signed-off-by: David S. Miller crypto/af_alg.c | 9 ++- crypto/algif_hash.c | 9 ++- drivers/staging/lustre/lnet/lnet/lib-socket.c | 4 +- fs/dlm/lowcomms.c | 2 +- fs/ocfs2/cluster/tcp.c | 2 +- include/crypto/if_alg.h | 2 +- include/linux/net.h | 2 +- include/net/inet_common.h | 3 +- include/net/inet_connection_sock.h | 2 +- include/net/sctp/structs.h | 3 +- include/net/sock.h | 9 ++- net/atm/svc.c | 5 +- net/ax25/af_ax25.c | 3 +- net/bluetooth/l2cap_sock.c | 2 +- net/bluetooth/rfcomm/sock.c | 3 +- net/bluetooth/sco.c | 2 +- net/core/sock.c | 106 ++++++++++++++------------ net/decnet/af_decnet.c | 5 +- net/ipv4/af_inet.c | 5 +- net/ipv4/inet_connection_sock.c | 2 +- net/irda/af_irda.c | 5 +- net/iucv/af_iucv.c | 2 +- net/llc/af_llc.c | 4 +- net/netrom/af_netrom.c | 3 +- net/nfc/llcp_sock.c | 2 +- net/phonet/pep.c | 6 +- net/phonet/socket.c | 4 +- net/rds/tcp_listen.c | 2 +- net/rose/af_rose.c | 3 +- net/sctp/ipv6.c | 5 +- net/sctp/protocol.c | 5 +- net/sctp/socket.c | 4 +- net/smc/af_smc.c | 2 +- net/socket.c | 4 +- net/tipc/socket.c | 8 +- net/unix/af_unix.c | 5 +- net/vmw_vsock/af_vsock.c | 3 +- net/x25/af_x25.c | 3 +- 38 files changed, 142 insertions(+), 108 deletions(-) commit 9db61d6fd65f53eaee13fbb451fd761ce926dea9 Merge: 794fe78 2fcc319 Author: Linus Torvalds Date: Thu Mar 9 18:11:28 2017 -0800 Merge tag 'xfs-4.11-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fixes from Darrick Wong: "Here are some bug fixes for -rc2 to clean up the copy on write handling and to remove a cause of hangs. - Fix various iomap bugs - Fix overly aggressive CoW preallocation garbage collection - Fixes to CoW endio error handling - Fix some incorrect geometry calculations - Remove a potential system hang in bulkstat - Try to allocate blocks more aggressively to reduce ENOSPC errors" * tag 'xfs-4.11-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: try any AG when allocating the first btree block when reflinking xfs: use iomap new flag for newly allocated delalloc blocks xfs: remove kmem_zalloc_greedy xfs: Use xfs_icluster_size_fsb() to calculate inode alignment mask xfs: fix and streamline error handling in xfs_end_io xfs: only reclaim unwritten COW extents periodically iomap: invalidate page caches should be after iomap_dio_complete() in direct write commit 794fe7891d77fb9ee095313c60805a8ed609e2a7 Merge: c1aa905 dcc2352 Author: Linus Torvalds Date: Thu Mar 9 18:05:41 2017 -0800 Merge tag 'gcc-plugins-v4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull gcc-plugins fix from Kees Cook: "Fixes a typo in sancov plugin, exposed in earlier compiler versions" * tag 'gcc-plugins-v4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: fix sancov_plugin for gcc-5 commit 81dca07b3be974e81cff250a19282473d67a870b Merge: 6cbac98 520ad89 Author: David S. Miller Date: Thu Mar 9 17:38:32 2017 -0800 Merge branch 'bnxt_en-misc-small-fixes' Michael Chan says: ==================== bnxt_en: Misc. small fixes. Fixes include moving the initial function reset, notifying the RDMA driver during tx timeout, setting dcbx_cap properly depending on whether the firmware agent is running or not, and an autoneg related improvement. ==================== Signed-off-by: David S. Miller commit 520ad89a54edea84496695d528f73ddcf4a52ea4 Author: Michael Chan Date: Wed Mar 8 18:44:35 2017 -0500 bnxt_en: Ignore 0 value in autoneg supported speed from firmware. In some situations, the firmware will return 0 for autoneg supported speed. This may happen if the firmware detects no SFP module, for example. The driver should ignore this so that we don't end up with an invalid autoneg setting with nothing advertised. When SFP module is inserted, we'll get the updated settings from firmware at that time. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit bc39f885a9c3bdbff0a96ecaf07b162a78eff6e4 Author: Michael Chan Date: Wed Mar 8 18:44:34 2017 -0500 bnxt_en: Check if firmware LLDP agent is running. Set DCB_CAP_DCBX_HOST capability flag only if the firmware LLDP agent is not running. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 ++++ drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) commit b386cd362ffea09d05c56bfa85d104562e860647 Author: Michael Chan Date: Wed Mar 8 18:44:33 2017 -0500 bnxt_en: Call bnxt_ulp_stop() during tx timeout. If we call bnxt_reset_task() due to tx timeout, we should call bnxt_ulp_stop() to inform the RDMA driver about the error and the impending reset. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 3c2217a675bac22afb149166e0de71809189850d Author: Michael Chan Date: Wed Mar 8 18:44:32 2017 -0500 bnxt_en: Perform function reset earlier during probe. The firmware call to do function reset is done too late. It is causing the rings that have been reserved to be freed. In NPAR mode, this bug is causing us to run out of rings. Fixes: 391be5c27364 ("bnxt_en: Implement new scheme to reserve tx rings.") Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 6cbac9828627b89487144c1e4448d7e0a6ab22ca Author: LABBE Corentin Date: Wed Mar 8 16:46:57 2017 +0100 tun: remove copyright printing Printing copyright does not give any useful information on the boot process. Furthermore, the email address printed is obsolete since commit ba57b6f20429 ("MAINTAINERS: fix bouncing tun/tap entries") Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller drivers/net/tun.c | 1 - 1 file changed, 1 deletion(-) commit 9f138fa609c47403374a862a08a41394be53d461 Author: Alexander Potapenko Date: Wed Mar 8 18:08:16 2017 +0100 net: initialize msg.msg_flags in recvfrom KMSAN reports a use of uninitialized memory in put_cmsg() because msg.msg_flags in recvfrom haven't been initialized properly. The flag values don't affect the result on this path, but it's still a good idea to initialize them explicitly. Signed-off-by: Alexander Potapenko Signed-off-by: David S. Miller net/socket.c | 1 + 1 file changed, 1 insertion(+) commit 3f81e1340706e9a7f854808e2f580c3106805d0c Author: Fabio Estevam Date: Wed Feb 1 15:19:47 2017 -0200 drm: mxsfb: Implement drm_panel handling Currently when the 'power-supply' regulator is passed via device tree it does not actually work since drm_panel_prepare()/drm_panel_enable() are never called. Quoting Thierry Reding: "It should really call drm_panel_prepare() and drm_panel_enable() while switching on the display pipeline and drm_panel_disable(), followed by drm_panel_unprepare() while switching off the display pipeline." So do as suggested, so that the 'power-supply' regulator can be functional. Reported-by: Breno Lima Suggested-by: Thierry Reding Signed-off-by: Fabio Estevam Tested-by: Marek Vasut Signed-off-by: Dave Airlie drivers/gpu/drm/mxsfb/mxsfb_drv.c | 4 ++++ 1 file changed, 4 insertions(+) commit d42986b6c600da4215973878f1c889cdabbdd122 Author: Fabio Estevam Date: Thu Feb 2 19:26:38 2017 -0200 drm: mxsfb_crtc: Fix the framebuffer misplacement Currently the framebuffer content is displayed with incorrect offsets in both the vertical and horizontal directions. The fbdev version of the driver does not show this problem. Breno Lima dumped the eLCDIF controller registers on both the drm and fbdev drivers and noticed that the VDCTRL3 register is configured incorrectly in the drm driver. The fbdev driver calculates the vertical and horizontal wait counts of the VDCTRL3 register by doing: back porch + sync length. Looking at the horizontal and vertical timing diagram from include/drm/drm_modes.h this value corresponds to: crtc_[hv]total - crtc_[hv]sync_start So fix the VDCTRL3 register setting accordingly so that the eLCDIF controller can properly show the framebuffer content in the correct position. Reported-by: Breno Lima Signed-off-by: Fabio Estevam Tested-by: Breno Lima Tested-by: Marek Vasut Signed-off-by: Dave Airlie drivers/gpu/drm/mxsfb/mxsfb_crtc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7ad7a5acfb96215216f46b9848bd2d341663358f Author: Marek Vasut Date: Sat Jan 28 18:01:57 2017 +0100 drm: mxsfb: Fix crash when provided invalid DT bindings The mxsfb driver will crash if the mxsfb DT node has a subnode, but the content of the subnode is not of-graph binding with an endpoint linking to panel. The crash was triggered by providing old-style panel bindings to the mxsfb driver instead of the new of-graph ones. The problem happens in mxsfb_create_output(), which is invoked from mxsfb_load(). The mxsfb_create_output() iterates over all mxsfb DT subnode endpoints and tries to bind a panel on each endpoint. If there is any problem binding the panel, that is, mxsfb->panel == NULL, this function will return an error code, otherwise success 0 is returned. If the subnodes do not specify of-graph binding with an endpoint, the iteration over endpoints in mxsfb_create_output() will have zero cycles and the function will immediatelly return 0, but the mxsfb->panel will remain NULL. This is propagated back into the mxsfb_load(), which does not detect any problem and expects that the mxsfb->panel is valid, thus calls mxsfb_panel_attach(). But since mxsfb->panel == NULL, mxsfb_panel_attach() is called with first argument NULL and this crashes the kernel. This patch fixes the problem by explicitly checking for valid mxsfb->panel at the end of the iteration in mxsfb_create_output(). Signed-off-by: Marek Vasut Cc: Daniel Vetter Cc: Dave Airlie Cc: Stefan Agner Cc: Breno Matheus Lima Tested-by: Breno Lima Signed-off-by: Dave Airlie drivers/gpu/drm/mxsfb/mxsfb_out.c | 4 ++++ 1 file changed, 4 insertions(+) commit 53990e416bb7adaa59d045f325a47f31a11b75ee Author: Stefan Agner Date: Wed Dec 14 12:48:09 2016 -0800 drm: mxsfb: fix pixel clock polarity The DRM subsystem specifies the pixel clock polarity from a controllers perspective: DRM_BUS_FLAG_PIXDATA_NEGEDGE means the controller drives the data on pixel clocks falling edge. That is the controllers DOTCLK_POL=0 (Default is data launched at negative edge). Also change the data enable logic to be high active by default and only change if explicitly requested via bus_flags. With that defaults are: - Data enable: high active - Pixel clock polarity: controller drives data on negative edge Signed-off-by: Stefan Agner Acked-by: Marek Vasut Signed-off-by: Dave Airlie drivers/gpu/drm/mxsfb/mxsfb_crtc.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 10f2889ba35aeb251b9945ec4c461af8c124c41f Author: Stefan Agner Date: Wed Dec 14 17:28:41 2016 -0800 drm: mxsfb: use bus_format to determine LCD bus width The LCD bus width does not need to align with the pixel format. The LCDIF controller automatically converts between pixel formats and bus width by padding or dropping LSBs. The DRM subsystem has the notion of bus_format which allows to determine what bus_formats are supported by the display. Choose the first available or fallback to 24 bit if none are available. Signed-off-by: Stefan Agner Acked-by: Marek Vasut Signed-off-by: Dave Airlie drivers/gpu/drm/mxsfb/mxsfb_crtc.c | 34 ++++++++++++++++++++++++++++++++-- drivers/gpu/drm/mxsfb/mxsfb_regs.h | 1 + 2 files changed, 33 insertions(+), 2 deletions(-) commit 9813527abc558415dbe4dc0bb5bfbd12aab2c457 Merge: 31aec64 a5b11da Author: Dave Airlie Date: Fri Mar 10 11:07:34 2017 +1000 Merge branch 'drm-fixes-4.11' of git://people.freedesktop.org/~agd5f/linux into drm-fixes * 'drm-fixes-4.11' of git://people.freedesktop.org/~agd5f/linux: drm/amdgpu: bump driver version for some new features drm/amdgpu: validate paramaters in the gem ioctl drm/amd/amdgpu: fix console deadlock if late init failed commit 31aec642c4eef442b05a96bdd064529099e65729 Merge: aa717ae 70647f9 Author: Dave Airlie Date: Fri Mar 10 11:07:13 2017 +1000 Merge tag 'drm-intel-fixes-2017-03-09' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes flushing out gvt-g fixes * tag 'drm-intel-fixes-2017-03-09' of git://anongit.freedesktop.org/git/drm-intel: (29 commits) drm/i915/gvt: change some gvt_err to gvt_dbg_cmd drm/i915/gvt: protect RO and Rsvd bits of virtual vgpu configuration space drm/i915/gvt: handle workload lifecycle properly drm/i915/gvt: fix an error for F_RO flag drm/i915/gvt: use pfn_valid for better checking drm/i915/gvt: set SFUSE_STRAP properly for vitual monitor detection drm/i915/gvt: fix an error for one register drm/i915/gvt: add more registers into handlers list drm/i915/gvt: have more registers with F_CMD_ACCESS flags set drm/i915/gvt: add some new MMIOs to cmd_access white list drm/i915/gvt: fix pcode mailbox write emulation of BDW drm/i915/gvt: add resolution definition for vGPU type drm/i915/gvt: Add more edid definition support drm/i915/gvt: adjust to fixed vGPU types drm/i915/gvt: remove unnecessary error msg from gtt write drm/i915/gvt: refine pcode write emulation drm/i915/gvt: clear the vGPU reset logic drm/i915/gvt: decrease priority of output msg for untracked mmio drm/i915/gvt: set default value to 0 for unhandled mmio regs drm/i915/gvt: add cmd_access to GEN7_HALF_SLICE_CHICKEN1 ... commit aa717ae1b60f849a8019847d333709417d1a539e Merge: c1ae3cf 36fc579 Author: Dave Airlie Date: Fri Mar 10 11:06:46 2017 +1000 Merge tag 'drm-misc-fixes-2017-03-06' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes Just 1 8bpc quirk from Ville, cc: stable * tag 'drm-misc-fixes-2017-03-06' of git://anongit.freedesktop.org/git/drm-misc: drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058 commit 2378cd6181edd94748d699448823609977283b11 Author: David Hildenbrand Date: Thu Mar 9 16:17:40 2017 -0800 userfaultfd: remove wrong comment from userfaultfd_ctx_get() It's a void function, so there is no return value; Link: http://lkml.kernel.org/r/20170309150817.7510-1-david@redhat.com Signed-off-by: David Hildenbrand Cc: Andrea Arcangeli Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 2 -- 1 file changed, 2 deletions(-) commit c0d0e351285161a515396b7b1ee53ec9ffd97e3c Author: OGAWA Hirofumi Date: Thu Mar 9 16:17:37 2017 -0800 fat: fix using uninitialized fields of fat_inode/fsinfo_inode Recently fallocate patch was merged and it uses MSDOS_I(inode)->mmu_private at fat_evict_inode(). However, fat_inode/fsinfo_inode that was introduced in past didn't initialize MSDOS_I(inode) properly. With those combinations, it became the cause of accessing random entry in FAT area. Link: http://lkml.kernel.org/r/87pohrj4i8.fsf@mail.parknet.co.jp Signed-off-by: OGAWA Hirofumi Reported-by: Moreno Bartalucci Tested-by: Moreno Bartalucci Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/fat/inode.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit ca5b58ea3db88b5e69ba2a1f6bc3cf239cdcc64f Author: Bartlomiej Zolnierkiewicz Date: Thu Mar 9 16:17:34 2017 -0800 sh: cayman: IDE support fix Remove incorrect CONFIG_IDE ifdef (CONFIG_IDE config option is for internal drivers/ide/ use) and make IDE hardware interface always initialized (not only when IDE subsystem is built-in). This patch allows Cayman board to work with modular IDE subsystem support and removes the requirement of having the whole core IDE subsystem built-in when using libata PATA support. Link: http://lkml.kernel.org/r/1990884.yFoE6lSB9G@amdc3058 Signed-off-by: Bartlomiej Zolnierkiewicz Cc: Yoshinori Sato Cc: Rich Felker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/sh/boards/mach-cayman/setup.c | 2 -- 1 file changed, 2 deletions(-) commit ce5bec54bb5debbbe51b40270d8f209a23cadae4 Author: Dmitry Vyukov Date: Thu Mar 9 16:17:32 2017 -0800 kasan: fix races in quarantine_remove_cache() quarantine_remove_cache() frees all pending objects that belong to the cache, before we destroy the cache itself. However there are currently two possibilities how it can fail to do so. First, another thread can hold some of the objects from the cache in temp list in quarantine_put(). quarantine_put() has a windows of enabled interrupts, and on_each_cpu() in quarantine_remove_cache() can finish right in that window. These objects will be later freed into the destroyed cache. Then, quarantine_reduce() has the same problem. It grabs a batch of objects from the global quarantine, then unlocks quarantine_lock and then frees the batch. quarantine_remove_cache() can finish while some objects from the cache are still in the local to_free list in quarantine_reduce(). Fix the race with quarantine_put() by disabling interrupts for the whole duration of quarantine_put(). In combination with on_each_cpu() in quarantine_remove_cache() it ensures that quarantine_remove_cache() either sees the objects in the per-cpu list or in the global list. Fix the race with quarantine_reduce() by protecting quarantine_reduce() with srcu critical section and then doing synchronize_srcu() at the end of quarantine_remove_cache(). I've done some assessment of how good synchronize_srcu() works in this case. And on a 4 CPU VM I see that it blocks waiting for pending read critical sections in about 2-3% of cases. Which looks good to me. I suspect that these races are the root cause of some GPFs that I episodically hit. Previously I did not have any explanation for them. BUG: unable to handle kernel NULL pointer dereference at 00000000000000c8 IP: qlist_free_all+0x2e/0xc0 mm/kasan/quarantine.c:155 PGD 6aeea067 PUD 60ed7067 PMD 0 Oops: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 13667 Comm: syz-executor2 Not tainted 4.10.0+ #60 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff88005f948040 task.stack: ffff880069818000 RIP: 0010:qlist_free_all+0x2e/0xc0 mm/kasan/quarantine.c:155 RSP: 0018:ffff88006981f298 EFLAGS: 00010246 RAX: ffffea0000ffff00 RBX: 0000000000000000 RCX: ffffea0000ffff1f RDX: 0000000000000000 RSI: ffff88003fffc3e0 RDI: 0000000000000000 RBP: ffff88006981f2c0 R08: ffff88002fed7bd8 R09: 00000001001f000d R10: 00000000001f000d R11: ffff88006981f000 R12: ffff88003fffc3e0 R13: ffff88006981f2d0 R14: ffffffff81877fae R15: 0000000080000000 FS: 00007fb911a2d700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000c8 CR3: 0000000060ed6000 CR4: 00000000000006f0 Call Trace: quarantine_reduce+0x10e/0x120 mm/kasan/quarantine.c:239 kasan_kmalloc+0xca/0xe0 mm/kasan/kasan.c:590 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:544 slab_post_alloc_hook mm/slab.h:456 [inline] slab_alloc_node mm/slub.c:2718 [inline] kmem_cache_alloc_node+0x1d3/0x280 mm/slub.c:2754 __alloc_skb+0x10f/0x770 net/core/skbuff.c:219 alloc_skb include/linux/skbuff.h:932 [inline] _sctp_make_chunk+0x3b/0x260 net/sctp/sm_make_chunk.c:1388 sctp_make_data net/sctp/sm_make_chunk.c:1420 [inline] sctp_make_datafrag_empty+0x208/0x360 net/sctp/sm_make_chunk.c:746 sctp_datamsg_from_user+0x7e8/0x11d0 net/sctp/chunk.c:266 sctp_sendmsg+0x2611/0x3970 net/sctp/socket.c:1962 inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:761 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xca/0x110 net/socket.c:643 SYSC_sendto+0x660/0x810 net/socket.c:1685 SyS_sendto+0x40/0x50 net/socket.c:1653 I am not sure about backporting. The bug is quite hard to trigger, I've seen it few times during our massive continuous testing (however, it could be cause of some other episodic stray crashes as it leads to memory corruption...). If it is triggered, the consequences are very bad -- almost definite bad memory corruption. The fix is non trivial and has chances of introducing new bugs. I am also not sure how actively people use KASAN on older releases. [dvyukov@google.com: - sorted includes[ Link: http://lkml.kernel.org/r/20170309094028.51088-1-dvyukov@google.com Link: http://lkml.kernel.org/r/20170308151532.5070-1-dvyukov@google.com Signed-off-by: Dmitry Vyukov Acked-by: Andrey Ryabinin Cc: Greg Thelen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/kasan/quarantine.c | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) commit 68fd814a3391c7e017ae6ace8855788748edd981 Author: Dmitry Vyukov Date: Thu Mar 9 16:17:28 2017 -0800 kasan: resched in quarantine_remove_cache() We see reported stalls/lockups in quarantine_remove_cache() on machines with large amounts of RAM. quarantine_remove_cache() needs to scan whole quarantine in order to take out all objects belonging to the cache. Quarantine is currently 1/32-th of RAM, e.g. on a machine with 256GB of memory that will be 8GB. Moreover quarantine scanning is a walk over uncached linked list, which is slow. Add cond_resched() after scanning of each non-empty batch of objects. Batches are specifically kept of reasonable size for quarantine_put(). On a machine with 256GB of RAM we should have ~512 non-empty batches, each with 16MB of objects. Link: http://lkml.kernel.org/r/20170308154239.25440-1-dvyukov@google.com Signed-off-by: Dmitry Vyukov Acked-by: Andrey Ryabinin Cc: Greg Thelen Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/kasan/quarantine.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 40e952f9d687928b32db20226f085ae660a7237c Author: Tahsin Erdogan Date: Thu Mar 9 16:17:26 2017 -0800 mm: do not call mem_cgroup_free() from within mem_cgroup_alloc() mem_cgroup_free() indirectly calls wb_domain_exit() which is not prepared to deal with a struct wb_domain object that hasn't executed wb_domain_init(). For instance, the following warning message is printed by lockdep if alloc_percpu() fails in mem_cgroup_alloc(): INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 1 PID: 1950 Comm: mkdir Not tainted 4.10.0+ #151 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: dump_stack+0x67/0x99 register_lock_class+0x36d/0x540 __lock_acquire+0x7f/0x1a30 lock_acquire+0xcc/0x200 del_timer_sync+0x3c/0xc0 wb_domain_exit+0x14/0x20 mem_cgroup_free+0x14/0x40 mem_cgroup_css_alloc+0x3f9/0x620 cgroup_apply_control_enable+0x190/0x390 cgroup_mkdir+0x290/0x3d0 kernfs_iop_mkdir+0x58/0x80 vfs_mkdir+0x10e/0x1a0 SyS_mkdirat+0xa8/0xd0 SyS_mkdir+0x14/0x20 entry_SYSCALL_64_fastpath+0x18/0xad Add __mem_cgroup_free() which skips wb_domain_exit(). This is used by both mem_cgroup_free() and mem_cgroup_alloc() clean up. Fixes: 0b8f73e104285 ("mm: memcontrol: clean up alloc, online, offline, free functions") Link: http://lkml.kernel.org/r/20170306192122.24262-1-tahsin@google.com Signed-off-by: Tahsin Erdogan Acked-by: Michal Hocko Cc: Johannes Weiner Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memcontrol.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 6ebb4a1b848fe75323135f93e72c78f8780fd268 Author: Kirill A. Shutemov Date: Thu Mar 9 16:17:23 2017 -0800 thp: fix another corner case of munlock() vs. THPs The following test case triggers BUG() in munlock_vma_pages_range(): int main(int argc, char *argv[]) { int fd; system("mount -t tmpfs -o huge=always none /mnt"); fd = open("/mnt/test", O_CREAT | O_RDWR); ftruncate(fd, 4UL << 20); mmap(NULL, 4UL << 20, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED | MAP_LOCKED, fd, 0); mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_LOCKED, fd, 0); munlockall(); return 0; } The second mmap() create PTE-mapping of the first huge page in file. It makes kernel munlock the page as we never keep PTE-mapped page mlocked. On munlockall() when we handle vma created by the first mmap(), munlock_vma_page() returns page_mask == 0, as the page is not mlocked anymore. On next iteration follow_page_mask() return tail page, but page_mask is HPAGE_NR_PAGES - 1. It makes us skip to the first tail page of the next huge page and step on VM_BUG_ON_PAGE(PageMlocked(page)). The fix is not use the page_mask from follow_page_mask() at all. It has no use for us. Link: http://lkml.kernel.org/r/20170302150252.34120-1-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: [4.5+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mlock.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 8346242a7e32c4c93316684ad8f45473932586b9 Author: Kirill A. Shutemov Date: Thu Mar 9 16:17:20 2017 -0800 rmap: fix NULL-pointer dereference on THP munlocking The following test case triggers NULL-pointer derefernce in try_to_unmap_one(): #include #include #include #include int main(int argc, char *argv[]) { int fd; system("mount -t tmpfs -o huge=always none /mnt"); fd = open("/mnt/test", O_CREAT | O_RDWR); ftruncate(fd, 2UL << 20); mmap(NULL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED | MAP_LOCKED, fd, 0); mmap(NULL, 2UL << 20, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_LOCKED, fd, 0); munlockall(); return 0; } Apparently, there's a case when we call try_to_unmap() on huge PMDs: it's TTU_MUNLOCK. Let's handle this case correctly. Fixes: c7ab0d2fdc84 ("mm: convert try_to_unmap_one() to use page_vma_mapped_walk()") Link: http://lkml.kernel.org/r/20170302151159.30592-1-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/rmap.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit c9a1b80daeb50e39f21fd7e62f7224f317ac85f0 Author: AKASHI Takahiro Date: Thu Mar 9 16:17:17 2017 -0800 mm/memblock.c: fix memblock_next_valid_pfn() Obviously, we should not access memblock.memory.regions[right] if 'right' is outside of [0..memblock.memory.cnt>. Fixes: b92df1de5d28 ("mm: page_alloc: skip over regions of invalid pfns where possible") Link: http://lkml.kernel.org/r/20170303023745.9104-1-takahiro.akashi@linaro.org Signed-off-by: AKASHI Takahiro Cc: Paul Burton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memblock.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 46aa6a302b53f543f8e8b8e1714dc5e449ad36a6 Author: Andrea Arcangeli Date: Thu Mar 9 16:17:14 2017 -0800 userfaultfd: selftest: vm: allow to build in vm/ directory linux/tools/testing/selftests/vm $ make gcc -Wall -I ../../../../usr/include compaction_test.c -lrt -o /compaction_test /usr/lib/gcc/x86_64-pc-linux-gnu/4.9.4/../../../../x86_64-pc-linux-gnu/bin/ld: cannot open output file /compaction_test: Permission denied collect2: error: ld returned 1 exit status make: *** [../lib.mk:54: /compaction_test] Error 1 Since commit a8ba798bc8ec ("selftests: enable O and KBUILD_OUTPUT") selftests/vm build fails if run from the "selftests/vm" directory, but it works in the selftests/ directory. It's quicker to be able to do a local vm-only build after a tree wipe and this patch allows for it again. Link: http://lkml.kernel.org/r/20170302173738.18994-4-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: Mike Rapoport Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Cc: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/Makefile | 4 ++++ 1 file changed, 4 insertions(+) commit 70ccb92fdd90b35bb6f9200093d4ffd6cb38156b Author: Andrea Arcangeli Date: Thu Mar 9 16:17:11 2017 -0800 userfaultfd: non-cooperative: userfaultfd_remove revalidate vma in MADV_DONTNEED userfaultfd_remove() has to be execute before zapping the pagetables or UFFDIO_COPY could keep filling pages after zap_page_range returned, which would result in non zero data after a MADV_DONTNEED. However userfaultfd_remove() may have to release the mmap_sem. This was handled correctly in MADV_REMOVE, but MADV_DONTNEED accessed a potentially stale vma (the very vma passed to zap_page_range(vma, ...)). The fix consists in revalidating the vma in case userfaultfd_remove() had to release the mmap_sem. This also optimizes away an unnecessary down_read/up_read in the MADV_REMOVE case if UFFD_EVENT_FORK had to be delivered. It all remains zero runtime cost in case CONFIG_USERFAULTFD=n as userfaultfd_remove() will be defined as "true" at build time. Link: http://lkml.kernel.org/r/20170302173738.18994-3-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Acked-by: Mike Rapoport Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Cc: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 9 +++------ include/linux/userfaultfd_k.h | 7 +++---- mm/madvise.c | 44 ++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 47 insertions(+), 13 deletions(-) commit 7eb76d457fd758d396bc2e65cb0ace5aae614149 Author: Mike Rapoport Date: Thu Mar 9 16:17:09 2017 -0800 userfaultfd: non-cooperative: fix fork fctx->new memleak We have a memleak in the ->new ctx if the uffd of the parent is closed before the fork event is read, nothing frees the new context. Link: http://lkml.kernel.org/r/20170302173738.18994-2-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Reported-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Cc: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit bfc7228b9a9647e1c353e50b40297a2929801759 Author: Laurent Dufour Date: Thu Mar 9 16:17:06 2017 -0800 mm/cgroup: avoid panic when init with low memory The system may panic when initialisation is done when almost all the memory is assigned to the huge pages using the kernel command line parameter hugepage=xxxx. Panic may occur like this: Unable to handle kernel paging request for data at address 0x00000000 Faulting instruction address: 0xc000000000302b88 Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=2048 [ 0.082424] NUMA pSeries Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.0-15-generic #16-Ubuntu task: c00000021ed01600 task.stack: c00000010d108000 NIP: c000000000302b88 LR: c000000000270e04 CTR: c00000000016cfd0 REGS: c00000010d10b2c0 TRAP: 0300 Not tainted (4.9.0-15-generic) MSR: 8000000002009033 [ 0.082770] CR: 28424422 XER: 00000000 CFAR: c0000000003d28b8 DAR: 0000000000000000 DSISR: 40000000 SOFTE: 1 GPR00: c000000000270e04 c00000010d10b540 c00000000141a300 c00000010fff6300 GPR04: 0000000000000000 00000000026012c0 c00000010d10b630 0000000487ab0000 GPR08: 000000010ee90000 c000000001454fd8 0000000000000000 0000000000000000 GPR12: 0000000000004400 c00000000fb80000 00000000026012c0 00000000026012c0 GPR16: 00000000026012c0 0000000000000000 0000000000000000 0000000000000002 GPR20: 000000000000000c 0000000000000000 0000000000000000 00000000024200c0 GPR24: c0000000016eef48 0000000000000000 c00000010fff7d00 00000000026012c0 GPR28: 0000000000000000 c00000010fff7d00 c00000010fff6300 c00000010d10b6d0 NIP mem_cgroup_soft_limit_reclaim+0xf8/0x4f0 LR do_try_to_free_pages+0x1b4/0x450 Call Trace: do_try_to_free_pages+0x1b4/0x450 try_to_free_pages+0xf8/0x270 __alloc_pages_nodemask+0x7a8/0xff0 new_slab+0x104/0x8e0 ___slab_alloc+0x620/0x700 __slab_alloc+0x34/0x60 kmem_cache_alloc_node_trace+0xdc/0x310 mem_cgroup_init+0x158/0x1c8 do_one_initcall+0x68/0x1d0 kernel_init_freeable+0x278/0x360 kernel_init+0x24/0x170 ret_from_kernel_thread+0x5c/0x74 Instruction dump: eb81ffe0 eba1ffe8 ebc1fff0 ebe1fff8 4e800020 3d230001 e9499a42 3d220004 3929acd8 794a1f24 7d295214 eac90100 2fa90000 419eff74 3b200000 ---[ end trace 342f5208b00d01b6 ]--- This is a chicken and egg issue where the kernel try to get free memory when allocating per node data in mem_cgroup_init(), but in that path mem_cgroup_soft_limit_reclaim() is called which assumes that these data are allocated. As mem_cgroup_soft_limit_reclaim() is best effort, it should return when these data are not yet allocated. This patch also fixes potential null pointer access in mem_cgroup_remove_from_trees() and mem_cgroup_update_tree(). Link: http://lkml.kernel.org/r/1487856999-16581-2-git-send-email-ldufour@linux.vnet.ibm.com Signed-off-by: Laurent Dufour Acked-by: Michal Hocko Acked-by: Johannes Weiner Acked-by: Balbir Singh Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memcontrol.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit f4b7ac68f438fa8521bbbf421f194ff10b0a7577 Author: Masanari Iida Date: Thu Mar 9 16:17:03 2017 -0800 drivers/md/bcache/util.h: remove duplicate inclusion of blkdev.h Link: http://lkml.kernel.org/r/20170226060230.11555-1-standby24x7@gmail.com Signed-off-by: Masanari Iida Acked-by: Coly Li Cc: Kent Overstreet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/md/bcache/util.h | 1 - 1 file changed, 1 deletion(-) commit ce9311cf95ad8baf044a014738d76973d93b739a Author: Yisheng Xie Date: Thu Mar 9 16:17:00 2017 -0800 mm/vmstats: add thp_split_pud event for clarity We added support for PUD-sized transparent hugepages, however we count the event "thp split pud" into thp_split_pmd event. To separate the event count of thp split pud from pmd, add a new event named thp_split_pud. Link: http://lkml.kernel.org/r/1488282380-5076-1-git-send-email-xieyisheng1@huawei.com Signed-off-by: Yisheng Xie Cc: Vlastimil Babka Cc: Johannes Weiner Cc: Michal Hocko Cc: Joonsoo Kim Cc: Sebastian Siewior Cc: Hugh Dickins Cc: Christoph Lameter Cc: Kirill A. Shutemov Cc: Aneesh Kumar K.V Cc: Mel Gorman Cc: Andrea Arcangeli Cc: Ebru Akagunduz Cc: David Rientjes Cc: Hanjun Guo Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/vm_event_item.h | 3 +++ mm/huge_memory.c | 2 +- mm/vmstat.c | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) commit cbfd0c1001bedb4b051cf4a1f5df24f1500381bc Author: Arnd Bergmann Date: Thu Mar 9 16:16:57 2017 -0800 include/linux/fs.h: fix unsigned enum warning with gcc-4.2 With arm-linux-gcc-4.2, almost every file we build in the kernel ends up with this warning: include/linux/fs.h:2648: warning: comparison of unsigned expression < 0 is always false Later versions don't have this problem, but it's easy enough to work around. Link: http://lkml.kernel.org/r/20161216105634.235457-12-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Russell King Cc: Brendan Gregg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/fs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8c9e7bb7a41f2bbd54b2caefb274fb3de239819f Author: Andrea Arcangeli Date: Thu Mar 9 16:16:54 2017 -0800 userfaultfd: non-cooperative: release all ctx in dup_userfaultfd_complete Don't stop running dup_fctx() even if userfaultfd_event_wait_completion fails as it has to run userfaultfd_ctx_put on all ctx to pair against the userfaultfd_ctx_get that was run on all fctx->orig in dup_userfaultfd. Link: http://lkml.kernel.org/r/20170224181957.19736-4-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Acked-by: Mike Rapoport Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Cc: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) commit 9a69a829f9b656c2a220d65a94ecf7b5887c5da1 Author: Andrea Arcangeli Date: Thu Mar 9 16:16:52 2017 -0800 userfaultfd: non-cooperative: robustness check Similar to the handle_userfault() case, also make sure to never attempt to send any event past the PF_EXITING point of no return. This is purely a robustness check. Link: http://lkml.kernel.org/r/20170224181957.19736-3-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Acked-by: Mike Rapoport Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Cc: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit dd0db88d8094a6d9d4d1fc5fcd56ab619f54ccf8 Author: Andrea Arcangeli Date: Thu Mar 9 16:16:49 2017 -0800 userfaultfd: non-cooperative: rollback userfaultfd_exit Patch series "userfaultfd non-cooperative further update for 4.11 merge window". Unfortunately I noticed one relevant bug in userfaultfd_exit while doing more testing. I've been doing testing before and this was also tested by kbuild bot and exercised by the selftest, but this bug never reproduced before. I dropped userfaultfd_exit as result. I dropped it because of implementation difficulty in receiving signals in __mmput and because I think -ENOSPC as result from the background UFFDIO_COPY should be enough already. Before I decided to remove userfaultfd_exit, I noticed userfaultfd_exit wasn't exercised by the selftest and when I tried to exercise it, after moving it to a more correct place in __mmput where it would make more sense and where the vma list is stable, it resulted in the event_wait_completion in D state. So then I added the second patch to be sure even if we call userfaultfd_event_wait_completion too late during task exit(), we won't risk to generate tasks in D state. The same check exists in handle_userfault() for the same reason, except it makes a difference there, while here is just a robustness check and it's run under WARN_ON_ONCE. While looking at the userfaultfd_event_wait_completion() function I looked back at its callers too while at it and I think it's not ok to stop executing dup_fctx on the fcs list because we relay on userfaultfd_event_wait_completion to execute userfaultfd_ctx_put(fctx->orig) which is paired against userfaultfd_ctx_get(fctx->orig) in dup_userfault just before list_add(fcs). This change only takes care of fctx->orig but this area also needs further review looking for similar problems in fctx->new. The only patch that is urgent is the first because it's an use after free during a SMP race condition that affects all processes if CONFIG_USERFAULTFD=y. Very hard to reproduce though and probably impossible without SLUB poisoning enabled. This patch (of 3): I once reproduced this oops with the userfaultfd selftest, it's not easily reproducible and it requires SLUB poisoning to reproduce. general protection fault: 0000 [#1] SMP Modules linked in: CPU: 2 PID: 18421 Comm: userfaultfd Tainted: G ------------ T 3.10.0+ #15 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.1-0-g8891697-prebuilt.qemu-project.org 04/01/2014 task: ffff8801f83b9440 ti: ffff8801f833c000 task.ti: ffff8801f833c000 RIP: 0010:[] [] userfaultfd_exit+0x29/0xa0 RSP: 0018:ffff8801f833fe80 EFLAGS: 00010202 RAX: ffff8801f833ffd8 RBX: 6b6b6b6b6b6b6b6b RCX: ffff8801f83b9440 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800baf18600 RBP: ffff8801f833fee8 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: ffffffff8127ceb3 R12: 0000000000000000 R13: ffff8800baf186b0 R14: ffff8801f83b99f8 R15: 00007faed746c700 FS: 0000000000000000(0000) GS:ffff88023fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007faf0966f028 CR3: 0000000001bc6000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: do_exit+0x297/0xd10 SyS_exit+0x17/0x20 tracesys+0xdd/0xe2 Code: 00 00 66 66 66 66 90 55 48 89 e5 41 54 53 48 83 ec 58 48 8b 1f 48 85 db 75 11 eb 73 66 0f 1f 44 00 00 48 8b 5b 10 48 85 db 74 64 <4c> 8b a3 b8 00 00 00 4d 85 e4 74 eb 41 f6 84 24 2c 01 00 00 80 RIP [] userfaultfd_exit+0x29/0xa0 RSP ---[ end trace 9fecd6dcb442846a ]--- In the debugger I located the "mm" pointer in the stack and walking mm->mmap->vm_next through the end shows the vma->vm_next list is fully consistent and it is null terminated list as expected. So this has to be an SMP race condition where userfaultfd_exit was running while the vma list was being modified by another CPU. When userfaultfd_exit() run one of the ->vm_next pointers pointed to SLAB_POISON (RBX is the vma pointer and is 0x6b6b..). The reason is that it's not running in __mmput but while there are still other threads running and it's not holding the mmap_sem (it can't as it has to wait the even to be received by the manager). So this is an use after free that was happening for all processes. One more implementation problem aside from the race condition: userfaultfd_exit has really to check a flag in mm->flags before walking the vma or it's going to slowdown the exit() path for regular tasks. One more implementation problem: at that point signals can't be delivered so it would also create a task in D state if the manager doesn't read the event. The major design issue: it overall looks superfluous as the manager can check for -ENOSPC in the background transfer: if (mmget_not_zero(ctx->mm)) { [..] } else { return -ENOSPC; } It's safer to roll it back and re-introduce it later if at all. [rppt@linux.vnet.ibm.com: documentation fixup after removal of UFFD_EVENT_EXIT] Link: http://lkml.kernel.org/r/1488345437-4364-1-git-send-email-rppt@linux.vnet.ibm.com Link: http://lkml.kernel.org/r/20170224181957.19736-2-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Signed-off-by: Mike Rapoport Acked-by: Mike Rapoport Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Cc: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/vm/userfaultfd.txt | 4 ---- fs/userfaultfd.c | 28 ---------------------------- include/linux/userfaultfd_k.h | 6 ------ include/uapi/linux/userfaultfd.h | 5 +---- kernel/exit.c | 1 - 5 files changed, 1 insertion(+), 43 deletions(-) commit b2e593e271b0760ebc8999e5f9dd068ae2b9d30a Author: Dan Williams Date: Thu Mar 9 16:16:45 2017 -0800 x86, mm: unify exit paths in gup_pte_range() All exit paths from gup_pte_range() require pte_unmap() of the original pte page before returning. Refactor the code to have a single exit point to do the unmap. This mirrors the flow of the generic gup_pte_range() in mm/gup.c. Link: http://lkml.kernel.org/r/148804251828.36605.14910389618497006945.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Cc: Dave Hansen Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/mm/gup.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) commit ef947b2529f918d9606533eb9c32b187ed6a5ede Author: Dan Williams Date: Thu Mar 9 16:16:42 2017 -0800 x86, mm: fix gup_pte_range() vs DAX mappings gup_pte_range() fails to check pte_allows_gup() before translating a DAX pte entry, pte_devmap(), to a page. This allows writes to read-only mappings, and bypasses the DAX cacheline dirty tracking due to missed 'mkwrite' faults. The gup_huge_pmd() path and the gup_huge_pud() path correctly check pte_allows_gup() before checking for _devmap() entries. Fixes: 3565fce3a659 ("mm, x86: get_user_pages() for dax mappings") Link: http://lkml.kernel.org/r/148804251312.36605.12665024794196605053.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Ross Zwisler Signed-off-by: Dan Williams Reported-by: Dave Hansen Reported-by: Ross Zwisler Cc: Xiong Zhou Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/mm/gup.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit d19469e8415813cceaa494b6f538e327b9a95f3b Author: Aneesh Kumar K.V Date: Thu Mar 9 16:16:39 2017 -0800 power/mm: update pte_write and pte_wrprotect to handle savedwrite We use pte_write() to check whethwer the pte entry is writable. This is mostly used to later mark the pte read only if it is writable. The other use of pte_write() is to check whether the pte_entry is writable so that hardware page table entry can be marked accordingly. This is used in kvm where we look at qemu page table entry and update hardware hash page table for the guest with correct write enable bit. With the above, for the first usage we should also check the savedwrite bit so that we can correctly clear the savedwite bit. For the later, we add a new variant __pte_write(). With this we can revert write_protect_page part of 595cd8f256d2 ("mm/ksm: handle protnone saved writes when making page write protect"). But I left it as it is as an example code for savedwrite check. Fixes: c137a2757b886 ("powerpc/mm/autonuma: switch ppc64 to its own implementation of saved write") Link: http://lkml.kernel.org/r/1488203787-17849-2-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Cc: Rik van Riel Cc: Mel Gorman Cc: Paul Mackerras Cc: Benjamin Herrenschmidt Cc: Michael Ellerman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/include/asm/book3s/64/pgtable.h | 24 +++++++++++++++++++----- arch/powerpc/kvm/book3s_64_mmu_hv.c | 2 +- arch/powerpc/kvm/book3s_hv_rm_mmu.c | 2 +- 3 files changed, 21 insertions(+), 7 deletions(-) commit 52c50ca75c534c0772b71900a29b3a71439b32ef Author: Aneesh Kumar K.V Date: Thu Mar 9 16:16:36 2017 -0800 powerpc/mm: handle protnone ptes on fork We need to mark pages of parent process read only on fork. Numa fault pte needs a protnone ptes variant with saved write flag set. On fork we need to make sure we remove the saved write bit. Instead of adding the protnone check in the caller update ptep_set_wrprotect variants to clear savedwrite bit. Without this we see random segfaults in application on fork. Fixes: c137a2757b886 ("powerpc/mm/autonuma: switch ppc64 to its own implementation of saved write") Link: http://lkml.kernel.org/r/1488203787-17849-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Cc: Rik van Riel Cc: Mel Gorman Cc: Paul Mackerras Cc: Benjamin Herrenschmidt Cc: Michael Ellerman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/include/asm/book3s/64/pgtable.h | 73 ++++++++++++++++------------ 1 file changed, 42 insertions(+), 31 deletions(-) commit 505d3085d7120a9f4cd0d6ffaa876968854b3baa Author: Masahiro Yamada Date: Thu Mar 9 16:16:33 2017 -0800 scripts/spelling.txt: add "overide" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: overide||override While we are here, fix the doubled "address" in the touched line Documentation/devicetree/bindings/regulator/ti-abb-regulator.txt. Also, fix the comment block style in the touched hunks in drivers/media/dvb-frontends/drx39xyj/drx_driver.h. Link: http://lkml.kernel.org/r/1481573103-11329-21-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/devicetree/bindings/regulator/ti-abb-regulator.txt | 2 +- drivers/block/paride/pcd.c | 2 +- drivers/block/paride/pd.c | 2 +- drivers/block/paride/pf.c | 2 +- drivers/block/paride/pg.c | 2 +- drivers/block/paride/pt.c | 2 +- drivers/media/dvb-frontends/drx39xyj/drx_driver.h | 8 +++----- drivers/net/ethernet/qlogic/qlge/qlge.h | 2 +- include/dt-bindings/sound/cs42l42.h | 2 +- include/net/irda/timer.h | 2 +- kernel/trace/trace_stack.c | 2 +- scripts/spelling.txt | 1 + tools/lguest/lguest.c | 2 +- tools/lib/bpf/Makefile | 2 +- tools/lib/traceevent/Makefile | 2 +- tools/lib/traceevent/event-parse.h | 2 +- 16 files changed, 18 insertions(+), 19 deletions(-) commit 8a1115ff6b6d90cf1066ec3a0c4e51276553eebe Author: Masahiro Yamada Date: Thu Mar 9 16:16:31 2017 -0800 scripts/spelling.txt: add "disble(d)" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: disble||disable disbled||disabled I kept the TSL2563_INT_DISBLED in /drivers/iio/light/tsl2563.c untouched. The macro is not referenced at all, but this commit is touching only comment blocks just in case. Link: http://lkml.kernel.org/r/1481573103-11329-20-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/dev-tools/kcov.rst | 2 +- arch/cris/arch-v32/drivers/cryptocop.c | 2 +- arch/x86/kernel/ftrace.c | 2 +- drivers/crypto/ux500/cryp/cryp.c | 2 +- drivers/gpu/drm/amd/amdgpu/sdma_v3_0.c | 2 +- drivers/hv/channel.c | 2 +- drivers/isdn/hisax/st5481_b.c | 2 +- drivers/mtd/spi-nor/spi-nor.c | 2 +- drivers/net/ethernet/qlogic/qlge/qlge.h | 2 +- drivers/scsi/aic7xxx/aic79xx_core.c | 2 +- drivers/usb/gadget/legacy/inode.c | 3 +-- drivers/usb/host/xhci.c | 4 ++-- include/linux/regulator/machine.h | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/events/core.c | 2 +- scripts/spelling.txt | 2 ++ sound/soc/amd/acp-pcm-dma.c | 2 +- 17 files changed, 19 insertions(+), 18 deletions(-) commit 6bbc4a4144b1a69743022ac68dfaf6e7d993abb9 Author: Andrea Arcangeli Date: Thu Mar 9 16:16:28 2017 -0800 userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE __do_fault assumes vmf->page has been initialized and is valid if VM_FAULT_NOPAGE is not returned by vma->vm_ops->fault(vma, vmf). handle_userfault() in turn should return VM_FAULT_NOPAGE if it doesn't return VM_FAULT_SIGBUS or VM_FAULT_RETRY (the other two possibilities). This VM_FAULT_NOPAGE case is only invoked when signal are pending and it didn't matter for anonymous memory before. It only started to matter since shmem was introduced. hugetlbfs also takes a different path and doesn't exercise __do_fault. Link: http://lkml.kernel.org/r/20170228154201.GH5816@redhat.com Signed-off-by: Andrea Arcangeli Reported-by: Dmitry Vyukov Cc: "Kirill A. Shutemov" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c1aa905a304e4b5e6a3fe112ec62d9c1c7b0c155 Merge: 144c766 32d3b06 Author: Linus Torvalds Date: Thu Mar 9 16:30:37 2017 -0800 Merge tag 'pm-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix several issues in the intel_pstate driver and one issue in the schedutil cpufreq governor, clean up that governor a bit and hook up existing code for disabling cpufreq to a new kernel command line option. Specifics: - Three fixes for intel_pstate problems related to the passive mode (in which it acts as a regular cpufreq scaling driver), two for the handling of global P-state limits and one for the handling of the cpu_frequency tracepoint in that mode (Rafael Wysocki). - Three fixes for the handling of P-state limits in intel_pstate in the active mode (Rafael Wysocki). - Introduction of a new cpufreq.off=1 kernel command line argument that will disable cpufreq entirely if passed to the kernel and is simply hooked up to the existing code used by Xen (Len Brown). - Fix for the schedutil cpufreq governor to prevent it from using stale raw frequency values in configurations with mutiple CPUs sharing one policy object and a cleanup for it reducing its overhead slightly (Viresh Kumar)" * tag 'pm-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: intel_pstate: Do not reinit performance limits in ->setpolicy cpufreq: intel_pstate: Fix intel_pstate_verify_policy() cpufreq: intel_pstate: Fix global settings in active mode cpufreq: Add the "cpufreq.off=1" cmdline option cpufreq: schedutil: Pass sg_policy to get_next_freq() cpufreq: schedutil: move cached_raw_freq to struct sugov_policy cpufreq: intel_pstate: Avoid triggering cpu_frequency tracepoint unnecessarily cpufreq: intel_pstate: Fix intel_cpufreq_verify_policy() cpufreq: intel_pstate: Do not use performance_limits in passive mode commit 144c7666b535aa5d402bf37db84df90aebf1f563 Merge: 34bbce9 3bd7db6 Author: Linus Torvalds Date: Thu Mar 9 16:02:04 2017 -0800 Merge tag 'pci-v4.11-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: "PCI fixes: - fix NULL pointer dereference in Exynos driver - fix NULL pointer dereference in ASPM with pre-1.1 PCIe devices - blacklist QLogic ISP2722 to prevent panics while reading VPD" * tag 'pci-v4.11-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI/ASPM: Always set link->downstream to avoid NULL dereference on remove PCI: Prevent VPD access for QLogic ISP2722 PCI: exynos: Initialize elbi_base even when using PHY framework commit 34bbce9e344b47e8871273409632f525973afad4 Merge: bb61ce5 672a2c8 Author: Linus Torvalds Date: Thu Mar 9 15:53:25 2017 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Sending this a bit sooner than I otherwise would have, as a fix in the merge window had some unfortunate issues and side effects for some folks. This contains: - Fixes from Jan for the bdi registration/unregistration. These have been tested by the various parties reporting issues, and should be solid at this point. - Also from Jan, fix for axonram gendisk registration. - A stable fix for zram from Johannes. - A small series from Ming, fixing up some long standing issues with blk-mq hardware queue kobject initialization and registration. - A fix for sed opal from Jon, fixing a nonsensical range check and some set-but-not-used variables. - A fix from Neil for a long standing deadlock issue for stacking device drivers. With this in place, dm/md don't have to work around the issue anymore, and can be properly fixed up" * 'for-linus' of git://git.kernel.dk/linux-block: axonram: Fix gendisk handling blk: improve order of bio handling in generic_make_request() Revert "scsi, block: fix duplicate bdi name registration crashes" block: Make del_gendisk() safer for disks without queues bdi: Fix use-after-free in wb_congested_put() block: Allow bdi re-registration block/sed: Fix opal user range check and unused variables zram: set physical queue limits to avoid array out of bounds accesses blk-mq: free hctx->cpumask in release handler of hctx's kobject blk-mq: make lifetime consistent between hctx and its kobject blk-mq: make lifetime consitent between q/ctx and its kobject blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() commit bb61ce54e8986ea18f7eb13cfa4a6fa8eb311bbd Merge: cb2113c 8c71fff Author: Linus Torvalds Date: Thu Mar 9 15:50:56 2017 -0800 Merge tag 'media/v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: "Media regression fixes: - serial_ir: fix a Kernel crash during boot on Kernel 4.11-rc1, due to an IRQ code called too early - other IR regression fixes at lirc and at the raw IR decoding - a deadlock fix at the RC nuvoton driver - fix another issue with DMA on stack at dw2102 driver There's an extra patch there that change a driver interface for the SoC VSP1 driver, with is shared between the DRM and V4L2 driver. The patch itself is trivial, and was acked by David Arlie" * tag 'media/v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: [media] v4l: vsp1: Adapt vsp1_du_setup_lif() interface to use a structure [media] dw2102: don't do DMA on stack [media] rc: protocol is not set on register for raw IR devices [media] rc: raw decoder for keymap protocol is not loaded on register [media] rc: nuvoton: fix deadlock in nvt_write_wakeup_codes [media] lirc: fix dead lock between open and wakeup_filter [media] serial_ir: ensure we're ready to receive interrupts commit 8bd49ac86677ca43d64f08c45864e438283d6a76 Author: Heiko Carstens Date: Mon Mar 6 09:57:17 2017 +0100 s390: wire up statx system call Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/uapi/asm/unistd.h | 4 +++- arch/s390/kernel/compat_wrapper.c | 1 + arch/s390/kernel/syscalls.S | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) commit a5b11dac1f57c4b327c2d6eccb8fdd01499f9e17 Author: Alex Deucher Date: Wed Mar 8 17:23:21 2017 -0500 drm/amdgpu: bump driver version for some new features We added new gem ioctl flags and the new fences ioctl, but forgot to bump the version. Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 834e0f8ae4e104fa026ffe5cdee58491f3078403 Author: Alex Deucher Date: Wed Mar 8 17:40:17 2017 -0500 drm/amdgpu: validate paramaters in the gem ioctl Reject it if there are any invalid flags or domains. Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) commit 8ddbb3124da9b1ea73567374ff01de5f62a6637b Merge: 745cb7f 4fe8435 Author: David S. Miller Date: Thu Mar 9 13:27:18 2017 -0800 Merge branch 'bpf-htab-fixes' Alexei Starovoitov says: ==================== bpf: htab fixes Two bpf hashtable fixes. See individual patches for details. ==================== Signed-off-by: David S. Miller commit 4fe8435909fddc97b81472026aa954e06dd192a5 Author: Alexei Starovoitov Date: Tue Mar 7 20:00:13 2017 -0800 bpf: convert htab map to hlist_nulls when all map elements are pre-allocated one cpu can delete and reuse htab_elem while another cpu is still walking the hlist. In such case the lookup may miss the element. Convert hlist to hlist_nulls to avoid such scenario. When bucket lock is taken there is no need to take such precautions, so only convert map_lookup and map_get_next to nulls. The race window is extremely small and only reproducible with explicit udelay() inside lookup_nulls_elem_raw() Similar to hlist add hlist_nulls_for_each_entry_safe() and hlist_nulls_entry_safe() helpers. Fixes: 6c9059817432 ("bpf: pre-allocate hash map elements") Reported-by: Jonathan Perry Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Signed-off-by: David S. Miller include/linux/list_nulls.h | 5 +++ include/linux/rculist_nulls.h | 14 +++++++ kernel/bpf/hashtab.c | 94 +++++++++++++++++++++++++++---------------- 3 files changed, 79 insertions(+), 34 deletions(-) commit 9f691549f76d488a0c74397b3e51e943865ea01f Author: Alexei Starovoitov Date: Tue Mar 7 20:00:12 2017 -0800 bpf: fix struct htab_elem layout when htab_elem is removed from the bucket list the htab_elem.hash_node.next field should not be overridden too early otherwise we have a tiny race window between lookup and delete. The bug was discovered by manual code analysis and reproducible only with explicit udelay() in lookup_elem_raw(). Fixes: 6c9059817432 ("bpf: pre-allocate hash map elements") Reported-by: Jonathan Perry Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Signed-off-by: David S. Miller kernel/bpf/hashtab.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) commit 745cb7f8a5de0805cade3de3991b7a95317c7c73 Author: Dmitry V. Levin Date: Tue Mar 7 23:50:50 2017 +0300 uapi: fix linux/packet_diag.h userspace compilation error Replace MAX_ADDR_LEN with its numeric value to fix the following linux/packet_diag.h userspace compilation error: /usr/include/linux/packet_diag.h:67:17: error: 'MAX_ADDR_LEN' undeclared here (not in a function) __u8 pdmc_addr[MAX_ADDR_LEN]; This is not the first case in the UAPI where the numeric value of MAX_ADDR_LEN is used instead of symbolic one, uapi/linux/if_link.h already does the same: $ grep MAX_ADDR_LEN include/uapi/linux/if_link.h __u8 mac[32]; /* MAX_ADDR_LEN */ There are no UAPI headers besides these two that use MAX_ADDR_LEN. Signed-off-by: Dmitry V. Levin Acked-by: Pavel Emelyanov Signed-off-by: David S. Miller include/uapi/linux/packet_diag.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 294acf1c01bace5cea5d30b510504238bf5f7c25 Author: Paolo Abeni Date: Tue Mar 7 18:33:31 2017 +0100 net/tunnel: set inner protocol in network gro hooks The gso code of several tunnels type (gre and udp tunnels) takes for granted that the skb->inner_protocol is properly initialized and drops the packet elsewhere. On the forwarding path no one is initializing such field, so gro encapsulated packets are dropped on forward. Since commit 38720352412a ("gre: Use inner_proto to obtain inner header protocol"), this can be reproduced when the encapsulated packets use gre as the tunneling protocol. The issue happens also with vxlan and geneve tunnels since commit 8bce6d7d0d1e ("udp: Generalize skb_udp_segment"), if the forwarding host's ingress nic has h/w offload for such tunnel and a vxlan/geneve device is configured on top of it, regardless of the configured peer address and vni. To address the issue, this change initialize the inner_protocol field for encapsulated packets in both ipv4 and ipv6 gro complete callbacks. Fixes: 38720352412a ("gre: Use inner_proto to obtain inner header protocol") Fixes: 8bce6d7d0d1e ("udp: Generalize skb_udp_segment") Signed-off-by: Paolo Abeni Acked-by: Alexander Duyck Signed-off-by: David S. Miller net/ipv4/af_inet.c | 4 +++- net/ipv6/ip6_offload.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) commit 8aad6f14c09d78862fc04e47214d398add9bb8ce Author: robert.foss@collabora.com Date: Tue Mar 7 11:46:25 2017 -0500 qed: Fix copy of uninitialized memory In qed_ll2_start_ooo() the ll2_info variable is uninitialized and then passed to qed_ll2_acquire_connection() where it is copied into a new memory space. This shouldn't cause any issue as long as non of the copied memory is every read. But the potential for a bug being introduced by reading this memory is real. Detected by CoverityScan, CID#1399632 ("Uninitialized scalar variable") Signed-off-by: Robert Foss Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_ll2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c021aaca5feb39f5853d10fdedb17043848b48b9 Merge: 3b12f73 36fa35d Author: David S. Miller Date: Thu Mar 9 13:12:42 2017 -0800 Merge branch 'thunderx-misc-fixes' Sunil Goutham says: ==================== net: thunderx: Miscellaneous fixes This patch set fixes multiple issues such as IOMMU translation faults when kernel is booted with IOMMU enabled on host, incorrect MAC ID reading from ACPI tables and IPv6 UDP packet drop due to failure of checksum validation. Changes from v1: - As suggested by David Miller, got rid of conditional calling of DMA map/unmap APIs. Also updated commit message in 'IOMMU translation faults' patch. ==================== Signed-off-by: David S. Miller commit 36fa35d22bffc78c85b5e68adbdd99e914bec764 Author: Thanneeru Srinivasulu Date: Tue Mar 7 18:09:11 2017 +0530 net: thunderx: Allow IPv6 frames with zero UDP checksum Do not consider IPv6 frames with zero UDP checksum as frames with bad checksum and drop them. Signed-off-by: Thanneeru Srinivasulu Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 78aacb6f6eeea3c581a29b4a50438d0bdf85ad0b Author: Sunil Goutham Date: Tue Mar 7 18:09:10 2017 +0530 net: thunderx: Fix invalid mac addresses for node1 interfaces When booted with ACPI, random mac addresses are being assigned to node1 interfaces due to mismatch of bgx_id in BGX driver and ACPI tables. This patch fixes this issue by setting maximum BGX devices per node based on platform/soc instead of a macro. This change will set the bgx_id appropriately. Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 58 ++++++++++++++++++----- drivers/net/ethernet/cavium/thunder/thunder_bgx.h | 1 - 2 files changed, 45 insertions(+), 14 deletions(-) commit 18de7ba95f6e5ab150e482618123d92ee2240dc0 Author: Sunil Goutham Date: Tue Mar 7 18:09:09 2017 +0530 net: thunderx: Fix LMAC mode debug prints for QSGMII mode When BGX/LMACs are in QSGMII mode, for some LMACs, mode info is not being printed. This patch will fix that. With changes already done to not do any sort of serdes 2 lane mapping config calculation in kernel driver, we can get rid of this logic. Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 6 ------ 1 file changed, 6 deletions(-) commit 83abb7d7c91f4ac20e47c3089a10bb93b2ea8994 Author: Sunil Goutham Date: Tue Mar 7 18:09:08 2017 +0530 net: thunderx: Fix IOMMU translation faults ACPI support has been added to ARM IOMMU driver in 4.10 kernel and that has resulted in VNIC interfaces throwing translation faults when kernel is booted with ACPI as driver was not using DMA API. This patch fixes the issue by using DMA API which inturn will create translation tables when IOMMU is enabled. Also VNIC doesn't have a seperate receive buffer ring per receive queue, so there is no 1:1 descriptor index matching between CQE_RX and the index in buffer ring from where a buffer has been used for DMA'ing. Unlike other NICs, here it's not possible to maintain dma address to virt address mappings within the driver. This leaves us no other choice but to use IOMMU's IOVA address conversion API to get buffer's virtual address which can be given to network stack for processing. Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/nic.h | 1 + drivers/net/ethernet/cavium/thunder/nicvf_main.c | 12 +- drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 178 ++++++++++++++++----- drivers/net/ethernet/cavium/thunder/nicvf_queues.h | 4 +- 4 files changed, 156 insertions(+), 39 deletions(-) commit 3b12f73a5c2977153f28a224392fd4729b50d1dc Author: Zhu Yanjun Date: Tue Mar 7 02:48:36 2017 -0500 rds: ib: add error handle In the function rds_ib_setup_qp, the error handle is missing. When some error occurs, it is possible that memory leak occurs. As such, error handle is added. Cc: Joe Jin Reviewed-by: Junxiao Bi Reviewed-by: Guanglei Li Signed-off-by: Zhu Yanjun Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller net/rds/ib_cm.c | 47 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 11 deletions(-) commit 67e303e0c7683957eb4e530453705a43a6d4f966 Author: VSR Burru Date: Mon Mar 6 18:45:59 2017 -0800 liquidio: improve UDP TX performance Improve UDP TX performance by: * reducing the ring size from 2K to 512 * replacing the numerous streaming DMA allocations for info buffers and gather lists with one large consistent DMA allocation per ring BQL is not effective here. We reduced the ring size because there is heavy overhead with dma_map_single every so often. With iommu=on, dma_map_single in PF Tx data path was taking longer time (~700usec) for every ~250 packets. Debugged intel_iommu code, and found that PF driver is utilizing too many static IO virtual address mapping entries (for gather list entries and info buffers): about 100K entries for two PF's each using 8 rings. Also, finding an empty entry (in rbtree of device domain's iova mapping in kernel) during Tx path becomes a bottleneck every so often; the loop to find the empty entry goes through over 40K iterations; this is too costly and was the major overhead. Overhead is low when this loop quits quickly. Netperf benchmark numbers before and after patch: PF UDP TX +--------+--------+------------+------------+---------+ | | | Before | After | | | Number | | Patch | Patch | | | of | Packet | Throughput | Throughput | Percent | | Flows | Size | (Gbps) | (Gbps) | Change | +--------+--------+------------+------------+---------+ | | 360 | 0.52 | 0.93 | +78.9 | | 1 | 1024 | 1.62 | 2.84 | +75.3 | | | 1518 | 2.44 | 4.21 | +72.5 | +--------+--------+------------+------------+---------+ | | 360 | 0.45 | 1.59 | +253.3 | | 4 | 1024 | 1.34 | 5.48 | +308.9 | | | 1518 | 2.27 | 8.31 | +266.1 | +--------+--------+------------+------------+---------+ | | 360 | 0.40 | 1.61 | +302.5 | | 8 | 1024 | 1.64 | 4.24 | +158.5 | | | 1518 | 2.87 | 6.52 | +127.2 | +--------+--------+------------+------------+---------+ VF UDP TX +--------+--------+------------+------------+---------+ | | | Before | After | | | Number | | Patch | Patch | | | of | Packet | Throughput | Throughput | Percent | | Flows | Size | (Gbps) | (Gbps) | Change | +--------+--------+------------+------------+---------+ | | 360 | 1.28 | 1.49 | +16.4 | | 1 | 1024 | 4.44 | 4.39 | -1.1 | | | 1518 | 6.08 | 6.51 | +7.1 | +--------+--------+------------+------------+---------+ | | 360 | 2.35 | 2.35 | 0.0 | | 4 | 1024 | 6.41 | 8.07 | +25.9 | | | 1518 | 9.56 | 9.54 | -0.2 | +--------+--------+------------+------------+---------+ | | 360 | 3.41 | 3.65 | +7.0 | | 8 | 1024 | 9.35 | 9.34 | -0.1 | | | 1518 | 9.56 | 9.57 | +0.1 | +--------+--------+------------+------------+---------+ Signed-off-by: VSR Burru Signed-off-by: Felix Manlunas Signed-off-by: Derek Chickles Signed-off-by: Raghu Vatsavayi Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_main.c | 110 ++++++++++----------- drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 104 ++++++++++--------- .../net/ethernet/cavium/liquidio/octeon_config.h | 6 +- drivers/net/ethernet/cavium/liquidio/octeon_droq.c | 17 +--- drivers/net/ethernet/cavium/liquidio/octeon_droq.h | 4 +- drivers/net/ethernet/cavium/liquidio/octeon_main.h | 42 -------- .../net/ethernet/cavium/liquidio/octeon_network.h | 43 +++++--- 7 files changed, 144 insertions(+), 182 deletions(-) commit 5be083cedc087b2d457ef2e9c2d5698c94d3d5e4 Author: David Ahern Date: Mon Mar 6 15:57:31 2017 -0800 net: ipv6: Remove redundant RTA_OIF in multipath routes Dinesh reported that RTA_MULTIPATH nexthops are 8-bytes larger with IPv6 than IPv4. The recent refactoring for multipath support in netlink messages does discriminate between non-multipath which needs the OIF and multipath which adds a rtnexthop struct for each hop making the RTA_OIF attribute redundant. Resolve by adding a flag to the info function to skip the oif for multipath. Fixes: beb1afac518d ("net: ipv6: Add support to dump multipath routes via RTA_MULTIPATH attribute") Reported-by: Dinesh Dutt Signed-off-by: David Ahern Signed-off-by: David S. Miller net/ipv6/route.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit cb2113cb983f0aadfb63668fe97f9780478313d7 Merge: ea6200e d825adb Author: Linus Torvalds Date: Thu Mar 9 12:23:30 2017 -0800 Merge tag 'for-linus-4.11-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fix and cleanup from Juergen Gross: "This contains one fix for MSIX handling under Xen and a trivial cleanup patch" * tag 'for-linus-4.11-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xenbus: Remove duplicate inclusion of linux/init.h xen: do not re-use pirq number cached in pci device msi msg data commit 5427290d64c752b97d6a2af7506771c7d10eb750 Author: Kinglong Mee Date: Tue Mar 7 17:22:43 2017 +0800 SUNRPC/backchanel: set XPT_CONG_CTRL flag for bc xprt The xprt for backchannel is created separately, not in TCP/UDP code. It needs the XPT_CONG_CTRL flag set on it too--otherwise requests on the NFSv4.1 backchannel are rjected in svc_process_common(): 1191 if (versp->vs_need_cong_ctrl && 1192 !test_bit(XPT_CONG_CTRL, &rqstp->rq_xprt->xpt_flags)) 1193 goto err_bad_vers; Fixes: 5283b03ee5 ("nfs/nfsd/sunrpc: enforce transport...") Signed-off-by: Kinglong Mee Reviewed-by: Jeff Layton Signed-off-by: J. Bruce Fields net/sunrpc/svcsock.c | 1 + 1 file changed, 1 insertion(+) commit 90eceff1a375f6ffa78caf8654e787c0a8a591ef Author: Kirill A. Shutemov Date: Thu Mar 9 17:24:08 2017 +0300 mm: introduce __p4d_alloc() For full 5-level paging we need a helper to allocate p4d page table. Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Signed-off-by: Linus Torvalds mm/memory.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) commit c2febafc67734a62196c1b9dfba926412d4077ba Author: Kirill A. Shutemov Date: Thu Mar 9 17:24:07 2017 +0300 mm: convert generic code to 5-level paging Convert all non-architecture-specific code to 5-level paging. It's mostly mechanical adding handling one more page table level in places where we deal with pud_t. Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Signed-off-by: Linus Torvalds drivers/misc/sgi-gru/grufault.c | 9 +- fs/userfaultfd.c | 6 +- include/asm-generic/pgtable.h | 48 +++++++++- include/linux/hugetlb.h | 5 +- include/linux/kasan.h | 1 + include/linux/mm.h | 31 ++++-- lib/ioremap.c | 39 +++++++- mm/gup.c | 46 +++++++-- mm/huge_memory.c | 7 +- mm/hugetlb.c | 29 +++--- mm/kasan/kasan_init.c | 44 ++++++++- mm/memory.c | 207 +++++++++++++++++++++++++++++++++------- mm/mlock.c | 1 + mm/mprotect.c | 26 ++++- mm/mremap.c | 13 ++- mm/page_vma_mapped.c | 6 +- mm/pagewalk.c | 32 ++++++- mm/pgtable-generic.c | 6 ++ mm/rmap.c | 7 +- mm/sparse-vmemmap.c | 22 ++++- mm/swapfile.c | 26 ++++- mm/userfaultfd.c | 23 +++-- mm/vmalloc.c | 81 ++++++++++++---- 23 files changed, 595 insertions(+), 120 deletions(-) commit 048456dcf2c56ad6f6248e2899dda92fb6a613f6 Author: Kirill A. Shutemov Date: Thu Mar 9 17:24:06 2017 +0300 asm-generic: introduce Like with pgtable-nopud.h for 4-level paging, this new header is base for converting an architectures to properly folded p4d_t level. Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Signed-off-by: Linus Torvalds include/asm-generic/pgtable-nop4d.h | 56 +++++++++++++++++++++++++++++++++++++ include/asm-generic/pgtable-nopud.h | 43 ++++++++++++++-------------- include/asm-generic/tlb.h | 14 ++++++++-- 3 files changed, 89 insertions(+), 24 deletions(-) commit 9849a5697d3defb2087cb6b9be5573a142697889 Author: Kirill A. Shutemov Date: Thu Mar 9 17:24:05 2017 +0300 arch, mm: convert all architectures to use 5level-fixup.h If an architecture uses 4level-fixup.h we don't need to do anything as it includes 5level-fixup.h. If an architecture uses pgtable-nop*d.h, define __ARCH_USE_5LEVEL_HACK before inclusion of the header. It makes asm-generic code to use 5level-fixup.h. If an architecture has 4-level paging or folds levels on its own, include 5level-fixup.h directly. Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Signed-off-by: Linus Torvalds arch/arc/include/asm/hugepage.h | 1 + arch/arc/include/asm/pgtable.h | 1 + arch/arm/include/asm/pgtable.h | 1 + arch/arm64/include/asm/pgtable-types.h | 4 ++++ arch/avr32/include/asm/pgtable-2level.h | 1 + arch/cris/include/asm/pgtable.h | 1 + arch/frv/include/asm/pgtable.h | 1 + arch/h8300/include/asm/pgtable.h | 1 + arch/hexagon/include/asm/pgtable.h | 1 + arch/ia64/include/asm/pgtable.h | 2 ++ arch/metag/include/asm/pgtable.h | 1 + arch/microblaze/include/asm/page.h | 3 ++- arch/mips/include/asm/pgtable-32.h | 1 + arch/mips/include/asm/pgtable-64.h | 1 + arch/mn10300/include/asm/page.h | 1 + arch/nios2/include/asm/pgtable.h | 1 + arch/openrisc/include/asm/pgtable.h | 1 + arch/powerpc/include/asm/book3s/32/pgtable.h | 1 + arch/powerpc/include/asm/book3s/64/pgtable.h | 3 +++ arch/powerpc/include/asm/nohash/32/pgtable.h | 1 + arch/powerpc/include/asm/nohash/64/pgtable-4k.h | 3 +++ arch/powerpc/include/asm/nohash/64/pgtable-64k.h | 1 + arch/s390/include/asm/pgtable.h | 1 + arch/score/include/asm/pgtable.h | 1 + arch/sh/include/asm/pgtable-2level.h | 1 + arch/sh/include/asm/pgtable-3level.h | 1 + arch/sparc/include/asm/pgtable_64.h | 1 + arch/tile/include/asm/pgtable_32.h | 1 + arch/tile/include/asm/pgtable_64.h | 1 + arch/um/include/asm/pgtable-2level.h | 1 + arch/um/include/asm/pgtable-3level.h | 1 + arch/unicore32/include/asm/pgtable.h | 1 + arch/x86/include/asm/pgtable_types.h | 4 ++++ arch/xtensa/include/asm/pgtable.h | 1 + 34 files changed, 46 insertions(+), 1 deletion(-) commit 30ec842660bd0d056d4a7028ac5bd4a82b113d4f Author: Kirill A. Shutemov Date: Thu Mar 9 17:24:04 2017 +0300 asm-generic: introduce __ARCH_USE_5LEVEL_HACK We are going to introduce to provide abstraction for properly (in opposite to 5level-fixup.h hack) folded p4d level. The new header will be included from pgtable-nopud.h. If an architecture uses , we cannot use 5level-fixup.h directly to quickly convert the architecture to 5-level paging as it would conflict with pgtable-nop4d.h. With this patch an architecture can define __ARCH_USE_5LEVEL_HACK before inclusion to use 5level-fixup.h. Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Signed-off-by: Linus Torvalds include/asm-generic/pgtable-nop4d-hack.h | 62 ++++++++++++++++++++++++++++++++ include/asm-generic/pgtable-nopud.h | 5 +++ 2 files changed, 67 insertions(+) commit 505a60e225606fbd3d2eadc31ff793d939ba66f1 Author: Kirill A. Shutemov Date: Thu Mar 9 17:24:03 2017 +0300 asm-generic: introduce 5level-fixup.h We are going to switch core MM to 5-level paging abstraction. This is preparation step which adds As with 4level-fixup.h, the new header allows quickly make all architectures compatible with 5-level paging in core MM. In long run we would like to switch architectures to properly folded p4d level by using , but it requires more changes to arch-specific code. Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Signed-off-by: Linus Torvalds include/asm-generic/4level-fixup.h | 3 ++- include/asm-generic/5level-fixup.h | 41 ++++++++++++++++++++++++++++++++++++++ include/linux/mm.h | 3 +++ 3 files changed, 46 insertions(+), 1 deletion(-) commit 6fb895692a034393d58679cd8d00c9e229719a5f Author: Kirill A. Shutemov Date: Thu Mar 9 17:24:02 2017 +0300 x86/cpufeature: Add 5-level paging detection Look for 'la57' in /proc/cpuinfo to see if your machine supports 5-level paging. Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Signed-off-by: Linus Torvalds arch/x86/include/asm/cpufeatures.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6e347b5e05ea2ac4ac467a5a1cfaebb2c7f06f80 Author: Bjorn Helgaas Date: Thu Mar 9 11:27:07 2017 -0600 PCI: iproc: Save host bridge window resource in struct iproc_pcie The host bridge memory window resource is inserted into the iomem_resource tree and cannot be deallocated until the host bridge itself is removed. Previously, the window was on the stack, which meant the iomem_resource entry pointed into the stack and was corrupted as soon as the probe function returned, which caused memory corruption and errors like this: pcie_iproc_bcma bcma0:8: resource collision: [mem 0x40000000-0x47ffffff] conflicts with PCIe MEM space [mem 0x40000000-0x47ffffff] Move the memory window resource from the stack into struct iproc_pcie so its lifetime matches that of the host bridge. Fixes: c3245a566400 ("PCI: iproc: Request host bridge window resources") Reported-and-tested-by: Rafał Miłecki Signed-off-by: Bjorn Helgaas CC: stable@vger.kernel.org # v4.8+ drivers/pci/host/pcie-iproc-bcma.c | 24 ++++++++++++------------ drivers/pci/host/pcie-iproc-platform.c | 19 ++++++++++--------- drivers/pci/host/pcie-iproc.h | 1 + 3 files changed, 23 insertions(+), 21 deletions(-) commit 61eb2b43b99ebdc9bc6bc83d9792257b243e7cb3 Author: Shaohua Li Date: Tue Feb 28 13:00:20 2017 -0800 md/raid1/10: fix potential deadlock Neil Brown pointed out a potential deadlock in raid 10 code with bio_split/chain. The raid1 code could have the same issue, but recent barrier rework makes it less likely to happen. The deadlock happens in below sequence: 1. generic_make_request(bio), this will set current->bio_list 2. raid10_make_request will split bio to bio1 and bio2 3. __make_request(bio1), wait_barrer, add underlayer disk bio to current->bio_list 4. __make_request(bio2), wait_barrer If raise_barrier happens between 3 & 4, since wait_barrier runs at 3, raise_barrier waits for IO completion from 3. And since raise_barrier sets barrier, 4 waits for raise_barrier. But IO from 3 can't be dispatched because raid10_make_request() doesn't finished yet. The solution is to adjust the IO ordering. Quotes from Neil: " It is much safer to: if (need to split) { split = bio_split(bio, ...) bio_chain(...) make_request_fn(split); generic_make_request(bio); } else make_request_fn(mddev, bio); This way we first process the initial section of the bio (in 'split') which will queue some requests to the underlying devices. These requests will be queued in generic_make_request. Then we queue the remainder of the bio, which will be added to the end of the generic_make_request queue. Then we return. generic_make_request() will pop the lower-level device requests off the queue and handle them first. Then it will process the remainder of the original bio once the first section has been fully processed. " Note, this only happens in read path. In write path, the bio is flushed to underlaying disks either by blk flush (from schedule) or offladed to raid1/10d. It's queued in current->bio_list. Cc: Coly Li Cc: stable@vger.kernel.org (v3.14+, only the raid10 part) Suggested-by: NeilBrown Reviewed-by: Jack Wang Signed-off-by: Shaohua Li drivers/md/raid1.c | 25 +++++++++++++++++++++++-- drivers/md/raid10.c | 18 ++++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) commit 1b3bae49fba52f1ec499c36c53bc07761a9f6c4d Author: NeilBrown Date: Wed Mar 1 07:31:28 2017 +1100 md: don't impose the MD_SB_DISKS limit on arrays without metadata. These arrays, created with "mdadm --build" don't benefit from a limit. The default will be used, which is '0' and is interpreted as "don't impose a limit". Reported-by: ian_bruce@mail.ru Signed-off-by: NeilBrown Signed-off-by: Shaohua Li drivers/md/md.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit c94836342192b05d599d6aa3397f732f7a238689 Author: Guoqing Jiang Date: Fri Feb 24 11:15:23 2017 +0800 md: move funcs from pers->resize to update_size raid1_resize and raid5_resize should also check the mddev->queue if run underneath dm-raid. And both set_capacity and revalidate_disk are used in pers->resize such as raid1, raid10 and raid5. So move them from personality file to common code. Reviewed-by: NeilBrown Signed-off-by: Guoqing Jiang Signed-off-by: Shaohua Li drivers/md/md.c | 8 ++++++-- drivers/md/raid1.c | 2 -- drivers/md/raid10.c | 4 ---- drivers/md/raid5.c | 2 -- 4 files changed, 6 insertions(+), 10 deletions(-) commit 75df023f4f2188c21181996e28234fef9351ef45 Author: Guoqing Jiang Date: Fri Feb 24 11:15:13 2017 +0800 md-cluster: remove useless memset from gather_all_resync_info This memset is not needed. The lvb is already zeroed because it was recently allocated by lockres_init, which uses kzalloc(), and read_resync_info() doesn't need it to be zero anyway. Reviewed-by: NeilBrown Signed-off-by: Guoqing Jiang Signed-off-by: Shaohua Li drivers/md/md-cluster.c | 1 - 1 file changed, 1 deletion(-) commit 9c8043f337f14d1743006dfc59c03e80a42e3884 Author: Guoqing Jiang Date: Fri Feb 24 11:15:12 2017 +0800 md-cluster: free md_cluster_info if node leave cluster To avoid memory leak, we need to free the cinfo which is allocated when node join cluster. Reviewed-by: NeilBrown Signed-off-by: Guoqing Jiang Signed-off-by: Shaohua Li drivers/md/md-cluster.c | 1 + 1 file changed, 1 insertion(+) commit 99b3d74ec05c4a4c57766a90d65b53d78ab06404 Author: Shaohua Li Date: Thu Feb 23 12:31:10 2017 -0800 md: delete dead code Nobody is using mddev_check_plugged(), so delete the dead code Signed-off-by: Shaohua Li drivers/md/md.c | 8 -------- drivers/md/md.h | 6 ------ 2 files changed, 14 deletions(-) commit 6d399783e9d4e9bd44931501948059d24ad96ff8 Author: Shaohua Li Date: Thu Feb 23 12:26:41 2017 -0800 md/raid10: submit bio directly to replacement disk Commit 57c67df(md/raid10: submit IO from originating thread instead of md thread) submits bio directly for normal disks but not for replacement disks. There is no point we shouldn't do this for replacement disks. Cc: NeilBrown Signed-off-by: Shaohua Li drivers/md/raid10.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) commit dcc7620cad5ad1326a78f4031a7bf4f0e5b42984 Author: Guenter Roeck Date: Thu Mar 9 15:39:37 2017 +0200 usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers Upstream commit 98d74f9ceaef ("xhci: fix 10 second timeout on removal of PCI hotpluggable xhci controllers") fixes a problem with hot pluggable PCI xhci controllers which can result in excessive timeouts, to the point where the system reports a deadlock. The same problem is seen with hot pluggable xhci controllers using the xhci-plat driver, such as the driver used for Type-C ports on rk3399. Similar to hot-pluggable PCI controllers, the driver for this chip removes the xhci controller from the system when the Type-C cable is disconnected. The solution for PCI devices works just as well for non-PCI devices and avoids the problem. Signed-off-by: Guenter Roeck Cc: stable Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-plat.c | 2 ++ 1 file changed, 2 insertions(+) commit f95e60a7dbecd2de816bb3ad517b3d4fbc20b507 Author: Peter Chen Date: Thu Mar 9 15:39:36 2017 +0200 usb: host: xhci-dbg: HCIVERSION should be a binary number According to xHCI spec, HCIVERSION containing a BCD encoding of the xHCI specification revision number, 0100h corresponds to xHCI version 1.0. Change "100" as "0x100". Cc: Lu Baolu Cc: stable Fixes: 04abb6de2825 ("xhci: Read and parse new xhci 1.1 capability register") Signed-off-by: Peter Chen Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-dbg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 20e4e37e4a2f1bfd43bcc8c3e666e47665036cc3 Author: Chunfeng Yun Date: Thu Mar 9 15:39:35 2017 +0200 usb: xhci: remove dummy extra_priv_size for size of xhci_hcd struct because hcd_priv_size is already size of xhci_hcd struct, extra_priv_size is not needed anymore for MTK and tegra drivers. Signed-off-by: Chunfeng Yun Tested-by: Thierry Reding Acked-by: Thierry Reding Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-mtk.c | 1 - drivers/usb/host/xhci-tegra.c | 1 - 2 files changed, 2 deletions(-) commit 94a631d91ad341b3b4bdac72d1104d9f090e0ca9 Author: Chunfeng Yun Date: Thu Mar 9 15:39:34 2017 +0200 usb: xhci-mtk: check hcc_params after adding primary hcd hcc_params is set in xhci_gen_setup() called from usb_add_hcd(), so checks the Maximum Primary Stream Array Size in the hcc_params register after adding primary hcd. Signed-off-by: Chunfeng Yun Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-mtk.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 6022c5cadf1a43ca30f431f128daa6163909ad60 Author: Yuantian Tang Date: Thu Mar 9 17:13:29 2017 +0800 ahci: qoriq: correct the sata ecc setting error Sata ecc is controlled by only 1 bit which is 24bit in big-endian in ecc register. So only setting 24bit to disable sata ecc prevents other bits from being overwritten in ecc register. Signed-off-by: Tang Yuantian Signed-off-by: Tejun Heo drivers/ata/ahci_qoriq.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 806dbb20efde821910b5f747befed794077a9109 Author: Wolfram Sang Date: Thu Mar 9 16:41:48 2017 +0100 Revert "i2c: copy device properties when using i2c_register_board_info()" This reverts commit b0c1e95ab44feaad8831f2c06a3473c974003b49. It contains a flaw and the next version has more features added which makes me want to move it to the next cycle. Signed-off-by: Wolfram Sang drivers/i2c/i2c-boardinfo.c | 10 ---------- 1 file changed, 10 deletions(-) commit e61dfc836b8a95c54e5b41d2247df258b0593a1b Merge: 8ce0928e 2e1e494 Author: Wolfram Sang Date: Thu Mar 9 16:34:41 2017 +0100 Merge branch 'i2c-mux/for-current' of https://github.com/peda-r/i2c-mux into i2c/for-current commit 8ce0928e6867fda4d208d7bddf251bce96ab8431 Author: Wolfram Sang Date: Thu Mar 9 16:32:17 2017 +0100 Revert "i2c: add missing of_node_put in i2c_mux_del_adapters" This reverts commit 02dbfa5e5583523035f05636c614a0eca77f1aab. I grabbed the wrong version from the list and will pull the proper one from Peter Rosin's mux tree. Signed-off-by: Wolfram Sang drivers/i2c/i2c-mux.c | 2 -- 1 file changed, 2 deletions(-) commit 9ad224744218a352964f31007a1420f2420a08a0 Author: Javier Martinez Canillas Date: Thu Mar 9 11:05:33 2017 -0300 i2c: exynos5: Avoid transaction timeouts due TRANSFER_DONE_AUTO not set After commit 7999eecb7e56 ("i2c: exynos5: fix arbitration lost handling"), some I2C transactions are failing because the TRANSFER_DONE_AUTO field is not set in the I2C_TRANS_STATUS register so the i2c->status value is left to -EINVAL causing the i2c->msg_complete completion to never be signaled. For example, when reading the time of an I2C rtc on an Exynos5800 machine: $ cat /sys/class/rtc/rtc0/time [ 25.924594] exynos5-hsi2c 12e10000.i2c: rx timeout [ 65.028365] max77686-rtc max77802-rtc: Fail to read time reg(-22) cat: /sys/class/rtc/rtc0/time: Invalid argument The Exynos5422 manual states clearly that most I2C_TRANS_STATUS reg bits (including TRANSFER_DONE_AUTO) are cleared after the register is read. So reading has side effects and should only be done if HSI2C_INT_I2C was set. Fixes: 7999eecb7e56 ("i2c: exynos5: fix arbitration lost handling") Signed-off-by: Javier Martinez Canillas Reviewed-by: Andrzej Hajda Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-exynos5.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6a29b512cf1ebc2ceff6dbc1a256dbde3e259a2b Merge: 05d8d34 955a3fc Author: Radim Krčmář Date: Thu Mar 9 15:48:42 2017 +0100 Merge tag 'kvm-arm-for-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm KVM/ARM updates for v4.11-rc2 vgic updates: - Honour disabling the ITS - Don't deadlock when deactivating own interrupts via MMIO - Correctly expose the lact of IRQ/FIQ bypass on GICv3 I/O virtualization: - Make KVM_CAP_NR_MEMSLOTS big enough for large guests with many PCIe devices General bug fixes: - Gracefully handle exception generated with syndroms that the host doesn't understand - Properly invalidate TLBs on VHE systems commit 05d8d34611139f8435af90ac54b65eb31e82e388 Author: Radim Krčmář Date: Tue Mar 7 17:51:49 2017 +0100 KVM: nVMX: do not warn when MSR bitmap address is not backed Before trying to do nested_get_page() in nested_vmx_merge_msr_bitmap(), we have already checked that the MSR bitmap address is valid (4k aligned and within physical limits). SDM doesn't specify what happens if the there is no memory mapped at the valid address, but Intel CPUs treat the situation as if the bitmap was configured to trap all MSRs. KVM already does that by returning false and a correct handling doesn't need the guest-trigerrable warning that was reported by syzkaller: (The warning was originally there to catch some possible bugs in nVMX.) ------------[ cut here ]------------ WARNING: CPU: 0 PID: 7832 at arch/x86/kvm/vmx.c:9709 nested_vmx_merge_msr_bitmap arch/x86/kvm/vmx.c:9709 [inline] WARNING: CPU: 0 PID: 7832 at arch/x86/kvm/vmx.c:9709 nested_get_vmcs12_pages+0xfb6/0x15c0 arch/x86/kvm/vmx.c:9640 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 7832 Comm: syz-executor1 Not tainted 4.10.0+ #229 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51 panic+0x1fb/0x412 kernel/panic.c:179 __warn+0x1c4/0x1e0 kernel/panic.c:540 warn_slowpath_null+0x2c/0x40 kernel/panic.c:583 nested_vmx_merge_msr_bitmap arch/x86/kvm/vmx.c:9709 [inline] nested_get_vmcs12_pages+0xfb6/0x15c0 arch/x86/kvm/vmx.c:9640 enter_vmx_non_root_mode arch/x86/kvm/vmx.c:10471 [inline] nested_vmx_run+0x6186/0xaab0 arch/x86/kvm/vmx.c:10561 handle_vmlaunch+0x1a/0x20 arch/x86/kvm/vmx.c:7312 vmx_handle_exit+0xfc0/0x3f00 arch/x86/kvm/vmx.c:8526 vcpu_enter_guest arch/x86/kvm/x86.c:6982 [inline] vcpu_run arch/x86/kvm/x86.c:7044 [inline] kvm_arch_vcpu_ioctl_run+0x1418/0x4840 arch/x86/kvm/x86.c:7205 kvm_vcpu_ioctl+0x673/0x1120 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2570 Reported-by: Dmitry Vyukov Reviewed-by: Jim Mattson [Jim Mattson explained the bare metal behavior: "I believe this behavior would be documented in the chipset data sheet rather than the SDM, since the chipset returns all 1s for an unclaimed read."] Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 32d3b06a39783fbe849176774037b44f209979ea Merge: fd8e57d 655cb1e Author: Rafael J. Wysocki Date: Thu Mar 9 15:12:55 2017 +0100 Merge branch 'pm-cpufreq-sched' * pm-cpufreq-sched: cpufreq: schedutil: Pass sg_policy to get_next_freq() cpufreq: schedutil: move cached_raw_freq to struct sugov_policy commit fd8e57d5d3041a93b87bb892d7819cd89d7445db Merge: c1ae3cf a240c4a Author: Rafael J. Wysocki Date: Thu Mar 9 15:12:27 2017 +0100 Merge branch 'pm-cpufreq' * pm-cpufreq: cpufreq: intel_pstate: Do not reinit performance limits in ->setpolicy cpufreq: intel_pstate: Fix intel_pstate_verify_policy() cpufreq: intel_pstate: Fix global settings in active mode cpufreq: Add the "cpufreq.off=1" cmdline option cpufreq: intel_pstate: Avoid triggering cpu_frequency tracepoint unnecessarily cpufreq: intel_pstate: Fix intel_cpufreq_verify_policy() cpufreq: intel_pstate: Do not use performance_limits in passive mode commit d6c098a1db468b7fd4635e831f276851dfd8852c Author: Brian Norris Date: Wed Mar 8 15:18:54 2017 -0800 ASoC: don't dereference NULL pcm_{new,free} Not all platform drivers have pcm_{new,free} callbacks. Seen with a "snd-soc-dummy" codec from sound/soc/rockchip/rk3399_gru_sound.c. Fixes: 99b04f4c4051 ("ASoC: add Component level pcm_new/pcm_free") Signed-off-by: Brian Norris Signed-off-by: Mark Brown sound/soc/soc-core.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 920c634aff6cb66e7f352668521eb1313897e93c Merge: b28ace1 4b9de5d Author: Thomas Gleixner Date: Thu Mar 9 12:06:41 2017 +0100 Merge tag 'irq-fixes-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent Pull irqchip/irqdomain updates for 4.11-rc2 from Marc Zyngier - irqchip/crossbar: Some type tidying up - irqchip/gicv3-its: Workaround for a Qualcomm erratum - irqdomain: Compile for for systems that don't use CONFIG_IRQ_DOMAIN Fixed up minor conflict in the crossbar driver. commit 28b62b1458685d8f68f67d9b2d511bf8fa32b746 Author: Krzysztof Kozlowski Date: Wed Mar 8 23:14:20 2017 +0200 crypto: s5p-sss - Fix spinlock recursion on LRW(AES) Running TCRYPT with LRW compiled causes spinlock recursion: testing speed of async lrw(aes) (lrw(ecb-aes-s5p)) encryption tcrypt: test 0 (256 bit key, 16 byte blocks): 19007 operations in 1 seconds (304112 bytes) tcrypt: test 1 (256 bit key, 64 byte blocks): 15753 operations in 1 seconds (1008192 bytes) tcrypt: test 2 (256 bit key, 256 byte blocks): 14293 operations in 1 seconds (3659008 bytes) tcrypt: test 3 (256 bit key, 1024 byte blocks): 11906 operations in 1 seconds (12191744 bytes) tcrypt: test 4 (256 bit key, 8192 byte blocks): BUG: spinlock recursion on CPU#1, irq/84-10830000/89  lock: 0xeea99a68, .magic: dead4ead, .owner: irq/84-10830000/89, .owner_cpu: 1 CPU: 1 PID: 89 Comm: irq/84-10830000 Not tainted 4.11.0-rc1-00001-g897ca6d0800d #559 Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (dump_stack+0x78/0x8c) [] (dump_stack) from [] (do_raw_spin_lock+0x11c/0x120) [] (do_raw_spin_lock) from [] (_raw_spin_lock_irqsave+0x20/0x28) [] (_raw_spin_lock_irqsave) from [] (s5p_aes_crypt+0x2c/0xb4) [] (s5p_aes_crypt) from [] (do_encrypt+0x78/0xb0 [lrw]) [] (do_encrypt [lrw]) from [] (encrypt_done+0x24/0x54 [lrw]) [] (encrypt_done [lrw]) from [] (s5p_aes_complete+0x60/0xcc) [] (s5p_aes_complete) from [] (s5p_aes_interrupt+0x134/0x1a0) [] (s5p_aes_interrupt) from [] (irq_thread_fn+0x1c/0x54) [] (irq_thread_fn) from [] (irq_thread+0x12c/0x1e0) [] (irq_thread) from [] (kthread+0x108/0x138) [] (kthread) from [] (ret_from_fork+0x14/0x3c) Interrupt handling routine was calling req->base.complete() under spinlock. In most cases this wasn't fatal but when combined with some of the cipher modes (like LRW) this caused recursion - starting the new encryption (s5p_aes_crypt()) while still holding the spinlock from previous round (s5p_aes_complete()). Beside that, the s5p_aes_interrupt() error handling path could execute two completions in case of error for RX and TX blocks. Rewrite the interrupt handling routine and the completion by: 1. Splitting the operations on scatterlist copies from s5p_aes_complete() into separate s5p_sg_done(). This still should be done under lock. The s5p_aes_complete() now only calls req->base.complete() and it has to be called outside of lock. 2. Moving the s5p_aes_complete() out of spinlock critical sections. In interrupt service routine s5p_aes_interrupts(), it appeared in few places, including error paths inside other functions called from ISR. This code was not so obvious to read so simplify it by putting the s5p_aes_complete() only within ISR level. Reported-by: Nathan Royce Cc: # v4.10.x: 07de4bc88c crypto: s5p-sss - Fix completing Cc: # v4.10.x Signed-off-by: Krzysztof Kozlowski Signed-off-by: Herbert Xu drivers/crypto/s5p-sss.c | 127 ++++++++++++++++++++++++++++++----------------- 1 file changed, 82 insertions(+), 45 deletions(-) commit feec467f3995c1639e5f12eca7c7885c8b1d411d Merge: 2f68214 8c76d7c Author: Greg Kroah-Hartman Date: Thu Mar 9 11:14:06 2017 +0100 Merge tag 'usb-serial-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.11-rc2 Here's a fix for a digi_acceleport regression in -rc1, and some fixes for long-standing issues in three other drivers, including a NULL-pointer dereference and a couple of information leaks that could be triggered by a malicious device. Signed-off-by: Johan Hovold commit 1a09b6a7c10e22c489a8b212dd6862b1fd9674ad Author: Stephen Boyd Date: Thu Mar 9 13:45:44 2017 +0530 phy: qcom-usb-hs: Add depends on EXTCON We get the following compile errors if EXTCON is enabled as a module but this driver is builtin: drivers/built-in.o: In function `qcom_usb_hs_phy_power_off': phy-qcom-usb-hs.c:(.text+0x1089): undefined reference to `extcon_unregister_notifier' drivers/built-in.o: In function `qcom_usb_hs_phy_probe': phy-qcom-usb-hs.c:(.text+0x11b5): undefined reference to `extcon_get_edev_by_phandle' drivers/built-in.o: In function `qcom_usb_hs_phy_power_on': phy-qcom-usb-hs.c:(.text+0x128e): undefined reference to `extcon_get_state' phy-qcom-usb-hs.c:(.text+0x12a9): undefined reference to `extcon_register_notifier' so let's mark this as needing to follow the modular status of the extcon framework. Fixes: 9994a33865f4 e2427b09ba929c2b9 (phy: Add support for Qualcomm's USB HS phy") Signed-off-by: Stephen Boyd Signed-off-by: Kishon Vijay Abraham I drivers/phy/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 11d94e026b962eee6e1fbc4237f2cbfbec839067 Author: Jaehoon Chung Date: Wed Mar 8 17:22:42 2017 +0900 phy: phy-exynos-pcie: fix the wrong error return When it doesn't get the blk_base's resource, it was returned the error about phy_base, not blk_base. This patch is for fixing the wrong error return about blk_base. Fixes: cf0adb8e281b ("phy: phy-exynos-pcie: Add support for Exynos PCIe PHY") Signed-off-by: Jaehoon Chung Signed-off-by: Kishon Vijay Abraham I drivers/phy/phy-exynos-pcie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 677941a304b72620f519e542fb7c370424dcc297 Author: Rafał Miłecki Date: Thu Feb 9 00:30:23 2017 +0100 Revert "dt-bindings: phy: Add documentation for NSP USB3 PHY" This reverts commit c8ca631f9480 ("dt-bindings: phy: Add documentation for NSP USB3 PHY") to match reverting commit adding the new PHY driver. Please note we revert this commit before it reached stable release. If new compatible string is needed it should be added to the existing bcm-ns-usb3-phy.txt which already describes this PHY. Acked-by: Jon Mason Acked-by: Rob Herring Signed-off-by: Rafał Miłecki .../devicetree/bindings/phy/brcm,nsp-usb3-phy.txt | 39 ---------------------- 1 file changed, 39 deletions(-) commit 9200c6f177638909dbbaded8aeeeccbd48744400 Author: Rafał Miłecki Date: Thu Feb 9 00:30:22 2017 +0100 Revert "phy: Add USB3 PHY support for Broadcom NSP SoC" This reverts commit d7bc1a7d41bf ("phy: Add USB3 PHY support for Broadcom NSP SoC") as we already have driver for this PHY (shared by NS and NSP). It was added in commit e5666281d9ea ("phy: bcm-ns-usb3: new driver for USB 3.0 PHY on Northstar"). Instead of adding separated driver & duplicating code we should work on improving existing (old) one. Thanks to work done by Broadcom we know there is MDIO bus we weren't aware of & we know register names which makes initialization more clear. This is very valuable info and we should work on using it in existing driver afterwards. Acked-by: Jon Mason Signed-off-by: Rafał Miłecki drivers/phy/Kconfig | 8 -- drivers/phy/Makefile | 1 - drivers/phy/phy-bcm-nsp-usb3.c | 177 ----------------------------------------- 3 files changed, 186 deletions(-) commit 2f6821462fe3ace62df3f1b5a9463153e8288298 Author: Johan Hovold Date: Fri Feb 24 19:11:28 2017 +0100 USB: serial: digi_acceleport: fix OOB-event processing A recent change claimed to fix an off-by-one error in the OOB-port completion handler, but instead introduced such an error. This could specifically led to modem-status changes going unnoticed, effectively breaking TIOCMGET. Note that the offending commit fixes a loop-condition underflow and is marked for stable, but should not be backported without this fix. Reported-by: Ben Hutchings Fixes: 2d380889215f ("USB: serial: digi_acceleport: fix OOB data sanity check") Cc: stable # v2.6.30 Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/serial/digi_acceleport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 829b84db0c0c120ae5855a69cc0c94ff75fafabb Author: Richard Leitner Date: Mon Mar 6 09:24:23 2017 +0100 MAINTAINERS: usb251xb: remove reference inexistent file The platform_data header file was dropped in the merged version of the USB251xB driver. Therefore remove its reference from the MAINTAINERS file. Signed-off-by: Richard Leitner Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 1 - 1 file changed, 1 deletion(-) commit fa56fe4ca4a1e4d9715f144857c98074e41bc94f Author: Richard Leitner Date: Mon Mar 6 09:24:22 2017 +0100 doc: dt-bindings: usb251xb: mark reg as required Mark the reg property as required and furthermore fix some typos and spellings in the documentation. Signed-off-by: Richard Leitner Signed-off-by: Greg Kroah-Hartman Documentation/devicetree/bindings/usb/usb251xb.txt | 23 +++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) commit 7f7d8ba3b2140d993887a7db7a83d85c1f8db0e8 Author: Richard Leitner Date: Mon Mar 6 09:24:21 2017 +0100 usb: usb251xb: dt: add unit suffix to oc-delay and power-on-time Rename oc-delay-* to oc-delay-us and make it expect a time value. Furthermore add -ms suffix to power-on-time. There changes were suggested by Rob Herring in https://lkml.org/lkml/2017/2/15/1283. Signed-off-by: Richard Leitner Signed-off-by: Greg Kroah-Hartman Documentation/devicetree/bindings/usb/usb251xb.txt | 10 ++++--- drivers/usb/misc/usb251xb.c | 35 ++++++++++++---------- 2 files changed, 26 insertions(+), 19 deletions(-) commit cfa47afe77b393e2c24a57e7e9611857a0b064f1 Author: Richard Leitner Date: Mon Mar 6 09:24:20 2017 +0100 usb: usb251xb: remove max_{power,current}_{sp,bp} properties Remove the max_{power,current}_{sp,bp} properties of the usb251xb driver from devicetree. This is done to simplify the dt bindings as requested by Rob Herring in https://lkml.org/lkml/2017/2/15/1283. If those properties are ever needed by somebody they can be enabled again easily. Signed-off-by: Richard Leitner Acked-by: Rob Herring Signed-off-by: Greg Kroah-Hartman Documentation/devicetree/bindings/usb/usb251xb.txt | 20 ------------------ drivers/usb/misc/usb251xb.c | 24 ++++------------------ 2 files changed, 4 insertions(+), 40 deletions(-) commit d595259fbb7a7afed241b1afb2c4fe4b47de47fa Author: Tobias Jakobi Date: Tue Feb 28 00:46:58 2017 +0100 usb-storage: Add ignore-residue quirk for Initio INIC-3619 This USB-SATA bridge chip is used in a StarTech enclosure for optical drives. Without the quirk MakeMKV fails during the key exchange with an installed BluRay drive: > Error 'Scsi error - ILLEGAL REQUEST:COPY PROTECTION KEY EXCHANGE FAILURE - KEY NOT ESTABLISHED' > occurred while issuing SCSI command AD010..080002400 to device 'SG:dev_11:2' Signed-off-by: Tobias Jakobi Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman drivers/usb/storage/unusual_devs.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit de46e56653de7b3b54baa625bd582635008b8d05 Author: Johan Hovold Date: Tue Mar 7 16:11:04 2017 +0100 USB: iowarrior: fix NULL-deref in write Make sure to verify that we have the required interrupt-out endpoint for IOWarrior56 devices to avoid dereferencing a NULL-pointer in write should a malicious device lack such an endpoint. Fixes: 946b960d13c1 ("USB: add driver for iowarrior devices.") Cc: stable # 2.6.21 Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/misc/iowarrior.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit b7321e81fc369abe353cf094d4f0dc2fe11ab95f Author: Johan Hovold Date: Tue Mar 7 16:11:03 2017 +0100 USB: iowarrior: fix NULL-deref at probe Make sure to check for the required interrupt-in endpoint to avoid dereferencing a NULL-pointer should a malicious device lack such an endpoint. Note that a fairly recent change purported to fix this issue, but added an insufficient test on the number of endpoints only, a test which can now be removed. Fixes: 4ec0ef3a8212 ("USB: iowarrior: fix oops with malicious USB descriptors") Fixes: 946b960d13c1 ("USB: add driver for iowarrior devices.") Cc: stable # 2.6.21 Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/misc/iowarrior.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit fd567653bdb908009b650f079bfd4b63169e2ac4 Author: Javier Martinez Canillas Date: Wed Feb 22 15:23:22 2017 -0300 usb: phy: isp1301: Add OF device ID table The driver doesn't have a struct of_device_id table but supported devices are registered via Device Trees. This is working on the assumption that a I2C device registered via OF will always match a legacy I2C device ID and that the MODALIAS reported will always be of the form i2c:. But this could change in the future so the correct approach is to have an OF device ID table if the devices are registered via OF. Signed-off-by: Javier Martinez Canillas Signed-off-by: Greg Kroah-Hartman drivers/usb/phy/phy-isp1301.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 85550f9148a852ed363a386577ad31b97b95dfb8 Author: Jelle Martijn Kok Date: Tue Feb 21 12:48:18 2017 +0100 usb: ohci-at91: Do not drop unhandled USB suspend control requests In patch 2e2aa1bc7eff90ecm, USB suspend and wakeup control requests are passed to SFR_OHCIICR register. If a processor does not have such a register, this hub control request will be dropped. If no such a SFR register is available, all USB suspend control requests will now be processed using ohci_hub_control() (like before patch 2e2aa1bc7eff90ecm.) Tested on an Atmel AT91SAM9G20 with an on-board TI TUSB2046B hub chip If the last USB device is unplugged from the USB hub, the hub goes into sleep and will not wakeup when an USB devices is inserted. Fixes: 2e2aa1bc7eff90ec ("usb: ohci-at91: Forcibly suspend ports while USB suspend") Signed-off-by: Jelle Martijn Kok Tested-by: Wenyou Yang Cc: Wenyou Yang Cc: Alan Stern Cc: stable Acked-by: Nicolas Ferre Reviewed-by: Alexandre Belloni Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-at91.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit db08e1d53034a54fe177ced70476fda73954b9e9 Author: Alexey Kardashevskiy Date: Tue Feb 21 13:41:31 2017 +1100 powerpc/powernv/ioda2: Update iommu table base on ownership change On POWERNV platform, in order to do DMA via IOMMU (i.e. 32bit DMA in our case), a device needs an iommu_table pointer set via set_iommu_table_base(). The codeflow is: - pnv_pci_ioda2_setup_dma_pe() - pnv_pci_ioda2_setup_default_config() - pnv_ioda_setup_bus_dma() [1] pnv_pci_ioda2_setup_dma_pe() creates IOMMU groups, pnv_pci_ioda2_setup_default_config() does default DMA setup, pnv_ioda_setup_bus_dma() takes a bus PE (on IODA2, all physical function PEs as bus PEs except NPU), walks through all underlying buses and devices, adds all devices to an IOMMU group and sets iommu_table. On IODA2, when VFIO is used, it takes ownership over a PE which means it removes all tables and creates new ones (with a possibility of sharing them among PEs). So when the ownership is returned from VFIO to the kernel, the iommu_table pointer written to a device at [1] is stale and needs an update. This adds an "add_to_group" parameter to pnv_ioda_setup_bus_dma() (in fact re-adds as it used to be there a while ago for different reasons) to tell the helper if a device needs to be added to an IOMMU group with an iommu_table update or just the latter. This calls pnv_ioda_setup_bus_dma(..., false) from pnv_ioda2_release_ownership() so when the ownership is restored, 32bit DMA can work again for a device. This does the same thing on obtaining ownership as the iommu_table point is stale at this point anyway and it is safer to have NULL there. We did not hit this earlier as all tested devices in recent years were only using 64bit DMA; the rare exception for this is MPT3 SAS adapter which uses both 32bit and 64bit DMA access and it has not been tested with VFIO much. Signed-off-by: Alexey Kardashevskiy Acked-by: Gavin Shan Reviewed-by: David Gibson Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/pci-ioda.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) commit 955a3fc6d2a1c11d6d00bce4f3816100ce0530cf Author: Linu Cherian Date: Wed Mar 8 11:38:35 2017 +0530 KVM: arm64: Increase number of user memslots to 512 Having only 32 memslots is a real constraint for the maximum number of PCI devices that can be assigned to a single guest. Assuming each PCI device/virtual function having two memory BAR regions, we could assign only 15 devices/virtual functions to a guest. Hence increase KVM_USER_MEM_SLOTS to 512 as done in other archs like powerpc. Reviewed-by: Christoffer Dall Signed-off-by: Linu Cherian Signed-off-by: Marc Zyngier arch/arm64/include/asm/kvm_host.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3e92f94a3b8e925a6dd7ec88a5794b2084b5fb65 Author: Linu Cherian Date: Wed Mar 8 11:38:34 2017 +0530 KVM: arm/arm64: Remove KVM_PRIVATE_MEM_SLOTS definition that are unused arm/arm64 architecture doesnt use private memslots, hence removing KVM_PRIVATE_MEM_SLOTS macro definition. Reviewed-by: Christoffer Dall Signed-off-by: Linu Cherian Signed-off-by: Marc Zyngier arch/arm/include/asm/kvm_host.h | 1 - arch/arm64/include/asm/kvm_host.h | 1 - 2 files changed, 2 deletions(-) commit 7af4df85796589e60a2dfc0f821eca0c4bbce4d2 Author: Linu Cherian Date: Wed Mar 8 11:38:33 2017 +0530 KVM: arm/arm64: Enable KVM_CAP_NR_MEMSLOTS on arm/arm64 Return KVM_USER_MEM_SLOTS for userspace capability query on NR_MEMSLOTS. Reviewed-by: Christoffer Dall Signed-off-by: Linu Cherian Signed-off-by: Marc Zyngier arch/arm/kvm/arm.c | 3 +++ 1 file changed, 3 insertions(+) commit a677e7046ab5edb33d051bda60cb3be0d60a48cc Author: Linu Cherian Date: Wed Mar 8 11:38:32 2017 +0530 KVM: Add documentation for KVM_CAP_NR_MEMSLOTS Add documentation for KVM_CAP_NR_MEMSLOTS capability. Reviewed-by: Christoffer Dall Signed-off-by: Linu Cherian Signed-off-by: Marc Zyngier Documentation/virtual/kvm/api.txt | 4 ++++ 1 file changed, 4 insertions(+) commit 88767cc1971d9b6d48698246e6c778e8b8d307cf Merge: c1ae3cf 35b2719 Author: Greg Kroah-Hartman Date: Thu Mar 9 10:12:54 2017 +0100 Merge tag 'fixes-for-v4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v4.11-rc2 dwc3 got a few fixes this time around: Fixed an old bug where a broken endpoint descriptor passed in via userspace through f_fs could prevent dwc3 from working because when calculating max bursts, we could overwrite top 16 bits of a register. Also fixed a bug on dwc3's ep_dequeue implementation which wasn't properly incrementing our TRB dequeue pointer. dwc3 on omap got two fixes: one for system suspend/resume and another added a missing break statement on dwc3_omap_set_mailbox(). Apart from these, we have a set of smaller fixes including memory leak in configfs, build warning fix in atmel udc and a revert of a broken patch that went in during the merge window commit 5a8cf90d743f2d05433c6109f6c1b9b904b0cdb7 Author: Chris Wilson Date: Thu Feb 2 20:47:41 2017 +0000 drm/i915: Drain the freed state from the tail of the next commit If we have any residual freed atomic state from earlier commits, flush the freed list after performing the current modeset. This prevents the freed list from ever-growing if userspace manages to starve the kernel threads (i.e. we are never able to run our free state worker and eventually the system may even oom). Fixes: 6f0f02dc56f1 ("drm/i915: Move atomic state free from out of fence release") Testcase: igt/kms_cursor/legacy/all-pipes-single-bo Reported-by: Maarten Lankhorst Signed-off-by: Chris Wilson Cc: Maarten Lankhorst Cc: Joonas Lahtinen Cc: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20170202204741.18231-1-chris@chris-wilson.co.uk Reviewed-by: Maarten Lankhorst (cherry picked from commit ba318c61a9719577b6f451c055f364e4116874b2) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) commit edd06b8353772dca7afcd4640dafa83b521edd55 Author: Ville Syrjälä Date: Tue Mar 7 22:54:19 2017 +0200 drm/i915: Nuke debug messages from the pipe update critical section printks are slow so we should not be doing them from the vblank evade critical section. These could explain why we sometimes seem to blow past our 100 usec deadline. The problem has been there ever since commit bfd16b2a23dc ("drm/i915: Make updating pipe without modeset atomic.") but it may not have been readily visible until commit e1edbd44e23b ("drm/i915: Complain if we take too long under vblank evasion.") increased our chances of noticing it. Cc: stable@vger.kernel.org Cc: Maarten Lankhorst Fixes: bfd16b2a23dc ("drm/i915: Make updating pipe without modeset atomic.") Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20170307205419.19447-1-ville.syrjala@linux.intel.com Reviewed-by: Maarten Lankhorst (cherry picked from commit c3f8ad57a01a31397e5a0349a226a32f35ddc19c) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) commit 4e6fdafa7ac395ad47a80a0e7b4fd1e11550f862 Author: Chris Wilson Date: Tue Mar 7 12:03:38 2017 +0000 drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl Before we instantiate/pin the backing store for our use, we can prepopulate the shmemfs filp efficiently using a write into the pagecache. We avoid the penalty of instantiating all the pages, important if the user is just writing to a few and never uses the object on the GPU, and using a direct write into shmemfs allows it to avoid the cost of retrieving a page (mostly the clear-before-use, but in theory we could curtail swapin) before it is overwritten. This can be extended later to provide additional specialisation for other backends (other than shmemfs). For now it provides a defense against very large write-only allocations from exhausting all of system memory. v2: Smelling fixes. Fixes: fe115628d567 ("drm/i915: Implement pwrite without struct-mutex") References: https://bugs.freedesktop.org/show_bug.cgi?id=99107 Signed-off-by: Chris Wilson Cc: Matthew Auld Cc: Joonas Lahtinen Cc: Mika Kuoppala Cc: # v4.10+ Reviewed-by: Joonas Lahtinen Reviewed-by: Tvrtko Ursulin Link: http://patchwork.freedesktop.org/patch/msgid/20170307120338.7277-2-chris@chris-wilson.co.uk (cherry picked from commit 7c55e2c5772dcf3cbacd0fa2bcfeefae416b73f7) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 78 ++++++++++++++++++++++++++++++++++ drivers/gpu/drm/i915/i915_gem_object.h | 3 ++ 2 files changed, 81 insertions(+) commit 0d9dc306e15b59bf50db87ebcb1e2248586d4733 Author: Chris Wilson Date: Tue Mar 7 13:20:31 2017 +0000 drm/i915: Store a permanent error in obj->mm.pages Once the object has been truncated, it is unrecoverable. To facilitate detection of this state store the error in obj->mm.pages. This is required for the next patch which should be applied to v4.10 (via stable), so we also need to mark this patch for backporting. In that regard, let's consider this to be a fix/improvement too. v2: Avoid dereferencing the ERR_PTR when freeing the object. Fixes: 1233e2db199d ("drm/i915: Move object backing storage manipulation to its own locking") Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: # v4.10+ Link: http://patchwork.freedesktop.org/patch/msgid/20170307132031.32461-1-chris@chris-wilson.co.uk Reviewed-by: Joonas Lahtinen (cherry picked from commit 4e5462ee843c883790e9609cf560d88960ea4227) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 38230243ef316ac696956d75dc78a22e3aa789b9 Author: Maarten Lankhorst Date: Tue Feb 28 15:28:47 2017 +0100 drm/i915: Move updating color management to before vblank evasion This cannot be done reliably during vblank evasasion since the color management registers are not double buffered. The original commit that moved it always during vblank evasion was wrong, so revert it to before vblank evasion again. Signed-off-by: Maarten Lankhorst Fixes: 20a34e78f0d7 ("drm/i915: Update color management during vblank evasion.") Cc: stable@vger.kernel.org # v4.7+ Link: http://patchwork.freedesktop.org/patch/msgid/1488292128-14540-1-git-send-email-maarten.lankhorst@linux.intel.com Reviewed-by: Ville Syrjälä (cherry picked from commit 567f0792a6ad11c0c2620944b8eeb777359fb85a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit d253371c4c2f5fc2d884ef25f64decd7549aff5a Author: Imre Deak Date: Fri Feb 24 16:32:10 2017 +0200 drm/i915/gen9: Increase PCODE request timeout to 50ms After commit 2c7d0602c815277f7cb7c932b091288710d8aba7 Author: Imre Deak Date: Mon Dec 5 18:27:37 2016 +0200 drm/i915/gen9: Fix PCODE polling during CDCLK change notification there is still one report of the CDCLK-change request timing out on a KBL machine, see the Reference link. On that machine the maximum time the request took to succeed was 34ms, so increase the timeout to 50ms. v2: - Change timeout from 100 to 50 ms to maintain the current 50 ms limit for atomic waits in the driver. (Chris, Tvrtko) Reference: https://bugs.freedesktop.org/show_bug.cgi?id=99345 Cc: Ville Syrjälä Cc: Chris Wilson Cc: Tvrtko Ursulin Cc: Signed-off-by: Imre Deak Acked-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/1487946730-17162-1-git-send-email-imre.deak@intel.com (cherry picked from commit 0129936ddda26afd5d9d207c4e86b2425952579f) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 34dc8993eef63681b062871413a9484008a2a78f Author: Mika Kuoppala Date: Wed Feb 15 15:52:59 2017 +0200 drm/i915: Avoid tweaking evaluation thresholds on Baytrail v3 Certain Baytrails, namely the 4 cpu core variants, have been plaqued by spurious system hangs, mostly occurring with light loads. Multiple bisects by various people point to a commit which changes the reclocking strategy for Baytrail to follow its bigger brethen: commit 8fb55197e64d ("drm/i915: Agressive downclocking on Baytrail") There is also a review comment attached to this commit from Deepak S on avoiding punit access on Cherryview and thus it was excluded on common reclocking path. By taking the same approach and omitting the punit access by not tweaking the thresholds when the hardware has been asked to move into different frequency, considerable gains in stability have been observed. With J1900 box, light render/video load would end up in system hang in usually less than 12 hours. With this patch applied, the cumulative uptime has now been 34 days without issues. To provoke system hang, light loads on both render and bsd engines in parallel have been used: glxgears >/dev/null 2>/dev/null & mpv --vo=vaapi --hwdec=vaapi --loop=inf vid.mp4 So far, author has not witnessed system hang with above load and this patch applied. Reports from the tenacious people at kernel bugzilla are also promising. Considering that the punit access frequency with this patch is considerably less, there is a possibility that this will push the, still unknown, root cause past the triggering point on most loads. But as we now can reliably reproduce the hang independently, we can reduce the pain that users are having and use a static thresholds until a root cause is found. v3: don't break debugfs and simplification (Chris Wilson) References: https://bugzilla.kernel.org/show_bug.cgi?id=109051 Cc: Chris Wilson Cc: Ville Syrjälä Cc: Len Brown Cc: Daniel Vetter Cc: Jani Nikula Cc: fritsch@xbmc.org Cc: miku@iki.fi Cc: Ezequiel Garcia CC: Michal Feix Cc: Hans de Goede Cc: Deepak S Cc: Jarkko Nikula Cc: # v4.2+ Acked-by: Daniel Vetter Acked-by: Chris Wilson Signed-off-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/1487166779-26945-1-git-send-email-mika.kuoppala@intel.com (cherry picked from commit 6067a27d1f0184596d51decbac1c1fdc4acb012f) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 8c9923707f30ff56d9fd242053594b18f38d8036 Author: Chris Wilson Date: Mon Feb 27 12:26:54 2017 +0000 drm/i915: Remove the vma from the drm_mm if binding fails As we track whether a vma has been inserted into the drm_mm using the vma->flags, if we fail to bind the vma into the GTT we do not update those bits and will attempt to reinsert the vma into the drm_mm on future passes. To prevent that, we want to unwind i915_vma_insert() if we fail in our attempt to bind. Fixes: 59bfa1248e22 ("drm/i915: Start passing around i915_vma from execbuffer") Testcase: igt/drv_selftest/live_gtt Signed-off-by: Chris Wilson Cc: Matthew Auld Cc: Joonas Lahtinen Cc: # v4.9+ Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20170227122654.27651-3-chris@chris-wilson.co.uk (cherry picked from commit 31c7effa39f21f0fea1b3250ae9ff32b9c7e1ae5) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_vma.c | 57 ++++++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 20 deletions(-) commit b717a0392530ae8da0da041abe5c3a6098b55660 Author: Chris Wilson Date: Fri Feb 24 11:43:06 2017 +0000 drm/i915/fbdev: Stop repeating tile configuration on stagnation If we cease making progress in finding matching outputs for a tiled configuration, stop looping over the remaining unconfigured outputs. v2: Use conn_seq (instead of pass) to only apply tile configuration on first pass. Fixes: b0ee9e7fa5b4 ("drm/fb: add support for tiled monitor configurations. (v2)") Signed-off-by: Chris Wilson Cc: Tomasz Lis Cc: Dave Airlie Cc: Daniel Vetter Cc: Jani Nikula Cc: Sean Paul Cc: # v3.19+ Reviewed-by: Tomasz Lis Link: http://patchwork.freedesktop.org/patch/msgid/20170224114306.4400-1-chris@chris-wilson.co.uk (cherry picked from commit 754a76591b12c88f57ad8b4ca533a5c9566a1922) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_fbdev.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 1d972d6021a1388021df51a58248e68372ce2b5d Author: Ander Conselvan de Oliveira Date: Thu Feb 23 09:15:57 2017 +0200 drm/i915/glk: Fix watermark computations for third sprite plane Geminilake has a third sprite plane (or fourth universal plane) that is independent from the cursor. Make sure that for_each_plane_id_on_crtc() is aware of that extra plane so that the watermark code takes it into account. Fixes: e9c9882556fc ("drm/i915/glk: Configure number of sprite planes properly") Cc: Ander Conselvan de Oliveira Cc: Rodrigo Vivi Cc: Daniel Vetter Cc: Jani Nikula Cc: intel-gfx@lists.freedesktop.org Cc: Signed-off-by: Ander Conselvan de Oliveira Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20170223071600.14356-2-ander.conselvan.de.oliveira@intel.com (cherry picked from commit 19c3164db457e0fc65d4501fd354506228576241) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.h | 1 + 1 file changed, 1 insertion(+) commit 89cf83d4e065ff9fbd2ddc674489c8058eeca758 Author: Chris Wilson Date: Thu Feb 16 12:54:41 2017 +0000 drm/i915: Squelch any ktime/jiffie rounding errors for wait-ioctl We wait upon jiffies, but report the time elapsed using a high-resolution timer. This discrepancy can lead to us timing out the wait prior to us reporting the elapsed time as complete. This restores the squelching lost in commit e95433c73a11 ("drm/i915: Rearrange i915_wait_request() accounting with callers"). Fixes: e95433c73a11 ("drm/i915: Rearrange i915_wait_request() accounting with callers") Signed-off-by: Chris Wilson Cc: Matthew Auld Cc: Joonas Lahtinen Cc: # v4.10-rc1+ Cc: stable@vger.kernel.org Link: http://patchwork.freedesktop.org/patch/msgid/20170216125441.30923-1-chris@chris-wilson.co.uk Reviewed-by: Joonas Lahtinen (cherry picked from commit c1d2061b28c2aa25ec39b60d9c248e6beebd7315) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit e61555c29c28a4a3b6ba6207f4a0883ee236004d Author: Jérémy Lefaure Date: Wed Mar 8 20:18:09 2017 -0500 EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro The MTR_DRAM_WIDTH macro returns the data width. It is sometimes used as if it returned a boolean true if the width if 8. Fix the tests where MTR_DRAM_WIDTH is misused. Signed-off-by: Jérémy Lefaure Cc: linux-edac Link: http://lkml.kernel.org/r/20170309011809.8340-1-jeremy.lefaure@lse.epita.fr Signed-off-by: Borislav Petkov drivers/edac/i5000_edac.c | 2 +- drivers/edac/i5400_edac.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) commit 7aafac11e308d37ed3c509829bb43d80c1811ac3 Author: Alexey Kardashevskiy Date: Wed Feb 22 15:43:59 2017 +1100 powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested The IODA2 specification says that a 64 DMA address cannot use top 4 bits (3 are reserved and one is a "TVE select"); bottom page_shift bits cannot be used for multilevel table addressing either. The existing IODA2 table allocation code aligns the minimum TCE table size to PAGE_SIZE so in the case of 64K system pages and 4K IOMMU pages, we have 64-4-12=48 bits. Since 64K page stores 8192 TCEs, i.e. needs 13 bits, the maximum number of levels is 48/13 = 3 so we physically cannot address more and EEH happens on DMA accesses. This adds a check that too many levels were requested. It is still possible to have 5 levels in the case of 4K system page size. Signed-off-by: Alexey Kardashevskiy Acked-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/pci-ioda.c | 3 +++ 1 file changed, 3 insertions(+) commit 713c43b315fc160dc4ff3da0020ebe09b8a65587 Author: Jiri Pirko Date: Mon Mar 6 21:22:09 2017 +0100 mlxsw: spectrum_flower: Remove bogus warns in mlxsw_sp_flower_destroy This warnings may be hit even in case they should not - in case user puts a TC-flower rule which failed to be offloaded. So just remove them. Reported-by: Petr Machata Reported-by: Ido Schimmel Fixes: commit 7aa0f5aa9030 ("mlxsw: spectrum: Implement TC flower offload") Signed-off-by: Jiri Pirko Acked-by: Ido Schimmel Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f7887d40e541f74402df0684a1463c0a0bb68c68 Author: David Ahern Date: Mon Mar 6 08:53:04 2017 -0800 vrf: Fix use-after-free in vrf_xmit KASAN detected a use-after-free: [ 269.467067] BUG: KASAN: use-after-free in vrf_xmit+0x7f1/0x827 [vrf] at addr ffff8800350a21c0 [ 269.467067] Read of size 4 by task ssh/1879 [ 269.467067] CPU: 1 PID: 1879 Comm: ssh Not tainted 4.10.0+ #249 [ 269.467067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 269.467067] Call Trace: [ 269.467067] dump_stack+0x81/0xb6 [ 269.467067] kasan_object_err+0x21/0x78 [ 269.467067] kasan_report+0x2f7/0x450 [ 269.467067] ? vrf_xmit+0x7f1/0x827 [vrf] [ 269.467067] ? ip_output+0xa4/0xdb [ 269.467067] __asan_load4+0x6b/0x6d [ 269.467067] vrf_xmit+0x7f1/0x827 [vrf] ... Which corresponds to the skb access after xmit handling. Fix by saving skb->len and using the saved value to update stats. Fixes: 193125dbd8eb2 ("net: Introduce VRF device driver") Signed-off-by: David Ahern Signed-off-by: David S. Miller drivers/net/vrf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 3331aa378e9bcbd0d16de9034b0c20f4050e26b4 Author: Jarod Wilson Date: Mon Mar 6 08:48:58 2017 -0500 team: use ETH_MAX_MTU as max mtu This restores the ability to set a team device's mtu to anything higher than 1500. Similar to the reported issue with bonding, the team driver calls ether_setup(), which sets an initial max_mtu of 1500, while the underlying hardware can handle something much larger. Just set it to ETH_MAX_MTU to support all possible values, and the limitations of the underlying devices will prevent setting anything too large. Fixes: 91572088e3fd ("net: use core MTU range checking in core net infra") CC: Cong Wang CC: Jiri Pirko CC: netdev@vger.kernel.org Signed-off-by: Jarod Wilson Signed-off-by: David S. Miller drivers/net/team/team.c | 1 + 1 file changed, 1 insertion(+) commit aac1561ad98e74f6ea43337f9b9714ab0b1f493e Author: David S. Miller Date: Wed Mar 8 22:17:10 2017 -0800 net: Revert ksettings conversions. Those were supposed to go into the net-next tree not the net tree. Oops... Signed-off-by: David S. Miller drivers/net/ethernet/smsc/smc911x.c | 51 ++++++------ drivers/net/ethernet/sun/cassini.c | 98 +++++++++++------------ drivers/net/ethernet/sun/niu.c | 37 ++++----- drivers/net/ethernet/sun/sungem.c | 98 ++++++++++------------- drivers/net/ethernet/sun/sunhme.c | 62 +++++++------- drivers/net/ethernet/toshiba/ps3_gelic_net.c | 51 +++++------- drivers/net/ethernet/toshiba/spider_net_ethtool.c | 24 +++--- 7 files changed, 188 insertions(+), 233 deletions(-) commit b793f081674e363f71699b0b32fc9a1890e52db2 Author: Christian Lamparter Date: Mon Mar 6 14:34:27 2017 +0100 net: ibm: emac: fix regression caused by emac_dt_phy_probe() Julian Margetson reported a panic on his SAM460EX with Kernel 4.11-rc1: | Unable to handle kernel paging request for data at address 0x00000014 | Oops: Kernel access of bad area, sig: 11 [#1] | PREEMPT | Canyonlands | Modules linked in: | CPU: 0 PID: 1 Comm: swapper Not tainted [...] | task: ea838000 task.stack: ea836000 | NIP: c0599f5c LR: c0599dd8 CTR: 00000000 | REGS: ea837c80 TRAP: 0300 Not tainted [...] | MSR: 00029000 | CR: 24371242 XER: 20000000 | DEAR: 00000014 ESR: 00000000 | GPR00: c0599ce8 ea837d30 ea838000 c0e52dcc c0d56ffb [...] | NIP [c0599f5c] emac_probe+0xfb4/0x1304 | LR [c0599dd8] emac_probe+0xe30/0x1304 | Call Trace: | [ea837d30] [c0599ce8] emac_probe+0xd40/0x1304 (unreliable) | [ea837d80] [c0533504] platform_drv_probe+0x48/0x90 | [ea837da0] [c0531c14] driver_probe_device+0x15c/0x2c4 | [ea837dd0] [c0531e04] __driver_attach+0x88/0xb0 | ---[ end trace ... ]--- The problem is caused by emac_dt_phy_probe() returing success (0) for existing device-trees configurations that do not specify a "phy-handle" property. This caused the code to skip the existing phy probe and setup. Which led to essential phy related data-structures being uninitialized. This patch also removes the unused variable in emac_dt_phy_connect(). Fixes: a577ca6badb5261d ("net: emac: add support for device-tree based PHY discovery and setup") Reported-by: Julian Margetson Signed-off-by: Christian Lamparter Signed-off-by: David S. Miller drivers/net/ethernet/ibm/emac/core.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) commit 50ad480e4d64fde941fcac39db1ab29a83d86703 Author: Philippe Reynes Date: Sun Mar 5 23:46:00 2017 +0100 net: toshiba: spider_net: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/toshiba/spider_net_ethtool.c | 24 +++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) commit f441df6b9ff41e1af7289b69d5ce379053f900a5 Author: Philippe Reynes Date: Sun Mar 5 23:21:06 2017 +0100 net: toshiba: ps3_genic_net: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Tested-by: Geoff Levand Signed-off-by: David S. Miller drivers/net/ethernet/toshiba/ps3_gelic_net.c | 51 ++++++++++++++++------------ 1 file changed, 29 insertions(+), 22 deletions(-) commit 8103015df56d97cc3a4167d2e070ee14cc022bae Author: Philippe Reynes Date: Sun Mar 5 22:25:39 2017 +0100 net: sun: sunhme: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/sun/sunhme.c | 62 +++++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 28 deletions(-) commit 9dff2defef3ce1933a44d59ec139987e19645841 Author: Philippe Reynes Date: Sun Mar 5 00:04:18 2017 +0100 net: sun: sungem: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/sun/sungem.c | 98 +++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 41 deletions(-) commit 56c07e9501e875883584c00fe6977c3addb1f873 Author: Philippe Reynes Date: Sat Mar 4 17:50:06 2017 +0100 net: sun: niu: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/sun/niu.c | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) commit 15883a43af0bcd10b3f3173bca4a0e60518bc154 Author: Philippe Reynes Date: Sat Mar 4 16:16:12 2017 +0100 net: sun: cassini: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/sun/cassini.c | 98 ++++++++++++++++++++------------------ 1 file changed, 52 insertions(+), 46 deletions(-) commit 7b022a1b706f7684341e285e627a74a98e730301 Author: Philippe Reynes Date: Sat Mar 4 12:42:39 2017 +0100 net: smsc: smc91x: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Tested-by: Robert Jarzmik Signed-off-by: David S. Miller drivers/net/ethernet/smsc/smc91x.c | 47 ++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 22 deletions(-) commit b78125e00fce0a858c7827dd47ce500320d6d0f7 Author: Philippe Reynes Date: Tue Feb 28 23:49:38 2017 +0100 net: smsc: smc911x: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/smsc/smc911x.c | 51 ++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 24 deletions(-) commit 605df8d674ac65e044a0bf4998b28c2f350b7f9e Author: Cyril Bur Date: Tue Mar 7 11:39:31 2017 +1100 selftests/powerpc: Replace stxvx and lxvx with stxvd2x/lxvd2x On POWER8 (ISA 2.07) lxvx and stxvx are defined to be extended mnemonics of lxvd2x and stxvd2x. For POWER9 (ISA 3.0) the HW architects in their infinite wisdom made lxvx and stxvx instructions in their own right. POWER9 aware GCC will use the POWER9 instruction for lxvx and stxvx causing these selftests to fail on POWER8. Further compounding the issue, because of the way -mvsx works it will cause the power9 instructions to be used regardless of -mcpu=power8 to GCC or -mpower8 to AS. The safest way to address the problem for now is to not use the extended mnemonic. We don't care how the CPU loads the values from memory since the tests only performs register comparisons, so using stdvd2x/lxvd2x does not impact the test. Signed-off-by: Cyril Bur Acked-by: Balbir Singh Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/include/vsx_asm.h | 48 +++++++++++------------ 1 file changed, 24 insertions(+), 24 deletions(-) commit 78b4416aa249365dd3c1b64da4d3a232014320b0 Author: Madhavan Srinivasan Date: Mon Feb 20 19:29:03 2017 +0530 powerpc/perf: Handle sdar_mode for marked event in power9 MMCRA[SDAR_MODE] specifices how the SDAR should be updated in continous sampling mode. On P9 it must be set to 0b00 when MMCRA[63] is set. Fixes: c7c3f568beff2 ('powerpc/perf: macros for power9 format encoding') Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/isa207-common.c | 43 ++++++++++++++++++++++++++++++++------- arch/powerpc/perf/isa207-common.h | 1 + 2 files changed, 37 insertions(+), 7 deletions(-) commit f04d108029063a8a67528a88449c412aecf4d3d8 Author: Madhavan Srinivasan Date: Mon Feb 20 19:26:30 2017 +0530 powerpc/perf: Fix perf_get_data_addr() for power9 DD1 Power9 DD1 do not support PMU_HAS_SIER flag and sdsync in perf_get_data_addr() defaults to MMCRA_SDSYNC which is wrong. Since power9 MMCRA does not support SDSYNC bit, patch includes PPMU_NO_SIAR flag to the check and set the sdsync with MMCRA_SAMPLE_ENABLE; Fixes: 27593d72c4ad ("powerpc/perf: Use MSR to report privilege level on P9 DD1") Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/core-book3s.c | 2 ++ 1 file changed, 2 insertions(+) commit 67b0503db9c29b04eadfeede6bebbfe5ddad94ef Author: Stefan Brüns Date: Sun Feb 12 13:02:13 2017 -0200 [media] dvb-usb-firmware: don't do DMA on stack The buffer allocation for the firmware data was changed in commit 43fab9793c1f ("[media] dvb-usb: don't use stack for firmware load") but the same applies for the reset value. Fixes: 43fab9793c1f ("[media] dvb-usb: don't use stack for firmware load") Cc: stable@vger.kernel.org Signed-off-by: Stefan Brüns Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dvb-usb-firmware.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) commit ea6200e84182989a3cce9687cf79a23ac44ec4db Merge: b4fb8f6 fc69910 Author: Linus Torvalds Date: Wed Mar 8 14:45:31 2017 -0800 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull sched.h split-up fixes for MIPS from Ingo Molnar: "These are the fixes for MIPS build failures due to the sched.h split-up, from Arnd Bergmann" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: MIPS: Add missing include files commit c085bd5119d5d0bdf3ef591a5563566be7dedced Author: Jim Qu Date: Wed Mar 1 15:53:29 2017 +0800 drm/amd/amdgpu: fix console deadlock if late init failed Signed-off-by: Jim Qu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit b4fb8f66f1ae2e167d06c12d018025a8d4d3ba7e Author: Tony Luck Date: Wed Mar 8 09:35:39 2017 -0800 mm, page_alloc: Add missing check for memory holes Commit 13ad59df67f1 ("mm, page_alloc: avoid page_to_pfn() when merging buddies") moved the check for memory holes out of page_is_buddy() and had the callers do the check. But this wasn't done correctly in one place which caused ia64 to crash very early in boot. Update to fix that and make ia64 boot again. [ v2: Vlastimil pointed out we don't need to call page_to_pfn() since we already have the result of that in "buddy_pfn" ] Fixes: 13ad59df67f1 ("avoid page_to_pfn() when merging buddies") Cc: Mel Gorman Cc: Joonsoo Kim Cc: Michal Hocko Cc: "Kirill A. Shutemov" Cc: Johannes Weiner Cc: Andrew Morton Signed-off-by: Tony Luck Signed-off-by: Linus Torvalds mm/page_alloc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8557b8e43a1de99b12b0d61384742e0d5d0adf84 Merge: 04bb94b f7c6401 Author: Linus Torvalds Date: Wed Mar 8 11:06:05 2017 -0800 Merge tag 'ktest-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-ktest Pull ktest fixes from Steven Rostedt: "Greg Kroah-Hartman reported to me that the ktest of v4.11-rc1 locked up in an infinite loop while doing the make mrproper. Looking into the cause I noticed that a recent update to the function run_command (used for running all shell commands, including "make mrproper") changed the internal loop to use the function wait_for_input. The wait_for_input function uses select to look at two file descriptors. One is the file descriptor of the command it is running, the other is STDIN. The STDIN check was not checking the return status of the sysread call, and was also just writing a lot of data into syswrite without regard to the size of the data read. Changing the code to check the return status of sysread, and also to still process the passed in descriptor data without looping back to the select fixed Greg's problem. While looking at this code I also realized that the loop did not honor the timeout if STDIN always had input (or for some reason return error). this could prevent wait_for_input to timeout on the file descriptor it is suppose to be waiting for. That is fixed too" * tag 'ktest-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-ktest: ktest: Make sure wait_for_input does honor the timeout ktest: Fix while loop in wait_for_input commit 04bb94b13c02e9dbc92d622cddf88937127bd7ed Author: Linus Torvalds Date: Wed Mar 8 10:42:13 2017 -0800 overlayfs: remove now unnecessary header file include This removes the extra include header file that was added in commit e58bc927835a "Pull overlayfs updates from Miklos Szeredi" now that it is no longer needed. There are probably other such includes that got added during the scheduler header splitup series, but this is the one that annoyed me personally and I know about. Signed-off-by: Linus Torvalds fs/overlayfs/util.c | 1 - 1 file changed, 1 deletion(-) commit 2fcc319d2467a5f5b78f35f79fd6e22741a31b1e Author: Christoph Hellwig Date: Wed Mar 8 10:38:53 2017 -0800 xfs: try any AG when allocating the first btree block when reflinking When a reflink operation causes the bmap code to allocate a btree block we're currently doing single-AG allocations due to having ->firstblock set and then try any higher AG due a little reflink quirk we've put in when adding the reflink code. But given that we do not have a minleft reservation of any kind in this AG we can still not have any space in the same or higher AG even if the file system has enough free space. To fix this use a XFS_ALLOCTYPE_FIRST_AG allocation in this fall back path instead. [And yes, we need to redo this properly instead of piling hacks over hacks. I'm working on that, but it's not going to be a small series. In the meantime this fixes the customer reported issue] Also add a warning for failing allocations to make it easier to debug. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_bmap.c | 10 +++++++--- fs/xfs/libxfs/xfs_bmap_btree.c | 6 +++--- 2 files changed, 10 insertions(+), 6 deletions(-) commit bd0f9b356d00aa241ced36fb075a07041c28d3b8 Author: Linus Torvalds Date: Tue Mar 7 15:33:14 2017 -0800 sched/headers: fix up header file dependency on The scheduler header file split and cleanups ended up exposing a few nasty header file dependencies, and in particular it showed how we in ended up depending on "signal_pending()", which now comes from . That's a very subtle and annoying dependency, which already caused a semantic merge conflict (see commit e58bc927835a "Pull overlayfs updates from Miklos Szeredi", which added that fixup in the merge commit). It turns out that we can avoid this dependency _and_ improve code generation by moving the guts of the fairly nasty helper #define __wait_event_interruptible_locked() to out-of-line code. The code that includes the signal_pending() check is all in the slow-path where we actually go to sleep waiting for the event anyway, so using a helper function is the right thing to do. Using a helper function is also what we already did for the non-locked versions, see the "__wait_event*()" macros and the "prepare_to_wait*()" set of helper functions. We might want to try to unify all these macro games, we have a _lot_ of subtly different wait-event loops. But this is the minimal patch to fix the annoying header dependency. Acked-by: Ingo Molnar Signed-off-by: Linus Torvalds include/linux/wait.h | 31 ++++++++++--------------------- kernel/sched/wait.c | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 21 deletions(-) commit f65e6fad293b3a5793b7fa2044800506490e7a2e Author: Brian Foster Date: Wed Mar 8 09:58:08 2017 -0800 xfs: use iomap new flag for newly allocated delalloc blocks Commit fa7f138 ("xfs: clear delalloc and cache on buffered write failure") fixed one regression in the iomap error handling code and exposed another. The fundamental problem is that if a buffered write is a rewrite of preexisting delalloc blocks and the write fails, the failure handling code can punch out preexisting blocks with valid file data. This was reproduced directly by sub-block writes in the LTP kernel/syscalls/write/write03 test. A first 100 byte write allocates a single block in a file. A subsequent 100 byte write fails and punches out the block, including the data successfully written by the previous write. To address this problem, update the ->iomap_begin() handler to distinguish newly allocated delalloc blocks from preexisting delalloc blocks via the IOMAP_F_NEW flag. Use this flag in the ->iomap_end() handler to decide when a failed or short write should punch out delalloc blocks. This introduces the subtle requirement that ->iomap_begin() should never combine newly allocated delalloc blocks with existing blocks in the resulting iomap descriptor. This can occur when a new delalloc reservation merges with a neighboring extent that is part of the current write, for example. Therefore, drop the post-allocation extent lookup from xfs_bmapi_reserve_delalloc() and just return the record inserted into the fork. This ensures only new blocks are returned and thus that preexisting delalloc blocks are always handled as "found" blocks and not punched out on a failed rewrite. Reported-by: Xiong Zhou Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_bmap.c | 24 ++++++++++++++---------- fs/xfs/xfs_iomap.c | 25 ++++++++++++++++++------- 2 files changed, 32 insertions(+), 17 deletions(-) commit 672a2c87c83649fb0167202342ce85af9a3b4f1c Author: Jan Kara Date: Wed Mar 8 14:56:05 2017 +0100 axonram: Fix gendisk handling It is invalid to call del_gendisk() when disk->queue is NULL. Fix error handling in axon_ram_probe() to avoid doing that. Also del_gendisk() does not drop a reference to gendisk allocated by alloc_disk(). That has to be done by put_disk(). Add that call where needed. Reported-by: Dan Carpenter Signed-off-by: Jan Kara Signed-off-by: Jens Axboe arch/powerpc/sysdev/axonram.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 79bd99596b7305ab08109a8bf44a6a4511dbf1cd Author: NeilBrown Date: Wed Mar 8 07:38:05 2017 +1100 blk: improve order of bio handling in generic_make_request() To avoid recursion on the kernel stack when stacked block devices are in use, generic_make_request() will, when called recursively, queue new requests for later handling. They will be handled when the make_request_fn for the current bio completes. If any bios are submitted by a make_request_fn, these will ultimately be handled seqeuntially. If the handling of one of those generates further requests, they will be added to the end of the queue. This strict first-in-first-out behaviour can lead to deadlocks in various ways, normally because a request might need to wait for a previous request to the same device to complete. This can happen when they share a mempool, and can happen due to interdependencies particular to the device. Both md and dm have examples where this happens. These deadlocks can be erradicated by more selective ordering of bios. Specifically by handling them in depth-first order. That is: when the handling of one bio generates one or more further bios, they are handled immediately after the parent, before any siblings of the parent. That way, when generic_make_request() calls make_request_fn for some particular device, we can be certain that all previously submited requests for that device have been completely handled and are not waiting for anything in the queue of requests maintained in generic_make_request(). An easy way to achieve this would be to use a last-in-first-out stack instead of a queue. However this will change the order of consecutive bios submitted by a make_request_fn, which could have unexpected consequences. Instead we take a slightly more complex approach. A fresh queue is created for each call to a make_request_fn. After it completes, any bios for a different device are placed on the front of the main queue, followed by any bios for the same device, followed by all bios that were already on the queue before the make_request_fn was called. This provides the depth-first approach without reordering bios on the same level. This, by itself, it not enough to remove all deadlocks. It just makes it possible for drivers to take the extra step required themselves. To avoid deadlocks, drivers must never risk waiting for a request after submitting one to generic_make_request. This includes never allocing from a mempool twice in the one call to a make_request_fn. A common pattern in drivers is to call bio_split() in a loop, handling the first part and then looping around to possibly split the next part. Instead, a driver that finds it needs to split a bio should queue (with generic_make_request) the second part, handle the first part, and then return. The new code in generic_make_request will ensure the requests to underlying bios are processed first, then the second bio that was split off. If it splits again, the same process happens. In each case one bio will be completely handled before the next one is attempted. With this is place, it should be possible to disable the punt_bios_to_recover() recovery thread for many block devices, and eventually it may be possible to remove it completely. Ref: http://www.spinics.net/lists/raid/msg54680.html Tested-by: Jinpu Wang Inspired-by: Lars Ellenberg Signed-off-by: NeilBrown Signed-off-by: Jens Axboe block/blk-core.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) commit c01228db4ba965986511a5b28c478bddd7e2726e Author: Jan Kara Date: Wed Mar 8 17:48:34 2017 +0100 Revert "scsi, block: fix duplicate bdi name registration crashes" This reverts commit 0dba1314d4f81115dce711292ec7981d17231064. It causes leaking of device numbers for SCSI when SCSI registers multiple gendisks for one request_queue in succession. It can be easily reproduced using Omar's script [1] on kernel with CONFIG_DEBUG_TEST_DRIVER_REMOVE. Furthermore the protection provided by this commit is not needed anymore as the problem it was fixing got also fixed by commit 165a5e22fafb "block: Move bdi_unregister() to del_gendisk()". [1]: http://marc.info/?l=linux-block&m=148554717109098&w=2 Signed-off-by: Jan Kara Acked-by: Dan Williams Tested-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-core.c | 2 -- block/genhd.c | 21 --------------------- drivers/scsi/sd.c | 41 ++++++++--------------------------------- include/linux/blkdev.h | 1 - include/linux/genhd.h | 8 -------- 5 files changed, 8 insertions(+), 65 deletions(-) commit 90f16fddcc2802726142b8386c65ccb89f044613 Author: Jan Kara Date: Wed Mar 8 17:48:33 2017 +0100 block: Make del_gendisk() safer for disks without queues Commit 165a5e22fafb "block: Move bdi_unregister() to del_gendisk()" added disk->queue dereference to del_gendisk(). Although del_gendisk() is not supposed to be called without disk->queue valid and blk_unregister_queue() warns in that case, this change will make it oops instead. Return to the old more robust behavior of just warning when del_gendisk() gets called for gendisk with disk->queue being NULL. Reported-by: Dan Carpenter Signed-off-by: Jan Kara Tested-by: Omar Sandoval Signed-off-by: Jens Axboe block/genhd.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) commit df23de55615fa7a190a85f49a950ccecdd9102f3 Author: Jan Kara Date: Wed Mar 8 17:48:32 2017 +0100 bdi: Fix use-after-free in wb_congested_put() bdi_writeback_congested structures get created for each blkcg and bdi regardless whether bdi is registered or not. When they are created in unregistered bdi and the request queue (and thus bdi) is then destroyed while blkg still holds reference to bdi_writeback_congested structure, this structure will be referencing freed bdi and last wb_congested_put() will try to remove the structure from already freed bdi. With commit 165a5e22fafb "block: Move bdi_unregister() to del_gendisk()", SCSI started to destroy bdis without calling bdi_unregister() first (previously it was calling bdi_unregister() even for unregistered bdis) and thus the code detaching bdi_writeback_congested in cgwb_bdi_destroy() was not triggered and we started hitting this use-after-free bug. It is enough to boot a KVM instance with virtio-scsi device to trigger this behavior. Fix the problem by detaching bdi_writeback_congested structures in bdi_exit() instead of bdi_unregister(). This is also more logical as they can get attached to bdi regardless whether it ever got registered or not. Fixes: 165a5e22fafb127ecb5914e12e8c32a1f0d3f820 Signed-off-by: Jan Kara Tested-by: Omar Sandoval Signed-off-by: Jens Axboe mm/backing-dev.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) commit b6f8fec4448aa52a8c36a392aa1ca2ea99acd460 Author: Jan Kara Date: Wed Mar 8 17:48:31 2017 +0100 block: Allow bdi re-registration SCSI can call device_add_disk() several times for one request queue when a device in unbound and bound, creating new gendisk each time. This will lead to bdi being repeatedly registered and unregistered. This was not a big problem until commit 165a5e22fafb "block: Move bdi_unregister() to del_gendisk()" since bdi was only registered repeatedly (bdi_register() handles repeated calls fine, only we ended up leaking reference to gendisk due to overwriting bdi->owner) but unregistered only in blk_cleanup_queue() which didn't get called repeatedly. After 165a5e22fafb we were doing correct bdi_register() - bdi_unregister() cycles however bdi_unregister() is not prepared for it. So make sure bdi_unregister() cleans up bdi in such a way that it is prepared for a possible following bdi_register() call. An easy way to provoke this behavior is to enable CONFIG_DEBUG_TEST_DRIVER_REMOVE and use scsi_debug driver to create a scsi disk which immediately hangs without this fix. Fixes: 165a5e22fafb127ecb5914e12e8c32a1f0d3f820 Signed-off-by: Jan Kara Tested-by: Omar Sandoval Signed-off-by: Jens Axboe mm/backing-dev.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 568af6de058cb2b0c5b98d98ffcf37cdc6bc38a7 Author: Pablo Neira Ayuso Date: Sat Mar 4 19:53:47 2017 +0100 netfilter: nf_tables: set pktinfo->thoff at AH header if found Phil Sutter reports that IPv6 AH header matching is broken. From userspace, nft generates bytecode that expects to find the AH header at NFT_PAYLOAD_TRANSPORT_HEADER both for IPv4 and IPv6. However, pktinfo->thoff is set to the inner header after the AH header in IPv6, while in IPv4 pktinfo->thoff points to the AH header indeed. This behaviour is inconsistent. This patch fixes this problem by updating ipv6_find_hdr() to get the IP6_FH_F_AUTH flag so this function stops at the AH header, so both IPv4 and IPv6 pktinfo->thoff point to the AH header. This is also inconsistent when trying to match encapsulated headers: 1) A packet that looks like IPv4 + AH + TCP dport 22 will *not* match. 2) A packet that looks like IPv6 + AH + TCP dport 22 will match. Reported-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables_ipv6.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit ab809fd81fde3d416f8656d8f814a0777fb9b65e Author: Zhangfei Gao Date: Tue Dec 27 22:22:40 2016 +0800 i2c: designware: add reset interface Some platforms like hi3660 need do reset first to allow accessing registers Signed-off-by: Zhangfei Gao Reviewed-by: Andy Shevchenko Tested-by: Ramiro Oliveira Acked-by: Jarkko Nikula Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-designware-core.h | 1 + drivers/i2c/busses/i2c-designware-platdrv.c | 28 ++++++++++++++++++++++++---- 2 files changed, 25 insertions(+), 4 deletions(-) commit 3b0277f198ac928f323c42e180680d2f79aa980d Author: Heiner Kallweit Date: Tue Mar 7 21:06:38 2017 +0100 i2c: meson: fix wrong variable usage in meson_i2c_put_data Most likely a copy & paste error. Signed-off-by: Heiner Kallweit Acked-by: Jerome Brunet Signed-off-by: Wolfram Sang Fixes: 30021e3707a7 ("i2c: add support for Amlogic Meson I2C controller") drivers/i2c/busses/i2c-meson.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b0c1e95ab44feaad8831f2c06a3473c974003b49 Author: Dmitry Torokhov Date: Tue Feb 28 11:10:51 2017 -0800 i2c: copy device properties when using i2c_register_board_info() This will allow marking device property lists as __initdata, the same as board info structures themselves. Signed-off-by: Dmitry Torokhov Signed-off-by: Wolfram Sang drivers/i2c/i2c-boardinfo.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 8e05ba7f848475bdc3aa546cf88418f7e51a6671 Author: Ying Xue Date: Sat Mar 4 18:00:02 2017 +0800 netfilter: nf_nat_sctp: fix ICMP packet to be dropped accidently Regarding RFC 792, the first 64 bits of the original SCTP datagram's data could be contained in ICMP packet, such as: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | unused | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Internet Header + 64 bits of Original Data Datagram | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ However, according to RFC 4960, SCTP datagram header is as below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port Number | Destination Port Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Verification Tag | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ It means only the first three fields of SCTP header can be carried in ICMP packet except for Checksum field. At present in sctp_manip_pkt(), no matter whether the packet is ICMP or not, it always calculates SCTP packet checksum. However, not only the calculation of checksum is unnecessary for ICMP, but also it causes another fatal issue that ICMP packet is dropped. The header size of SCTP is used to identify whether the writeable length of skb is bigger than skb->len through skb_make_writable() in sctp_manip_pkt(). But when it deals with ICMP packet, skb_make_writable() directly returns false as the writeable length of skb is bigger than skb->len. Subsequently ICMP is dropped. Now we correct this misbahavior. When sctp_manip_pkt() handles ICMP packet, 8 bytes rather than the whole SCTP header size is used to check if writeable length of skb is overflowed. Meanwhile, as it's meaningless to calculate checksum when packet is ICMP, the computation of checksum is ignored as well. Signed-off-by: Ying Xue Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_nat_proto_sctp.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 1945250d979203ed326b5a44fd705b6b2c46eec5 Author: Wolfram Sang Date: Mon Feb 27 20:25:05 2017 +0100 i2c: m65xx: drop superfluous quirk structure All length fields in Linux I2C are u16, so a HW length limitation of 16 bit lengths is not a limitation. Remove the quirk structure. Tested-by: Jun Gao Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-mt65xx.c | 9 --------- 1 file changed, 9 deletions(-) commit 7b4fdf77a450ec0fdcb2f677b080ddbf2c186544 Author: Florian Westphal Date: Fri Mar 3 21:44:00 2017 +0100 netfilter: don't track fragmented packets Andrey reports syzkaller splat caused by NF_CT_ASSERT(!ip_is_fragment(ip_hdr(skb))); in ipv4 nat. But this assertion (and the comment) are wrong, this function does see fragments when IP_NODEFRAG setsockopt is used. As conntrack doesn't track packets without complete l4 header, only the first fragment is tracked. Because applying nat to first packet but not the rest makes no sense this also turns off tracking of all fragments. Reported-by: Andrey Konovalov Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 ++++ net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 5 ----- 2 files changed, 4 insertions(+), 5 deletions(-) commit 2de3ec4f1d4ba6ee380478055104eb918bd50cce Author: Jaedon Shin Date: Fri Mar 3 10:55:03 2017 +0900 i2c: brcmstb: Fix START and STOP conditions The BSC data buffers to send and receive data are each of size 32 bytes or 8 bytes 'xfersz' depending on SoC. The problem observed for all the combined message transfer was if length of data transfer was a multiple of 'xfersz' a repeated START was being transmitted by BSC driver. Fixed this by appropriately setting START/STOP conditions for such transfers. Fixes: dd1aa2524bc5 ("i2c: brcmstb: Add Broadcom settop SoC i2c controller driver") Signed-off-by: Jaedon Shin Acked-by: Kamal Dasu Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-brcmstb.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) commit 02dbfa5e5583523035f05636c614a0eca77f1aab Author: Qi Hou Date: Fri Mar 3 15:57:11 2017 +0800 i2c: add missing of_node_put in i2c_mux_del_adapters Refcount of of_node is increased with of_node_get() in i2c_mux_add_adapter(). It must be decreased with of_node_put() in i2c_mux_del_adapters(). Signe-off-by: Qi Hou Reviewed-by: Zhang Xiao Acked-by: Peter Rosin Signed-off-by: Wolfram Sang drivers/i2c/i2c-mux.c | 2 ++ 1 file changed, 2 insertions(+) commit b0bfdfc2bf7fa85317824c6a389fc373dfcef5bc Author: Jon Derrick Date: Mon Mar 6 08:41:04 2017 -0700 block/sed: Fix opal user range check and unused variables Fixes check that the opal user is within the range, and cleans up unused method variables. Signed-off-by: Jon Derrick Reviewed-by: Scott Bauer Signed-off-by: Jens Axboe block/sed-opal.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit 0bc315381fe9ed9fb91db8b0e82171b645ac008f Author: Johannes Thumshirn Date: Mon Mar 6 11:23:35 2017 +0100 zram: set physical queue limits to avoid array out of bounds accesses zram can handle at most SECTORS_PER_PAGE sectors in a bio's bvec. When using the NVMe over Fabrics loopback target which potentially sends a huge bulk of pages attached to the bio's bvec this results in a kernel panic because of array out of bounds accesses in zram_decompress_page(). Signed-off-by: Johannes Thumshirn Reviewed-by: Hannes Reinecke Reviewed-by: Sergey Senozhatsky Signed-off-by: Jens Axboe drivers/block/zram/zram_drv.c | 2 ++ 1 file changed, 2 insertions(+) commit 01388df37627d2e89f0b835377c0eb39d81f671c Author: Ming Lei Date: Wed Feb 22 18:14:02 2017 +0800 blk-mq: free hctx->cpumask in release handler of hctx's kobject It is obviously that hctx->cpumask is per hctx, and both share same lifetime, so this patch moves freeing of hctx->cpumask into release handler of hctx's kobject. Signed-off-by: Ming Lei Tested-by: Peter Zijlstra (Intel) Signed-off-by: Jens Axboe block/blk-mq-sysfs.c | 1 + block/blk-mq.c | 12 ------------ 2 files changed, 1 insertion(+), 12 deletions(-) commit 6c8b232efea1ad3d263ff8b9c16b7e8767a77488 Author: Ming Lei Date: Wed Feb 22 18:14:01 2017 +0800 blk-mq: make lifetime consistent between hctx and its kobject This patch removes kobject_put() over hctx in __blk_mq_unregister_dev(), and trys to keep lifetime consistent between hctx and hctx's kobject. Now blk_mq_sysfs_register() and blk_mq_sysfs_unregister() become totally symmetrical, and kobject's refcounter drops to zero just when the hctx is freed. Signed-off-by: Ming Lei Tested-by: Peter Zijlstra (Intel) Signed-off-by: Jens Axboe block/blk-mq-sysfs.c | 15 ++++++++++----- block/blk-mq.c | 5 +---- 2 files changed, 11 insertions(+), 9 deletions(-) commit 7ea5fe31c12dd8bcf4a9c5a4a7e8e23826a9a3b8 Author: Ming Lei Date: Wed Feb 22 18:14:00 2017 +0800 blk-mq: make lifetime consitent between q/ctx and its kobject Currently from kobject view, both q->mq_kobj and ctx->kobj can be released during one cycle of blk_mq_register_dev() and blk_mq_unregister_dev(). Actually, sw queue's lifetime is same with its request queue's, which is covered by request_queue->kobj. So we don't need to call kobject_put() for the two kinds of kobject in __blk_mq_unregister_dev(), instead we do that in release handler of request queue. Signed-off-by: Ming Lei Tested-by: Peter Zijlstra (Intel) Signed-off-by: Jens Axboe block/blk-mq-sysfs.c | 20 +++++++++++++------- block/blk-mq.c | 7 ++++++- block/blk-mq.h | 1 + 3 files changed, 20 insertions(+), 8 deletions(-) commit 737f98cfe7de8df7433a4d846850aa8efa44bd48 Author: Ming Lei Date: Wed Feb 22 18:13:59 2017 +0800 blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() Both q->mq_kobj and sw queues' kobjects should have been initialized once, instead of doing that each add_disk context. Also this patch removes clearing of ctx in blk_mq_init_cpu_queues() because percpu allocator fills zero to allocated variable. This patch fixes one issue[1] reported from Omar. [1] kernel wearning when doing unbind/bind on one scsi-mq device [ 19.347924] kobject (ffff8800791ea0b8): tried to init an initialized object, something is seriously wrong. [ 19.349781] CPU: 1 PID: 84 Comm: kworker/u8:1 Not tainted 4.10.0-rc7-00210-g53f39eeaa263 #34 [ 19.350686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-20161122_114906-anatol 04/01/2014 [ 19.350920] Workqueue: events_unbound async_run_entry_fn [ 19.350920] Call Trace: [ 19.350920] dump_stack+0x63/0x83 [ 19.350920] kobject_init+0x77/0x90 [ 19.350920] blk_mq_register_dev+0x40/0x130 [ 19.350920] blk_register_queue+0xb6/0x190 [ 19.350920] device_add_disk+0x1ec/0x4b0 [ 19.350920] sd_probe_async+0x10d/0x1c0 [sd_mod] [ 19.350920] async_run_entry_fn+0x48/0x150 [ 19.350920] process_one_work+0x1d0/0x480 [ 19.350920] worker_thread+0x48/0x4e0 [ 19.350920] kthread+0x101/0x140 [ 19.350920] ? process_one_work+0x480/0x480 [ 19.350920] ? kthread_create_on_node+0x60/0x60 [ 19.350920] ret_from_fork+0x2c/0x40 Cc: Omar Sandoval Signed-off-by: Ming Lei Tested-by: Peter Zijlstra (Intel) Signed-off-by: Jens Axboe block/blk-mq-sysfs.c | 4 +--- block/blk-mq.c | 4 +++- block/blk-mq.h | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) commit 2501c1bb054290679baad0ff7f4f07c714251f4c Author: Chris Brandt Date: Mon Mar 6 15:20:51 2017 -0500 i2c: riic: fix restart condition While modifying the driver to use the STOP interrupt, the completion of the intermediate transfers need to wake the driver back up in order to initiate the next transfer (restart condition). Otherwise you get never ending interrupts and only the first transfer sent. Fixes: 71ccea095ea1 ("i2c: riic: correctly finish transfers") Reported-by: Simon Horman Signed-off-by: Chris Brandt Tested-by: Simon Horman Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-riic.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit f7c6401ff84ab8ffffc281a29aa0a787f7eb346e Author: Steven Rostedt (VMware) Date: Wed Mar 8 10:36:59 2017 -0500 ktest: Make sure wait_for_input does honor the timeout The function wait_for_input takes in a timeout, and even has a default timeout. But if for some reason the STDIN descriptor keeps sending in data, the function will never time out. The timout is to wait for the data from the passed in file descriptor, not for STDIN. Adding a test in the case where there's no data from the passed in file descriptor that checks to see if the timeout passed, will ensure that it will timeout properly even if there's input in STDIN. Signed-off-by: Steven Rostedt (VMware) tools/testing/ktest/ktest.pl | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) commit 99c014a87979c9244806685f3c3fc7767f79f645 Author: Steven Rostedt (VMware) Date: Wed Mar 8 10:16:17 2017 -0500 ktest: Fix while loop in wait_for_input The run_command function was changed to use the wait_for_input function to allow having a timeout if the command to run takes too much time. There was a bug in the wait_for_input where it could end up going into an infinite loop. There's two issues here. One is that the return value of the sysread wasn't used for the write (to write a proper size), and that it should continue processing the passed in file descriptor too even if there was input. There was no check for error, if for some reason STDIN returned an error, the function would go into an infinite loop and never exit. Reported-by: Greg Kroah-Hartman Tested-by: Greg Kroah-Hartman Fixes: 6e98d1b4415f ("ktest: Add timeout to ssh command") Signed-off-by: Steven Rostedt (VMware) tools/testing/ktest/ktest.pl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 8c76d7cd520ebffc1ea9ea0850d87a224a50c7f2 Author: Johan Hovold Date: Mon Mar 6 17:36:41 2017 +0100 USB: serial: safe_serial: fix information leak in completion handler Add missing sanity check to the bulk-in completion handler to avoid an integer underflow that could be triggered by a malicious device. This avoids leaking up to 56 bytes from after the URB transfer buffer to user space. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/safe_serial.c | 5 +++++ 1 file changed, 5 insertions(+) commit 654b404f2a222f918af9b0cd18ad469d0c941a8e Author: Johan Hovold Date: Mon Mar 6 17:36:40 2017 +0100 USB: serial: io_ti: fix information leak in completion handler Add missing sanity check to the bulk-in completion handler to avoid an integer underflow that can be triggered by a malicious device. This avoids leaking 128 kB of memory content from after the URB transfer buffer to user space. Fixes: 8c209e6782ca ("USB: make actual_length in struct urb field u32") Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable # 2.6.30 Signed-off-by: Johan Hovold drivers/usb/serial/io_ti.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 367ec1706745912702c187722065285cd4d2aee7 Author: Johan Hovold Date: Mon Mar 6 17:36:39 2017 +0100 USB: serial: omninet: drop open callback Remove the now redundant open callback and let core call the generic handler for us instead. Signed-off-by: Johan Hovold drivers/usb/serial/omninet.c | 7 ------- 1 file changed, 7 deletions(-) commit 30572418b445d85fcfe6c8fe84c947d2606767d8 Author: Johan Hovold Date: Mon Mar 6 17:36:38 2017 +0100 USB: serial: omninet: fix reference leaks at open This driver needlessly took another reference to the tty on open, a reference which was then never released on close. This lead to not just a leak of the tty, but also a driver reference leak that prevented the driver from being unloaded after a port had once been opened. Fixes: 4a90f09b20f4 ("tty: usb-serial krefs") Cc: stable # 2.6.28 Signed-off-by: Johan Hovold drivers/usb/serial/omninet.c | 6 ------ 1 file changed, 6 deletions(-) commit 0b1d250afb8eb9d65afb568bac9b9f9253a82b49 Author: Johan Hovold Date: Mon Mar 6 17:36:37 2017 +0100 USB: serial: io_ti: fix NULL-deref in interrupt callback Fix a NULL-pointer dereference in the interrupt callback should a malicious device send data containing a bad port number by adding the missing sanity check. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/io_ti.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 09b50c3703cc354100fe36202ef5e52ee128b904 Author: Bard Liao Date: Wed Mar 8 19:05:32 2017 +0800 ASoC: rt5665: CLKDET is also a power of ASRC We need to power on CLKDET to use ASRC function. Signed-off-by: Bard Liao Signed-off-by: Mark Brown sound/soc/codecs/rt5665.c | 3 +++ 1 file changed, 3 insertions(+) commit 8f365313beb20742b68cb29a7d1ca6b27c036d81 Author: Bard Liao Date: Wed Mar 8 19:05:31 2017 +0800 ASoC: rt5665: Vref3 is necessary for Mono Amp Vref3 is necessary for Mono Amp. So add it to dapm routes Signed-off-by: Bard Liao Signed-off-by: Mark Brown sound/soc/codecs/rt5665.c | 1 + 1 file changed, 1 insertion(+) commit 593dd5d9fb66c0345cef5fc8caf4199bb6d4e093 Author: Bard Liao Date: Wed Mar 8 19:05:29 2017 +0800 ASoC: rt5665: increase LDO level Too low LDO level will cause a few functions unstable. Signed-off-by: Bard Liao Signed-off-by: Mark Brown sound/soc/codecs/rt5665.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f1994a9c0930de4b2244816e62120cad08283cdc Author: Bard Liao Date: Wed Mar 8 19:03:10 2017 +0800 ASoC: rt5665: fix getting wrong work handler container We got rt5665 private data from wrong work. It will result in kernel panic. Signed-off-by: Bard Liao Signed-off-by: Mark Brown Cc: stable@vger.kernel.org sound/soc/codecs/rt5665.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 35b2719e72d375f3e32c819858165668d948d5f2 Author: Felipe Balbi Date: Wed Mar 8 13:56:37 2017 +0200 usb: dwc3: gadget: make to increment req->remaining in all cases Sometimes, we might get a completion for a TRB which is left with HWO bit. Even in these cases, we should increment req->remaining to properly report total transferred size. I noticed this while debuggin a separate problem seen with MSC tests from USBCV. Sometimes we would erroneously report a completion for a 512-byte transfer when, in reality, we transferred 0 bytes. Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 12aff99723901bcc0e2a6a34343a4f62c371fdd9 Author: Fabio Estevam Date: Tue Feb 7 17:14:14 2017 -0200 ARM: dts: imx6sx-udoo-neo: Fix reboot hang After issuing a 'reboot' command the imx6sx-udoo-neo board does not reboot as expected and it just hangs instead. In mainline kernel only LDO enabled mode is supported. Do not provide arm-supply/soc-supply nodes in the device tree, so that the board operates in LDO enabled mode and can then successfully reboot via watchdog. Fixes: 76e691fc7653b85d39 ("ARM: dts: imx6sx: Add UDOO Neo support") Signed-off-by: Fabio Estevam Tested-by: Breno Lima Signed-off-by: Shawn Guo arch/arm/boot/dts/imx6sx-udoo-neo.dtsi | 5 ----- 1 file changed, 5 deletions(-) commit 9cb74b5e134c9f133001dd1585deef5353cd85f1 Author: James Hogan Date: Sat Mar 4 00:41:25 2017 +0000 MIPS: Wire up statx system call Wire up the statx system call for MIPS, which was introduced in commit a528d35e8bfc ("statx: Add a system call to make enhanced file info available"). Signed-off-by: James Hogan Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15387/ Signed-off-by: Ralf Baechle arch/mips/include/uapi/asm/unistd.h | 15 +++++++++------ arch/mips/kernel/scall32-o32.S | 1 + arch/mips/kernel/scall64-64.S | 1 + arch/mips/kernel/scall64-n32.S | 1 + arch/mips/kernel/scall64-o32.S | 1 + 5 files changed, 13 insertions(+), 6 deletions(-) commit 0c7e2bc87ea6c2eb6f369998f74a0278e64863e4 Author: James Hogan Date: Sat Mar 4 00:32:03 2017 +0000 MIPS: Include asm/ptrace.h now linux/sched.h doesn't Use of the task_pt_regs() based macros in MIPS' asm/processor.h for accessing the user context on the kernel stack need the definition of struct pt_regs from asm/ptrace.h. __own_fpu() in asm/fpu.h uses these macros but implicitly depended on linux/sched.h to include asm/ptrace.h. Since commit f780d89a0e82 ("sched/headers: Remove from ") however linux/sched.h no longer includes asm/ptrace.h, so include it explicitly from asm/fpu.h where it is needed instead. This fixes build errors such as: ./arch/mips/include/asm/fpu.h: In function '__own_fpu': ./arch/mips/include/asm/processor.h:385:31: error: invalid application of 'sizeof' to incomplete type 'struct pt_regs' THREAD_SIZE - 32 - sizeof(struct pt_regs)) ^ Fixes: f780d89a0e82 ("sched/headers: Remove from ") Signed-off-by: James Hogan Acked-by: Ingo Molnar Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15386/ Signed-off-by: Ralf Baechle arch/mips/include/asm/fpu.h | 1 + 1 file changed, 1 insertion(+) commit 7c5a3d813050ee235817b0220dd8c42359a9efd8 Author: John Crispin Date: Sat Feb 25 11:54:23 2017 +0100 MIPS: ralink: Fix typos in rt3883 pinctrl There are two copy & paste errors in the definition of the 5GHz LNA and second ethernet pinmux. Fixes: f576fb6a0700 ("MIPS: ralink: cleanup the soc specific pinmux data") Signed-off-by: John Crispin Signed-off-by: Daniel Golle Cc: linux-mips@linux-mips.org Cc: # 3.19.x- Patchwork: https://patchwork.linux-mips.org/patch/15328/ Signed-off-by: James Hogan arch/mips/ralink/rt3883.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 70647f9163aa4fc7090b0d6795d026ebe3897928 Merge: 77e14ae 627c845 Author: Jani Nikula Date: Wed Mar 8 12:21:40 2017 +0200 Merge tag 'gvt-fixes-2017-03-08' of https://github.com/01org/gvt-linux into drm-intel-fixes gvt-fixes-2017-03-08 - MMIO cmd access flag cleanup - Virtual display fixes from Weinan and Bing - config space reset fix from Changbin - better workload submission error path fix from Chuanxiao - other misc fixes Signed-off-by: Jani Nikula commit 4b5347a24a0f2d3272032c120664b484478455de Author: Paul Burton Date: Thu Feb 23 14:50:24 2017 +0000 MIPS: End spinlocks with .insn When building for microMIPS we need to ensure that the assembler always knows that there is code at the target of a branch or jump. Recent toolchains will fail to link a microMIPS kernel when this isn't the case due to what it thinks is a branch to non-microMIPS code. mips-mti-linux-gnu-ld kernel/built-in.o: .spinlock.text+0x2fc: Unsupported branch between ISA modes. mips-mti-linux-gnu-ld final link failed: Bad value This is due to inline assembly labels in spinlock.h not being followed by an instruction mnemonic, either due to a .subsection pseudo-op or the end of the inline asm block. Fix this with a .insn direction after such labels. Signed-off-by: Paul Burton Signed-off-by: James Hogan Reviewed-by: Maciej W. Rozycki Cc: Ralf Baechle Cc: Peter Zijlstra Cc: Ingo Molnar Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: Patchwork: https://patchwork.linux-mips.org/patch/15325/ Signed-off-by: James Hogan arch/mips/include/asm/spinlock.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 2e6c7747730296a6d4fd700894286db1132598c4 Author: James Hogan Date: Thu Feb 16 12:39:01 2017 +0000 MIPS: Force o32 fp64 support on 32bit MIPS64r6 kernels When a 32-bit kernel is configured to support MIPS64r6 (CPU_MIPS64_R6), MIPS_O32_FP64_SUPPORT won't be selected as it should be because MIPS32_O32 is disabled (o32 is already the default ABI available on 32-bit kernels). This results in userland FP breakage as CP0_Status.FR is read-only 1 since r6 (when an FPU is present) so __enable_fpu() will fail to clear FR. This causes the FPU emulator to get used which will incorrectly emulate 32-bit FPU registers. Force o32 fp64 support in this case by also selecting MIPS_O32_FP64_SUPPORT from CPU_MIPS64_R6 if 32BIT. Fixes: 4e9d324d4288 ("MIPS: Require O32 FP64 support for MIPS64 with O32 compat") Signed-off-by: James Hogan Reviewed-by: Paul Burton Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: # 4.0.x- Patchwork: https://patchwork.linux-mips.org/patch/15310/ Signed-off-by: James Hogan arch/mips/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 77e14ae6d785b436be4961b5f5dff80490e35227 Merge: c1ae3cf d1a513b Author: Jani Nikula Date: Wed Mar 8 11:42:23 2017 +0200 Merge tag 'gvt-next-2017-02-24' of https://github.com/01org/gvt-linux into drm-intel-fixes gvt-next-2017-02-24 - Min's vGPU failsafe to guard against non-secured guest - Some guest warning fix and host error message cleanup - Fixed vGPU type refinement for usability issue - environ string fix from Takashi Iwai - one kernel oops fix from Chuanxiao - other misc fixes Signed-off-by: Jani Nikula commit fc69910f329d61821897871e0e957eda39beb3d8 Author: Arnd Bergmann Date: Wed Mar 8 08:29:31 2017 +0100 MIPS: Add missing include files After the split of linux/sched.h, several platforms in arch/mips stopped building. Add the respective additional #include statements to fix the problem I first tried adding these into asm/processor.h, but ran into circular header dependencies with that which I could not figure out. The commit I listed as causing the problem is the branch merge, as there is likely a combination of multiple patches in that branch. Signed-off-by: Arnd Bergmann Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-mips@linux-mips.org Cc: ralf@linux-mips.org Fixes: 1827adb11ad2 ("Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") Link: http://lkml.kernel.org/r/20170308072931.3836696-1-arnd@arndb.de Signed-off-by: Ingo Molnar arch/mips/cavium-octeon/cpu.c | 2 ++ arch/mips/cavium-octeon/crypto/octeon-crypto.c | 1 + arch/mips/cavium-octeon/smp.c | 1 + arch/mips/include/asm/fpu.h | 1 + arch/mips/kernel/smp-bmips.c | 1 + arch/mips/kernel/smp-mt.c | 1 + arch/mips/loongson64/loongson-3/cop2-ex.c | 1 + arch/mips/netlogic/common/smp.c | 1 + arch/mips/netlogic/xlp/cop2-ex.c | 3 +++ arch/mips/sgi-ip22/ip28-berr.c | 1 + arch/mips/sgi-ip27/ip27-berr.c | 2 ++ arch/mips/sgi-ip27/ip27-smp.c | 3 +++ arch/mips/sgi-ip32/ip32-berr.c | 1 + arch/mips/sgi-ip32/ip32-reset.c | 1 + 14 files changed, 20 insertions(+) commit 69eb1596b4df8ca834ba6f9a3df40f78943f6dca Author: Arnd Bergmann Date: Fri Feb 17 15:32:23 2017 +0100 staging: octeon: remove unused variable A cleanup patch left one local variable without a reference: drivers/staging/octeon/ethernet-rx.c:339:28: warning: unused variable 'priv' [-Wunused-variable] This removes the declaration too. Fixes: 66812da3a689 ("staging: octeon: Use net_device_stats from struct net_device") Signed-off-by: Arnd Bergmann Signed-off-by: Greg Kroah-Hartman drivers/staging/octeon/ethernet-rx.c | 1 - 1 file changed, 1 deletion(-) commit 13603685c1f12c67a7a2427f00b63f39a2b6f7c9 Author: Max Lohrmann Date: Tue Mar 7 22:09:56 2017 -0800 target: Fix VERIFY_16 handling in sbc_parse_cdb As reported by Max, the Windows 2008 R2 chkdsk utility expects VERIFY_16 to be supported, and does not handle the returned CHECK_CONDITION properly, resulting in an infinite loop. The kernel will log huge amounts of this error: kernel: TARGET_CORE[iSCSI]: Unsupported SCSI Opcode 0x8f, sending CHECK_CONDITION. Signed-off-by: Max Lohrmann Cc: Signed-off-by: Nicholas Bellinger drivers/target/target_core_sbc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit a04e54f2c35823ca32d56afcd5cea5b783e2f51a Author: Nicholas Bellinger Date: Thu Nov 3 23:06:53 2016 -0700 target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export The following fixes a divide by zero OOPs with TYPE_TAPE due to pscsi_tape_read_blocksize() failing causing a zero sd->sector_size being propigated up via dev_attrib.hw_block_size. It also fixes another long-standing bug where TYPE_TAPE and TYPE_MEDIMUM_CHANGER where using pscsi_create_type_other(), which does not call scsi_device_get() to take the device reference. Instead, rename pscsi_create_type_rom() to pscsi_create_type_nondisk() and use it for all cases. Finally, also drop a dump_stack() in pscsi_get_blocks() for non TYPE_DISK, which in modern target-core can get invoked via target_sense_desc_format() during CHECK_CONDITION. Reported-by: Malcolm Haak Cc: Signed-off-by: Nicholas Bellinger drivers/target/target_core_pscsi.c | 47 ++++++++++---------------------------- 1 file changed, 12 insertions(+), 35 deletions(-) commit b985735be7afea3a5e0570ce2ea0b662c0e12e19 Author: Thomas Petazzoni Date: Tue Mar 7 15:14:48 2017 +0100 hwrng: omap - Do not access INTMASK_REG on EIP76 The INTMASK_REG register does not exist on EIP76. Due to this, the call: omap_rng_write(priv, RNG_INTMASK_REG, RNG_SHUTDOWN_OFLO_MASK); ends up, through the reg_map_eip76[] array, in accessing the register at offset 0, which is the RNG_OUTPUT_0_REG. This by itself doesn't cause any problem, but clearly doesn't enable the interrupt as it was expected. On EIP76, the register that allows to enable the interrupt is RNG_CONTROL_REG. And just like RNG_INTMASK_REG, it's bit 1 of this register that allows to enable the shutdown_oflo interrupt. Fixes: 383212425c926 ("hwrng: omap - Add device variant for SafeXcel IP-76 found in Armada 8K") Cc: Signed-off-by: Thomas Petazzoni Signed-off-by: Herbert Xu drivers/char/hw_random/omap-rng.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 761c2510283066324cab7859930777ee34cbca78 Author: Thomas Petazzoni Date: Tue Mar 7 15:14:47 2017 +0100 hwrng: omap - use devm_clk_get() instead of of_clk_get() The omap-rng driver currently uses of_clk_get() to get a reference to the clock, but never releases that reference. This commit fixes that by using devm_clk_get() instead. Fixes: 383212425c926 ("hwrng: omap - Add device variant for SafeXcel IP-76 found in Armada 8K") Cc: Signed-off-by: Thomas Petazzoni Signed-off-by: Herbert Xu drivers/char/hw_random/omap-rng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 45c2fdde01299b02a6e3225e848598a3c1e55539 Author: Thomas Petazzoni Date: Tue Mar 7 15:14:46 2017 +0100 hwrng: omap - write registers after enabling the clock Commit 383212425c926 ("hwrng: omap - Add device variant for SafeXcel IP-76 found in Armada 8K") added support for the SafeXcel IP-76 variant of the IP. This modification included getting a reference and enabling a clock. Unfortunately, this was done *after* writing to the RNG_INTMASK_REG register. This generally works fine when the driver is built-in because the clock might have been left enabled by the bootloader, but fails short when the driver is built as a module: it causes a system hang because a register is being accessed while the clock is not enabled. This commit fixes that by making the register access *after* enabling the clock. This issue was found by the kernelci.org testing effort. Fixes: 383212425c926 ("hwrng: omap - Add device variant for SafeXcel IP-76 found in Armada 8K") Cc: Signed-off-by: Thomas Petazzoni Signed-off-by: Herbert Xu drivers/char/hw_random/omap-rng.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 07de4bc88ce6a4d898cad9aa4c99c1df7e87702d Author: Krzysztof Kozlowski Date: Sun Mar 5 19:14:07 2017 +0200 crypto: s5p-sss - Fix completing crypto request in IRQ handler In a regular interrupt handler driver was finishing the crypt/decrypt request by calling complete on crypto request. This is disallowed since converting to skcipher in commit b286d8b1a690 ("crypto: skcipher - Add skcipher walk interface") and causes a warning: WARNING: CPU: 0 PID: 0 at crypto/skcipher.c:430 skcipher_walk_first+0x13c/0x14c The interrupt is marked shared but in fact there are no other users sharing it. Thus the simplest solution seems to be to just use a threaded interrupt handler, after converting it to oneshot. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Herbert Xu drivers/crypto/s5p-sss.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit aa2be9b3d6d2d699e9ca7cbfc00867c80e5da213 Author: Daniel Axtens Date: Fri Mar 3 17:56:55 2017 +1100 crypto: powerpc - Fix initialisation of crc32c context Turning on crypto self-tests on a POWER8 shows: alg: hash: Test 1 failed for crc32c-vpmsum 00000000: ff ff ff ff Comparing the code with the Intel CRC32c implementation on which ours is based shows that we are doing an init with 0, not ~0 as CRC32c requires. This probably wasn't caught because btrfs does its own weird open-coded initialisation. Initialise our internal context to ~0 on init. This makes the self-tests pass, and btrfs continues to work. Fixes: 6dd7a82cc54e ("crypto: powerpc - Add POWER8 optimised crc32c") Cc: Anton Blanchard Cc: stable@vger.kernel.org Signed-off-by: Daniel Axtens Acked-by: Anton Blanchard Signed-off-by: Herbert Xu arch/powerpc/crypto/crc32c-vpmsum_glue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 08b005f1333154ae5b404ca28766e0ffb9f1c150 Author: Darrick J. Wong Date: Mon Mar 6 11:58:20 2017 -0800 xfs: remove kmem_zalloc_greedy The sole remaining caller of kmem_zalloc_greedy is bulkstat, which uses it to grab 1-4 pages for staging of inobt records. The infinite loop in the greedy allocation function is causing hangs[1] in generic/269, so just get rid of the greedy allocator in favor of kmem_zalloc_large. This makes bulkstat somewhat more likely to ENOMEM if there's really no pages to spare, but eliminates a source of hangs. [1] http://lkml.kernel.org/r/20170301044634.rgidgdqqiiwsmfpj%40XZHOUW.usersys.redhat.com Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig --- v2: remove single-page fallback fs/xfs/kmem.c | 18 ------------------ fs/xfs/kmem.h | 2 -- fs/xfs/xfs_itable.c | 6 ++---- 3 files changed, 2 insertions(+), 24 deletions(-) commit d5825712ee98d68a2c17bc89dad2c30276894cba Author: Chandan Rajendra Date: Thu Mar 2 15:06:33 2017 -0800 xfs: Use xfs_icluster_size_fsb() to calculate inode alignment mask When block size is larger than inode cluster size, the call to XFS_B_TO_FSBT(mp, mp->m_inode_cluster_size) returns 0. Also, mkfs.xfs would have set xfs_sb->sb_inoalignmt to 0. Hence in xfs_set_inoalignment(), xfs_mount->m_inoalign_mask gets initialized to -1 instead of 0. However, xfs_mount->m_sinoalign would get correctly intialized to 0 because for every positive value of xfs_mount->m_dalign, the condition "!(mp->m_dalign & mp->m_inoalign_mask)" would evaluate to false. Also, xfs_imap() worked fine even with xfs_mount->m_inoalign_mask having -1 as the value because blks_per_cluster variable would have the value 1 and hence we would never have a need to use xfs_mount->m_inoalign_mask to compute the inode chunk's agbno and offset within the chunk. Signed-off-by: Chandan Rajendra Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_mount.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 787eb485509f9d58962bd8b4dbc6a5ac6e2034fe Author: Christoph Hellwig Date: Thu Mar 2 15:02:51 2017 -0800 xfs: fix and streamline error handling in xfs_end_io There are two different cases of buffered I/O errors: - first we can have an already shutdown fs. In that case we should skip any on-disk operations and just clean up the appen transaction if present and destroy the ioend - a real I/O error. In that case we should cleanup any lingering COW blocks. This gets skipped in the current code and is fixed by this patch. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_aops.c | 59 +++++++++++++++++++++++++------------------------------ 1 file changed, 27 insertions(+), 32 deletions(-) commit 627c845c0907894a1e5cd2d90ff4fc86c9e4458e Author: Tina Zhang Date: Tue Mar 7 04:08:34 2017 -0500 drm/i915/gvt: change some gvt_err to gvt_dbg_cmd gvt_err should be used for dumping error message. This patch changes some gvt_err to gvt_dbg_cmd, as they are only debugging message, not errors. Signed-off-by: Tina Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cmd_parser.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 85e8a23936ab3442de0c42da97d53b29f004ece1 Author: Anton Blanchard Date: Mon Feb 13 08:49:20 2017 +1100 scsi: lpfc: Add shutdown method for kexec We see lpfc devices regularly fail during kexec. Fix this by adding a shutdown method which mirrors the remove method. Cc: Signed-off-by: Anton Blanchard Reviewed-by: Mauricio Faria de Oliveira Tested-by: Mauricio Faria de Oliveira Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_init.c | 1 + 1 file changed, 1 insertion(+) commit f1c635b439a5c01776fe3a25b1e2dc546ea82e6f Author: Stephen Hemminger Date: Tue Mar 7 09:15:53 2017 -0800 scsi: storvsc: Workaround for virtual DVD SCSI version Hyper-V host emulation of SCSI for virtual DVD device reports SCSI version 0 (UNKNOWN) but is still capable of supporting REPORTLUN. Without this patch, a GEN2 Linux guest on Hyper-V will not boot 4.11 successfully with virtual DVD ROM device. What happens is that the SCSI scan process falls back to doing sequential probing by INQUIRY. But the storvsc driver has a previous workaround that masks/blocks all errors reports from INQUIRY (or MODE_SENSE) commands. This workaround causes the scan to then populate a full set of bogus LUN's on the target and then sends kernel spinning off into a death spiral doing block reads on the non-existent LUNs. By setting the correct blacklist flags, the target with the DVD device is scanned with REPORTLUN and that works correctly. Patch needs to go in current 4.11, it is safe but not necessary in older kernels. Signed-off-by: Stephen Hemminger Reviewed-by: K. Y. Srinivasan Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/storvsc_drv.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) commit 3802a345321a08093ba2ddb1849e736f84e8d450 Author: Christoph Hellwig Date: Tue Mar 7 16:45:58 2017 -0800 xfs: only reclaim unwritten COW extents periodically We only want to reclaim preallocations from our periodic work item. Currently this is archived by looking for a dirty inode, but that check is rather fragile. Instead add a flag to xfs_reflink_cancel_cow_* so that the caller can ask for just cancelling unwritten extents in the COW fork. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong [darrick: fix typos in commit message] Signed-off-by: Darrick J. Wong fs/xfs/xfs_aops.c | 2 +- fs/xfs/xfs_icache.c | 2 +- fs/xfs/xfs_inode.c | 2 +- fs/xfs/xfs_reflink.c | 23 ++++++++++++++++------- fs/xfs/xfs_reflink.h | 4 ++-- fs/xfs/xfs_super.c | 2 +- 6 files changed, 22 insertions(+), 13 deletions(-) commit 97ee351b50a49717543533cfb85b4bf9d88c9680 Author: Michael Ellerman Date: Tue Mar 7 16:14:49 2017 +1100 powerpc/boot: Fix zImage TOC alignment Recent toolchains force the TOC to be 256 byte aligned. We need to enforce this alignment in the zImage linker script, otherwise pointers to our TOC variables (__toc_start) could be incorrect. If the actual start of the TOC and __toc_start don't have the same value we crash early in the zImage wrapper. Cc: stable@vger.kernel.org Suggested-by: Alan Modra Signed-off-by: Michael Ellerman arch/powerpc/boot/zImage.lds.S | 1 + 1 file changed, 1 insertion(+) commit e2a3a67302fbe2431fc6d7c313073da5b2b4c293 Merge: c1ae3cf eeb8108 Author: James Bottomley Date: Tue Mar 7 15:13:02 2017 -0800 Merge remote-tracking branch 'mkp-scsi/fixes' into fixes commit 8474c8caac7e06b50fa366022ecd109b955822cb Merge: 15e6680 e3dc847 Author: David S. Miller Date: Tue Mar 7 14:59:24 2017 -0800 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec Steffen Klassert says: ==================== pull request (net): ipsec 2017-03-06 1) Fix lockdep splat on xfrm policy subsystem initialization. From Florian Westphal. 2) When using socket policies on IPv4-mapped IPv6 addresses, we access the flow informations of the wrong address family what leads to an out of bounds access. Fix this by using the family we get with the dst_entry, like we do it for the standard policy lookup. 3) vti6 can report a PMTU below IPV6_MIN_MTU. Fix this by adding a check for that before sending a ICMPV6_PKT_TOOBIG message. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller commit 15e668070a64bb97f102ad9cf3bccbca0545cda8 Author: WANG Cong Date: Sun Mar 5 12:34:53 2017 -0800 ipv6: reorder icmpv6_init() and ip6_mr_init() Andrey reported the following kernel crash: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 14446 Comm: syz-executor6 Not tainted 4.10.0+ #82 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff88001f311700 task.stack: ffff88001f6e8000 RIP: 0010:ip6mr_sk_done+0x15a/0x3d0 net/ipv6/ip6mr.c:1618 RSP: 0018:ffff88001f6ef418 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 1ffff10003edde8c RCX: ffffc900043ee000 RDX: 0000000000000004 RSI: ffffffff83e3b3f8 RDI: 0000000000000020 RBP: ffff88001f6ef508 R08: fffffbfff0dcc5d8 R09: 0000000000000000 R10: ffffffff86e62ec0 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffff88001f6ef4e0 R15: ffff8800380a0040 FS: 00007f7a52cec700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000061c500 CR3: 000000001f1ae000 CR4: 00000000000006f0 DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: rawv6_close+0x4c/0x80 net/ipv6/raw.c:1217 inet_release+0xed/0x1c0 net/ipv4/af_inet.c:425 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:432 sock_release+0x8d/0x1e0 net/socket.c:597 __sock_create+0x39d/0x880 net/socket.c:1226 sock_create_kern+0x3f/0x50 net/socket.c:1243 inet_ctl_sock_create+0xbb/0x280 net/ipv4/af_inet.c:1526 icmpv6_sk_init+0x163/0x500 net/ipv6/icmp.c:954 ops_init+0x10a/0x550 net/core/net_namespace.c:115 setup_net+0x261/0x660 net/core/net_namespace.c:291 copy_net_ns+0x27e/0x540 net/core/net_namespace.c:396 9pnet_virtio: no channels available for device ./file1 create_new_namespaces+0x437/0x9b0 kernel/nsproxy.c:106 unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205 SYSC_unshare kernel/fork.c:2281 [inline] SyS_unshare+0x64e/0x1000 kernel/fork.c:2231 entry_SYSCALL_64_fastpath+0x1f/0xc2 This is because net->ipv6.mr6_tables is not initialized at that point, ip6mr_rules_init() is not called yet, therefore on the error path when we iterator the list, we trigger this oops. Fix this by reordering ip6mr_rules_init() before icmpv6_sk_init(). Reported-by: Andrey Konovalov Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/ipv6/af_inet6.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit ec3b93ae0bf4742e9cbb40e1964129926c1464e0 Merge: 8a91723 f285330 Author: Linus Torvalds Date: Tue Mar 7 14:47:24 2017 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes and minor updates all over the place: - an SGI/UV fix - a defconfig update - a build warning fix - move the boot_params file to the arch location in debugfs - a pkeys fix - selftests fix - boot message fixes - sparse fixes - a resume warning fix - ioapic hotplug fixes - reboot quirks ... plus various minor cleanups" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/build/x86_64_defconfig: Enable CONFIG_R8169 x86/reboot/quirks: Add ASUS EeeBook X205TA/W reboot quirk x86/hpet: Prevent might sleep splat on resume x86/boot: Correct setup_header.start_sys name x86/purgatory: Fix sparse warning, symbol not declared x86/purgatory: Make functions and variables static x86/events: Remove last remnants of old filenames x86/pkeys: Check against max pkey to avoid overflows x86/ioapic: Split IOAPIC hot-removal into two steps x86/PCI: Implement pcibios_release_device to release IRQ from IOAPIC x86/intel_rdt: Remove duplicate inclusion of linux/cpu.h x86/vmware: Remove duplicate inclusion of asm/timer.h x86/hyperv: Hide unused label x86/reboot/quirks: Add ASUS EeeBook X205TA reboot quirk x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register x86/selftests: Add clobbers for int80 on x86_64 x86/apic: Simplify enable_IR_x2apic(), remove try_to_enable_IR() x86/apic: Fix a warning message in logical CPU IDs allocation x86/kdebugfs: Move boot params hierarchy under (debugfs)/x86/ commit 8a9172356f747dc3734cc8043a44bbe158f44749 Merge: 609b07b fa3aa7a Author: Linus Torvalds Date: Tue Mar 7 14:45:22 2017 -0800 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fixes from Ingo Molnar: "This includes a fix for lockups caused by incorrect nsecs related cleanup, and a capabilities check fix for timerfd" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: jiffies: Revert bogus conversion of NSEC_PER_SEC to TICK_NSEC timerfd: Only check CAP_WAKE_ALARM when it is needed commit 609b07b72d3caaa8eed3a238886467946b78fa5e Merge: c3abcab f94c8d1 Author: Linus Torvalds Date: Tue Mar 7 14:42:34 2017 -0800 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Ingo Molnar: "A fix for KVM's scheduler clock which (erroneously) was always marked unstable, a fix for RT/DL load balancing, plus latency fixes" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/clock, x86/tsc: Rework the x86 'unstable' sched_clock() interface sched/core: Fix pick_next_task() for RT,DL sched/fair: Make select_idle_cpu() more aggressive commit c3abcabe813b4a0976b58f7e6c1e63b2070c8dda Merge: 500e1af 9d020d3 Author: Linus Torvalds Date: Tue Mar 7 14:38:16 2017 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "This includes a fix for a crash if certain special addresses are kprobed, plus does a rename of two Kconfig variables that were a minor misnomer" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed commit 500e1af25209a048daa1f1f86083d4849d5c555b Merge: 26db8f9 857811a Author: Linus Torvalds Date: Tue Mar 7 14:33:11 2017 -0800 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking fixes from Ingo Molnar: - Change the new refcount_t warnings from WARN() to WARN_ONCE() - two ww_mutex fixes - plus a new lockdep self-consistency check for a bug that triggered in practice * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/ww_mutex: Adjust the lock number for stress test locking/lockdep: Add nest_lock integrity test locking/ww_mutex: Replace cpu_relax() with cond_resched() for tests locking/refcounts: Change WARN() to WARN_ONCE() commit 26db8f992444a87465fc01b264b0317a3943e2b6 Merge: 21f8577 b28ace1 Author: Linus Torvalds Date: Tue Mar 7 14:29:19 2017 -0800 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull IRQ fix from Ingo Molnar: "Fix an ARM TI DRA7XX SoC irqchip driver local variables type bug/warning" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/crossbar: Fix incorrect type of local variables commit 21f85778bd037f6d7652a79a60657599edf39ef6 Merge: c688f14 d1eb981 Author: Linus Torvalds Date: Tue Mar 7 14:25:48 2017 -0800 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI fixes from Ingo Molnar: "A boot crash fix, and a secure boot related boot messages fix" * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y efi/libstub: Treat missing SecureBoot variable as Secure Boot disabled commit 62f8f4d9066c1c6f2474845d1ca7e2891f2ae3fd Author: Eric Dumazet Date: Sun Mar 5 10:52:16 2017 -0800 dccp: fix use-after-free in dccp_feat_activate_values Dmitry reported crashes in DCCP stack [1] Problem here is that when I got rid of listener spinlock, I missed the fact that DCCP stores a complex state in struct dccp_request_sock, while TCP does not. Since multiple cpus could access it at the same time, we need to add protection. [1] BUG: KASAN: use-after-free in dccp_feat_activate_values+0x967/0xab0 net/dccp/feat.c:1541 at addr ffff88003713be68 Read of size 8 by task syz-executor2/8457 CPU: 2 PID: 8457 Comm: syz-executor2 Not tainted 4.10.0-rc7+ #127 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x292/0x398 lib/dump_stack.c:51 kasan_object_err+0x1c/0x70 mm/kasan/report.c:162 print_address_description mm/kasan/report.c:200 [inline] kasan_report_error mm/kasan/report.c:289 [inline] kasan_report.part.1+0x20e/0x4e0 mm/kasan/report.c:311 kasan_report mm/kasan/report.c:332 [inline] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:332 dccp_feat_activate_values+0x967/0xab0 net/dccp/feat.c:1541 dccp_create_openreq_child+0x464/0x610 net/dccp/minisocks.c:121 dccp_v6_request_recv_sock+0x1f6/0x1960 net/dccp/ipv6.c:457 dccp_check_req+0x335/0x5a0 net/dccp/minisocks.c:186 dccp_v6_rcv+0x69e/0x1d00 net/dccp/ipv6.c:711 ip6_input_finish+0x46d/0x17a0 net/ipv6/ip6_input.c:279 NF_HOOK include/linux/netfilter.h:257 [inline] ip6_input+0xdb/0x590 net/ipv6/ip6_input.c:322 dst_input include/net/dst.h:507 [inline] ip6_rcv_finish+0x289/0x890 net/ipv6/ip6_input.c:69 NF_HOOK include/linux/netfilter.h:257 [inline] ipv6_rcv+0x12ec/0x23d0 net/ipv6/ip6_input.c:203 __netif_receive_skb_core+0x1ae5/0x3400 net/core/dev.c:4190 __netif_receive_skb+0x2a/0x170 net/core/dev.c:4228 process_backlog+0xe5/0x6c0 net/core/dev.c:4839 napi_poll net/core/dev.c:5202 [inline] net_rx_action+0xe70/0x1900 net/core/dev.c:5267 __do_softirq+0x2fb/0xb7d kernel/softirq.c:284 do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:902 do_softirq.part.17+0x1e8/0x230 kernel/softirq.c:328 do_softirq kernel/softirq.c:176 [inline] __local_bh_enable_ip+0x1f2/0x200 kernel/softirq.c:181 local_bh_enable include/linux/bottom_half.h:31 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:971 [inline] ip6_finish_output2+0xbb0/0x23d0 net/ipv6/ip6_output.c:123 ip6_finish_output+0x302/0x960 net/ipv6/ip6_output.c:148 NF_HOOK_COND include/linux/netfilter.h:246 [inline] ip6_output+0x1cb/0x8d0 net/ipv6/ip6_output.c:162 ip6_xmit+0xcdf/0x20d0 include/net/dst.h:501 inet6_csk_xmit+0x320/0x5f0 net/ipv6/inet6_connection_sock.c:179 dccp_transmit_skb+0xb09/0x1120 net/dccp/output.c:141 dccp_xmit_packet+0x215/0x760 net/dccp/output.c:280 dccp_write_xmit+0x168/0x1d0 net/dccp/output.c:362 dccp_sendmsg+0x79c/0xb10 net/dccp/proto.c:796 inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:744 sock_sendmsg_nosec net/socket.c:635 [inline] sock_sendmsg+0xca/0x110 net/socket.c:645 SYSC_sendto+0x660/0x810 net/socket.c:1687 SyS_sendto+0x40/0x50 net/socket.c:1655 entry_SYSCALL_64_fastpath+0x1f/0xc2 RIP: 0033:0x4458b9 RSP: 002b:00007f8ceb77bb58 EFLAGS: 00000282 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 00000000004458b9 RDX: 0000000000000023 RSI: 0000000020e60000 RDI: 0000000000000017 RBP: 00000000006e1b90 R08: 00000000200f9fe1 R09: 0000000000000020 R10: 0000000000008010 R11: 0000000000000282 R12: 00000000007080a8 R13: 0000000000000000 R14: 00007f8ceb77c9c0 R15: 00007f8ceb77c700 Object at ffff88003713be50, in cache kmalloc-64 size: 64 Allocated: PID = 8446 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:502 set_track mm/kasan/kasan.c:514 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:605 kmem_cache_alloc_trace+0x82/0x270 mm/slub.c:2738 kmalloc include/linux/slab.h:490 [inline] dccp_feat_entry_new+0x214/0x410 net/dccp/feat.c:467 dccp_feat_push_change+0x38/0x220 net/dccp/feat.c:487 __feat_register_sp+0x223/0x2f0 net/dccp/feat.c:741 dccp_feat_propagate_ccid+0x22b/0x2b0 net/dccp/feat.c:949 dccp_feat_server_ccid_dependencies+0x1b3/0x250 net/dccp/feat.c:1012 dccp_make_response+0x1f1/0xc90 net/dccp/output.c:423 dccp_v6_send_response+0x4ec/0xc20 net/dccp/ipv6.c:217 dccp_v6_conn_request+0xaba/0x11b0 net/dccp/ipv6.c:377 dccp_rcv_state_process+0x51e/0x1650 net/dccp/input.c:606 dccp_v6_do_rcv+0x213/0x350 net/dccp/ipv6.c:632 sk_backlog_rcv include/net/sock.h:893 [inline] __sk_receive_skb+0x36f/0xcc0 net/core/sock.c:479 dccp_v6_rcv+0xba5/0x1d00 net/dccp/ipv6.c:742 ip6_input_finish+0x46d/0x17a0 net/ipv6/ip6_input.c:279 NF_HOOK include/linux/netfilter.h:257 [inline] ip6_input+0xdb/0x590 net/ipv6/ip6_input.c:322 dst_input include/net/dst.h:507 [inline] ip6_rcv_finish+0x289/0x890 net/ipv6/ip6_input.c:69 NF_HOOK include/linux/netfilter.h:257 [inline] ipv6_rcv+0x12ec/0x23d0 net/ipv6/ip6_input.c:203 __netif_receive_skb_core+0x1ae5/0x3400 net/core/dev.c:4190 __netif_receive_skb+0x2a/0x170 net/core/dev.c:4228 process_backlog+0xe5/0x6c0 net/core/dev.c:4839 napi_poll net/core/dev.c:5202 [inline] net_rx_action+0xe70/0x1900 net/core/dev.c:5267 __do_softirq+0x2fb/0xb7d kernel/softirq.c:284 Freed: PID = 15 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:502 set_track mm/kasan/kasan.c:514 [inline] kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:578 slab_free_hook mm/slub.c:1355 [inline] slab_free_freelist_hook mm/slub.c:1377 [inline] slab_free mm/slub.c:2954 [inline] kfree+0xe8/0x2b0 mm/slub.c:3874 dccp_feat_entry_destructor.part.4+0x48/0x60 net/dccp/feat.c:418 dccp_feat_entry_destructor net/dccp/feat.c:416 [inline] dccp_feat_list_pop net/dccp/feat.c:541 [inline] dccp_feat_activate_values+0x57f/0xab0 net/dccp/feat.c:1543 dccp_create_openreq_child+0x464/0x610 net/dccp/minisocks.c:121 dccp_v6_request_recv_sock+0x1f6/0x1960 net/dccp/ipv6.c:457 dccp_check_req+0x335/0x5a0 net/dccp/minisocks.c:186 dccp_v6_rcv+0x69e/0x1d00 net/dccp/ipv6.c:711 ip6_input_finish+0x46d/0x17a0 net/ipv6/ip6_input.c:279 NF_HOOK include/linux/netfilter.h:257 [inline] ip6_input+0xdb/0x590 net/ipv6/ip6_input.c:322 dst_input include/net/dst.h:507 [inline] ip6_rcv_finish+0x289/0x890 net/ipv6/ip6_input.c:69 NF_HOOK include/linux/netfilter.h:257 [inline] ipv6_rcv+0x12ec/0x23d0 net/ipv6/ip6_input.c:203 __netif_receive_skb_core+0x1ae5/0x3400 net/core/dev.c:4190 __netif_receive_skb+0x2a/0x170 net/core/dev.c:4228 process_backlog+0xe5/0x6c0 net/core/dev.c:4839 napi_poll net/core/dev.c:5202 [inline] net_rx_action+0xe70/0x1900 net/core/dev.c:5267 __do_softirq+0x2fb/0xb7d kernel/softirq.c:284 Memory state around the buggy address: ffff88003713bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88003713bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88003713be00: fc fc fc fc fc fc fc fc fc fc fb fb fb fb fb fb ^ Fixes: 079096f103fa ("tcp/dccp: install syn_recv requests into ehash table") Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Tested-by: Dmitry Vyukov Signed-off-by: David S. Miller include/linux/dccp.h | 1 + net/dccp/minisocks.c | 24 ++++++++++++++++-------- 2 files changed, 17 insertions(+), 8 deletions(-) commit 068d9f90a6978c3e3a662d9e85204a7d6be240d2 Author: Thomas Falcon Date: Sun Mar 5 12:18:42 2017 -0600 ibmvnic: Allocate number of rx/tx buffers agreed on by firmware The amount of TX/RX buffers that the vNIC driver currently allocates is different from the amount agreed upon in negotiation with firmware. Correct that by allocating the requested number of buffers confirmed by firmware. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 142c0ac445792c492579cb01f1cfd4e32e6dfcce Author: Thomas Falcon Date: Sun Mar 5 12:18:41 2017 -0600 ibmvnic: Fix overflowing firmware/hardware TX queue Use a counter to track the number of outstanding transmissions sent that have not received completions. If the counter reaches the maximum number of queue entries, stop transmissions on that queue. As we receive more completions from firmware, wake the queue once the counter reaches an acceptable level. This patch prevents hardware/firmware TX queue from filling up and and generating errors. Since incorporating this fix, internal testing has reported that these firmware errors have stopped. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 27 ++++++++++++++++++++++++++- drivers/net/ethernet/ibm/ibmvnic.h | 1 + 2 files changed, 27 insertions(+), 1 deletion(-) commit 6c4dc75c251721f517e9daeb5370ea606b5b35ce Author: Alexey Khoroshilov Date: Sun Mar 5 03:01:55 2017 +0300 net/sched: act_skbmod: remove unneeded rcu_read_unlock in tcf_skbmod_dump Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller net/sched/act_skbmod.c | 1 - 1 file changed, 1 deletion(-) commit 72c3fbf8dc90988bd04123b88b70ffffa206582d Merge: fa4c7fb b21dd45 Author: David S. Miller Date: Tue Mar 7 14:09:59 2017 -0800 Merge branch 'rds-fixes' Sowmini Varadhan says: ==================== rds: tcp: fix various rds-tcp issues during netns create/delete sequences Dmitry Vyukov reported some syszkaller panics during netns deletion. While I have not been able to reproduce those exact panics, my attempts to do so uncovered a few other problems, which are fixed patch 2 and patch 3 of this patch series. In addition, as mentioned in, https://www.spinics.net/lists/netdev/msg422997.html code-inspection points that the rds_connection needs to take an explicit refcnt on the struct net so that it is held down until all cleanup is completed for netns removal, and this is fixed by patch1. The following scripts were run concurrently to uncover/test patch{2, 3} while simultaneously running rds-ping to 12.0.0.18 from another system: # cat del.rds while [ 1 ]; do modprobe rds_tcp modprobe -r rds-tcp done # cat del.netns while [ 1 ]; do ip netns delete blue ip netns add blue ip link add link eth1 address a:b:c:d:e:f blue0 type macvlan ip link set blue0 netns blue ip netns exec blue ip addr add 12.0.0.18/24 dev blue0 ip netns exec blue ifconfig blue0 up sleep 3; done ==================== Signed-off-by: David S. Miller commit b21dd4506b71bdb9c5a20e759255cd2513ea7ebe Author: Sowmini Varadhan Date: Sat Mar 4 08:57:35 2017 -0800 rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races Commit a93d01f5777e ("RDS: TCP: avoid bad page reference in rds_tcp_listen_data_ready") added the function rds_tcp_listen_sock_def_readable() to handle the case when a partially set-up acceptor socket drops into rds_tcp_listen_data_ready(). However, if the listen socket (rtn->rds_tcp_listen_sock) is itself going through a tear-down via rds_tcp_listen_stop(), the (*ready)() will be null and we would hit a panic of the form BUG: unable to handle kernel NULL pointer dereference at (null) IP: (null) : ? rds_tcp_listen_data_ready+0x59/0xb0 [rds_tcp] tcp_data_queue+0x39d/0x5b0 tcp_rcv_established+0x2e5/0x660 tcp_v4_do_rcv+0x122/0x220 tcp_v4_rcv+0x8b7/0x980 : In the above case, it is not fatal to encounter a NULL value for ready- we should just drop the packet and let the flush of the acceptor thread finish gracefully. In general, the tear-down sequence for listen() and accept() socket that is ensured by this commit is: rtn->rds_tcp_listen_sock = NULL; /* prevent any new accepts */ In rds_tcp_listen_stop(): serialize with, and prevent, further callbacks using lock_sock() flush rds_wq flush acceptor workq sock_release(listen socket) Signed-off-by: Sowmini Varadhan Signed-off-by: David S. Miller net/rds/tcp.c | 15 ++++++++++----- net/rds/tcp.h | 2 +- net/rds/tcp_listen.c | 9 +++++++-- 3 files changed, 18 insertions(+), 8 deletions(-) commit 16c09b1c7657522a321b04aa7f4300865b7cb292 Author: Sowmini Varadhan Date: Sat Mar 4 08:57:34 2017 -0800 rds: tcp: Reorder initialization sequence in rds_tcp_init to avoid races Order of initialization in rds_tcp_init needs to be done so that resources are set up and destroyed in the correct synchronization sequence with both the data path, as well as netns create/destroy path. Specifically, - we must call register_pernet_subsys and get the rds_tcp_netid before calling register_netdevice_notifier, otherwise we risk the sequence 1. register_netdevice_notifier sets up netdev notifier callback 2. rds_tcp_dev_event -> rds_tcp_kill_sock uses netid 0, and finds the wrong rtn, resulting in a panic with string that is of the form: BUG: unable to handle kernel NULL pointer dereference at 000000000000000d IP: rds_tcp_kill_sock+0x3a/0x1d0 [rds_tcp] : - the rds_tcp_incoming_slab kmem_cache must be initialized before the datapath starts up. The latter can happen any time after the pernet_subsys registration of rds_tcp_net_ops, whose -> init function sets up the listen socket. If the rds_tcp_incoming_slab has not been set up at that time, a panic of the form below may be encountered BUG: unable to handle kernel NULL pointer dereference at 0000000000000014 IP: kmem_cache_alloc+0x90/0x1c0 : rds_tcp_data_recv+0x1e7/0x370 [rds_tcp] tcp_read_sock+0x96/0x1c0 rds_tcp_recv_path+0x65/0x80 [rds_tcp] : Signed-off-by: Sowmini Varadhan Signed-off-by: David S. Miller net/rds/tcp.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) commit 8edc3affc0770886c7bfb3436b0fdd09bce13167 Author: Sowmini Varadhan Date: Sat Mar 4 08:57:33 2017 -0800 rds: tcp: Take explicit refcounts on struct net It is incorrect for the rds_connection to piggyback on the sock_net() refcount for the netns because this gives rise to a chicken-and-egg problem during rds_conn_destroy. Instead explicitly take a ref on the net, and hold the netns down till the connection tear-down is complete. Reported-by: Dmitry Vyukov Signed-off-by: Sowmini Varadhan Signed-off-by: David S. Miller net/rds/connection.c | 1 + net/rds/rds.h | 6 +++--- net/rds/tcp.c | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) commit fa4c7fb2ad2ea5dae57eb875915d0efb1e068543 Merge: 146d8fe 9ac25fc Author: David S. Miller Date: Tue Mar 7 14:06:15 2017 -0800 Merge branch 'sock_hold-misuses' Eric Dumazet says: ==================== net: fix possible sock_hold() misuses skb_complete_wifi_ack() and skb_complete_tx_timestamp() currently call sock_hold() on sockets that might have transitioned their sk_refcnt to zero already. ==================== Signed-off-by: David S. Miller commit 9ac25fc063751379cb77434fef9f3b088cd3e2f7 Author: Eric Dumazet Date: Fri Mar 3 21:01:03 2017 -0800 net: fix socket refcounting in skb_complete_tx_timestamp() TX skbs do not necessarily hold a reference on skb->sk->sk_refcnt By the time TX completion happens, sk_refcnt might be already 0. sock_hold()/sock_put() would then corrupt critical state, like sk_wmem_alloc and lead to leaks or use after free. Fixes: 62bccb8cdb69 ("net-timestamp: Make the clone operation stand-alone from phy timestamping") Signed-off-by: Eric Dumazet Cc: Alexander Duyck Cc: Johannes Berg Cc: Soheil Hassas Yeganeh Cc: Willem de Bruijn Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller net/core/skbuff.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit dd4f10722aeb10f4f582948839f066bebe44e5fb Author: Eric Dumazet Date: Fri Mar 3 21:01:02 2017 -0800 net: fix socket refcounting in skb_complete_wifi_ack() TX skbs do not necessarily hold a reference on skb->sk->sk_refcnt By the time TX completion happens, sk_refcnt might be already 0. sock_hold()/sock_put() would then corrupt critical state, like sk_wmem_alloc. Fixes: bf7fa551e0ce ("mac80211: Resolve sk_refcnt/sk_wmem_alloc issue in wifi ack path") Signed-off-by: Eric Dumazet Cc: Alexander Duyck Cc: Johannes Berg Cc: Soheil Hassas Yeganeh Cc: Willem de Bruijn Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller net/core/skbuff.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit c688f14ccd4266289fd51e76210c13fdf67f1d9d Merge: 9e91c14 5c51f4a Author: Linus Torvalds Date: Tue Mar 7 14:02:56 2017 -0800 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull core fixes from Ingo Molnar: "A couple of sched.h splitup related build fixes, plus an objtool fix" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Fix another GCC jump table detection issue drivers/char/nwbutton: Fix build breakage caused by include file reshuffling h8300: Fix build breakage caused by header file changes avr32: Fix build error caused by include file reshuffling commit 146d8fef9da1ba854de7fa28b9cb9eb147535f88 Author: David Howells Date: Sat Mar 4 00:01:41 2017 +0000 rxrpc: Call state should be read with READ_ONCE() under some circumstances The call state may be changed at any time by the data-ready routine in response to received packets, so if the call state is to be read and acted upon several times in a function, READ_ONCE() must be used unless the call state lock is held. Signed-off-by: David Howells Signed-off-by: David S. Miller net/rxrpc/input.c | 12 +++++++----- net/rxrpc/recvmsg.c | 4 ++-- net/rxrpc/sendmsg.c | 48 ++++++++++++++++++++++++++++++------------------ 3 files changed, 39 insertions(+), 25 deletions(-) commit 02b2faaf0af1d85585f6d6980e286d53612acfc2 Author: Eric Dumazet Date: Fri Mar 3 14:08:21 2017 -0800 tcp: fix various issues for sockets morphing to listen state Dmitry Vyukov reported a divide by 0 triggered by syzkaller, exploiting tcp_disconnect() path that was never really considered and/or used before syzkaller ;) I was not able to reproduce the bug, but it seems issues here are the three possible actions that assumed they would never trigger on a listener. 1) tcp_write_timer_handler 2) tcp_delack_timer_handler 3) MTU reduction Only IPv6 MTU reduction was properly testing TCP_CLOSE and TCP_LISTEN states from tcp_v6_mtu_reduced() Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Signed-off-by: David S. Miller net/ipv4/tcp_ipv4.c | 7 +++++-- net/ipv4/tcp_timer.c | 6 ++++-- 2 files changed, 9 insertions(+), 4 deletions(-) commit b73d2da8c724bb26885512e1ba47b91e2a9f48c3 Merge: 239870f e395132 Author: David S. Miller Date: Tue Mar 7 13:47:16 2017 -0800 Merge branch 'bnx2x-fixes' Michal Schmidt says: ==================== bnx2x: PTP crash, VF VLAN fixes here are fixes for a crash with PTP, a crash in setting of VF multicast addresses, and non-working VLAN filters configuration from the VF side. ==================== Signed-off-by: David S. Miller commit e39513259450a8312cb98a9a3b16bb924310dbcc Author: Michal Schmidt Date: Fri Mar 3 17:08:34 2017 +0100 bnx2x: add missing configuration of VF VLAN filters Configuring VLANs from the VF side had no effect, because the PF ignored filters of type VFPF_VLAN_FILTER in the VF-PF message. Add the missing filter type to configure. Signed-off-by: Michal Schmidt Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 74bcbeb7d77ec92e4262fc340cb436ef7d98ba01 Author: Michal Schmidt Date: Fri Mar 3 17:08:33 2017 +0100 bnx2x: fix incorrect filter count in an error message filters->count is the number of filters we were supposed to configure. There is no reason to increase it by +1 when printing the count in an error message. Signed-off-by: Michal Schmidt Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 78d5505432436516456c12abbe705ec8dee7ee2b Author: Michal Schmidt Date: Fri Mar 3 17:08:32 2017 +0100 bnx2x: do not rollback VF MAC/VLAN filters we did not configure On failure to configure a VF MAC/VLAN filter we should not attempt to rollback filters that we failed to configure with -EEXIST. Signed-off-by: Michal Schmidt Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 8 +++++++- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.h | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) commit 83bd9eb8fc69cdd5135ed6e1f066adc8841800fd Author: Michal Schmidt Date: Fri Mar 3 17:08:31 2017 +0100 bnx2x: fix detection of VLAN filtering feature for VF VFs are currently missing the VLAN filtering feature, because we were checking the PF's acquire response before actually performing the acquire. Fix it by setting the feature flag later when we have the PF response. Signed-off-by: Michal Schmidt Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit 22118d861cec5da6ed525aaf12a3de9bfeffc58f Author: Michal Schmidt Date: Fri Mar 3 17:08:30 2017 +0100 bnx2x: fix possible overrun of VFPF multicast addresses array It is too late to check for the limit of the number of VF multicast addresses after they have already been copied to the req->multicast[] array, possibly overflowing it. Do the check before copying. Also fix the error path to not skip unlocking vf2pf_mutex. Signed-off-by: Michal Schmidt Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_vfpf.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) commit 850268d320f0c7c5eb7ad0a62ef21859fa331ded Author: Michal Schmidt Date: Fri Mar 3 17:08:29 2017 +0100 bnx2x: lower verbosity of VF stats debug messages When BNX2X_MSG_IOV is enabled, the driver produces too many VF statistics messages. Lower the verbosity of the VF stats messages similarly as in commit 76ca70fabbdaa3 ("bnx2x: [Debug] change verbosity of some prints"). Signed-off-by: Michal Schmidt Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 466e8bf10ac104d96e1ea813e8126e11cb72ea20 Author: Michal Schmidt Date: Fri Mar 3 17:08:28 2017 +0100 bnx2x: prevent crash when accessing PTP with interface down It is possible to crash the kernel by accessing a PTP device while its associated bnx2x interface is down. Before the interface is brought up, the timecounter is not initialized, so accessing it results in NULL dereference. Fix it by checking if the interface is up. Use -ENETDOWN as the error code when the interface is down. -EFAULT in bnx2x_ptp_adjfreq() did not seem right. Tested using phc_ctl get/set/adj/freq commands. Signed-off-by: Michal Schmidt Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit 239870f2a0ebf75cc8f6d987dc528c5243f93d69 Author: Blomme, Maarten Date: Thu Mar 2 13:08:49 2017 +0100 spi_ks8995: regs_size incorrect for some devices Signed-off-by: Maarten Blomme Signed-off-by: David S. Miller drivers/net/phy/spi_ks8995.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4342696df764ec65dcdfbd0c10d90ea52505f8ba Author: Blomme, Maarten Date: Thu Mar 2 13:08:36 2017 +0100 spi_ks8995: fix "BUG: key accdaa28 not in .data!" Signed-off-by: Maarten Blomme Signed-off-by: David S. Miller drivers/net/phy/spi_ks8995.c | 1 + 1 file changed, 1 insertion(+) commit 0253f2681f4445e9003fb27dc743ef7d25e8f3b9 Author: Arnd Bergmann Date: Tue Feb 28 22:12:04 2017 +0100 net/mlx5e: add IPV6 dependency The ethernet support now calls directly into the ipv6 core code, which fails if IPV6 is a loadable module but mlx5 is built-in: drivers/net/ethernet/mellanox/mlx5/core/en_tc.o: In function `mlx5e_create_encap_header_ipv6': en_tc.c:(.text.mlx5e_create_encap_header_ipv6+0x110): undefined reference to `ip6_route_output_flags' This adds a dependency to ensure that MLX5_CORE_EN can only be built if we are able link the kernel successfully. The downside is that the ethernet option can be hidden. Alternatively we could make MLX5_CORE depend on "IPV6 || !IPV6", which would force MLX5_CORE to be a module when IPV6 is, including in configurations where we don't use the ethernet support at all. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 3bd7db63a841e8c5297bb18ad801df67d5e38ad2 Author: Yinghai Lu Date: Wed Mar 1 00:25:40 2017 -0800 PCI/ASPM: Always set link->downstream to avoid NULL dereference on remove We call pcie_aspm_exit_link_state() when we remove a device. If the device is the last PCIe function to be removed below a bridge and the bridge has an ASPM link_state struct, we disable ASPM on the link. Disabling ASPM requires link->downstream (used in pcie_config_aspm_link()). We previously set link->downstream in pcie_aspm_cap_init(), but only if the device was not blacklisted. Removing the blacklisted device caused a NULL pointer dereference in the pcie_aspm_exit_link_state() -> pcie_config_aspm_link() path: # echo 1 > /sys/bus/pci/devices/0000\:0b\:00.0/remove ... BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 IP: pcie_config_aspm_link+0x5d/0x2b0 Call Trace: pcie_aspm_exit_link_state+0x75/0x130 pci_stop_bus_device+0xa4/0xb0 pci_stop_and_remove_bus_device_locked+0x1a/0x30 remove_store+0x50/0x70 dev_attr_store+0x18/0x30 sysfs_kf_write+0x44/0x60 kernfs_fop_write+0x10e/0x190 __vfs_write+0x28/0x110 ? rcu_read_lock_sched_held+0x5d/0x80 ? rcu_sync_lockdep_assert+0x2c/0x60 ? __sb_start_write+0x173/0x1a0 ? vfs_write+0xb3/0x180 vfs_write+0xc4/0x180 SyS_write+0x49/0xa0 do_syscall_64+0xa6/0x1c0 entry_SYSCALL64_slow_path+0x25/0x25 ---[ end trace bd187ee0267df5d9 ]--- To avoid this, set link->downstream in alloc_pcie_link_state(), so every pcie_link_state structure has a valid link->downstream pointer. [bhelgaas: changelog] Signed-off-by: Yinghai Lu Signed-off-by: Bjorn Helgaas Acked-by: Rajat Jain CC: stable@vger.kernel.org drivers/pci/pcie/aspm.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 0d5370d1d85251e5893ab7c90a429464de2e140b Author: Ethan Zhao Date: Mon Feb 27 17:08:44 2017 +0900 PCI: Prevent VPD access for QLogic ISP2722 QLogic ISP2722-based 16/32Gb Fibre Channel to PCIe Adapter has the VPD access issue too, while read the common pci-sysfs access interface shown as /sys/devices/pci0000:00/0000:00:03.2/0000:0b:00.0/vpd with simple 'cat' could cause system hang and panic: Kernel panic - not syncing: An NMI occurred. Depending on your system the reason for the NMI is logged in any one of the following resources: 1. Integrated Management Log (IML) 2. OA Syslog 3. OA Forward Progress Log 4. iLO Event Log CPU: 0 PID: 15070 Comm: udevadm Not tainted 4.1.12 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 12/27/2015 0000000000000086 000000007f0cdf51 ffff880c4fa05d58 ffffffff817193de ffffffffa00b42d8 0000000000000075 ffff880c4fa05dd8 ffffffff81714072 0000000000000008 ffff880c4fa05de8 ffff880c4fa05d88 000000007f0cdf51 Call Trace: [] dump_stack+0x63/0x81 [] panic+0xd0/0x20e [] hpwdt_pretimeout+0xdd/0xe0 [hpwdt] [] ? sched_clock+0x9/0x10 [] nmi_handle+0x91/0x170 [] ? nmi_handle+0x9c/0x170 [] io_check_error+0x1e/0xa0 [] default_do_nmi+0x99/0x140 [] do_nmi+0xf4/0x170 [] end_repeat_nmi+0x1a/0x1e [] ? pci_conf1_read+0xeb/0x120 [] ? pci_conf1_read+0xeb/0x120 [] ? pci_conf1_read+0xeb/0x120 <> [] raw_pci_read+0x23/0x40 [] pci_read+0x2c/0x30 [] pci_user_read_config_word+0x72/0x110 [] pci_vpd_pci22_wait+0x96/0x130 [] pci_vpd_pci22_read+0xdb/0x1a0 [] pci_read_vpd+0x20/0x30 [] read_vpd_attr+0x30/0x40 [] sysfs_kf_bin_read+0x47/0x70 [] kernfs_fop_read+0xae/0x180 [] __vfs_read+0x37/0x100 [] ? security_file_permission+0x84/0xa0 [] ? rw_verify_area+0x56/0xe0 [] vfs_read+0x86/0x140 [] SyS_read+0x55/0xd0 [] system_call_fastpath+0x12/0x71 Shutting down cpus with NMI Kernel Offset: disabled drm_kms_helper: panic occurred, switching back to text console So blacklist the access to its VPD. Signed-off-by: Ethan Zhao Signed-off-by: Bjorn Helgaas CC: stable@vger.kernel.org # v4.6+ drivers/pci/quirks.c | 1 + 1 file changed, 1 insertion(+) commit a3a4a816b4b194c45d0217e8b9e08b2639802cda Author: Christian Lamparter Date: Mon Feb 27 21:54:50 2017 +0100 dt: emac: document device-tree based phy discovery and setup This patch adds documentation for a new "phy-handle" property, "fixed-link" and "mdio" sub-node. These allows the enumeration of PHYs which are supported by the phy library under drivers/net/phy. The EMAC ethernet controller in IBM and AMCC 4xx chips is currently stuck with a few privately defined phy implementations. It has no support for PHYs which are supported by the generic phylib. Acked-by: Rob Herring Reviewed-by: Florian Fainelli Signed-off-by: Christian Lamparter Signed-off-by: David S. Miller .../devicetree/bindings/powerpc/4xx/emac.txt | 62 +++++++++++++++++++++- 1 file changed, 60 insertions(+), 2 deletions(-) commit f98c7bce570bdbe344b74ff5daa7dfeef3f22929 Author: Krzysztof Kozlowski Date: Sat Feb 25 18:36:44 2017 +0200 serial: samsung: Continue to work if DMA request fails If DMA is not available (even when configured in DeviceTree), the driver will fail the startup procedure thus making serial console not available. For example this causes boot failure on QEMU ARMv7 (Exynos4210, SMDKC210): [    1.302575] OF: amba_device_add() failed (-19) for /amba/pdma@12680000 ... [   11.435732] samsung-uart 13800000.serial: DMA request failed [   72.963893] samsung-uart 13800000.serial: DMA request failed [   73.143361] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000000 DMA is not necessary for serial to work, so continue with UART startup after emitting a warning. Fixes: 62c37eedb74c ("serial: samsung: add dma reqest/release functions") Cc: Signed-off-by: Krzysztof Kozlowski Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/samsung.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9e91c144e689bb780b412c2c7908b9cf7b96f31f Merge: f7d6a72 f0f3f2d Author: Linus Torvalds Date: Tue Mar 7 10:52:26 2017 -0800 Merge branch 'idr-4.11' of git://git.infradead.org/users/willy/linux-dax Pull idr fix (and new tests) from Matthew Wilcox: "One urgent patch in here; freeing the correct IDA bitmap. Everything else is changes to the test suite" * 'idr-4.11' of git://git.infradead.org/users/willy/linux-dax: radix tree test suite: Specify -m32 in LDFLAGS too ida: Free correct IDA bitmap radix tree test suite: Depend on Makefile and quieten grep radix tree test suite: Fix build with --as-needed radix tree test suite: Build 32 bit binaries radix tree test suite: Add performance test for radix_tree_join() radix tree test suite: Add performance test for radix_tree_split() radix tree test suite: Add performance benchmarks radix tree test suite: Add test for radix_tree_clear_tags() radix tree test suite: Add tests for ida_simple_get() and ida_simple_remove() radix tree test suite: Add test for idr_get_next() commit 544714d8e17c33822319d5a1a00e5ddc4db502b6 Author: Jaehoon Chung Date: Tue Mar 7 19:54:05 2017 +0900 PCI: exynos: Initialize elbi_base even when using PHY framework Even when using the PHY framework, we need the elbi_base. Before this patch, we didn't initialize elbi_base, which caused NULL pointer dereferences later. Fixes: e7cd7ef58e1f ("PCI: exynos: Support the PHY generic framework") Signed-off-by: Jaehoon Chung Signed-off-by: Bjorn Helgaas drivers/pci/dwc/pci-exynos.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit f7d6a7283aa1de430c6323a9714d1a787bc2d1ea Merge: 8c2c8ed a7d2475 Author: Linus Torvalds Date: Tue Mar 7 10:46:10 2017 -0800 Merge tag 'powerpc-4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Five fairly small fixes for things that went in this cycle. A fairly large patch to rework the CAS logic on Power9, necessitated by a late change to the firmware API, and we can't boot without it. Three fixes going to stable, allowing more instructions to be emulated on LE, fixing a boot crash on 32-bit Freescale BookE machines, and the OPAL XICS workaround. And a patch from me to sort the selects under CONFIG PPC. Annoying churn, but worth it in the long run, and best for it to go in now to avoid conflicts. Thanks to: Alexey Kardashevskiy, Anton Blanchard, Balbir Singh, Gautham R. Shenoy, Laurentiu Tudor, Nicholas Piggin, Paul Mackerras, Ravi Bangoria, Sachin Sant, Shile Zhang, Suraj Jitindar Singh" * tag 'powerpc-4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc: Sort the selects under CONFIG_PPC powerpc/64: Fix L1D cache shape vector reporting L1I values powerpc/64: Avoid panic during boot due to divide by zero in init_cache_info() powerpc: Update to new option-vector-5 format for CAS powerpc: Parse the command line before calling CAS powerpc/xics: Work around limitations of OPAL XICS priority handling powerpc/64: Fix checksum folding in csum_add() powerpc/powernv: Fix opal tracepoints with JUMP_LABEL=n powerpc/booke: Fix boot crash due to null hugepd powerpc: Fix compiling a BE kernel with a powerpc64le toolchain selftest/powerpc: Fix false failures for skipped tests powerpc/powernv: Fix bug due to labeling ambiguity in power_enter_stop powerpc/64: Invalidate process table caching after setting process table powerpc: emulate_step() tests for load/store instructions powerpc: Emulation support for load/store instructions on LE commit 8c2c8ed8b85d4012d26caf1c221c291c687d89f0 Merge: 304362a 69369f5 Author: Linus Torvalds Date: Tue Mar 7 10:23:17 2017 -0800 Merge branch 'stable/for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb Pull swiotlb updates from Konrad Rzeszutek Wilk: "Two tiny implementations of the DMA API for callback in ARM (for Xen)" * 'stable/for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb: swiotlb-xen: implement xen_swiotlb_get_sgtable callback swiotlb-xen: implement xen_swiotlb_dma_mmap callback commit f0f3f2d0a3e0f7c48163fd8b45f5909d46e7f371 Author: Matthew Wilcox Date: Fri Mar 3 12:28:37 2017 -0500 radix tree test suite: Specify -m32 in LDFLAGS too Michael's patch to use the default make rule for linking and the patch from Rehas to use -m32 if building a 32-bit test-suite on a 64-bit platform don't work well together. Reported-by: Rehas Sachdeva Signed-off-by: Matthew Wilcox tools/testing/radix-tree/Makefile | 1 + 1 file changed, 1 insertion(+) commit 4ecd9542dbc3e07f3bd3870aac12839f72b47db4 Author: Matthew Wilcox Date: Fri Mar 3 12:16:10 2017 -0500 ida: Free correct IDA bitmap There's a relatively rare race where we look at the per-cpu preallocated IDA bitmap, see it's NULL, allocate a new one, and atomically update it. If the kmalloc() happened to sleep and we were rescheduled to a different CPU, or an interrupt came in at the exact right time, another task might have successfully allocated a bitmap and already deposited it. I forgot what the semantics of cmpxchg() were and ended up freeing the wrong bitmap leading to KASAN reporting a use-after-free. Dmitry found the bug with syzkaller & wrote the patch. I wrote the test case that will reproduce the bug without his patch being applied. Reported-by: Dmitry Vyukov Signed-off-by: Matthew Wilcox lib/radix-tree.c | 4 ++-- tools/testing/radix-tree/idr-test.c | 34 +++++++++++++++++++++++++++++++--- tools/testing/radix-tree/main.c | 1 + tools/testing/radix-tree/test.h | 1 + 4 files changed, 35 insertions(+), 5 deletions(-) commit 3f1b6f9d49ba5a209d745fa2448657d8b66ed0c0 Author: Matthew Wilcox Date: Thu Mar 2 12:24:28 2017 -0500 radix tree test suite: Depend on Makefile and quieten grep Changing the CFLAGS in the Makefile didn't always lead to a recompilation because the OFILES didn't depend on the Makefile. Also, after doing make clean, grep would still complain about a missing map-shift.h; we need -s as well as -q. Signed-off-by: Matthew Wilcox tools/testing/radix-tree/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 284d96a494d705b9c5330c900e976fceda885b9f Author: Michael Ellerman Date: Thu Mar 2 04:29:00 2017 -0500 radix tree test suite: Fix build with --as-needed Currently the radix tree test suite doesn't build with toolchains that use --as-needed by default, for example Ubuntu's: cc -I. -I../../include -g -O2 -Wall -D_LGPL_SOURCE -fsanitize=address -lpthread -lurcu main.o ... -o main /usr/bin/ld: regression1.o: undefined reference to symbol 'pthread_join@@GLIBC_2.17' /lib/powerpc64le-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status This is caused by the custom makefile rules placing LDFLAGS before the .o files that need the libraries. We could fix it by using --no-as-needed, or rewriting the custom rules. But we can also just drop the custom rules and move the libraries to LDLIBS, and then the default rules work correctly - with the one caveat that we need to add -fsanitize=address to LDFLAGS because that must be passed to the linker as well as the compiler. Signed-off-by: Michael Ellerman Signed-off-by: Matthew Wilcox tools/testing/radix-tree/Makefile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit c4634b08d9eb9c13be2296230bf33c79390dbf9c Author: Rehas Sachdeva Date: Mon Feb 27 08:49:00 2017 -0500 radix tree test suite: Build 32 bit binaries Add option 'make BUILD=32' for building 32-bit binaries. Signed-off-by: Rehas Sachdeva Signed-off-by: Matthew Wilcox tools/testing/radix-tree/Makefile | 4 ++++ 1 file changed, 4 insertions(+) commit 54f4d3341c8fe31e20915e2c1fb322ff8a069832 Author: Rehas Sachdeva Date: Mon Feb 27 08:11:00 2017 -0500 radix tree test suite: Add performance test for radix_tree_join() Signed-off-by: Rehas Sachdeva Signed-off-by: Matthew Wilcox tools/testing/radix-tree/benchmark.c | 47 ++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) commit 6478581c85cd3091a6188a2433a8093f335f8f2a Author: Rehas Sachdeva Date: Mon Feb 27 07:53:00 2017 -0500 radix tree test suite: Add performance test for radix_tree_split() Signed-off-by: Rehas Sachdeva Signed-off-by: Matthew Wilcox tools/testing/radix-tree/benchmark.c | 44 ++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) commit 0d4a41c1a0335dc515c6e7fabd447263b57f6457 Author: Rehas Sachdeva Date: Sun Feb 26 16:17:00 2017 -0500 radix tree test suite: Add performance benchmarks Add performance benchmarks for radix tree insertion, tagging and deletion. Signed-off-by: Rehas Sachdeva Signed-off-by: Matthew Wilcox tools/testing/radix-tree/benchmark.c | 82 +++++++++++++++++++++++++++++++++--- 1 file changed, 75 insertions(+), 7 deletions(-) commit c629a344accd15022dd6d87fa28c8e22f978fbda Author: Rehas Sachdeva Date: Sun Feb 26 06:33:00 2017 -0500 radix tree test suite: Add test for radix_tree_clear_tags() Assert that radix_tree_clear_tags() clears the tags on the passed node and slot. Assert that the case where the radix tree has only one entry at index zero and the node is NULL, is also handled. Signed-off-by: Rehas Sachdeva Signed-off-by: Matthew Wilcox tools/testing/radix-tree/tag_check.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) commit 166bb1f532fd9fe1b81c6b411ad5d5c9dd21a685 Author: Rehas Sachdeva Date: Mon Feb 20 06:40:00 2017 -0500 radix tree test suite: Add tests for ida_simple_get() and ida_simple_remove() Assert that ida_simple_get() allocates an id in the passed range or returns error on failure, and ida_simple_remove() releases an allocated id. Signed-off-by: Rehas Sachdeva Signed-off-by: Matthew Wilcox tools/testing/radix-tree/idr-test.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit 2eacc79c27eb683c4a3ded80c2629387ee0d4e04 Author: Rehas Sachdeva Date: Sat Feb 18 07:31:00 2017 -0500 radix tree test suite: Add test for idr_get_next() Assert that idr_get_next() returns the next populated entry in the tree with an ID greater than or equal to the value pointed to by @nextid argument. Signed-off-by: Rehas Sachdeva Signed-off-by: Matthew Wilcox tools/testing/radix-tree/idr-test.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) commit 304362a8bce1a5b7f9491be5a0643cd14a52364d Merge: f26db96 040757f Author: Linus Torvalds Date: Tue Mar 7 10:06:25 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull namespace fix from Eric Biederman: "This fixes a race between put_ucounts and get_ucounts that can cause a use after free. The fix works by simplifying the code and so there is not even a temptation to be clever and play spinlock vs atomic reference games" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: ucount: Remove the atomicity from ucount->count commit 82f2341c94d270421f383641b7cd670e474db56b Author: Alexander Popov Date: Tue Feb 28 19:54:40 2017 +0300 tty: n_hdlc: get rid of racy n_hdlc.tbuf Currently N_HDLC line discipline uses a self-made singly linked list for data buffers and has n_hdlc.tbuf pointer for buffer retransmitting after an error. The commit be10eb7589337e5defbe214dae038a53dd21add8 ("tty: n_hdlc add buffer flushing") introduced racy access to n_hdlc.tbuf. After tx error concurrent flush_tx_queue() and n_hdlc_send_frames() can put one data buffer to tx_free_buf_list twice. That causes double free in n_hdlc_release(). Let's use standard kernel linked list and get rid of n_hdlc.tbuf: in case of tx error put current data buffer after the head of tx_buf_list. Signed-off-by: Alexander Popov Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/tty/n_hdlc.c | 132 +++++++++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 63 deletions(-) commit 45838660e34d90db8d4f7cbc8fd66e8aff79f4fe Author: Kai-Heng Feng Date: Tue Mar 7 09:31:29 2017 -0800 Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000 The aux port does not get detected without noloop quirk, so external PS/2 mouse cannot work as result. The PS/2 mouse can work with this quirk. BugLink: https://bugs.launchpad.net/bugs/1591053 Signed-off-by: Kai-Heng Feng Reviewed-by: Marcos Paulo de Souza Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/serio/i8042-x86ia64io.h | 7 +++++++ 1 file changed, 7 insertions(+) commit f26db9649af36b8eb76850108113d4056f494537 Merge: c1ae3cf 65a50c6 Author: Linus Torvalds Date: Tue Mar 7 09:37:28 2017 -0800 Merge tag 'trace-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "There was some breakage with the changes for jump labels in the 4.11 merge window: - powerpc broke as jump labels uses the two LSB bits as flags in initialization. A check was added to make sure that all jump label entries were 4 bytes aligned, but powerpc didn't work that way for modules. Adding an alignment in the module linker script appeared to be the best solution. - Jump labels also added an anonymous union to access those LSB bits as a normal long. But because this structure had static initialization, it broke older compilers that could not statically initialize anonymous unions without brackets. - The command line parameter for setting function graph filter broke the "EMPTY_HASH" descriptor by modifying it instead of creating a new hash to hold the entries. - The command line parameter ftrace_graph_max_depth was added to allow its setting at boot time. It uses existing code and only the command line hook was added. This is not really a fix, but as it uses existing code without affecting anything else, I added it to this release. It was ready before the merge window closed, but I wanted to let it sit in linux-next for a couple of days first" * tag 'trace-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: ftrace/graph: Add ftrace_graph_max_depth kernel parameter tracing: Add #undef to fix compile error jump_label: Add comment about initialization order for anonymous unions jump_label: Fix anonymous union initialization module: set __jump_table alignment to 8 ftrace/graph: Do not modify the EMPTY_HASH for the function_graph filter tracing: Fix code comment for ftrace_ops_get_func() commit 8c71fff434e5ecf5ff27bd61db1bc9ac4c2b2a1b Author: Kieran Bingham Date: Fri Mar 3 06:31:48 2017 -0300 [media] v4l: vsp1: Adapt vsp1_du_setup_lif() interface to use a structure The interface to configure the LIF in the VSP1 requires adapting the function prototype for any changes. This makes extending the interface difficult. Change the function prototype to pass a structure which can be easily extended. This changes the means of disabling the pipeline, by now passing a NULL configuration rather than passing either a 0 width or height. [Fixed kerneldoc, made vsp1_du_setup_lif() cfg argument const] Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart Acked-by: Dave Airlie Signed-off-by: Mauro Carvalho Chehab drivers/gpu/drm/rcar-du/rcar_du_vsp.c | 8 ++++++-- drivers/media/platform/vsp1/vsp1_drm.c | 33 ++++++++++++++++----------------- include/media/vsp1.h | 13 +++++++++++-- 3 files changed, 33 insertions(+), 21 deletions(-) commit a5e1e6ca94a8cec51571fd62e3eaec269717969c Author: Andre Przywara Date: Thu Feb 16 10:41:20 2017 +0000 KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled The ITS spec says that ITS commands are only processed when the ITS is enabled (section 8.19.4, Enabled, bit[0]). Our emulation was not taking this into account. Fix this by checking the enabled state before handling CWRITER writes. On the other hand that means that CWRITER could advance while the ITS is disabled, and enabling it would need those commands to be processed. Fix this case as well by refactoring actual command processing and calling this from both the GITS_CWRITER and GITS_CTLR handlers. Reviewed-by: Eric Auger Reviewed-by: Christoffer Dall Signed-off-by: Andre Przywara Signed-off-by: Marc Zyngier virt/kvm/arm/vgic/vgic-its.c | 109 ++++++++++++++++++++++++++----------------- 1 file changed, 65 insertions(+), 44 deletions(-) commit ba4dd156eabdca93501d92a980ba27fa5f4bbd27 Author: Mark Rutland Date: Mon Feb 20 12:30:12 2017 +0000 arm64: KVM: Survive unknown traps from guests Currently we BUG() if we see an ESR_EL2.EC value we don't recognise. As configurable disables/enables are added to the architecture (controlled by RES1/RES0 bits respectively), with associated synchronous exceptions, it may be possible for a guest to trigger exceptions with classes that we don't recognise. While we can't service these exceptions in a manner useful to the guest, we can avoid bringing down the host. Per ARM DDI 0487A.k_iss10775, page D7-1937, EC values within the range 0x00 - 0x2c are reserved for future use with synchronous exceptions, and EC values within the range 0x2d - 0x3f may be used for either synchronous or asynchronous exceptions. The patch makes KVM handle any unknown EC by injecting an UNDEFINED exception into the guest, with a corresponding (ratelimited) warning in the host dmesg. We could later improve on this with with a new (opt-in) exit to the host userspace. Cc: Dave Martin Cc: Suzuki K Poulose Reviewed-by: Christoffer Dall Signed-off-by: Mark Rutland Signed-off-by: Marc Zyngier arch/arm64/kvm/handle_exit.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit f050fe7a9164945dd1c28be05bf00e8cfb082ccf Author: Mark Rutland Date: Mon Feb 20 12:30:11 2017 +0000 arm: KVM: Survive unknown traps from guests Currently we BUG() if we see a HSR.EC value we don't recognise. As configurable disables/enables are added to the architecture (controlled by RES1/RES0 bits respectively), with associated synchronous exceptions, it may be possible for a guest to trigger exceptions with classes that we don't recognise. While we can't service these exceptions in a manner useful to the guest, we can avoid bringing down the host. Per ARM DDI 0406C.c, all currently unallocated HSR EC encodings are reserved, and per ARM DDI 0487A.k_iss10775, page G6-4395, EC values within the range 0x00 - 0x2c are reserved for future use with synchronous exceptions, and EC values within the range 0x2d - 0x3f may be used for either synchronous or asynchronous exceptions. The patch makes KVM handle any unknown EC by injecting an UNDEFINED exception into the guest, with a corresponding (ratelimited) warning in the host dmesg. We could later improve on this with with a new (opt-in) exit to the host userspace. Cc: Dave Martin Cc: Suzuki K Poulose Reviewed-by: Christoffer Dall Signed-off-by: Mark Rutland Signed-off-by: Marc Zyngier arch/arm/include/asm/kvm_arm.h | 1 + arch/arm/kvm/handle_exit.c | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) commit 370a0ec1819990f8e2a93df7cc9c0146980ed45f Author: Jintack Lim Date: Mon Mar 6 05:42:37 2017 -0800 KVM: arm/arm64: Let vcpu thread modify its own active state Currently, if a vcpu thread tries to change the active state of an interrupt which is already on the same vcpu's AP list, it will loop forever. Since the VGIC mmio handler is called after a vcpu has already synced back the LR state to the struct vgic_irq, we can just let it proceed safely. Cc: stable@vger.kernel.org Reviewed-by: Marc Zyngier Signed-off-by: Jintack Lim Signed-off-by: Christoffer Dall Signed-off-by: Marc Zyngier virt/kvm/arm/vgic/vgic-mmio.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) commit 2f707d97982286b307ef2a9b034e19aabc1abb56 Author: Wanpeng Li Date: Mon Mar 6 04:03:28 2017 -0800 KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset Reported by syzkaller: WARNING: CPU: 1 PID: 27742 at arch/x86/kvm/vmx.c:11029 nested_vmx_vmexit+0x5c35/0x74d0 arch/x86/kvm/vmx.c:11029 CPU: 1 PID: 27742 Comm: a.out Not tainted 4.10.0+ #229 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51 panic+0x1fb/0x412 kernel/panic.c:179 __warn+0x1c4/0x1e0 kernel/panic.c:540 warn_slowpath_null+0x2c/0x40 kernel/panic.c:583 nested_vmx_vmexit+0x5c35/0x74d0 arch/x86/kvm/vmx.c:11029 vmx_leave_nested arch/x86/kvm/vmx.c:11136 [inline] vmx_set_msr+0x1565/0x1910 arch/x86/kvm/vmx.c:3324 kvm_set_msr+0xd4/0x170 arch/x86/kvm/x86.c:1099 do_set_msr+0x11e/0x190 arch/x86/kvm/x86.c:1128 __msr_io arch/x86/kvm/x86.c:2577 [inline] msr_io+0x24b/0x450 arch/x86/kvm/x86.c:2614 kvm_arch_vcpu_ioctl+0x35b/0x46a0 arch/x86/kvm/x86.c:3497 kvm_vcpu_ioctl+0x232/0x1120 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2721 vfs_ioctl fs/ioctl.c:43 [inline] do_vfs_ioctl+0x1bf/0x1790 fs/ioctl.c:683 SYSC_ioctl fs/ioctl.c:698 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:689 entry_SYSCALL_64_fastpath+0x1f/0xc2 The syzkaller folks reported a nested_run_pending warning during userspace clear VMX capability which is exposed to L1 before. The warning gets thrown while doing (*(uint32_t*)0x20aecfe8 = (uint32_t)0x1); (*(uint32_t*)0x20aecfec = (uint32_t)0x0); (*(uint32_t*)0x20aecff0 = (uint32_t)0x3a); (*(uint32_t*)0x20aecff4 = (uint32_t)0x0); (*(uint64_t*)0x20aecff8 = (uint64_t)0x0); r[29] = syscall(__NR_ioctl, r[4], 0x4008ae89ul, 0x20aecfe8ul, 0, 0, 0, 0, 0, 0); i.e. KVM_SET_MSR ioctl with struct kvm_msrs { .nmsrs = 1, .pad = 0, .entries = { {.index = MSR_IA32_FEATURE_CONTROL, .reserved = 0, .data = 0} } } The VMLANCH/VMRESUME emulation should be stopped since the CPU is going to reset here. This patch resets the nested_run_pending since the CPU is going to be reset hence there should be nothing pending. Reported-by: Dmitry Vyukov Suggested-by: Radim Krčmář Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Dmitry Vyukov Cc: David Hildenbrand Signed-off-by: Wanpeng Li Reviewed-by: David Hildenbrand Reviewed-by: Jim Mattson Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 4b9de5da7e120c7f02395da729f0ec77ce7a6044 Author: Franck Demathieu Date: Mon Mar 6 14:41:06 2017 +0100 irqchip/crossbar: Fix incorrect type of register size The 'size' variable is unsigned according to the dt-bindings. As this variable is used as integer in other places, create a new variable that allows to fix the following sparse issue (-Wtypesign): drivers/irqchip/irq-crossbar.c:279:52: warning: incorrect type in argument 3 (different signedness) drivers/irqchip/irq-crossbar.c:279:52: expected unsigned int [usertype] *out_value drivers/irqchip/irq-crossbar.c:279:52: got int * Signed-off-by: Franck Demathieu Signed-off-by: Marc Zyngier drivers/irqchip/irq-crossbar.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 90922a2d03d84de36bf8a9979d62580102f31a92 Author: Shanker Donthineni Date: Tue Mar 7 08:20:38 2017 -0600 irqchip/gicv3-its: Add workaround for QDF2400 ITS erratum 0065 On Qualcomm Datacenter Technologies QDF2400 SoCs, the ITS hardware implementation uses 16Bytes for Interrupt Translation Entry (ITE), but reports an incorrect value of 8Bytes in GITS_TYPER.ITTE_size. It might cause kernel memory corruption depending on the number of MSI(x) that are configured and the amount of memory that has been allocated for ITEs in its_create_device(). This patch fixes the potential memory corruption by setting the correct ITE size to 16Bytes. Cc: stable@vger.kernel.org Signed-off-by: Shanker Donthineni Signed-off-by: Marc Zyngier Documentation/arm64/silicon-errata.txt | 1 + arch/arm64/Kconfig | 10 ++++++++++ drivers/irqchip/irq-gic-v3-its.c | 16 ++++++++++++++++ 3 files changed, 27 insertions(+) commit cd3ac9affc43b44f49d7af70d275f0bd426ba643 Author: Songjun Wu Date: Fri Feb 24 15:10:43 2017 +0800 ASoC: atmel-classd: fix audio clock rate Fix the audio clock rate according to the datasheet. Reported-by: Dushara Jayasinghe Signed-off-by: Songjun Wu Acked-by: Nicolas Ferre Signed-off-by: Mark Brown Cc: stable@vger.kernel.org sound/soc/atmel/atmel-classd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d1a6fe41d3c4ff0d26f0b186d774493555ca5282 Author: Takashi Sakamoto Date: Fri Feb 24 11:48:41 2017 +0900 ASoC: Intel: Skylake: fix invalid memory access due to wrong reference of pointer In 'skl_tplg_set_module_init_data()', a pointer to 'params' member of 'struct skl_algo_data' is calculated, then casted to (u32 *) and assigned to a member of configuration data. The configuration data is passed to the other functions and used to process intel IPC. In this processing, the value of member is used to get message data, however this can bring invalid memory access in 'skl_set_module_params()' as a result of calculation of a pointer for actual message data. (sound/soc/intel/skylake/skl-topology.c) skl_tplg_init_pipe_modules() ->skl_tplg_set_module_init_data() (has this bug) ->skl_tplg_set_module_params() (sound/soc/intel/skylake/skl-messages.c) ->skl_set_module_params() ((char *)param) + data_offset This commit fixes the bug. Fixes: abb740033b56 ("ASoC: Intel: Skylake: Add support to configure module params") Signed-off-by: Takashi Sakamoto Acked-by: Vinod Koul Signed-off-by: Mark Brown Cc: # v4.5+ sound/soc/intel/skylake/skl-topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f8ba2d68e54fbca340ad0fce97397291ba9637bc Author: Heiko Stuebner Date: Wed Mar 1 22:00:42 2017 +0100 clk: rockchip: Make uartpll a child of the gpll on rk3036 The shared uart-pll is on boot a child of the apll that can get changed by cpu frequency scaling. So move it away to the more stable gpll to make sure the uart doesn't break on cpu frequency changes. This turned up during the 4.11 merge-window when commit 6a171b299379 ("serial: 8250_dw: Allow hardware flow control to be used") added general termios enablement making the uart on rk3036 change frequency and thus making it susceptible for the frequency scaling issue. Signed-off-by: Heiko Stuebner Signed-off-by: Stephen Boyd drivers/clk/rockchip/clk-rk3036.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 9b1b23f03abdd25ffde8bbfe5824b89bc0448c28 Author: Heiko Stuebner Date: Wed Mar 1 22:00:41 2017 +0100 clk: rockchip: add "," to mux_pll_src_apll_dpll_gpll_usb480m_p on rk3036 The mux_pll_src_apll_dpll_gpll_usb480m_p parent list was missing a "," between the 3rd and 4th parent names, making them fall together and thus lookups fail. Fix that. Fixes: 5190c08b2989 ("clk: rockchip: add clock controller for rk3036") Signed-off-by: Heiko Stuebner Signed-off-by: Stephen Boyd drivers/clk/rockchip/clk-rk3036.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7cc5e38f2f0b0b58a22a4c18a56348dd99a71270 Author: Ilya Dryomov Date: Sun Feb 12 17:11:07 2017 +0100 libceph: osd_request_timeout option osd_request_timeout specifies how many seconds to wait for a response from OSDs before returning -ETIMEDOUT from an OSD request. 0 (default) means no limit. osd_request_timeout is osdkeepalive-precise -- in-flight requests are swept through every osdkeepalive seconds. With ack vs commit behaviour gone, abort_request() is really simple. This is based on a patch from Artur Molchanov . Tested-by: Artur Molchanov Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil include/linux/ceph/libceph.h | 2 ++ include/linux/ceph/osd_client.h | 1 + net/ceph/ceph_common.c | 15 +++++++++++++++ net/ceph/osd_client.c | 36 +++++++++++++++++++++++++++++++++++- 4 files changed, 53 insertions(+), 1 deletion(-) commit 8767b293a4ab6632f9288f34bcf2ab9ba20dca3a Author: Ilya Dryomov Date: Thu Mar 2 19:56:57 2017 +0100 rbd: supported_features bus attribute ... so that userspace can generate meaningful error messages and spell out unsupported features that need to be disabled. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil drivers/block/rbd.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit b581a5854eee4b7851dedb0f8c2ceb54fb902c06 Author: Ilya Dryomov Date: Wed Mar 1 17:33:27 2017 +0100 libceph: don't set weight to IN when OSD is destroyed Since ceph.git commit 4e28f9e63644 ("osd/OSDMap: clear osd_info, osd_xinfo on osd deletion"), weight is set to IN when OSD is deleted. This changes the result of applying an incremental for clients, not just OSDs. Because CRUSH computations are obviously affected, pre-4e28f9e63644 servers disagree with post-4e28f9e63644 clients on object placement, resulting in misdirected requests. Mirrors ceph.git commit a6009d1039a55e2c77f431662b3d6cc5a8e8e63f. Fixes: 930c53286977 ("libceph: apply new_state before new_up_client on incrementals") Link: http://tracker.ceph.com/issues/19122 Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/osdmap.c | 1 - 1 file changed, 1 deletion(-) commit 9afd30dbc82a9dbea4101aba57beb2a2a7e1b8d5 Author: Ilya Dryomov Date: Tue Feb 28 18:53:53 2017 +0100 libceph: fix crush_decode() for older maps Older (shorter) CRUSH maps too need to be finalized. Fixes: 66a0e2d579db ("crush: remove mutable part of CRUSH map") Signed-off-by: Ilya Dryomov net/ceph/osdmap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 253160a8ad06bcc1c1db16a58b1f06d5128f6c5e Author: Leonard Crestez Date: Mon Feb 20 15:20:56 2017 +0200 clk: core: Copy connection id Some drivers use sprintf to build clk connection id names but the clk core will save those strings and occasionally print them back. Duplicate the con_id strings instead of fixing all the users. Signed-off-by: Leonard Crestez Signed-off-by: Stephen Boyd drivers/clk/clk.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit cda82ace3d4eff6a38f00a65db435fe35a3916f0 Author: Thomas Petazzoni Date: Wed Dec 21 11:26:55 2016 +0100 dt-bindings: arm: update Armada CP110 system controller binding It turns out that in the CP110 HW block present in Marvell Armada 7K/8K SoCs, gatable clock n°18 not only controls SD/MMC, but also the GOP block. This commit updates the Device Tree binding for this piece of hardware accordingly. Signed-off-by: Thomas Petazzoni Signed-off-by: Stephen Boyd .../devicetree/bindings/arm/marvell/cp110-system-controller0.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 68598d2ea886322f9b4b0058e5b288418622de95 Author: Dmitry V. Levin Date: Wed Mar 1 02:12:50 2017 +0300 btrfs: remove btrfs_err_str function from uapi/linux/btrfs.h btrfs_err_str function is not called from anywhere and is replicated in the userspace headers for btrfs-progs. It's removal also fixes the following linux/btrfs.h userspace compilation error: /usr/include/linux/btrfs.h: In function 'btrfs_err_str': /usr/include/linux/btrfs.h:740:11: error: 'NULL' undeclared (first use in this function) return NULL; Suggested-by: Jeff Mahoney Signed-off-by: Dmitry V. Levin Reviewed-by: David Sterba Signed-off-by: David Sterba include/uapi/linux/btrfs.h | 27 --------------------------- 1 file changed, 27 deletions(-) commit 7b4af793a7a4f8e04175eb6600ba9c8ba855ad20 Author: Charles Keepax Date: Mon Mar 6 16:54:34 2017 +0000 ASoC: wm_adsp: Acknowledge controls should also check the DSP is running We should not be writing acknowledge controls until the firmware is running, as in the case of preloaded firmwares the DSP memory may be unaccessible to whilst in the preloaded state. This means a write to the control during this time could be lost. Signed-off-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/wm_adsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 67430a39ca7a6af28aade5acb92d43ee257c1014 Author: Charles Keepax Date: Mon Mar 6 16:54:33 2017 +0000 ASoC: wm_adsp: Return an error on write to a disabled volatile control Volatile controls should only be accessed when the firmware is active, currently however writes to these controls will succeed, but the data will be lost, if the firmware is powered down. Update this behaviour such that an error is returned the same as it is for reads. Signed-off-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/codecs/wm_adsp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit fa3aa7a54fe6d3abf128f13cd4bbd40eaa48fed2 Author: Frederic Weisbecker Date: Tue Mar 7 10:55:34 2017 +0100 jiffies: Revert bogus conversion of NSEC_PER_SEC to TICK_NSEC commit 93825f2ec736 converted NSEC_PER_SEC to TICK_NSEC because the author confused NSEC_PER_JIFFY with NSEC_PER_SEC. As a result, the calculation of refined jiffies got broken, triggering lockups. Fixes: 93825f2ec736 ("jiffies: Reuse TICK_NSEC instead of NSEC_PER_JIFFY") Reported-and-tested-by: Meelis Roos Signed-off-by: Frederic Weisbecker Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1488880534-3777-1-git-send-email-fweisbec@gmail.com Signed-off-by: Thomas Gleixner kernel/time/jiffies.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5c51f4ae84df0f9df33ac08aa5be50061a8b4242 Author: Josh Poimboeuf Date: Thu Mar 2 16:57:23 2017 -0600 objtool: Fix another GCC jump table detection issue Arnd Bergmann reported a (false positive) objtool warning: drivers/infiniband/sw/rxe/rxe_resp.o: warning: objtool: rxe_responder()+0xfe: sibling call from callable instruction with changed frame pointer The issue is in find_switch_table(). It tries to find a switch statement's jump table by walking backwards from an indirect jump instruction, looking for a relocation to the .rodata section. In this case it stopped walking prematurely: the first .rodata relocation it encountered was for a variable (resp_state_name) instead of a jump table, so it just assumed there wasn't a jump table. The fix is to ignore any .rodata relocation which refers to an ELF object symbol. This works because the jump tables are anonymous and have no symbols associated with them. Reported-by: Arnd Bergmann Tested-by: Arnd Bergmann Signed-off-by: Josh Poimboeuf Cc: Denys Vlasenko Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 3732710ff6f2 ("objtool: Improve rare switch jump table pattern detection") Link: http://lkml.kernel.org/r/20170302225723.3ndbsnl4hkqbne7a@treble Signed-off-by: Ingo Molnar tools/objtool/builtin-check.c | 15 ++++++++++++--- tools/objtool/elf.c | 12 ++++++++++++ tools/objtool/elf.h | 1 + 3 files changed, 25 insertions(+), 3 deletions(-) commit bb35e4515411396219431fa235bf21bf9c2794e9 Author: Guenter Roeck Date: Sun Mar 5 17:13:31 2017 -0800 drivers/char/nwbutton: Fix build breakage caused by include file reshuffling Fix: drivers/char/nwbutton.c: In function 'button_sequence_finished': drivers/char/nwbutton.c:134:3: error: implicit declaration of function 'kill_cad_pid' The declaration has been moved from one include file to another. Signed-off-by: Guenter Roeck Cc: Arnd Bergmann Cc: Greg Kroah-Hartman Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: c3edc4010e9d102 ("sched/headers: Move task_struct::signal and ...") Link: http://lkml.kernel.org/r/1488762811-9022-1-git-send-email-linux@roeck-us.net Signed-off-by: Ingo Molnar drivers/char/nwbutton.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 80aa1a54f054a1c71cc88e0cad6cfa0d20a10f23 Author: Guenter Roeck Date: Sun Mar 5 10:27:14 2017 -0800 h8300: Fix build breakage caused by header file changes Fix the following h8300 build failures: arch/h8300/kernel/ptrace_h.c: In function ‘trace_trap’: arch/h8300/kernel/ptrace_h.c:253:3: error: implicit declaration of function ‘force_sig’ Signed-off-by: Guenter Roeck Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Yoshinori Sato Cc: uclinux-h8-devel@lists.sourceforge.jp Fixes: c3edc4010e9d ("sched/headers: Move task_struct::signal and ...") Link: http://lkml.kernel.org/r/1488738434-3504-1-git-send-email-linux@roeck-us.net Signed-off-by: Ingo Molnar arch/h8300/kernel/ptrace_h.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1fbdbcea80056acfc8c8506594744f5ec52208c1 Author: Guenter Roeck Date: Sun Mar 5 17:05:57 2017 -0800 avr32: Fix build error caused by include file reshuffling Various avr32 builds fail: arch/avr32/oprofile/backtrace.c:58: error: dereferencing pointer to incomplete type arch/avr32/oprofile/backtrace.c:60: error: implicit declaration of function 'user_mode' Signed-off-by: Guenter Roeck Acked-by: Hans-Christian Noren Egtvedt Cc: Haavard Skinnemoen Cc: Hans-Christian Egtvedt Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Robert Richter Cc: Thomas Gleixner Cc: oprofile-list@lists.sf.net Fixes: f780d89a0e82 ("sched/headers: Remove from ...") Link: http://lkml.kernel.org/r/1488762357-4500-1-git-send-email-linux@roeck-us.net Signed-off-by: Ingo Molnar arch/avr32/oprofile/backtrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit eeb810849a20e32aa1b60335e46ea5446ba07e1f Author: James Smart Date: Sat Mar 4 09:30:40 2017 -0800 scsi: lpfc: revise version number to 11.2.0.10 Revise lpfc version number to 11.2.0.10 Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b5ccc7d61c76006f839b41c6f15876342b46cb02 Author: James Smart Date: Sat Mar 4 09:30:39 2017 -0800 scsi: lpfc: code cleanups in NVME initiator discovery This patch addresses the smatch issues identified by Dan Carpenter in http://www.spinics.net/lists/linux-scsi/msg105665.html The issues are: drivers/scsi/lpfc/lpfc_ct.c:943 lpfc_cmpl_ct_cmd_gft_id() error: we previously assumed 'ndlp' could be null (see line 928) Action: moved under if check drivers/scsi/lpfc/lpfc_nvmet.c:1694 lpfc_nvmet_unsol_issue_abort() error: we previously assumed 'ndlp' could be null (see line 1690) Action: conditionalized arg in printf stmt drivers/scsi/lpfc/lpfc_nvmet.c:1792 lpfc_nvmet_sol_fcp_issue_abort() error: we previously assumed 'ndlp' could be null (see line 1788) Action: conditionalized arg in printf stmt Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_ct.c | 2 +- drivers/scsi/lpfc/lpfc_nvmet.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 2ade92ae6d6572858acb2bde6d3664af3ad592e2 Author: James Smart Date: Sat Mar 4 09:30:38 2017 -0800 scsi: lpfc: code cleanups in NVME initiator base This patch addresses the smatch issues identified by Dan Carpenter in http://www.spinics.net/lists/linux-scsi/msg105663.html The issues are: drivers/scsi/lpfc/lpfc_hbadisc.c:316 lpfc_dev_loss_tmo_handler() warn: we tested 'vport->load_flag & 2' before and it was 'false' Action: removed item from test drivers/scsi/lpfc/lpfc_hbadisc.c:701 lpfc_work_done() warn: test_bit() takes a bit number Action: changed definition so bit number drivers/scsi/lpfc/lpfc_hbadisc.c:2206 lpfc_mbx_cmpl_fcf_scan_read_fcf_rec() error: uninitialized symbol 'vlan_id'. drivers/scsi/lpfc/lpfc_hbadisc.c:2582 lpfc_mbx_cmpl_fcf_rr_read_fcf_rec() error: uninitialized symbol 'vlan_id'. drivers/scsi/lpfc/lpfc_hbadisc.c:2683 lpfc_mbx_cmpl_read_fcf_rec() error: uninitialized symbol 'vlan_id'. Action: initilized value drivers/scsi/lpfc/lpfc_hbadisc.c:4025 lpfc_register_remote_port() error: we previously assumed 'rdata' could be null (see line 4023) Action: refactored check block drivers/scsi/lpfc/lpfc_hbadisc.c:4613 lpfc_sli4_dequeue_nport_iocbs() error: double unlock 'irq:' Action: removed inner irq reference Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 17 +++++++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) commit cd46cdedb3238f1f878c42650ec05c6344c7083d Author: James Smart Date: Sat Mar 4 09:30:37 2017 -0800 scsi: lpfc: correct rdp diag portnames NVME merge reverted diag port names to the physical port. They should be the vport. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_els.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit ba3bd6e2a9a2753439a1fd1fe39e8d5162fb3aa9 Author: James Smart Date: Sat Mar 4 09:30:36 2017 -0800 scsi: lpfc: remove dead sli3 nvme code Remove nvme teardown calls that should not be there on sli3 devices Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_init.c | 5 ----- 1 file changed, 5 deletions(-) commit da6b044a28fe603fe2c3fd908cda8150aa0abe74 Author: James Smart Date: Sat Mar 4 09:30:35 2017 -0800 scsi: lpfc: correct double print Correct a merge error that had debug data printed twice for the same element Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_debugfs.c | 22 ---------------------- 1 file changed, 22 deletions(-) commit 43140ca68d1a071ddbe92f10a3256e01701ae390 Author: James Smart Date: Sat Mar 4 09:30:34 2017 -0800 scsi: lpfc: Rename LPFC_MAX_EQ_DELAY to LPFC_MAX_EQ_DELAY_EQID_CNT Without apriori understanding of what the define is, the name gives a very different impression of what it is (a max delay value for an EQ). Rename the define so it reflects what it is: the number of EQ IDs that can be set in one instance of the MODIFY_EQ_DELAY mbx command. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_attr.c | 3 ++- drivers/scsi/lpfc/lpfc_hw4.h | 4 ++-- drivers/scsi/lpfc/lpfc_init.c | 7 ++----- drivers/scsi/lpfc/lpfc_sli.c | 5 ++++- 4 files changed, 10 insertions(+), 9 deletions(-) commit 166d721120c1cf768af11706c3e0411324bf138f Author: James Smart Date: Sat Mar 4 09:30:33 2017 -0800 scsi: lpfc: Rework lpfc Kconfig for NVME options Reworked Kconfig so that lfpc only requires the scsi stack. NVME Initiator and NVME Target support can be enabled if the other NVMe subsystems have been enabled. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/Kconfig | 19 ++++++++++++++++--- drivers/scsi/lpfc/lpfc_nvme.c | 18 +++++++++++++++--- drivers/scsi/lpfc/lpfc_nvmet.c | 10 ++++++++++ 3 files changed, 41 insertions(+), 6 deletions(-) commit 856984b71cefab1580e9439e5382db1247d689b0 Author: James Smart Date: Sat Mar 4 09:30:32 2017 -0800 scsi: lpfc: add transport eh_timed_out reference Christoph's prior patch missed the template for the sli3 adapters, which is now the "no host reset" template. Add the transport eh_timed_out handler to the no host reset template Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_scsi.c | 1 + 1 file changed, 1 insertion(+) commit 96418b5e2c8867da3279d877f5d1ffabfe460c3d Author: James Smart Date: Sat Mar 4 09:30:31 2017 -0800 scsi: lpfc: Fix eh_deadline setting for sli3 adapters. A previous change unilaterally removed the hba reset entry point from the sli3 host template. This was done to allow tape devices being used for back up from being removed. Why was this done ? When there was non-responding device on the fabric, the error escalation policy would escalate to the reset handler. When the reset handler was called, it would reset the adapter, dropping link, thus logging out and terminating all i/o's - on any target. If there was a tape device on the same adapter that wasn't in error, it would kill the tape i/o's, effectively killing the tape device state. With the reset point removed, the adapter reset avoided the fabric logout, allowing the other devices to continue to operate unaffected. A hack - yes. Hint: we really need a transport I_T nexus reset callback added to the eh process (in between the SCSI target reset and hba reset points), so a fc logout could occur to the one bad target only and stop the error escalation process. This patch commonizes the approach so it can be used for sli3 and sli4 adapters, but mandates the admin, via module parameter, specifically identify which adapters the resets are to be removed for. Additionally, bus_reset, which sends Target Reset TMFs to all targets, is also removed from the template as it too has the same effect as the adapter reset. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Laurence Oberman Tested-by: Laurence Oberman Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_attr.c | 6 +++++ drivers/scsi/lpfc/lpfc_crtn.h | 4 ++- drivers/scsi/lpfc/lpfc_init.c | 61 ++++++++++++++++++++++++++++++++++++++++--- drivers/scsi/lpfc/lpfc_scsi.c | 3 +-- 5 files changed, 69 insertions(+), 6 deletions(-) commit 318083ad9230ff13cdac34ae4c4135e0c4e2d9ad Author: James Smart Date: Sat Mar 4 09:30:30 2017 -0800 scsi: lpfc: add NVME exchange aborts previous code did little more than log a message. This patch adds abort path support, modeled after the SCSI code paths. Currently addresses only the initiator path. Target path under development, but stubbed out. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_hbadisc.c | 2 ++ drivers/scsi/lpfc/lpfc_init.c | 7 +++++ drivers/scsi/lpfc/lpfc_nvme.c | 64 ++++++++++++++++++++++++++++++++++++---- drivers/scsi/lpfc/lpfc_nvme.h | 1 + drivers/scsi/lpfc/lpfc_nvmet.c | 21 +++++++++++-- drivers/scsi/lpfc/lpfc_sli.c | 51 ++++++++++++++++++++++++++++++-- drivers/scsi/lpfc/lpfc_sli4.h | 6 ++++ 8 files changed, 143 insertions(+), 10 deletions(-) commit 3ebd9b4701ef77358030a0ef9cb6586db2149712 Author: James Smart Date: Sat Mar 4 09:30:29 2017 -0800 scsi: lpfc: Fix nvme allocation bug on failed nvme_fc_register_localport nvme bufs get allocated even when the registration fails. Move allocation into the rsgistration success path. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_nvme.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a5068b46958870633ea340692f301507ef78d00b Author: James Smart Date: Sat Mar 4 09:30:28 2017 -0800 scsi: lpfc: Fix IO submission if WQ is full For both initiator and target: if WQ is full, return -EBUSY. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_nvme.c | 2 +- drivers/scsi/lpfc/lpfc_nvmet.c | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) commit b06a622ffe8dddcc09dad23dc768f7d1540fb4d6 Author: James Smart Date: Sat Mar 4 09:30:27 2017 -0800 scsi: lpfc: Fix NVME CMD IU byte swapped word 1 problem Word 1 in NVME CMD IU appears byte swapped from value placed in WQE Should be Big Endian value in WQE word 16 Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_nvme.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) commit 8b3616392d32d2b04ce649caf6684da1b7050d8c Author: James Smart Date: Sat Mar 4 09:30:26 2017 -0800 scsi: lpfc: Fix RCTL value on NVME LS request and response NVME LS requests and responses had wrong R_CTL values. Use the FC4 ELS Request and Response defines (defines badly named, they are FC4 LS's) instead of the base ELS values. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_nvme.c | 2 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 5d181531bc6169e19a02a27d202cf0e982db9d0e Author: James Smart Date: Sat Mar 4 09:30:25 2017 -0800 scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters if REG_VPI fails, the driver was incorrectly issuing INIT_VFI (a SLI4 command) on a SLI3 adapter. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_els.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit d11f54b7d1d40463024be3b40ab7be2c8a84fa43 Author: James Smart Date: Sat Mar 4 09:30:24 2017 -0800 scsi: lpfc: fix missing spin_unlock on sql_list_lock From: Colin Ian King In the case where sglq is null, the current code just returns without unlocking the spinlock sql_list_lock. Fix this by breaking out of the while loop and the exit path will then unlock and return NULL as was the original intention. Detected by CoverityScan, CID#1411635 ("Missing unlock") Signed-off-by: Colin Ian King Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_sli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 332ba3b5d6d27a60d445704ed7c88c7e9f958a30 Author: James Smart Date: Sat Mar 4 09:30:23 2017 -0800 scsi: lpfc: don't dereference dma_buf->iocbq before null check From: Colin Ian King dma_buf->iocbq is being dereferenced immediately before it is being null checked, so we have a potential null pointer dereference bug. Fix this by only dereferencing it only once we have passed a null check on the pointer. Detected by CoverityScan, CID#1411652 ("Dereference before null check") Signed-off-by: Colin Ian King Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7aabe84b8a1bb7c3f75fb6a23dc96f8999bdcc8f Author: James Smart Date: Sat Mar 4 09:30:22 2017 -0800 scsi: lpfc: sanity check hrq is null before dereferencing it From: Colin Ian King The sanity check for hrq should be moved to before the deference of hrq to ensure we don't perform a null pointer deference. Detected by CoverityScan, CID#1411650 ("Dereference before null check") Signed-off-by: Colin Ian King Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_sli.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 70e5afd57d6d97d69bf5fd0187c2bb5a79990504 Author: James Smart Date: Sat Mar 4 09:30:21 2017 -0800 scsi: lpfc: remove redundant assignment of sgel From: Colin Ian King In the NVMET_FCOP_RSP case, sgel is assigned but never used and hence is redundant and can be removed. Detected by CoverityScan, CID#1411658 ("Unused value") Signed-off-by: Colin Ian King Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_nvmet.c | 1 - 1 file changed, 1 deletion(-) commit 33cc559a81397bc813c392617d40ddfdfa3cffbd Author: Tomas Jasek Date: Fri Mar 3 13:45:48 2017 +0100 scsi: lpfc: replace init_timer by setup_timer This patch shortens every init_timer in lpfc module followed by function and data assignment using setup_timer. This is purely cleanup patch, it does not add new functionality nor remove any existing functionality. An init_timer call in this form: init_timer(&vport->fc_disctmo); vport->fc_disctmo.function = lpfc_disc_timeout; vport->fc_disctmo.data = vport; is shortened to: setup_timer(&vport->fc_disctmo, lpfc_disc_timeout, vport); It increases readability and reduces chances of mistakes done by developers. Signed-off-by: Tomas Jasek Signed-off-by: Jiri Slaby Cc: James Smart Cc: Dick Kennedy Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: Acked-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_hbadisc.c | 5 ++--- drivers/scsi/lpfc/lpfc_init.c | 47 +++++++++++++++------------------------- 2 files changed, 19 insertions(+), 33 deletions(-) commit fd2b18b4a7bf01453324733a18297ae9a197a4ae Author: Joe Perches Date: Mon Mar 6 10:32:27 2017 -0800 scsi: qedf: Use vsprintf extension %pad Using %llx for a dma_addr_t can lead to format/argument mismatches. Use %pad and the address of the dma_addr_t instead. Signed-off-by: Joe Perches Acked-by: Chad Dupuis Signed-off-by: Martin K. Petersen drivers/scsi/qedf/qedf_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit db6b2060bcae1ce1f9bde73a423e710b625ae1ef Author: Joe Perches Date: Sat Mar 4 00:07:04 2017 -0800 scsi: qedf: Fix defective logging format and argument mismatches Add __printf compiler verification of format and arguments. Fix fallout. Signed-off-by: Joe Perches Acked-by: Chad Dupuis Signed-off-by: Martin K. Petersen drivers/scsi/qedf/qedf_dbg.h | 13 ++++++++----- drivers/scsi/qedf/qedf_fip.c | 2 +- drivers/scsi/qedf/qedf_io.c | 4 ++-- 3 files changed, 11 insertions(+), 8 deletions(-) commit c527de41aea24c2cdb6638818008d810013b4d39 Author: Christoph Hellwig Date: Fri Mar 3 07:57:16 2017 -0700 scsi: vmw_pvscsi: handle the return value from pci_alloc_irq_vectors correctly It returns the number of vectors allocated when successful, so check for a negative error only. Fixes: 2e48e349 ("scsi: vmw_pvscsi: switch to pci_alloc_irq_vectors") Signed-off-by: Christoph Hellwig Reported-by: Loïc Yhuel Tested-by: Loïc Yhuel Signed-off-by: Martin K. Petersen drivers/scsi/vmw_pvscsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 23456565acf6d452e0368f7380aecd584c019c67 Author: Joe Perches Date: Thu Mar 2 17:14:47 2017 -0800 scsi: qla2xxx: Fix ql_dump_buffer Recent printk changes for KERN_CONT cause this logging to be defectively emitted on multiple lines. Fix it. Also reduces object size a trivial amount. $ size drivers/scsi/qla2xxx/qla_dbg.o* text data bss dec hex filename 39125 0 0 39125 98d5 drivers/scsi/qla2xxx/qla_dbg.o.new 39164 0 0 39164 98fc drivers/scsi/qla2xxx/qla_dbg.o.old Signed-off-by: Joe Perches Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_dbg.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit 934767c56b0d9dbb95a40e9e6e4d9dcdc3a165ad Author: Raghava Aditya Renukunta Date: Thu Mar 2 09:21:33 2017 -0800 scsi: aacraid: Fix typo in blink status The return status of the adapter check on KERNEL_PANIC is supposed to be the upper 16 bits of the OMR status register. Fixes: c421530bf848604e (scsi: aacraid: Reorder Adpater status check) Reported-by: Dan Carpenter Signed-off-by: Raghava Aditya Renukunta Reviewed-by: Dave Carroll Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/src.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bd571195c9535c0b074fc7cd1b541b93817ed647 Author: Arnd Bergmann Date: Thu Mar 2 15:58:03 2017 +0100 scsi: qedi: fix build error without DEBUG_FS Without CONFIG_DEBUG_FS, we run into a link error: drivers/scsi/qedi/qedi_iscsi.o: In function `qedi_ep_poll': qedi_iscsi.c:(.text.qedi_ep_poll+0x134): undefined reference to `do_not_recover' drivers/scsi/qedi/qedi_iscsi.o: In function `qedi_ep_disconnect': qedi_iscsi.c:(.text.qedi_ep_disconnect+0x36c): undefined reference to `do_not_recover' drivers/scsi/qedi/qedi_iscsi.o: In function `qedi_ep_connect': qedi_iscsi.c:(.text.qedi_ep_connect+0x350): undefined reference to `do_not_recover' drivers/scsi/qedi/qedi_fw.o: In function `qedi_tmf_work': qedi_fw.c:(.text.qedi_tmf_work+0x3b4): undefined reference to `do_not_recover' This defines the symbol as a constant in this case, as there is no way to set it to anything other than zero without DEBUG_FS. In addition, I'm renaming it to qedi_do_not_recover in order to put it into a driver specific namespace, as "do_not_recover" is a really bad name for a kernel-wide global identifier when it is used only in one driver. Fixes: ace7f46ba5fd ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.") Reviewed-by: Johannes Thumshirn Signed-off-by: Arnd Bergmann Acked-by: Manish Rangankar Signed-off-by: Martin K. Petersen drivers/scsi/qedi/qedi_debugfs.c | 16 ++++++++-------- drivers/scsi/qedi/qedi_fw.c | 4 ++-- drivers/scsi/qedi/qedi_gbl.h | 8 +++++++- drivers/scsi/qedi/qedi_iscsi.c | 8 ++++---- 4 files changed, 21 insertions(+), 15 deletions(-) commit 040757f738e13caaa9c5078bca79aa97e11dde88 Author: Eric W. Biederman Date: Sun Mar 5 15:03:22 2017 -0600 ucount: Remove the atomicity from ucount->count Always increment/decrement ucount->count under the ucounts_lock. The increments are there already and moving the decrements there means the locking logic of the code is simpler. This simplification in the locking logic fixes a race between put_ucounts and get_ucounts that could result in a use-after-free because the count could go zero then be found by get_ucounts and then be freed by put_ucounts. A bug presumably this one was found by a combination of syzkaller and KASAN. JongWhan Kim reported the syzkaller failure and Dmitry Vyukov spotted the race in the code. Cc: stable@vger.kernel.org Fixes: f6b2db1a3e8d ("userns: Make the count of user namespaces per user") Reported-by: JongHwan Kim Reported-by: Dmitry Vyukov Reviewed-by: Andrei Vagin Signed-off-by: "Eric W. Biederman" include/linux/user_namespace.h | 2 +- kernel/ucount.c | 18 +++++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) commit 8a1df543de8ad879d3c80bdda4c67ac4f82e7ee0 Author: Tahsin Erdogan Date: Sat Feb 25 12:59:26 2017 -0800 percpu: remove unused chunk_alloc parameter from pcpu_get_pages() pcpu_get_pages() doesn't use chunk_alloc parameter, remove it. Fixes: fbbb7f4e149f ("percpu: remove the usage of separate populated bitmap in percpu-vm") Signed-off-by: Tahsin Erdogan Signed-off-by: Tejun Heo mm/percpu-vm.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 320661b08dd6f1746d5c7ab4eb435ec64b97cd45 Author: Tahsin Erdogan Date: Sat Feb 25 13:00:19 2017 -0800 percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages Update to pcpu_nr_empty_pop_pages in pcpu_alloc() is currently done without holding pcpu_lock. This can lead to bad updates to the variable. Add missing lock calls. Fixes: b539b87fed37 ("percpu: implmeent pcpu_nr_empty_pop_pages and chunk->nr_populated") Signed-off-by: Tahsin Erdogan Signed-off-by: Tejun Heo Cc: stable@vger.kernel.org # v3.18+ mm/percpu.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 637fdbae60d6cb9f6e963c1079d7e0445c86ff7d Author: Tejun Heo Date: Mon Mar 6 15:33:42 2017 -0500 workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq If queue_delayed_work() gets called with NULL @wq, the kernel will oops asynchronuosly on timer expiration which isn't too helpful in tracking down the offender. This actually happened with smc. __queue_delayed_work() already does several input sanity checks synchronously. Add NULL @wq check. Reported-by: Dave Jones Link: http://lkml.kernel.org/r/20170227171439.jshx3qplflyrgcv7@codemonkey.org.uk Signed-off-by: Tejun Heo kernel/workqueue.c | 1 + 1 file changed, 1 insertion(+) commit 0580b762a4d6b70817476b90042813f8573283fa Author: Tejun Heo Date: Mon Mar 6 15:26:54 2017 -0500 libata: drop WARN from protocol error in ata_sff_qc_issue() ata_sff_qc_issue() expects upper layers to never issue commands on a command protocol that it doesn't implement. While the assumption holds fine with the usual IO path, nothing filters based on the command protocol in the passthrough path (which was added later), allowing the warning to be tripped with a passthrough command with the right (well, wrong) protocol. Failing with AC_ERR_SYSTEM is the right thing to do anyway. Remove the unnecessary WARN. Reported-by: Dmitry Vyukov Link: http://lkml.kernel.org/r/CACT4Y+bXkvevNZU8uP6X0QVqsj6wNoUA_1exfTSOzc+SmUtMOA@mail.gmail.com Signed-off-by: Tejun Heo drivers/ata/libata-sff.c | 1 - 1 file changed, 1 deletion(-) commit d85fc67dd11e9a32966140677d4d6429ca540b25 Author: Gwendal Grignou Date: Fri Mar 3 09:00:09 2017 -0800 libata: transport: Remove circular dependency at free time Without this patch, failed probe would not free resources like irq. ata port tdev object currently hold a reference to the ata port object. Therefore the ata port object release function will not get called until the ata_tport_release is called. But that would never happen, releasing the last reference of ata port dev is done by scsi_host_release, which is called by ata_host_release when the ata port object is released. The ata device objects actually do not need to explicitly hold a reference to their real counterpart, given the transport objects are the children of these objects and device_add() is call for each child. We know the parent will not be deleted until we call the child's device_del(). Reported-by: Matthew Whitehead Tested-by: Matthew Whitehead Suggested-by: Tejun Heo Signed-off-by: Gwendal Grignou Signed-off-by: Tejun Heo drivers/ata/libata-transport.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit b6a6759daf55dade2b65089957832759d502acfb Author: Kees Cook Date: Sat Feb 25 01:56:48 2017 -0800 cgroups: censor kernel pointer in debug files As found in grsecurity, this avoids exposing a kernel pointer through the cgroup debug entries. Signed-off-by: Kees Cook Signed-off-by: Tejun Heo kernel/cgroup/cgroup-v1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1d18c2747f937f1b5ec65ce6bf4ccb9ca1aea9e8 Author: Tejun Heo Date: Wed Mar 1 15:39:07 2017 -0500 cgroup/pids: remove spurious suspicious RCU usage warning pids_can_fork() is special in that the css association is guaranteed to be stable throughout the function and thus doesn't need RCU protection around task_css access. When determining the css to charge the pid, task_css_check() is used to override the RCU sanity check. While adding a warning message on fork rejection from pids limit, 135b8b37bd91 ("cgroup: Add pids controller event when fork fails because of pid limit") incorrectly added a task_css access which is neither RCU protected or explicitly annotated. This triggers the following suspicious RCU usage warning when RCU debugging is enabled. cgroup: fork rejected by pids controller in =============================== [ ERR: suspicious RCU usage. ] 4.10.0-work+ #1 Not tainted ------------------------------- ./include/linux/cgroup.h:435 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 1 lock held by bash/1748: #0: (&cgroup_threadgroup_rwsem){+++++.}, at: [] _do_fork+0xe6/0x6e0 stack backtrace: CPU: 3 PID: 1748 Comm: bash Not tainted 4.10.0-work+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-1.fc25 04/01/2014 Call Trace: dump_stack+0x68/0x93 lockdep_rcu_suspicious+0xd7/0x110 pids_can_fork+0x1c7/0x1d0 cgroup_can_fork+0x67/0xc0 copy_process.part.58+0x1709/0x1e90 _do_fork+0xe6/0x6e0 SyS_clone+0x19/0x20 do_syscall_64+0x5c/0x140 entry_SYSCALL64_slow_path+0x25/0x25 RIP: 0033:0x7f7853fab93a RSP: 002b:00007ffc12d05c90 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7853fab93a RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffc12d05cc0 R08: 0000000000000000 R09: 00007f78548db700 R10: 00007f78548db9d0 R11: 0000000000000246 R12: 00000000000006d4 R13: 0000000000000001 R14: 0000000000000000 R15: 000055e3ebe2c04d /asdf There's no reason to dereference task_css again here when the associated css is already available. Fix it by replacing the task_cgroup() call with css->cgroup. Signed-off-by: Tejun Heo Reported-by: Mike Galbraith Fixes: 135b8b37bd91 ("cgroup: Add pids controller event when fork fails because of pid limit") Cc: Kenny Yu Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Tejun Heo kernel/cgroup/pids.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 312eb712e15868236dd03c67971ab2c1d79b4ce6 Author: Tobias Klauser Date: Fri Feb 17 18:44:11 2017 +0100 cgroup: Fix indenting in PID controller documentation Follow the common documentation style in the file and indent the interface file description by a tab instead of just a space. Signed-off-by: Tobias Klauser Signed-off-by: Tejun Heo Documentation/cgroup-v2.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit c771c14baa3319c85512e575671bf0bb18824c11 Author: Eryu Guan Date: Thu Mar 2 15:02:06 2017 -0800 iomap: invalidate page caches should be after iomap_dio_complete() in direct write After XFS switching to iomap based DIO (commit acdda3aae146 ("xfs: use iomap_dio_rw")), I started to notice dio29/dio30 tests failures from LTP run on ppc64 hosts, and they can be reproduced on x86_64 hosts with 512B/1k block size XFS too. dio29 diotest3 -b 65536 -n 100 -i 1000 -o 1024000 dio30 diotest6 -b 65536 -n 100 -i 1000 -o 1024000 The failure message is like: bufcmp: offset 0: Expected: 0x62, got 0x0 diotest03 1 TPASS : Read with Direct IO, Write without diotest03 2 TFAIL : diotest3.c:142: comparsion failed; child=98 offset=1425408 diotest03 3 TFAIL : diotest3.c:194: Write Direct-child 98 failed Direct write wrote 0x62 but buffer read got zero. This is because, when doing direct write to a hole or preallocated file, we invalidate the page caches before converting the extent from unwritten state to normal state, which is done by iomap_dio_complete(), thus leave a window for other buffer reader to cache the unwritten state extent. Consider this case, with sub-page blocksize XFS, two processes are direct writing to different blocksize-aligned regions (say 512B) of the same preallocated file, and reading the region back via buffered I/O to compare contents. process A, region [0,512] process B, region [512,1024] xfs_file_write_iter xfs_file_aio_dio_write iomap_dio_rw iomap_apply invalidate_inode_pages2_range xfs_file_write_iter xfs_file_aio_dio_write iomap_dio_rw iomap_apply invalidate_inode_pages2_range iomap_dio_complete xfs_file_read_iter xfs_file_buffered_aio_read generic_file_read_iter do_generic_file_read iomap_dio_complete xfs_file_read_iter Process A first invalidates page caches, at this point the underlying extent is still in unwritten state (iomap_dio_complete not called yet), and process B finishs direct write and populates page caches via readahead, which caches zeros in page for region A, then process A reads zeros from page cache, instead of the actual data. Fix it by invalidating page caches after converting unwritten extent to make sure we read content from disk after extent state changed, as what we did before switching to iomap based dio. Also introduce a new 'start' variable to save the original write offset (iomap_dio_complete() updates iocb->ki_pos), and a 'err' variable for invalidating caches result, cause we can't reuse 'ret' anymore. Signed-off-by: Eryu Guan Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/iomap.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit e24bce8fb4c26bd0d8eca74cbbee1ad049246be3 Merge: b92675d c1ae3cf Author: Tony Lindgren Date: Mon Mar 6 08:37:53 2017 -0800 Merge tag 'v4.11-rc1' into omap-for-v4.11/fixes Linux 4.11-rc1 commit 587d7e72aedca91cee80c0a56811649c3efab765 Author: Jim Mattson Date: Thu Mar 2 12:41:48 2017 -0800 kvm: nVMX: VMCLEAR should not cause the vCPU to shut down VMCLEAR should silently ignore a failure to clear the launch state of the VMCS referenced by the operand. Signed-off-by: Jim Mattson [Changed "kvm_write_guest(vcpu->kvm" to "kvm_vcpu_write_guest(vcpu".] Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) commit 4bd035eae255a4f1464dca063885fa415e58c12e Author: Colin Ian King Date: Thu Feb 23 00:26:09 2017 +0000 EDAC, xgene: Fix wrongly spelled "procesing" Fix spelling mistake in dev_err message. Signed-off-by: Colin Ian King Reviewed-by: Loc Ho Cc: linux-edac Link: http://lkml.kernel.org/r/20170223002609.9440-1-colin.king@canonical.com Signed-off-by: Borislav Petkov drivers/edac/xgene_edac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ef5e2fa9f65befa12f1113c734602d2c1964d2a5 Author: Raz Manor Date: Thu Feb 9 09:41:08 2017 +0200 usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver In the function scan_dma_completions() there is a reusage of tmp variable. That coused a wrong value being used in some case when reading a short packet terminated transaction from an endpoint, in 2 concecutive reads. This was my logic for the patch: The req->td->dmadesc equals to 0 iff: -- There was a transaction ending with a short packet, and -- The read() to read it was shorter than the transaction length, and -- The read() to complete it is longer than the residue. I believe this is true from the printouts of various cases, but I can't be positive it is correct. Entering this if, there should be no more data in the endpoint (a short packet terminated the transaction). If there is, the transaction wasn't really done and we should exit and wait for it to finish entirely. That is the inner if. That inner if should never happen, but it is there to be on the safe side. That is why it is marked with the comment /* paranoia */. The size of the data available in the endpoint is ep->dma->dmacount and it is read to tmp. This entire clause is based on my own educated guesses. If we passed that inner if without breaking in the original code, than tmp & DMA_BYTE_MASK_COUNT== 0. That means we will always pass dma bytes count of 0 to dma_done(), meaning all the requested bytes were read. dma_done() reports back to the upper layer that the request (read()) was done and how many bytes were read. In the original code that would always be the request size, regardless of the actual size of the data. That did not make sense to me at all. However, the original value of tmp is req->td->dmacount, which is the dmacount value when the request's dma transaction was finished. And that is a much more reasonable value to report back to the caller. To recreate the problem: Read from a bulk out endpoint in a loop, 1024 * n bytes in each iteration. Connect the PLX to a host you can control. Send to that endpoint 1024 * n + x bytes, such that 0 < x < 1024 * n and (x % 1024) != 0 You would expect the first read() to return 1024 * n and the second read() to return x. But you will get the first read to return 1024 * n and the second one to return 1024 * n. That is true for every positive integer n. Cc: Felipe Balbi Cc: Greg Kroah-Hartman Cc: linux-usb@vger.kernel.org Signed-off-by: Raz Manor Signed-off-by: Felipe Balbi drivers/usb/gadget/udc/net2280.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) commit df7545719a14fa7b481896fb8689e23d0a00f682 Author: Petr Cvek Date: Fri Feb 24 02:54:56 2017 +0100 usb: gadget: pxa27x: Test for a valid argument pointer A call usb_put_phy(udc->transceiver) must be tested for a valid pointer. Use an already existing test for usb_unregister_notifier call. Acked-by: Robert Jarzmik Reported-by: Robert Jarzmik Signed-off-by: Petr Cvek Signed-off-by: Felipe Balbi drivers/usb/gadget/udc/pxa27x_udc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 0913750f9fb6f26bcd00c8f9dd9a8d1b8d031246 Author: Roger Quadros Date: Wed Feb 15 13:38:22 2017 +0200 usb: dwc3-omap: Fix missing break in dwc3_omap_set_mailbox() We need to break from all cases if we want to treat each one of them separately. Reported-by: Gustavo A. R. Silva Fixes: d2728fb3e01f ("usb: dwc3: omap: Pass VBUS and ID events transparently") Cc: #v4.8+ Signed-off-by: Roger Quadros Signed-off-by: Felipe Balbi drivers/usb/dwc3/dwc3-omap.c | 1 + 1 file changed, 1 insertion(+) commit 1551e35ea4189c1f7199fe278395fc94196715f2 Author: Roger Quadros Date: Wed Feb 15 14:16:26 2017 +0200 usb: dwc3: gadget: Fix system suspend/resume on TI platforms On TI platforms (dra7, am437x), the DWC3_DSTS_DEVCTRLHLT bit is not set after the device controller is stopped via DWC3_DCTL_RUN_STOP. If we don't disconnect and stop the gadget, it stops working after a system resume with the trace below. There is no point in preventing gadget disconnect and gadget stop during system suspend/resume as we're going to suspend in any case, whether DEVCTRLHLT timed out or not. [ 141.727480] ------------[ cut here ]------------ [ 141.732349] WARNING: CPU: 1 PID: 2135 at drivers/usb/dwc3/gadget.c:2384 dwc3_stop_active_transfer.constprop.4+0xc4/0xe4 [dwc3] [ 141.744299] Modules linked in: usb_f_ss_lb g_zero libcomposite xhci_plat_hcd xhci_hcd usbcore dwc3 evdev udc_core m25p80 usb_common spi_nor snd_soc_davinci_mcasp snd_soc_simple_card snd_soc_edma snd_soc_tlv3e [ 141.792163] CPU: 1 PID: 2135 Comm: irq/456-dwc3 Not tainted 4.10.0-rc8 #1138 [ 141.799547] Hardware name: Generic DRA74X (Flattened Device Tree) [ 141.805940] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 141.814066] [] (show_stack) from [] (dump_stack+0xac/0xe0) [ 141.821648] [] (dump_stack) from [] (__warn+0xd8/0x104) [ 141.828955] [] (__warn) from [] (warn_slowpath_null+0x20/0x28) [ 141.836902] [] (warn_slowpath_null) from [] (dwc3_stop_active_transfer.constprop.4+0xc4/0xe4 [dwc3]) [ 141.848329] [] (dwc3_stop_active_transfer.constprop.4 [dwc3]) from [] (__dwc3_gadget_ep_disable+0x64/0x528 [dwc3]) [ 141.861034] [] (__dwc3_gadget_ep_disable [dwc3]) from [] (dwc3_gadget_ep_disable+0x3c/0xc8 [dwc3]) [ 141.872280] [] (dwc3_gadget_ep_disable [dwc3]) from [] (usb_ep_disable+0x11c/0x18c [udc_core]) [ 141.883160] [] (usb_ep_disable [udc_core]) from [] (disable_ep+0x18/0x54 [usb_f_ss_lb]) [ 141.893408] [] (disable_ep [usb_f_ss_lb]) from [] (disable_endpoints+0x18/0x50 [usb_f_ss_lb]) [ 141.904168] [] (disable_endpoints [usb_f_ss_lb]) from [] (disable_source_sink+0x2c/0x34 [usb_f_ss_lb]) [ 141.915771] [] (disable_source_sink [usb_f_ss_lb]) from [] (reset_config+0x48/0x7c [libcomposite]) [ 141.927012] [] (reset_config [libcomposite]) from [] (composite_disconnect+0x2c/0x54 [libcomposite]) [ 141.938444] [] (composite_disconnect [libcomposite]) from [] (usb_gadget_udc_reset+0x10/0x34 [udc_core]) [ 141.950237] [] (usb_gadget_udc_reset [udc_core]) from [] (dwc3_gadget_reset_interrupt+0x64/0x698 [dwc3]) [ 141.962022] [] (dwc3_gadget_reset_interrupt [dwc3]) from [] (dwc3_thread_interrupt+0x618/0x1a3c [dwc3]) [ 141.973723] [] (dwc3_thread_interrupt [dwc3]) from [] (irq_thread_fn+0x1c/0x54) [ 141.983215] [] (irq_thread_fn) from [] (irq_thread+0x120/0x1f0) [ 141.991247] [] (irq_thread) from [] (kthread+0xf8/0x138) [ 141.998641] [] (kthread) from [] (ret_from_fork+0x14/0x24) [ 142.006213] ---[ end trace b4ecfe9f175b9a9c ]--- Signed-off-by: Roger Quadros Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit 3ba534df815f233535b5a3dd3de41055666bbd21 Author: Janusz Dziedzic Date: Thu Feb 16 14:54:12 2017 +0100 Revert "usb: gadget: f_fs: Fix ExtCompat descriptor validation" This reverts commit ac670a3a650b899fc020b81f63e810d06015b865. This introduce bug we already fixed in commit 53642399aa71 ("usb: gadget: f_fs: Fix wrong check on reserved1 wof OS_DESC_EXT_COMPAT") Next FFS (adb) SS enumeration fail with Windows OS. Signed-off-by: Janusz Dziedzic Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_fs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b6e7aeeaf235901c42ec35de4633c7c69501d303 Author: Christophe JAILLET Date: Tue Feb 21 22:33:11 2017 +0100 USB: gadgetfs: Fix a potential memory leak in 'dev_config()' 'kbuf' is allocated just a few lines above using 'memdup_user()'. If the 'if (dev->buf)' test fails, this memory is never released. Signed-off-by: Christophe JAILLET Signed-off-by: Felipe Balbi drivers/usb/gadget/legacy/inode.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 4242820277b5378c9e4064e79306f326d731472f Author: Arnd Bergmann Date: Wed Feb 22 11:33:27 2017 +0100 usb: gadget: udc: atmel: fix debug output The debug output now contains the wrong variable, as seen from the compiler warning: drivers/usb/gadget/udc/atmel_usba_udc.c: In function 'usba_ep_enable': drivers/usb/gadget/udc/atmel_usba_udc.c:632:550: error: 'ept_cfg' may be used uninitialized in this function [-Werror=maybe-uninitialized] DBG(DBG_ERR, "%s: EPT_CFG = 0x%lx (maxpacket = %lu)\n", This changes the debug output the same way as the other code. Fixes: 741d2558bf0a ("usb: gadget: udc: atmel: Update endpoint allocation scheme") Signed-off-by: Arnd Bergmann Acked-by: Alexandre Belloni Acked-by: Nicolas Ferre Signed-off-by: Felipe Balbi drivers/usb/gadget/udc/atmel_usba_udc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 73561128eb72ca04c3be6e240f162a861bf68a86 Author: Franck Demathieu Date: Mon Feb 27 11:52:46 2017 +0100 usb: dwc3: Fix incorrect type for utmi mode The utmi mode is unsigned according the dt-bindings. Fix sparse issue (-Wtypesign): drivers/usb/dwc3/dwc3-omap.c:391:50: warning: incorrect type in argument 3 (different signedness) drivers/usb/dwc3/dwc3-omap.c:391:50: expected unsigned int [usertype] *out_value drivers/usb/dwc3/dwc3-omap.c:391:50: got int * Signed-off-by: Franck Demathieu Signed-off-by: Felipe Balbi drivers/usb/dwc3/dwc3-omap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 38355b2a44776c25b0f2ad466e8c51bb805b3032 Author: John Keeping Date: Tue Feb 28 10:55:30 2017 +0000 usb: gadget: configs: plug memory leak When binding a gadget to a device, "name" is stored in gi->udc_name, but this does not happen when unregistering and the string is leaked. Signed-off-by: John Keeping Signed-off-by: Felipe Balbi drivers/usb/gadget/configfs.c | 1 + 1 file changed, 1 insertion(+) commit b3e228473e6cec7cf83b4025b4570c8066ab2dd8 Author: Mian Yousaf Kaukab Date: Thu Mar 2 16:11:47 2017 +0100 irqdomain: Add empty irq_domain_check_msi_remap Fix following build error for s390: drivers/vfio/vfio_iommu_type1.c: In function 'vfio_iommu_type1_attach_group': drivers/vfio/vfio_iommu_type1.c:1290:25: error: implicit declaration of function 'irq_domain_check_msi_remap' Acked-by: Marc Zyngier Reviewed-by: Eric Auger Signed-off-by: Mian Yousaf Kaukab Signed-off-by: Marc Zyngier include/linux/irqdomain.h | 4 ++++ 1 file changed, 4 insertions(+) commit 077dbaee9df53c597df532a08d721d03f4570f3d Author: Franck Demathieu Date: Thu Feb 23 10:48:55 2017 +0100 irqchip/crossbar: Fix incorrect type of local variables The max and entry variables are unsigned according to the dt-bindings. Fix following 3 sparse issues (-Wtypesign): drivers/irqchip/irq-crossbar.c:222:52: warning: incorrect type in argument 3 (different signedness) drivers/irqchip/irq-crossbar.c:222:52: expected unsigned int [usertype] *out_value drivers/irqchip/irq-crossbar.c:222:52: got int * drivers/irqchip/irq-crossbar.c:245:56: warning: incorrect type in argument 4 (different signedness) drivers/irqchip/irq-crossbar.c:245:56: expected unsigned int [usertype] *out_value drivers/irqchip/irq-crossbar.c:245:56: got int * drivers/irqchip/irq-crossbar.c:263:56: warning: incorrect type in argument 4 (different signedness) drivers/irqchip/irq-crossbar.c:263:56: expected unsigned int [usertype] *out_value drivers/irqchip/irq-crossbar.c:263:56: got int * Signed-off-by: Franck Demathieu Signed-off-by: Marc Zyngier drivers/irqchip/irq-crossbar.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5bbc852676ae08e818241cf66a3ffe4be44225c4 Author: Peter Chen Date: Tue Feb 28 14:25:45 2017 +0800 usb: gadget: dummy_hcd: clear usb_gadget region before registration When the user does device unbind and rebind test, the kernel will show below dump due to usb_gadget memory region is dirty after unbind. Clear usb_gadget region for every new probe. root@imx6qdlsolo:/sys/bus/platform/drivers/dummy_udc# echo dummy_udc.0 > bind [ 102.523312] kobject (eddd78b0): tried to init an initialized object, something is seriously wrong. [ 102.532447] CPU: 0 PID: 734 Comm: sh Not tainted 4.10.0-rc7-00872-g1b2b8e9 #1298 [ 102.539866] Hardware name: Freescale i.MX6 SoloX (Device Tree) [ 102.545717] Backtrace: [ 102.548225] [] (dump_backtrace) from [] (show_stack+0x18/0x1c) [ 102.555822] r7:ede34000 r6:60010013 r5:00000000 r4:c0f29418 [ 102.561512] [] (show_stack) from [] (dump_stack+0xb4/0xe8) [ 102.568764] [] (dump_stack) from [] (kobject_init+0x80/0x9c) [ 102.576187] r10:0000001f r9:eddd7000 r8:eeaf8c10 r7:eddd78a8 r6:c177891c r5:c0f3b060 [ 102.584036] r4:eddd78b0 r3:00000000 [ 102.587641] [] (kobject_init) from [] (device_initialize+0x28/0xf8) [ 102.595665] r5:eebc4800 r4:eddd78a8 [ 102.599268] [] (device_initialize) from [] (device_register+0x14/0x20) [ 102.607556] r7:eddd78a8 r6:00000000 r5:eebc4800 r4:eddd78a8 [ 102.613256] [] (device_register) from [] (usb_add_gadget_udc_release+0x8c/0x1ec) [ 102.622410] r5:eebc4800 r4:eddd7860 [ 102.626015] [] (usb_add_gadget_udc_release) from [] (usb_add_gadget_udc+0x14/0x18) [ 102.635351] r10:0000001f r9:eddd7000 r8:eddd788c r7:bf003770 r6:eddd77f8 r5:eddd7818 [ 102.643198] r4:eddd785c r3:eddd7b24 [ 102.646834] [] (usb_add_gadget_udc) from [] (dummy_udc_probe+0x170/0x1c4 [dummy_hcd]) [ 102.656458] [] (dummy_udc_probe [dummy_hcd]) from [] (platform_drv_probe+0x54/0xb8) [ 102.665881] r10:00000008 r9:c1778960 r8:bf004128 r7:fffffdfb r6:bf004128 r5:eeaf8c10 [ 102.673727] r4:eeaf8c10 [ 102.676293] [] (platform_drv_probe) from [] (driver_probe_device+0x264/0x474) [ 102.685186] r7:00000000 r6:00000000 r5:c1778960 r4:eeaf8c10 [ 102.690876] [] (driver_probe_device) from [] (bind_store+0xb8/0x14c) [ 102.698994] r10:eeb3bb4c r9:ede34000 r8:0000000c r7:eeaf8c44 r6:bf004128 r5:c0f3b668 [ 102.706840] r4:eeaf8c10 [ 102.709402] [] (bind_store) from [] (drv_attr_store+0x28/0x34) [ 102.716998] r9:ede34000 r8:00000000 r7:ee3863c0 r6:ee3863c0 r5:c0538c80 r4:c053970c [ 102.724776] [] (drv_attr_store) from [] (sysfs_kf_write+0x50/0x54) [ 102.732711] r5:c0538c80 r4:0000000c [ 102.736313] [] (sysfs_kf_write) from [] (kernfs_fop_write+0x100/0x214) [ 102.744599] r7:ee3863c0 r6:eeb3bb40 r5:00000000 r4:00000000 [ 102.750287] [] (kernfs_fop_write) from [] (__vfs_write+0x34/0x120) [ 102.758231] r10:00000000 r9:ede34000 r8:c0108bc4 r7:0000000c r6:ede35f80 r5:c029bd84 [ 102.766077] r4:ee223780 [ 102.768638] [] (__vfs_write) from [] (vfs_write+0xa8/0x170) [ 102.775974] r9:ede34000 r8:c0108bc4 r7:ede35f80 r6:01861cb0 r5:ee223780 r4:0000000c [ 102.783743] [] (vfs_write) from [] (SyS_write+0x4c/0xa8) [ 102.790818] r9:ede34000 r8:c0108bc4 r7:0000000c r6:01861cb0 r5:ee223780 r4:ee223780 [ 102.798595] [] (SyS_write) from [] (ret_fast_syscall+0x0/0x1c) [ 102.806188] r7:00000004 r6:b6e83d58 r5:01861cb0 r4:0000000c Fixes: 90fccb529d24 ("usb: gadget: Gadget directory cleanup - group UDC drivers") Cc: stable Acked-by: Alan Stern Signed-off-by: Peter Chen Tested-by: Xiaolong Ye Reported-by: Fengguang Wu Signed-off-by: Felipe Balbi drivers/usb/gadget/udc/dummy_hcd.c | 2 ++ 1 file changed, 2 insertions(+) commit eb38d913c27f32f4df173791051fecf6aca34173 Author: Roger Quadros Date: Thu Mar 2 10:44:58 2017 +0200 Revert "usb: gadget: uvc: Add missing call for additional setup data" This reverts commit 4fbac5206afd01b717d4bdc58793d471f3391b4b. This commit breaks g_webcam when used with uvc-gadget [1]. The user space application (e.g. uvc-gadget) is responsible for sending response to UVC class specific requests on control endpoint in uvc_send_response() in uvc_v4l2.c. The bad commit was causing a duplicate response to be sent with incorrect response data thus causing UVC probe to fail at the host and broken control transfer endpoint at the gadget. [1] - git://git.ideasonboard.org/uvc-gadget.git Cc: # v4.9+ Acked-by: Laurent Pinchart Signed-off-by: Roger Quadros Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_uvc.c | 7 ------- 1 file changed, 7 deletions(-) commit a687c5765b5ae19fe559e14615ddc87ebb46d409 Author: Roderick Colenbrander Date: Fri Feb 24 16:14:15 2017 -0800 HID: sony: Fix input device leak when connecting a DS4 twice using USB/BT When a user connects a DS4 twice using USB and BT, we reject the second device connection after the setup work. We then perform a cleanup, but during cleanup we are not removing the touchpad device. This leads to leakage of an input device, which we would never remove. It can likely result into a kernel oops as well when the touchpad evdev node is accessed and the underlaying HID device has been removed from the system. [jkosina@suse.cz: added stable annotation] Fixes: ac797b95f532 ("HID: sony: Make the DS4 touchpad a separate device") Cc: stable@vger.kernel.org Signed-off-by: Roderick Colenbrander Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-sony.c | 2 ++ 1 file changed, 2 insertions(+) commit f2f10b7e722a75c6d75a7f7cd06b0eee3ae20f7c Author: Daniel Drake Date: Fri Feb 17 07:40:52 2017 -0600 HID: chicony: Add support for another ASUS Zen AiO keyboard Add support for media keys on the keyboard that comes with the Asus V221ID and ZN241IC All In One computers. The keys to support here are WLAN, BRIGHTNESSDOWN and BRIGHTNESSUP. This device is not visibly branded as Chicony, and the USB Vendor ID suggests that it is a JESS device. However this seems like the right place to put it: the usage codes are identical to the currently supported devices, and this driver already supports the ASUS AIO keyboard AK1D. Signed-off-by: Daniel Drake Signed-off-by: Jiri Kosina drivers/hid/Kconfig | 4 ++-- drivers/hid/hid-chicony.c | 1 + drivers/hid/hid-core.c | 1 + drivers/hid/hid-ids.h | 1 + 4 files changed, 5 insertions(+), 2 deletions(-) commit b3bd0f2849f4480fc4f40bb954d27e58f4f0786b Author: Arnd Bergmann Date: Wed Mar 1 23:50:19 2017 +0100 staging/vc04_services: add CONFIG_OF dependency After several hours of debugging this obviously bogus but elaborate gcc-7.0.1 warning, drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c: In function 'vchiq_complete_bulk': drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c:603:4: error: argument 2 null where non-null expected [-Werror=nonnull] memcpy((char *)page_address(pages[0]) + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pagelist->offset, ~~~~~~~~~~~~~~~~~ fragments, ~~~~~~~~~~ head_bytes); ~~~~~~~~~~~ In file included from include/linux/string.h:18:0, from include/linux/bitmap.h:8, from include/linux/cpumask.h:11, from include/linux/interrupt.h:9, from drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c:37: arch/arm/include/asm/string.h:16:15: note: in a call to function 'memcpy' declared here extern void * memcpy(void *, const void *, __kernel_size_t) __nocapture(2); ^~~~~~ I have concluded that gcc was technically right in the first place: vchiq_complete_bulk is an externally visible function that calls free_pagelist(), which in turn derives a pointer from the global g_fragments_base variable. g_fragments_base is initialized in vchiq_platform_init(), but we only get there if of_property_read_u32() successfully reads the cache line size. When CONFIG_OF is disabled, this always fails, and g_fragments_base is guaranteed to be NULL when vchiq_complete_bulk() gets called. This adds a CONFIG_OF Kconfig dependency, which is also technically correct but nonobvious, and thus seems like a good fit for the warning. Signed-off-by: Arnd Bergmann Signed-off-by: Greg Kroah-Hartman drivers/staging/vc04_services/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 96e1ce8fcd66d850196758c038bd9d6f7857c518 Author: Kunihiko Hayashi Date: Mon Feb 20 21:00:42 2017 +0900 pinctrl: uniphier: change pin names of aio/xirq for LD11 This patch changes pin names of AIO and XIRQ according to updated specification. Signed-off-by: Kunihiko Hayashi Acked-by: Masahiro Yamada Signed-off-by: Linus Walleij drivers/pinctrl/uniphier/pinctrl-uniphier-ld11.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 8e51533780ba223a3562ff4382c6b6f350c7e9a4 Author: Timur Tabi Date: Fri Feb 10 17:21:00 2017 -0600 pinctrl: qcom: add get_direction function The get_direction callback function allows gpiolib to know the current direction (input vs output) for a given GPIO. This is particularly useful on ACPI systems, where the GPIOs are configured only by firmware (typically UEFI), so the only way to know the initial values to query the hardware directly. Without this function, gpiolib thinks that all GPIOs are configured for input. Signed-off-by: Timur Tabi Signed-off-by: Linus Walleij drivers/pinctrl/qcom/pinctrl-msm.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit f759921cfbf4847319d197a6ed7c9534d593f8bc Author: Phil Reid Date: Mon Feb 20 09:41:45 2017 +0800 gpio: altera: Use handle_level_irq when configured as a level_high When a threaded irq handler is chained attached to one of the gpio pins when configure for level irq the altera_gpio_irq_leveL_high_handler does not mask the interrupt while being handled by the chained irq. This resulting in the threaded irq not getting enough cycles to complete quickly enough before the irq was disabled as faulty. handle_level_irq should be used in this situation instead of handle_simple_irq. In gpiochip_irqchip_add set default handler to handle_bad_irq as per Documentation/gpio/driver.txt. Then set the correct handler in the set_type callback. Signed-off-by: Phil Reid Signed-off-by: Linus Walleij drivers/gpio/gpio-altera.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) commit b115bebc07f282067eccc06fd5aa3060ab1426da Author: Arnd Bergmann Date: Fri Feb 17 16:13:44 2017 +0100 gpio: xgene: mark PM functions as __maybe_unused When CONFIG_PM_SLEEP is disabled, we get a warning about unused functions: drivers/gpio/gpio-xgene.c:155:12: warning: 'xgene_gpio_resume' defined but not used [-Wunused-function] static int xgene_gpio_resume(struct device *dev) ^~~~~~~~~~~~~~~~~ drivers/gpio/gpio-xgene.c:142:12: warning: 'xgene_gpio_suspend' defined but not used [-Wunused-function] static int xgene_gpio_suspend(struct device *dev) The warnings are harmless and can be avoided by simplifying the code and marking the functions as __maybe_unused. Signed-off-by: Arnd Bergmann Signed-off-by: Linus Walleij drivers/gpio/gpio-xgene.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) commit fa6256db033067b57318decdc1c583512a1f8f68 Author: Dan Carpenter Date: Wed Feb 15 02:02:06 2017 +0300 gpio: mockup: return -EFAULT if copy_from_user() fails copy_from_user() returns the number of bytes remaining to be copied but we want to return negative error codes on failue. Fixes: 9202ba2397d1 ("gpio: mockup: implement event injecting over debugfs") Signed-off-by: Dan Carpenter Acked-by: Bartosz Golaszewski Signed-off-by: Linus Walleij drivers/gpio/gpio-mockup.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 9ce9f7999741f342eeffd036ab09213a2fa93040 Author: Thor Thayer Date: Mon Feb 13 13:49:58 2017 -0600 gpio: altera-a10sr: Set gpio_chip parent property Set the gpio_chip parent property since some recent functions such as devprop_gpiochip_set_names() can use it. Signed-off-by: Thor Thayer Signed-off-by: Linus Walleij drivers/gpio/gpio-altera-a10sr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 606142af57dad981b78707234cfbd15f9f7b7125 Author: Jonathan McDowell Date: Wed Feb 15 18:29:15 2017 -0200 [media] dw2102: don't do DMA on stack On Kernel 4.9, WARNINGs about doing DMA on stack are hit at the dw2102 driver: one in su3000_power_ctrl() and the other in tt_s2_4600_frontend_attach(). Both were due to the use of buffers on the stack as parameters to dvb_usb_generic_rw() and the resulting attempt to do DMA with them. The device was non-functional as a result. So, switch this driver over to use a buffer within the device state structure, as has been done with other DVB-USB drivers. Tested with TechnoTrend TT-connect S2-4600. [mchehab@osg.samsung.com: fixed a warning at su3000_i2c_transfer() that state var were dereferenced before check 'd'] Signed-off-by: Jonathan McDowell Cc: Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/dw2102.c | 244 ++++++++++++++++++++++--------------- 1 file changed, 145 insertions(+), 99 deletions(-) commit a7d2475af7aedcb9b5c6343989a8bfadbf84429b Author: Michael Ellerman Date: Mon Mar 6 22:53:59 2017 +1100 powerpc: Sort the selects under CONFIG_PPC We have a big list of selects under CONFIG_PPC, and currently they're completely unsorted. This means people tend to add new selects at the bottom of the list, and so two commits which both add a new select will often conflict. Instead sort it alphabetically. This is nicer in and of itself, but also means two commits that add a new select will have a greater chance of not conflicting. Add a note at the top and bottom asking people to keep it sorted. And while we're here pad out the 'if' expressions to make them stand out. Suggested-by: Stephen Rothwell Signed-off-by: Michael Ellerman arch/powerpc/Kconfig | 138 +++++++++++++++++++++++++++------------------------ 1 file changed, 72 insertions(+), 66 deletions(-) commit 9c7a00868c3a77c86ab07a2c51f3bb4897bd8550 Author: Michael Ellerman Date: Mon Mar 6 21:51:32 2017 +1100 powerpc/64: Fix L1D cache shape vector reporting L1I values It seems we didn't pay quite enough attention when testing the new cache shape vectors, which means we didn't notice the bug where the vector for the L1D was using the L1I values. Fix it, resulting in eg: L1I cache size: 0x8000 32768B 32K L1I line size: 0x80 8-way associative L1D cache size: 0x10000 65536B 64K L1D line size: 0x80 8-way associative Fixes: 98a5f361b862 ("powerpc: Add new cache geometry aux vectors") Cut-and-paste-bug-by: Benjamin Herrenschmidt Badly-reviewed-by: Michael Ellerman Signed-off-by: Michael Ellerman arch/powerpc/include/asm/elf.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f2853308b6409b97799b0beceacd9da43a82fe43 Author: Andy Shevchenko Date: Mon Mar 6 10:57:48 2017 +0200 x86/build/x86_64_defconfig: Enable CONFIG_R8169 Very common PCIe ethernet card. Already enabled in i386_defconfig. Signed-off-by: Andy Shevchenko Cc: Peter Zijlstra Cc: Konstantin Khlebnikov Link: http://lkml.kernel.org/r/20170306085748.85957-1-andriy.shevchenko@linux.intel.com Signed-off-by: Thomas Gleixner arch/x86/configs/x86_64_defconfig | 1 + 1 file changed, 1 insertion(+) commit 3b3e78552d3077ec70d2640e629e07e3ab416a6a Author: Matjaz Hegedic Date: Sun Mar 5 19:16:44 2017 +0100 x86/reboot/quirks: Add ASUS EeeBook X205TA/W reboot quirk Without the parameter reboot=a, ASUS EeeBook X205TA/W will hang when it should reboot. This adds the appropriate quirk, thus fixing the problem. Signed-off-by: Matjaz Hegedic Link: http://lkml.kernel.org/r/1488737804-20681-1-git-send-email-matjaz.hegedic@gmail.com Signed-off-by: Thomas Gleixner arch/x86/kernel/reboot.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 6ba422c75facb1b1e0e206c464ee121b8073f7e0 Author: Anton Blanchard Date: Sun Mar 5 10:54:34 2017 +1100 powerpc/64: Avoid panic during boot due to divide by zero in init_cache_info() I see a panic in early boot when building with a recent gcc toolchain. The issue is a divide by zero, which is undefined. Older toolchains let us get away with it: int foo(int a) { return a / 0; } foo: li 9,0 divw 3,3,9 extsw 3,3 blr But newer ones catch it: foo: trap Add a check to avoid the divide by zero. Fixes: e2827fe5c156 ("powerpc/64: Clean up ppc64_caches using a struct per cache") Signed-off-by: Anton Blanchard Acked-by: Benjamin Herrenschmidt Signed-off-by: Michael Ellerman arch/powerpc/kernel/setup_64.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 014d02cbf16b3106dc8e93281d2a9c189751ed5e Author: Suraj Jitindar Singh Date: Tue Feb 28 17:03:48 2017 +1100 powerpc: Update to new option-vector-5 format for CAS On POWER9 the ibm,client-architecture-support (CAS) negotiation process has been updated to change how the host to guest negotiation is done for the new hash/radix mmu as well as the nest mmu, process tables and guest translation shootdown (GTSE). This is documented in the unreleased PAPR ACR "CAS option vector additions for P9". The host tells the guest which options it supports in ibm,arch-vec-5-platform-support. The guest then chooses a subset of these to request in the CAS call and these are agreed to in the ibm,architecture-vec-5 property of the chosen node. Thus we read ibm,arch-vec-5-platform-support and make our selection before calling CAS. We then parse the ibm,architecture-vec-5 property of the chosen node to check whether we should run as hash or radix. ibm,arch-vec-5-platform-support format: index value pairs: ... index: Option vector 5 byte number val: Some representation of supported values Signed-off-by: Suraj Jitindar Singh Acked-by: Paul Mackerras [mpe: Don't print about unknown options, be consistent with OV5_FEAT] Signed-off-by: Michael Ellerman arch/powerpc/include/asm/prom.h | 18 ++++--- arch/powerpc/kernel/prom_init.c | 110 +++++++++++++++++++++++++++++++++++++++- arch/powerpc/mm/init_64.c | 36 ++++++++++--- 3 files changed, 150 insertions(+), 14 deletions(-) commit 12cc9fd6b2d8ee307a735b3b9faed0d17b719463 Author: Suraj Jitindar Singh Date: Tue Feb 28 17:03:47 2017 +1100 powerpc: Parse the command line before calling CAS On POWER9 the hypervisor requires the guest to decide whether it would like to use a hash or radix mmu model at the time it calls ibm,client-architecture-support (CAS) based on what the hypervisor has said it's allowed to do. It is possible to disable radix by passing "disable_radix" on the command line. The next patch will add support for the new CAS format, thus we need to parse the command line before calling CAS so we can correctly select which mmu we would like to use. Signed-off-by: Suraj Jitindar Singh Reviewed-by: Paul Mackerras Acked-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/kernel/prom_init.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit a69e2fb70350a66f91175cd2625f1e8215c5b6e9 Author: Balbir Singh Date: Fri Mar 3 11:58:44 2017 +1100 powerpc/xics: Work around limitations of OPAL XICS priority handling The CPPR (Current Processor Priority Register) of a XICS interrupt presentation controller contains a value N, such that only interrupts with a priority "more favoured" than N will be received by the CPU, where "more favoured" means "less than". So if the CPPR has the value 5 then only interrupts with a priority of 0-4 inclusive will be received. In theory the CPPR can support a value of 0 to 255 inclusive. In practice Linux only uses values of 0, 4, 5 and 0xff. Setting the CPPR to 0 rejects all interrupts, setting it to 0xff allows all interrupts. The values 4 and 5 are used to differentiate IPIs from external interrupts. Setting the CPPR to 5 allows IPIs to be received but not external interrupts. The CPPR emulation in the OPAL XICS implementation only directly supports priorities 0 and 0xff. All other priorities are considered equivalent, and mapped to a single priority value internally. This means when using icp-opal we can not allow IPIs but not externals. This breaks Linux's use of priority values when a CPU is hot unplugged. After migrating IRQs away from the CPU that is being offlined, we set the priority to 5, meaning we still want the offline CPU to receive IPIs. But the effect of the OPAL XICS emulation's use of a single priority value is that all interrupts are rejected by the CPU. With the CPU offline, and not receiving IPIs, we may not be able to wake it up to bring it back online. The first part of the fix is in icp_opal_set_cpu_priority(). CPPR values of 0 to 4 inclusive will correctly cause all interrupts to be rejected, so we pass those CPPR values through to OPAL. However if we are called with a CPPR of 5 or greater, the caller is expecting to be able to allow IPIs but not external interrupts. We know this doesn't work, so instead of rejecting all interrupts we choose the opposite which is to allow all interrupts. This is still not correct behaviour, but we know for the only existing caller (xics_migrate_irqs_away()), that it is the better option. The other part of the fix is in xics_migrate_irqs_away(). Instead of setting priority (CPPR) to 0, and then back to 5 before migrating IRQs, we migrate the IRQs before setting the priority back to 5. This should have no effect on an ICP backend with a working set_priority(), and on icp-opal it means we will keep all interrupts blocked until after we've finished doing the IRQ migration. Additionally we wait for 5ms after doing the migration to make sure there are no IRQs in flight. Fixes: d74361881f0d ("powerpc/xics: Add ICP OPAL backend") Cc: stable@vger.kernel.org # v4.8+ Suggested-by: Michael Ellerman Reported-by: Vaidyanathan Srinivasan Tested-by: Vaidyanathan Srinivasan Signed-off-by: Balbir Singh [mpe: Rewrote comments and change log, change delay to 5ms] Signed-off-by: Michael Ellerman arch/powerpc/sysdev/xics/icp-opal.c | 10 ++++++++++ arch/powerpc/sysdev/xics/xics-common.c | 17 ++++++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) commit 2fe42dd0f13812d38daaf05bcb1fd996afd0e87a Author: Jeeja KP Date: Wed Mar 1 22:41:24 2017 +0530 ASoC: hdac_hdmi: don't update the iterator in pcm list remove Fix not to update the iterator element, instead use list_del to remove entry from the list. This fixes the following coccinelle and static checker warning: sound/soc/codecs/hdac_hdmi.c:1884:2-21:iterator with update on line 1885 sound/soc/codecs/hdac_hdmi.c:2011 hdac_hdmi_dev_remove() error: potential NULL dereference 'port'. Fixes: e0e5d3e5a53b('ASoC: hdac_hdmi: Add support for multiple ports to a PCM') Reported-by: Julia Lawall Reported-by: Dan Carpenter Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/codecs/hdac_hdmi.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 04c8f2bf9117de7b8e8bc0b90e8c4bff15f4f613 Author: Jeeja KP Date: Wed Mar 1 22:41:23 2017 +0530 ASoC: hdac_hdmi: avoid reference to invalid variable of the pin list Using pin list array iterator outside the iteration of the list can point to dummy element, which can be invalid. So don't use pin variable outside the pin list iteration. This fixes the following coccinelle warning: sound/soc/codecs/hdac_hdmi.c:1419:5-8: ERROR: invalid reference to the index variable of the iterator Fixes: 2acd8309a3a4('ASoC: hdac_hdmi: Add support to handle MST capable pin') Reported-by: Julia Lawall Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/codecs/hdac_hdmi.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 4dfc050571523ac2bc02cbf948dd47621f7dd83f Author: Marc Zyngier Date: Tue Feb 21 11:32:47 2017 +0000 KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass Our GICv3 emulation always presents ICC_SRE_EL1 with DIB/DFB set to zero, which implies that there is a way to bypass the GIC and inject raw IRQ/FIQ by driving the CPU pins. Of course, we don't allow that when the GIC is configured, but we fail to indicate that to the guest. The obvious fix is to set these bits (and never let them being changed again). Reported-by: Peter Maydell Acked-by: Christoffer Dall Reviewed-by: Eric Auger Signed-off-by: Marc Zyngier include/linux/irqchip/arm-gic-v3.h | 2 ++ virt/kvm/arm/vgic/vgic-v3.c | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) commit 68925176296a8b995e503349200e256674bfe5ac Author: Marc Zyngier Date: Fri Feb 17 14:32:18 2017 +0000 arm64: KVM: VHE: Clear HCR_TGE when invalidating guest TLBs When invalidating guest TLBs, special care must be taken to actually shoot the guest TLBs and not the host ones if we're running on a VHE system. This is controlled by the HCR_EL2.TGE bit, which we forget to clear before invalidating TLBs. Address the issue by introducing two wrappers (__tlb_switch_to_guest and __tlb_switch_to_host) that take care of both the VTTBR_EL2 and HCR_EL2.TGE switching. Reported-by: Tomasz Nowicki Tested-by: Tomasz Nowicki Reviewed-by: Christoffer Dall Cc: stable@vger.kernel.org Signed-off-by: Marc Zyngier arch/arm64/kvm/hyp/tlb.c | 64 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 55 insertions(+), 9 deletions(-) commit 4b30eebfc35c67771b5f58d9274d3e321b72d7a8 Author: Kuninori Morimoto Date: Fri Mar 3 04:25:09 2017 +0000 ASoC: rcar: avoid SSI_MODEx settings for SSI8 SSI8 is is sharing pin with SSI7, and nothing to do for SSI_MODEx. It is special pin and it needs special settings whole system, but we can't confirm it, because we never have SSI8 available board. This patch fixup SSI_MODEx settings error for SSI8 on connection test, but should be confirmed behavior on real board in the future. Signed-off-by: Kuninori Morimoto Tested-by: Hiroyuki Yokoyama Signed-off-by: Mark Brown sound/soc/sh/rcar/ssiu.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit c2e04fdab33181b53b5a2f9662b7b607b720f79f Author: Changbin Du Date: Mon Mar 6 17:08:30 2017 +0800 drm/i915/gvt: protect RO and Rsvd bits of virtual vgpu configuration space Per PCI specification, Configuration Register has different types (RO, RW, RW1C, Rsvd). For RO Register bits are read-only and cannot be altered by software. For RW1C Register bits indicate status when read. A Set bit indicates a status event which is Cleared by writing a 1b. Writing a 0b to RW1C bits has no effect. Reserved Register is for future implementations, and they are read-only and must return zero when read. Current vGPU configuration write emulation just copy the value as it is. So we haven't emulated RO, RW1C and Rsvd Registers correctly. This patch is following the Spec to correct emulation logic. We add a function vgpu_cfg_mem_write to wrap the access to vGPU configuration memory. The write function uses a RW Register bitmap to avoid RO bits be overwritten, and emulate RW1C behavior for the particular status Register. v2: new = src[i] --> new = src[i] & mask (zhenyu) Signed-off-by: Changbin Du Cc: Xiaoguang Chen Cc: Zhiyuan Lv Cc: Min He Reviewed-by: Zhenyu Wang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cfg_space.c | 54 ++++++++++++++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 3 deletions(-) commit 8f1117abb408808af9cc4c948925c726bec4755a Author: Chuanxiao Dong Date: Mon Mar 6 13:05:24 2017 +0800 drm/i915/gvt: handle workload lifecycle properly Currently i915 has a request replay mechanism which can make sure the request can be replayed after a GPU reset. With this mechanism, gvt should wait until the GVT request seqno passed before complete the current workload. So that there should be a context switch interrupt come before gvt free the workload. In this way, workload lifecylce matches with the i915 request lifecycle. The workload can only be freed after the request is completed. v2: use gvt_dbg_sched instead of gvt_err to print when wait again Signed-off-by: Chuanxiao Dong Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/scheduler.c | 49 ++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 16 deletions(-) commit 2e46565cf622dd0534a9d8bffe152a577b48d7aa Author: Johan Hovold Date: Fri Feb 24 19:11:28 2017 +0100 USB: serial: digi_acceleport: fix OOB-event processing A recent change claimed to fix an off-by-one error in the OOB-port completion handler, but instead introduced such an error. This could specifically led to modem-status changes going unnoticed, effectively breaking TIOCMGET. Note that the offending commit fixes a loop-condition underflow and is marked for stable, but should not be backported without this fix. Reported-by: Ben Hutchings Fixes: 2d380889215f ("USB: serial: digi_acceleport: fix OOB data sanity check") Cc: stable # v2.6.30: 2d380889215f Signed-off-by: Johan Hovold drivers/usb/serial/digi_acceleport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cf3113d893d4427b166ec8695460efa7aa660923 Author: Felipe Balbi Date: Fri Feb 17 11:12:44 2017 +0200 usb: dwc3: gadget: properly increment dequeue pointer on ep_dequeue If request was already started, this means we had to stop the transfer. With that we also need to ignore all TRBs used by the request, however TRBs can only be modified after completion of END_TRANSFER command. So what we have to do here is wait for END_TRANSFER completion and only after that jump over TRBs by clearing HWO and incrementing dequeue pointer. Note that we have 2 possible types of transfers here: i) Linear buffer request ii) SG-list based request SG-list based requests will have r->num_pending_sgs set to a valid number (> 0). Linear requests, normally use a single TRB. For each of these two cases, if r->unaligned flag is set, one extra TRB has been used to align transfer size to wMaxPacketSize. All of these cases need to be taken into consideration so we don't mess up our TRB ring pointers. Tested-by: Janusz Dziedzic Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) commit 2bfa0719ac2a9b2f3c91345873d3cdebd0296ba9 Author: Felipe Balbi Date: Tue Jan 31 14:54:45 2017 +0200 usb: gadget: function: f_fs: pass companion descriptor along If we're dealing with SuperSpeed endpoints, we need to make sure to pass along the companion descriptor and initialize fields needed by the Gadget API. Eventually, f_fs.c should be converted to use config_ep_by_speed() like all other functions, though. Cc: Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_fs.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) commit 7369090a9fb57c3fc705ce355d2e4523a5a24716 Author: Felipe Balbi Date: Tue Jan 31 13:24:54 2017 +0200 usb: dwc3: gadget: make Set Endpoint Configuration macros safe Some gadget drivers are bad, bad boys. We notice that ADB was passing bad Burst Size which caused top bits of param0 to be overwritten which confused DWC3 when running this command. In order to avoid future issues, we're going to make sure values passed by macros are always safe for the controller. Note that ADB still needs a fix to *not* pass bad values. Cc: # v3.2+ Reported-by: Mohamed Abbas Sugested-by: Adam Andruszak Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 36fc579761b50784b63dafd0f2e796b659e0f5ee Author: Tomeu Vizoso Date: Mon Feb 20 16:25:45 2017 +0100 drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058 Rotel RSX-1058 is a receiver with 4 HDMI inputs and a HDMI output, all 1.1. When a sink that supports deep color is connected to the output, the receiver will send EDIDs that advertise this capability, even if it isn't possible with HDMI versions earlier than 1.3. Currently the kernel is assuming that deep color is possible and the sink displays an error. This quirk will make sure that deep color isn't used with this particular receiver. Fixes: 7a0baa623446 ("Revert "drm/i915: Disable 12bpc hdmi for now"") Signed-off-by: Tomeu Vizoso Link: http://patchwork.freedesktop.org/patch/msgid/20170220152545.13153-1-tomeu.vizoso@collabora.com Cc: stable@vger.kernel.org Cc: Matt Horan Tested-by: Matt Horan Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99869 Reviewed-by: Ville Syrjälä Signed-off-by: Ville Syrjälä drivers/gpu/drm/drm_edid.c | 3 +++ 1 file changed, 3 insertions(+) commit 39319f504b5d91e853f5ec7753a56e43915fcaf4 Author: Maxime Ripard Date: Wed Nov 30 12:05:03 2016 +0100 ARM: sun8i: Fix the mali clock rate The Mali clock rate was improperly assumed to be 408MHz, while it was really 384Mhz, 408MHz being the "extreme" frequency, and definitely not stable. Switch for the stable, correct frequency for the GPU. Signed-off-by: Maxime Ripard arch/arm/boot/dts/sun8i-a23-a33.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9ad0bb39fce319d7b92c17d306ed0a9f70a02e7d Author: Chen-Yu Tsai Date: Tue Feb 14 10:23:32 2017 +0800 clk: sunxi-ng: sun6i: Fix enable bit offset for hdmi-ddc module clock The enable bit offset for the hdmi-ddc module clock is wrong. It is pointing to the main hdmi module clock enable bit. Reported-by: Bob Ham Fixes: c6e6c96d8fa6 ("clk: sunxi-ng: Add A31/A31s clocks") Cc: stable@vger.kernel.org # 4.9.x- Signed-off-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/ccu-sun6i-a31.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 69c9ae5041309553472ee798d7683be31bcdc434 Author: Arnd Bergmann Date: Tue Feb 14 22:29:45 2017 +0100 clk: sunxi: ccu-sun5i needs nkmp A randconfig build ran into this rare link error: drivers/clk/sunxi-ng/ccu-sun5i.o:(.data.__compound_literal.1+0x4): undefined reference to `ccu_nkmp_ops' drivers/clk/sunxi-ng/ccu-sun5i.o:(.data.__compound_literal.7+0x4): undefined reference to `ccu_nkmp_ops' This adds the missing 'select'. Fixes: 5e73761786d6 ("clk: sunxi-ng: Add sun5i CCU driver") Signed-off-by: Arnd Bergmann Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/Kconfig | 1 + 1 file changed, 1 insertion(+) commit ac8616e4c81dded650dfade49a7da283565d37ce Author: Chen-Yu Tsai Date: Tue Feb 14 11:35:22 2017 +0800 clk: sunxi-ng: mp: Adjust parent rate for pre-dividers The MP style clocks support an mux with pre-dividers. While the driver correctly accounted for them in the .determine_rate callback, it did not in the .recalc_rate and .set_rate callbacks. This means when calculating the factors in the .set_rate callback, they would be off by a factor of the active pre-divider. Same goes for reading back the clock rate after it is set. Cc: stable@vger.kernel.org Fixes: 2ab836db5097 ("clk: sunxi-ng: Add M-P factor clock support") Signed-off-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard drivers/clk/sunxi-ng/ccu_mp.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 7f35144cea219104fe42e7c6cd0ee5103016da2e Author: Vlad Zakharov Date: Fri Mar 3 14:30:02 2017 +0300 ARC: get rate from clk driver instead of reading device tree We were reading clock rate directly from device tree "clock-frequency" property of corresponding clock node in show_cpuinfo function. Such approach is correct only in case cpu is always clocked by "fixed-clock". If we use clock driver that allows rate to be changed this won't work as rate may change during the time or even "clock-frequency" property may not be presented at all. So this commit replaces reading device tree with getting rate from clock driver. This approach is much more flexible and will work for both fixed and mutable clocks. Signed-off-by: Vlad Zakharov Signed-off-by: Vineet Gupta arch/arc/kernel/setup.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit 4ed10958ae461168be310b4bbee13f745e4c1547 Author: Vlad Zakharov Date: Fri Mar 3 14:30:01 2017 +0300 ARC: [dts] add cpu nodes to ARCHS SMP device tree Trying to get clock for CPU cores on SMP systems I found that I was only able to get clock for core[0]. That was because only one cpu@0 node was represented in ARC HS device tree and it was impossible to get clock for "non-existing" cores. So as ARC HS may have up to 4 cores we update device tree to match maximum possible cores quantity. Signed-off-by: Vlad Zakharov Signed-off-by: Vineet Gupta arch/arc/boot/dts/skeleton_hs_idu.dtsi | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit 854c11e250730eaffec2ad56e9224c6be8a7979d Author: Vlad Zakharov Date: Fri Mar 3 14:30:00 2017 +0300 ARC: [dts] add input clocks for cpu nodes ARC CPU cores are driven by core_clk so we add corresponding "clocks" property to ARC cpu nodes. Signed-off-by: Vlad Zakharov Signed-off-by: Vineet Gupta arch/arc/boot/dts/skeleton.dtsi | 1 + arch/arc/boot/dts/skeleton_hs.dtsi | 1 + arch/arc/boot/dts/skeleton_hs_idu.dtsi | 1 + 3 files changed, 3 insertions(+) commit 2201ac6129fa162ac24da089a034bb0971648ebb Author: Matthias Reichl Date: Mon Feb 20 20:01:16 2017 +0100 dmaengine: bcm2835: Fix cyclic DMA period splitting The code responsible for splitting periods into chunks that can be handled by the DMA controller missed to update total_len, the number of bytes processed in the current period, when there are more chunks to follow. Therefore total_len was stuck at 0 and the code didn't work at all. This resulted in a wrong control block layout and audio issues because the cyclic DMA callback wasn't executing on period boundaries. Fix this by adding the missing total_len update. Signed-off-by: Matthias Reichl Signed-off-by: Martin Sperl Tested-by: Clive Messer Reviewed-by: Eric Anholt Signed-off-by: Vinod Koul drivers/dma/bcm2835-dma.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 0878fff1f42c18e448ab5b8b4f6a3eb32365b5b6 Author: Florian Fainelli Date: Sun Mar 5 12:34:49 2017 -0800 net: phy: Do not perform software reset for Generic PHY The Generic PHY driver is a catch-all PHY driver and it should preserve whatever prior initialization has been done by boot loader or firmware agents. For specific PHY device configuration it is expected that a specialized PHY driver would take over that role. Resetting the generic PHY was a bad idea that has lead to several complaints and downstream workarounds e.g: in OpenWrt/LEDE so restore the behavior prior to 87aa9f9c61ad ("net: phy: consolidate PHY reset in phy_init_hw()"). Reported-by: Felix Fietkau Fixes: 87aa9f9c61ad ("net: phy: consolidate PHY reset in phy_init_hw()") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy_device.c | 2 +- include/linux/phy.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) commit f38837b08d23e66de17d46d030e0d9ac5172ad1f Author: Alexei Starovoitov Date: Sun Mar 5 09:41:08 2017 -0800 bpf: add get_next_key callback to LPM map map_get_next_key callback is mandatory. Supply dummy handler. Fixes: b95a5c4db09b ("bpf: add a longest prefix match trie map implementation") Reported-by: Dmitry Vyukov Signed-off-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/lpm_trie.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 0c2bf9f95983fe30aa2f6463cb761cd42c2d521a Author: Jon Mason Date: Thu Mar 2 19:21:32 2017 -0500 ARM: dts: BCM5301X: Correct GIC_PPI interrupt flags GIC_PPI flags were misconfigured for the timers, resulting in errors like: [ 0.000000] GIC: PPI11 is secure or misconfigured Changing them to being edge triggered corrects the issue Suggested-by: Rafał Miłecki Signed-off-by: Jon Mason Fixes: d27509f1 ("ARM: BCM5301X: add dts files for BCM4708 SoC") Signed-off-by: Florian Fainelli arch/arm/boot/dts/bcm5301x.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 88d1fa70c21d7b431386cfe70cdc514d98b0c9c4 Author: Jon Mason Date: Wed Feb 8 15:37:12 2017 -0500 ARM: dts: BCM5301X: Fix memory start address Memory starts at 0x80000000, not 0. 0 "works" due to mirrior of the first 128M of RAM to that address. Anything greater than 128M will quickly find nothing there. Correcting the starting address has everything working again. Signed-off-by: Jon Mason Fixes: 7eb05f6d ("ARM: dts: bcm5301x: Add BCM SVK DT files") Signed-off-by: Florian Fainelli arch/arm/boot/dts/bcm953012k.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e51b999e11b84a766d78347afe9287e2c5b91c97 Author: Jon Mason Date: Wed Feb 8 15:37:11 2017 -0500 ARM: dts: BCM5301X: Fix UARTs on bcm953012k The UARTs are outputting garbage on the console. This is due to a speed issue. We can simply use the clock speed (which is now defined in the DTSI file) and everything works fine. Signed-off-by: Jon Mason Fixes: cdc36b22 ("ARM: dts: enable clock support for BCM5301X") Signed-off-by: Florian Fainelli arch/arm/boot/dts/bcm953012k.dts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit a240c4aa5d0f9c8bb0db380ab9c1ec1f68b923ad Author: Rafael J. Wysocki Date: Thu Mar 2 23:29:12 2017 +0100 cpufreq: intel_pstate: Do not reinit performance limits in ->setpolicy If the current P-state selection algorithm is set to "performance" in intel_pstate_set_policy(), the limits may be initialized from scratch, but only if no_turbo is not set and the maximum frequency allowed for the given CPU (i.e. the policy object representing it) is at least equal to the max frequency supported by the CPU. In all of the other cases, the limits will not be updated. For example, the following can happen: # cat intel_pstate/status active # echo performance > cpufreq/policy0/scaling_governor # cat intel_pstate/min_perf_pct 100 # echo 94 > intel_pstate/min_perf_pct # cat intel_pstate/min_perf_pct 100 # cat cpufreq/policy0/scaling_max_freq 3100000 echo 3000000 > cpufreq/policy0/scaling_max_freq # cat intel_pstate/min_perf_pct 94 # echo 95 > intel_pstate/min_perf_pct # cat intel_pstate/min_perf_pct 95 That is confusing for two reasons. First, the initial attempt to change min_perf_pct to 94 seems to have no effect, even though setting the global limits should always work. Second, after changing scaling_max_freq for policy0 the global min_perf_pct attribute shows 94, even though it should have not been affected by that operation in principle. Moreover, the final attempt to change min_perf_pct to 95 worked as expected, because scaling_max_freq for the only policy with scaling_governor equal to "performance" was different from the maximum at that time. To make all that confusion go away, modify intel_pstate_set_policy() so that it doesn't reinitialize the limits at all. At the same time, change intel_pstate_set_performance_limits() to set min_sysfs_pct to 100 in the "performance" limits set so that switching the P-state selection algorithm to "performance" causes intel_pstate/min_perf_pct in sysfs to go to 100 (or whatever value min_sysfs_pct in the "performance" limits is set to later). That requires per-CPU limits to be initialized explicitly rather than by copying the global limits to avoid setting min_sysfs_pct in the per-CPU limits to 100. Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) commit d74b19929130c9b5395a497030dcf161353cd526 Author: Rafael J. Wysocki Date: Wed Mar 1 00:11:05 2017 +0100 cpufreq: intel_pstate: Fix intel_pstate_verify_policy() The code added to intel_pstate_verify_policy() by commit 1443ebbacfd7 (cpufreq: intel_pstate: Fix sysfs limits enforcement for performance policy) should use perf_limits instead of limits, because otherwise setting global limits via sysfs may affect policies inconsistently. For example, in the sequence of shell commands below, the scaling_min_freq attribute for policy1 and policy2 should be affected in the same way, because scaling_governor is set in the same way for both of them: # cat cpufreq/policy1/scaling_governor powersave # cat cpufreq/policy2/scaling_governor powersave # echo performance > cpufreq/policy0/scaling_governor # echo 94 > intel_pstate/min_perf_pct # cat cpufreq/policy0/scaling_min_freq 2914000 # cat cpufreq/policy1/scaling_min_freq 2914000 # cat cpufreq/policy2/scaling_min_freq 800000 The are affected differently, because intel_pstate_verify_policy() is invoked with limits set to &performance_limits (left behind by policy0) for policy1 and with limits set to &powersave_limits (left behind by policy1) for policy2. Since perf_limits is set to the set of limits matching the policy being updated, using it instead of limits fixes the inconsistency. Fixes: 1443ebbacfd7 (cpufreq: intel_pstate: Fix sysfs limits enforcement for performance policy) Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit cd59b4bed9d11a2aefc4bb44eed9de0e6c1eea06 Author: Rafael J. Wysocki Date: Wed Mar 1 00:07:36 2017 +0100 cpufreq: intel_pstate: Fix global settings in active mode Commit 111b8b3fe4fa (cpufreq: intel_pstate: Always keep all limits settings in sync) changed intel_pstate to invoke cpufreq_update_policy() for every registered CPU on global sysfs attributes updates, but that led to undesirable effects in the active mode if the "performance" P-state selection algorithm is configufred for one CPU and the "powersave" one is chosen for all of the other CPUs. Namely, in that case, the following is possible: # cd /sys/devices/system/cpu/ # cat intel_pstate/max_perf_pct 100 # cat intel_pstate/min_perf_pct 26 # echo performance > cpufreq/policy0/scaling_governor # cat intel_pstate/max_perf_pct 100 # cat intel_pstate/min_perf_pct 100 # echo 94 > intel_pstate/min_perf_pct # cat intel_pstate/min_perf_pct 26 The reason why this happens is because intel_pstate attempts to maintain two sets of global limits in the active mode, one for the "performance" P-state selection algorithm and one for the "powersave" P-state selection algorithm, but the P-state selection algorithms are set per policy, so the global limits cannot reflect all of them at the same time if they are different for different policies. In the particular situation above, the attempt to change min_perf_pct to 94 caused cpufreq_update_policy() to be run for a CPU with the "powersave" P-state selection algorithm and intel_pstate_set_policy() called by it silently switched the global limits to the "powersave" set which finally was reflected by the sysfs interface. To prevent that from happening, modify intel_pstate_update_policies() to always switch back to the set of limits that was used right before it has been invoked. Fixes: 111b8b3fe4fa (cpufreq: intel_pstate: Always keep all limits settings in sync) Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) commit d82f26925599cae83c38d17d07ae982356e81318 Author: Len Brown Date: Tue Feb 28 16:44:16 2017 -0500 cpufreq: Add the "cpufreq.off=1" cmdline option Add the "cpufreq.off=1" cmdline option. At boot-time, this allows a user to request CONFIG_CPU_FREQ=n behavior from a kernel built with CONFIG_CPU_FREQ=y. This is analogous to the existing "cpuidle.off=1" option and CONFIG_CPU_IDLE=y This capability is valuable when we need to debug end-user issues in the BIOS or in Linux. It is also convenient for enabling comparisons, which may otherwise require a new kernel, or help from BIOS SETUP, which may be buggy or unavailable. Signed-off-by: Len Brown Signed-off-by: Rafael J. Wysocki Documentation/admin-guide/kernel-parameters.txt | 3 +++ drivers/cpufreq/cpufreq.c | 1 + 2 files changed, 4 insertions(+) commit 655cb1ebff4b7918fc560502c3297af2d3c7d114 Author: Viresh Kumar Date: Thu Mar 2 14:03:21 2017 +0530 cpufreq: schedutil: Pass sg_policy to get_next_freq() get_next_freq() uses sg_cpu only to get sg_policy, which the callers of get_next_freq() already have. Pass sg_policy instead of sg_cpu to get_next_freq(), to make it more efficient. Signed-off-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki kernel/sched/cpufreq_schedutil.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 6c4f0fa643cb9e775dcc976e3db00d649468ff1d Author: Viresh Kumar Date: Thu Mar 2 14:03:20 2017 +0530 cpufreq: schedutil: move cached_raw_freq to struct sugov_policy cached_raw_freq applies to the entire cpufreq policy and not individual CPUs. Apart from wasting per-cpu memory, it is actually wrong to keep it in struct sugov_cpu as we may end up comparing next_freq with a stale cached_raw_freq of a random CPU. Move cached_raw_freq to struct sugov_policy. Fixes: 5cbea46984d6 (cpufreq: schedutil: map raw required frequency to driver frequency) Signed-off-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki kernel/sched/cpufreq_schedutil.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9e10889a3177340dcda7d29c6d8fbd97247b007b Author: Romain Izard Date: Fri Feb 17 16:12:50 2017 +0100 Revert "ARM: at91/dt: sama5d2: Use new compatible for ohci node" This reverts commit cab43282682e ("ARM: at91/dt: sama5d2: Use new compatible for ohci node") It depends from commit 7150bc9b4d43 ("usb: ohci-at91: Forcibly suspend ports while USB suspend") which was reverted and implemented differently. With the new implementation, the compatible string must remain the same. The compatible string introduced by this commit has been used in the default SAMA5D2 dtsi starting from Linux 4.8. As it has never been working correctly in an official release, removing it should not be breaking the stability rules. Fixes: cab43282682e ("ARM: at91/dt: sama5d2: Use new compatible for ohci node") Signed-off-by: Romain Izard cc: Signed-off-by: Alexandre Belloni arch/arm/boot/dts/sama5d2.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c1ae3cfa0e89fa1a7ecc4c99031f5e9ae99d9201 Author: Linus Torvalds Date: Sun Mar 5 12:59:56 2017 -0800 Linux 4.11-rc1 Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3ff861f59f6c1f5bf2bc03d2cd36ac3f992cbc06 Author: Dmitry Torokhov Date: Wed Mar 1 15:37:57 2017 -0800 iio: magnetometer: ak8974: remove incorrect __exit markups Even if bus is not hot-pluggable, devices can be unbound from the driver via sysfs, so we should not be using __exit annotations on remove() methods. The only exception is drivers registered with platform_driver_probe() which specifically disables sysfs bind/unbind attributes. Signed-off-by: Dmitry Torokhov Reviewed-by: Linus Walleij Cc: Signed-off-by: Jonathan Cameron drivers/iio/magnetometer/ak8974.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3bec247474469f769af41e8c80d3a100dd97dd76 Author: Song Hongyan Date: Wed Feb 22 17:17:38 2017 +0800 iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3 In function _hid_sensor_power_state(), when hid_sensor_read_poll_value() is called, sensor's all properties will be updated by the value from sensor hardware/firmware. In some implementation, sensor hardware/firmware will do a power cycle during S3. In this case, after resume, once hid_sensor_read_poll_value() is called, sensor's all properties which are kept by driver during S3 will be changed to default value. But instead, if a set feature function is called first, sensor hardware/firmware will be recovered to the last status. So change the sensor_hub_set_feature() calling order to behind of set feature function to avoid sensor properties lose. Signed-off-by: Song Hongyan Acked-by: Srinivas Pandruvada Cc: Signed-off-by: Jonathan Cameron drivers/iio/common/hid-sensors/hid-sensor-trigger.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 8d70eeb84ab277377c017af6a21d0a337025dede Merge: 2d62e07 f78ef7c Author: Linus Torvalds Date: Sat Mar 4 17:31:39 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix double-free in batman-adv, from Sven Eckelmann. 2) Fix packet stats for fast-RX path, from Joannes Berg. 3) Netfilter's ip_route_me_harder() doesn't handle request sockets properly, fix from Florian Westphal. 4) Fix sendmsg deadlock in rxrpc, from David Howells. 5) Add missing RCU locking to transport hashtable scan, from Xin Long. 6) Fix potential packet loss in mlxsw driver, from Ido Schimmel. 7) Fix race in NAPI handling between poll handlers and busy polling, from Eric Dumazet. 8) TX path in vxlan and geneve need proper RCU locking, from Jakub Kicinski. 9) SYN processing in DCCP and TCP need to disable BH, from Eric Dumazet. 10) Properly handle net_enable_timestamp() being invoked from IRQ context, also from Eric Dumazet. 11) Fix crash on device-tree systems in xgene driver, from Alban Bedel. 12) Do not call sk_free() on a locked socket, from Arnaldo Carvalho de Melo. 13) Fix use-after-free in netvsc driver, from Dexuan Cui. 14) Fix max MTU setting in bonding driver, from WANG Cong. 15) xen-netback hash table can be allocated from softirq context, so use GFP_ATOMIC. From Anoob Soman. 16) Fix MAC address change bug in bgmac driver, from Hari Vyas. 17) strparser needs to destroy strp_wq on module exit, from WANG Cong. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (69 commits) strparser: destroy workqueue on module exit sfc: fix IPID endianness in TSOv2 sfc: avoid max() in array size rds: remove unnecessary returned value check rxrpc: Fix potential NULL-pointer exception nfp: correct DMA direction in XDP DMA sync nfp: don't tell FW about the reserved buffer space net: ethernet: bgmac: mac address change bug net: ethernet: bgmac: init sequence bug xen-netback: don't vfree() queues under spinlock xen-netback: keep a local pointer for vif in backend_disconnect() netfilter: nf_tables: don't call nfnetlink_set_err() if nfnetlink_send() fails netfilter: nft_set_rbtree: incorrect assumption on lower interval lookups netfilter: nf_conntrack_sip: fix wrong memory initialisation can: flexcan: fix typo in comment can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer can: gs_usb: fix coding style can: gs_usb: Don't use stack memory for USB transfers ixgbe: Limit use of 2K buffers on architectures with 256B or larger cache lines ixgbe: update the rss key on h/w, when ethtool ask for it ... commit 22048c5485503749754b3b5daf9d99ef89fcacdc Author: Len Brown Date: Sat Mar 4 15:42:48 2017 -0500 tools/power turbostat: bugfix: GFXMHz column not changing turbostat displays a GFXMHz column, which comes from reading /sys/class/graphics/fb0/device/drm/card0/gt_cur_freq_mhz But GFXMHz was not changing, even when a manual cat /sys/class/graphics/fb0/device/drm/card0/gt_cur_freq_mhz showed a new value. It turns out that a rewind() on the open file is not sufficient, fflush() (or a close/open) is needed to read fresh values. Reported-by: Yaroslav Isakov Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 2d62e0768d3c28536d4cfe4c40ba1e5e8e442a93 Merge: be834aa 16ce771 Author: Linus Torvalds Date: Sat Mar 4 11:36:19 2017 -0800 Merge tag 'kvm-4.11-2' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull more KVM updates from Radim Krčmář: "Second batch of KVM changes for the 4.11 merge window: PPC: - correct assumption about ASDR on POWER9 - fix MMIO emulation on POWER9 x86: - add a simple test for ioperm - cleanup TSS (going through KVM tree as the whole undertaking was caused by VMX's use of TSS) - fix nVMX interrupt delivery - fix some performance counters in the guest ... and two cleanup patches" * tag 'kvm-4.11-2' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: nVMX: Fix pending events injection x86/kvm/vmx: remove unused variable in segment_base() selftests/x86: Add a basic selftest for ioperm x86/asm: Tidy up TSS limit code kvm: convert kvm.users_count from atomic_t to refcount_t KVM: x86: never specify a sample period for virtualized in_tx_cp counters KVM: PPC: Book3S HV: Don't use ASDR for real-mode HPT faults on POWER9 KVM: PPC: Book3S HV: Fix software walk of guest process page tables commit be834aafdf5f8a37c191e697ac8ee6d53ab5020c Merge: 91aff98 fd5d666 Author: Linus Torvalds Date: Sat Mar 4 11:32:18 2017 -0800 Merge tag 'docs-4.11-fixes' of git://git.lwn.net/linux Pull documentation fixes from Jonathan Corbet: "A few fixes for the docs tree, including one for a 4.11 build regression" * tag 'docs-4.11-fixes' of git://git.lwn.net/linux: Documentation/sphinx: fix primary_domain configuration docs: Fix htmldocs build failure doc/ko_KR/memory-barriers: Update control-dependencies section pcieaer doc: update the link Documentation: Update path to sysrq.txt commit 91aff98b79f10bf38c0d51b2d8538ecca35f916e Merge: 33a8b3e a45e47f Author: Linus Torvalds Date: Sat Mar 4 11:26:18 2017 -0800 Merge tag 'staging-4.11-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/IIO driver fixes from Greg KH: "Here are a few small staging and IIO driver fixes for issues that showed up after the big set if changes you merged last week. Nothing major, just small bugs resolved in some IIO drivers, a lustre allocation fix, and some RaspberryPi driver fixes for reported problems, as well as a MAINTAINERS entry update. All of these have been in linux-next for a week with no reported issues" * tag 'staging-4.11-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: fsl-mc: fix warning in DT ranges parser MAINTAINERS: Remove Noralf Trønnes as fbtft maintainer staging: vchiq_2835_arm: Make cache-line-size a required DT property staging: bcm2835/mmal-vchiq: unlock on error in buffer_from_host() staging/lustre/lnet: Fix allocation size for sv_cpt_data iio: adc: xilinx: Fix error handling iio: 104-quad-8: Fix off-by-one error when addressing flag register iio: adc: handle unknow of_device_id data commit 33a8b3e99dc68abfe25e140144ad268e70660be3 Merge: 0710f3f 5839f55 Author: Linus Torvalds Date: Sat Mar 4 10:42:53 2017 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: - vmalloc stack regression in CCM - Build problem in CRC32 on ARM - Memory leak in cavium - Missing Kconfig dependencies in atmel and mediatek - XTS Regression on some platforms (s390 and ppc) - Memory overrun in CCM test vector * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: vmx - Use skcipher for xts fallback crypto: vmx - Use skcipher for cbc fallback crypto: testmgr - Pad aes_ccm_enc_tv_template vector crypto: arm/crc32 - add build time test for CRC instruction support crypto: arm/crc32 - fix build error with outdated binutils crypto: ccm - move cbcmac input off the stack crypto: xts - Propagate NEED_FALLBACK bit crypto: api - Add crypto_requires_off helper crypto: atmel - CRYPTO_DEV_MEDIATEK should depend on HAS_DMA crypto: atmel - CRYPTO_DEV_ATMEL_TDES and CRYPTO_DEV_ATMEL_SHA should depend on HAS_DMA crypto: cavium - fix leak on curr if curr->head fails to be allocated crypto: cavium - Fix couple of static checker errors commit 1a9070ec91b37234fe915849b767c61584c64a44 Author: Sven Eckelmann Date: Sat Mar 4 15:48:50 2017 +0100 batman-adv: Initialize gw sel_class via batadv_algo The gateway selection class variable is shared between different algorithm versions. But the interpretation of the content is algorithm specific. The initialization is therefore also algorithm specific. But this was implemented incorrectly and the initialization for BATMAN_V always overwrote the value previously written for BATMAN_IV. This could only be avoided when BATMAN_V was disabled during compile time. Using a special batadv_algo hook for this initialization avoids this problem. Fixes: 50164d8f500f ("batman-adv: B.A.T.M.A.N. V - implement GW selection logic") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich net/batman-adv/bat_iv_ogm.c | 11 +++++++++++ net/batman-adv/bat_v.c | 14 +++++++++++--- net/batman-adv/gateway_common.c | 5 +++++ net/batman-adv/soft-interface.c | 1 - net/batman-adv/types.h | 2 ++ 5 files changed, 29 insertions(+), 4 deletions(-) commit 1c2bcc766be44467809f1798cd4ceacafe20a852 Author: Sven Eckelmann Date: Wed Feb 22 17:25:42 2017 +0100 batman-adv: Keep fragments equally sized The batman-adv fragmentation packets have the design problem that they cannot be refragmented and cannot handle padding by the underlying link. The latter often leads to problems when networks are incorrectly configured and don't use a common MTU. The sender could for example fragment a 1271 byte frame (plus external ethernet header (14) and batadv unicast header (10)) to fit in a 1280 bytes large MTU of the underlying link (max. 1294 byte frames). This would create a 1294 bytes large frame (fragment 2) and a 55 bytes large frame (fragment 1). The extra 54 bytes are the fragment header (20) added to each fragment and the external ethernet header (14) for the second fragment. Let us assume that the next hop is then not able to transport 1294 bytes to its next hop. The 1294 byte large frame will be dropped but the 55 bytes large fragment will still be forwarded to its destination. Or let us assume that the underlying hardware requires that each frame has a minimum size (e.g. 60 bytes). Then it will pad the 55 bytes frame to 60 bytes. The receiver of the 60 bytes frame will no longer be able to correctly assemble the two frames together because it is not aware that 5 bytes of the 60 bytes frame are padding and don't belong to the reassembled frame. This can partly be avoided by splitting frames more equally. In this example, the 675 and 674 bytes large fragment frames could both potentially reach its destination without being too large or too small. Reported-by: Martin Weinelt Fixes: ee75ed88879a ("batman-adv: Fragment and send skbs larger than mtu") Signed-off-by: Sven Eckelmann Acked-by: Linus Lüssing Signed-off-by: Simon Wunderlich net/batman-adv/fragmentation.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit b92675d998a9fa37fe9e0e35053a95b4a23c158b Author: Guenter Roeck Date: Sat Mar 4 07:02:11 2017 -0800 ARM: OMAP2+: Release device node after it is no longer needed. The device node returned by of_find_node_by_name() needs to be released after it is no longer needed to avoid a device node leak. Signed-off-by: Guenter Roeck Signed-off-by: Tony Lindgren arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 10e5778f54765c96fe0c8f104b7a030e5b35bc72 Author: Guenter Roeck Date: Sat Mar 4 07:02:10 2017 -0800 ARM: OMAP2+: Fix device node reference counts After commit 0549bde0fcb1 ("of: fix of_node leak caused in of_find_node_opts_by_path"), the following error may be reported when running omap images. OF: ERROR: Bad of_node_put() on /ocp@68000000 CPU: 0 PID: 0 Comm: swapper Not tainted 4.10.0-rc7-next-20170210 #1 Hardware name: Generic OMAP3-GP (Flattened Device Tree) [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (dump_stack+0x98/0xac) [] (dump_stack) from [] (kobject_release+0x48/0x7c) [] (kobject_release) from [] (of_find_node_by_name+0x74/0x94) [] (of_find_node_by_name) from [] (omap3xxx_hwmod_is_hs_ip_block_usable+0x24/0x2c) [] (omap3xxx_hwmod_is_hs_ip_block_usable) from [] (omap3xxx_hwmod_init+0x180/0x274) [] (omap3xxx_hwmod_init) from [] (omap3_init_early+0xa0/0x11c) [] (omap3_init_early) from [] (omap3430_init_early+0x8/0x30) [] (omap3430_init_early) from [] (setup_arch+0xc04/0xc34) [] (setup_arch) from [] (start_kernel+0x68/0x38c) [] (start_kernel) from [<8020807c>] (0x8020807c) of_find_node_by_name() drops the reference to the passed device node. The commit referenced above exposes this problem. To fix the problem, use of_get_child_by_name() instead of of_find_node_by_name(); of_get_child_by_name() does not drop the reference count of passed device nodes. While semantically different, we only look for immediate children of the passed device node, so of_get_child_by_name() is a more appropriate function to use anyway. Release the reference to the device node obtained with of_get_child_by_name() after it is no longer needed to avoid another device node leak. While at it, clean up the code and change the return type of omap3xxx_hwmod_is_hs_ip_block_usable() to bool to match its use and the return type of of_device_is_available(). Cc: Qi Hou Cc: Peter Rosin Cc: Rob Herring Signed-off-by: Guenter Roeck Signed-off-by: Tony Lindgren arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) commit 6ad966d7303b70165228dba1ee8da1a05c10eefe Author: Shile Zhang Date: Sat Feb 4 17:03:40 2017 +0800 powerpc/64: Fix checksum folding in csum_add() Paul's patch to fix checksum folding, commit b492f7e4e07a ("powerpc/64: Fix checksum folding in csum_tcpudp_nofold and ip_fast_csum_nofold") missed a case in csum_add(). Fix it. Signed-off-by: Shile Zhang Acked-by: Paul Mackerras Signed-off-by: Michael Ellerman arch/powerpc/include/asm/checksum.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2a9c4f40ab2c281f95d41577ff0f7f78668feb73 Author: Alexey Kardashevskiy Date: Thu Mar 2 17:41:24 2017 +1100 powerpc/powernv: Fix opal tracepoints with JUMP_LABEL=n The recent commit to allow calling OPAL calls in real mode, commit ab9bad0ead9a ("powerpc/powernv: Remove separate entry for OPAL real mode calls"), introduced a bug when CONFIG_JUMP_LABEL=n. The commit moved the "mfmsr r12" prior to the call to OPAL_BRANCH, but we missed that OPAL_BRANCH clobbers r12 when jump labels are disabled. This leads to us using the tracepoint refcount as the MSR value, typically zero, and saving that into PACASAVEDMSR. When we return from OPAL we use that value as the MSR value for rfid, meaning we switch to 32-bit BE real mode - hilarity ensues. Fix it by using r11 in OPAL_BRANCH, which is not live at the time the macro is used in OPAL_CALL. Fixes: ab9bad0ead9a ("powerpc/powernv: Remove separate entry for OPAL real mode calls") Suggested-by: Paul Mackerras Signed-off-by: Alexey Kardashevskiy Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/opal-wrappers.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0710f3ff91ecc4a715db6e4d0690472b13c4dac6 Merge: a3b4924 eec1153 Author: Linus Torvalds Date: Fri Mar 3 21:44:35 2017 -0800 Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull misc final vfs updates from Al Viro: "A few unrelated patches that got beating in -next. Everything else will have to go into the next window ;-/" * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: hfs: fix hfs_readdir() selftest for default_file_splice_read() infoleak 9p: constify ->d_name handling commit a3b4924b027f9a4b95ce89a914c1e0459e76f18a Merge: 0b94da8 42a70ab Author: Linus Torvalds Date: Fri Mar 3 21:36:56 2017 -0800 Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull more SCSI updates from James Bottomley: "This is the set of stuff that didn't quite make the initial pull and a set of fixes for stuff which did. The new stuff is basically lpfc (nvme), qedi and aacraid. The fixes cover a lot of previously submitted stuff, the most important of which probably covers some of the failing irq vectors allocation and other fallout from having the SCSI command allocated as part of the block allocation functions" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (59 commits) scsi: qedi: Fix memory leak in tmf response processing. scsi: aacraid: remove redundant zero check on ret scsi: lpfc: use proper format string for dma_addr_t scsi: lpfc: use div_u64 for 64-bit division scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m scsi: cciss: correct check map error. scsi: qla2xxx: fix spelling mistake: "seperator" -> "separator" scsi: aacraid: Fixed expander hotplug for SMART family scsi: mpt3sas: switch to pci_alloc_irq_vectors scsi: qedf: fixup compilation warning about atomic_t usage scsi: remove scsi_execute_req_flags scsi: merge __scsi_execute into scsi_execute scsi: simplify scsi_execute_req_flags scsi: make the sense header argument to scsi_test_unit_ready mandatory scsi: sd: improve TUR handling in sd_check_events scsi: always zero sshdr in scsi_normalize_sense scsi: scsi_dh_emc: return success in clariion_std_inquiry() scsi: fix memory leak of sdpk on when gd fails to allocate scsi: sd: make sd_devt_release() static scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework. ... commit f78ef7cd9a0686b979679d0de061c6dbfd8d649e Author: WANG Cong Date: Fri Mar 3 12:21:14 2017 -0800 strparser: destroy workqueue on module exit Fixes: 43a0c6751a32 ("strparser: Stream parser for messages") Cc: Tom Herbert Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/strparser/strparser.c | 1 + 1 file changed, 1 insertion(+) commit 20b83643abbc714342f3c52c5c273eeca649d3f9 Merge: 4511555 25e94a9 Author: David S. Miller Date: Fri Mar 3 20:40:06 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree, they are: 1) Missing check for full sock in ip_route_me_harder(), from Florian Westphal. 2) Incorrect sip helper structure initilization that breaks it when several ports are used, from Christophe Leroy. 3) Fix incorrect assumption when looking up for matching with adjacent intervals in the nft_set_rbtree. 4) Fix broken netlink event error reporting in nf_tables that results in misleading ESRCH errors propagated to userspace listeners. ==================== Signed-off-by: David S. Miller commit 0b94da8dfc26ec2eb3e6640726e434abf8c53e49 Merge: e27fd02 86ef58a Author: Linus Torvalds Date: Fri Mar 3 16:48:48 2017 -0800 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: "A fix and regression test case for nvdimm namespace label compatibility. Details: - An "nvdimm namespace label" is metadata on an nvdimm that provisions dimm capacity into a "namespace" that can host a block device / dax-filesytem, or a device-dax character device. A namespace is an object that other operating environment and platform firmware needs to comprehend for capabilities like booting from an nvdimm. The label metadata contains a checksum that Linux was not calculating correctly leading to other environments rejecting the Linux label. These have received a build success notification from the kbuild robot, and a positive test result from Nick who reported the problem" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: nfit, libnvdimm: fix interleave set cookie calculation tools/testing/nvdimm: make iset cookie predictable commit e27fd02d92817845471a196b3020c5694cbe5ff3 Merge: f47e2db 2a7275a Author: Linus Torvalds Date: Fri Mar 3 16:44:21 2017 -0800 Merge tag 'pci-v4.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: - fix NULL pointer dereferences in many DesignWare-based drivers due to refactoring error - fix Altera config write breakage due to my refactoring error * tag 'pci-v4.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI: altera: Fix TLP_CFG_DW0 for TLP write PCI: dwc: Fix crashes seen due to missing assignments commit 6407829901f074cf6beef566d6af9a0b0e238f0d Author: Rafael J. Wysocki Date: Fri Mar 3 23:51:31 2017 +0100 cpufreq: intel_pstate: Avoid triggering cpu_frequency tracepoint unnecessarily In the passive mode the cpu_frequency trace event is already triggered by the cpufreq core or by scaling governors, so intel_pstate should not trigger it once again for the same P-state updates. In addition to that, the frequency returned by intel_cpufreq_fast_switch() and passed via freqs.new from intel_cpufreq_target() to cpufreq_freq_transition_end() should reflect the P-state actually set, so make that happen. Fixes: 001c76f05b01 (cpufreq: intel_pstate: Generic governors support) Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 7f17326fc0b69afbda7aed6c4ce8e2328b74203b Author: Rafael J. Wysocki Date: Thu Mar 2 23:24:36 2017 +0100 cpufreq: intel_pstate: Fix intel_cpufreq_verify_policy() The intel_pstate_update_perf_limits() called from intel_cpufreq_verify_policy() may cause global P-state limits to change which is generally confusing and unnecessary. In the passive mode the global limits are only applied to the frequency selected by the scaling governor (they are not taken into account by governors when making decisions anyway), so making them follow the per-policy limits serves no purpose and may go against user expectations (as it generally causes the global attributes in sysfs to change even though they have not been written to in some cases). Fix that by dropping the intel_pstate_update_perf_limits() invocation from intel_cpufreq_verify_policy() (which also reduces the code size by a few lines). This change does not affect the per-CPU limits case, because those limits allow any P-state to be set by default in the passive mode and it removes the only piece of code updating them in that mode, so the per-policy settings will be the only ones taken into account in that case as expected. Fixes: 001c76f05b01 (cpufreq: intel_pstate: Generic governors support) Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 10 ---------- 1 file changed, 10 deletions(-) commit 2bc756e7dde20972300bb8e2e46dd430d6d2d5db Author: Rafael J. Wysocki Date: Thu Mar 2 23:22:29 2017 +0100 cpufreq: intel_pstate: Do not use performance_limits in passive mode Using performance_limits in the passive mode doesn't make sense, because in that mode the global limits are applied to the frequency selected by the scaling governor. The maximum and minimum P-state limits in performance_limits are both set to 100 percent which will put all CPUs into the turbo range regardless of what governor is used and what frequencies are selected by it (that is particularly undesirable on CPUs with the generic powersave governor attached). For this reason, make intel_pstate_register_driver() always point limits to powersave_limits in the passive mode. Fixes: 001c76f05b01 (cpufreq: intel_pstate: Generic governors support) Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit f47e2db43d6865358f35a7e2c7aa035321a6537a Merge: 606ed72 ef470a6 Author: Linus Torvalds Date: Fri Mar 3 16:20:06 2017 -0800 Merge branch 'parisc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fixes and cleanups from Helge Deller: "Nothing really important in this patchset: fix resource leaks in error paths, coding style cleanups and code removal" * 'parisc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Remove flush_user_dcache_range and flush_user_icache_range parisc: fix a printk parisc: ccio-dma: Handle return NULL error from ioremap_nocache parisc: Define access_ok() as macro parisc: eisa: Fix resource leaks in error paths parisc: eisa: Remove coding style errors commit 606ed721afdbba2f560db87f33cbdb72463a5d7b Merge: a1a0db3 b46dcfa Author: Linus Torvalds Date: Fri Mar 3 16:17:55 2017 -0800 Merge tag 'xtensa-20170303' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa updates from Max Filippov: - clean up bootable image build targets: provide separate 'Image', 'zImage' and 'uImage' make targets that only build corresponding image type. Make 'all' build all images appropriate for a platform - allow merging vectors code into .text section as a preparation step for XIP support - fix handling external FDT when the kernel is built without BLK_DEV_INITRD support * tag 'xtensa-20170303' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: allow merging vectors into .text section xtensa: clean up bootable image build targets xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD commit a1a0db36d8c89243d989186108fe9196ad0e2c2d Merge: 0a040b2 ca2dea4 Author: Linus Torvalds Date: Fri Mar 3 16:15:48 2017 -0800 Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC late DT updates from Arnd Bergmann: "These updates have been kept in a separate branch mostly because they rely on updates to the respective clk drivers to keep the shared header files in sync. This includes two branches for arm64 dt updates, both following up on earlier changes for the same platforms that are already merged: Samsung: - add USB3 support in Exynos7 - minor PM related updates Amlogic: - new machines: WeTek Set-top-boxes - various devices added to DT There are also a couple of bugfixes that trickled in since the start of the merge window: - The moxart_defconfig was not building the intended platform - CPU-hotplug was broken on ux500 - Coresight was broken on Juno (never worked)" * tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (26 commits) ARM: deconfig: fix the moxart defconfig ARM: ux500: resume the second core properly arm64: dts: juno: update definition for programmable replicator arm64: dts: exynos: Add regulators for Vbus and Vbus-Boost arm64: dts: exynos: Add USB 3.0 controller node for Exynos7 arm64: dts: exynos: Use macros for pinctrl configuration on Exynos7 pinctrl: dt-bindings: samsung: Add Exynos7 specific pinctrl macro definitions arm64: dts: exynos: Add initial configuration for DISP clocks for TM2/TM2e ARM64: dts: meson-gxbb-p200: add ADC laddered keys ARM64: dts: meson: meson-gx: add the SAR ADC ARM64: dts: meson-gxl: add the pwm_ao_b pin ARM64: dts: meson-gx: add the missing pwm_AO_ab node clk: gxbb: fix CLKID_ETH defined twice ARM64: dts: meson-gxl: rename Nexbox A95x for consistency clk: gxbb: add the SAR ADC clocks and expose them dt-bindings: amlogic: Add WeTek boards ARM64: dts: meson-gxbb: Add support for WeTek Hub and Play dt-bindings: vendor-prefix: Add wetek vendor prefix ARM64: dts: meson-gxm: Rename q200 and q201 DT files for consistency ARM64: dts: meson-gx: Add HDMI HPD/DDC pinctrl nodes ... commit 0a040b2113ec226bcf56fcbe02d035bb5b30c35e Merge: 4e66c42 ef65aae Author: Linus Torvalds Date: Fri Mar 3 16:00:59 2017 -0800 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull SMB3 fixes from Steve French: "Some small bug fixes as well as SMB2.1/SMB3 enablement for DFS (global namespace) which previously was only enabled for CIFS" * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: smb2: Enforce sec= mount option CIFS: Fix sparse warnings CIFS: implement get_dfs_refer for SMB2+ CIFS: use DFS pathnames in SMB2+ Create requests CIFS: set signing flag in SMB2+ TreeConnect if needed CIFS: let ses->ipc_tid hold smb2 TreeIds CIFS: add use_ipc flag to SMB2_ioctl() CIFS: add build_path_from_dentry_optional_prefix() CIFS: move DFS response parsing out of SMB1 code CIFS: Fix possible use after free in demultiplex thread commit fd5d666932d51b2552ecc0280047d6b35d9b6cd1 Author: John Keeping Date: Fri Mar 3 12:24:05 2017 +0000 Documentation/sphinx: fix primary_domain configuration With Sphinx 1.5.3 I get the warning: WARNING: primary_domain 'C' not found, ignored. It seems that domain names in Sphinx are case-sensitive and for the C domain the name must be lower case. Signed-off-by: John Keeping Signed-off-by: Jonathan Corbet Documentation/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f3fc83e55533b9fddac1d4eda79956768df569ea Author: Martyn Welch Date: Fri Mar 3 22:43:30 2017 +0000 docs: Fix htmldocs build failure Build of HTML docs failing due to conversion of deviceiobook.tmpl in 8a8a602f and regulator.tmpl in 028f2533 to RST without removing from DOCBOOKS in Makefile, resulting (in the case of deviceiobook) the following error: make[1]: *** No rule to make target 'Documentation/DocBook/deviceiobook.xml', needed by 'Documentation/DocBook/deviceiobook.aux.xml'. Stop. Makefile:1452: recipe for target 'htmldocs' failed make: *** [htmldocs] Error 2 Update DOCBOOKS to reflect available books. Signed-off-by: Martyn Welch Signed-off-by: Jonathan Corbet Documentation/DocBook/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9857b1ad4740ec2429e8ec0a39946d45a8d2cff9 Author: SeongJae Park Date: Fri Mar 3 15:44:02 2017 +0900 doc/ko_KR/memory-barriers: Update control-dependencies section This commit applies upstream change, commit c8241f8553e8 ("doc: Update control-dependencies section of memory-barriers.txt"), to Korean translation. Signed-off-by: SeongJae Park Signed-off-by: Jonathan Corbet .../translations/ko_KR/memory-barriers.txt | 68 ++++++++++++---------- 1 file changed, 37 insertions(+), 31 deletions(-) commit 2eb6a4b26d13c51bdb8d5aefdfc846c0624b8ce4 Author: Cao jin Date: Wed Mar 1 17:05:28 2017 +0800 pcieaer doc: update the link The original link is empty, replace it. Signed-off-by: Cao jin Signed-off-by: Jonathan Corbet Documentation/PCI/pcieaer-howto.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d3c1a297b6fe60fe7be637cb067b27fca46be504 Author: Krzysztof Kozlowski Date: Fri Feb 24 10:42:14 2017 +0200 Documentation: Update path to sysrq.txt Commit 9d85025b0418 ("docs-rst: create an user's manual book") moved the sysrq.txt leaving old paths in the kernel docs. Signed-off-by: Krzysztof Kozlowski Reviewed-by: Mauro Carvalho Chehab Signed-off-by: Jonathan Corbet Documentation/media/v4l-drivers/bttv.rst | 2 +- Documentation/s390/Debugging390.txt | 2 +- Documentation/sysctl/kernel.txt | 2 +- Documentation/virtual/uml/UserModeLinux-HOWTO.txt | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) commit 4e66c42c60fdf9be81837857454a41b39bf1b773 Merge: e58bc92 9a87ad3 Author: Linus Torvalds Date: Fri Mar 3 12:14:13 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse update from Miklos Szeredi: "A bugfix and cleanups" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: release: private_data cannot be NULL fuse: cleanup fuse_file refcounting fuse: add missing FR_FORCE commit e58bc927835a6f5ddbe4d2e069c9082b706810e7 Merge: 590dce2 51f8f3c Author: Linus Torvalds Date: Fri Mar 3 11:55:57 2017 -0800 Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs updates from Miklos Szeredi: "Because copy up can take a long time, serialized copy ups could be a big performance bottleneck. This update allows concurrent copy up of regular files eliminating this potential problem. There are also minor fixes" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: drop CAP_SYS_RESOURCE from saved mounter's credentials ovl: properly implement sync_filesystem() ovl: concurrent copy up of regular files ovl: introduce copy up waitqueue ovl: copy up regular file using O_TMPFILE ovl: rearrange code in ovl_copy_up_locked() ovl: check if upperdir fs supports O_TMPFILE commit 590dce2d4934fb909b112cd80c80486362337744 Merge: e0d0722 a528d35 Author: Linus Torvalds Date: Fri Mar 3 11:38:56 2017 -0800 Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs 'statx()' update from Al Viro. This adds the new extended stat() interface that internally subsumes our previous stat interfaces, and allows user mode to specify in more detail what kind of information it wants. It also allows for some explicit synchronization information to be passed to the filesystem, which can be relevant for network filesystems: is the cached value ok, or do you need open/close consistency, or what? From David Howells. Andreas Dilger points out that the first version of the extended statx interface was posted June 29, 2010: https://www.spinics.net/lists/linux-fsdevel/msg33831.html * 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: statx: Add a system call to make enhanced file info available commit e0d072250a54669dce876d8ade70e417356aae74 Merge: 1827adb 165a5e2 Author: Linus Torvalds Date: Fri Mar 3 10:53:35 2017 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block layer fixes from Jens Axboe: "A collection of fixes for this merge window, either fixes for existing issues, or parts that were waiting for acks to come in. This pull request contains: - Allocation of nvme queues on the right node from Shaohua. This was ready long before the merge window, but waiting on an ack from Bjorn on the PCI bit. Now that we have that, the three patches can go in. - Two fixes for blk-mq-sched with nvmeof, which uses hctx specific request allocations. This caused an oops. One part from Sagi, one part from Omar. - A loop partition scan deadlock fix from Omar, fixing a regression in this merge window. - A three-patch series from Keith, closing up a hole on clearing out requests on shutdown/resume. - A stable fix for nbd from Josef, fixing a leak of sockets. - Two fixes for a regression in this window from Jan, fixing a problem with one of his earlier patches dealing with queue vs bdi life times. - A fix for a regression with virtio-blk, causing an IO stall if scheduling is used. From me. - A fix for an io context lock ordering problem. From me" * 'for-linus' of git://git.kernel.dk/linux-block: block: Move bdi_unregister() to del_gendisk() blk-mq: ensure that bd->last is always set correctly block: don't call ioc_exit_icq() with the queue lock held for blk-mq block: Initialize bd_bdi on inode initialization loop: fix LO_FLAGS_PARTSCAN hang nvme: Complete all stuck requests blk-mq: Provide freeze queue timeout blk-mq: Export blk_mq_freeze_queue_wait nbd: stop leaking sockets blk-mq: move update of tags->rqs to __blk_mq_alloc_request() blk-mq: kill blk_mq_set_alloc_data() blk-mq: make blk_mq_alloc_request_hctx() allocate a scheduler request blk-mq-sched: Allocate sched reserved tags as specified in the original queue tagset nvme: allocate nvme_queue in correct node PCI: add an API to get node from vector blk-mq: allocate blk_mq_tags and requests in correct node commit 1827adb11ad26b2290dc9fe2aaf54976b2439865 Merge: 7876991 5eca1c1 Author: Linus Torvalds Date: Fri Mar 3 10:16:38 2017 -0800 Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull sched.h split-up from Ingo Molnar: "The point of these changes is to significantly reduce the header footprint, to speed up the kernel build and to have a cleaner header structure. After these changes the new 's typical preprocessed size goes down from a previous ~0.68 MB (~22K lines) to ~0.45 MB (~15K lines), which is around 40% faster to build on typical configs. Not much changed from the last version (-v2) posted three weeks ago: I eliminated quirks, backmerged fixes plus I rebased it to an upstream SHA1 from yesterday that includes most changes queued up in -next plus all sched.h changes that were pending from Andrew. I've re-tested the series both on x86 and on cross-arch defconfigs, and did a bisectability test at a number of random points. I tried to test as many build configurations as possible, but some build breakage is probably still left - but it should be mostly limited to architectures that have no cross-compiler binaries available on kernel.org, and non-default configurations" * 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (146 commits) sched/headers: Clean up sched/headers: Remove #ifdefs from sched/headers: Remove the include from sched/headers, hrtimer: Remove the include from sched/headers, x86/apic: Remove the header inclusion from sched/headers, timers: Remove the include from sched/headers: Remove from sched/headers: Remove from sched/core: Remove unused prefetch_stack() sched/headers: Remove from sched/headers: Remove the 'init_pid_ns' prototype from sched/headers: Remove from sched/headers: Remove from sched/headers: Remove the runqueue_is_locked() prototype sched/headers: Remove from sched/headers: Remove from sched/headers: Remove from sched/headers: Remove from sched/headers: Remove the include from sched/headers: Remove from ... commit 78769912f680fc0a79a67e798a0ae76f07e63a7b Merge: c82be9d e53aff4 Author: Linus Torvalds Date: Fri Mar 3 10:13:12 2017 -0800 Merge tag 'linux-kselftest-4.11-rc1-urgent_fix' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest fix from Shuah Khan: "This update consists of an urgent fix for individual test build failures introduced in the 4.11-rc1 update" * tag 'linux-kselftest-4.11-rc1-urgent_fix' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests: lib.mk Fix individual test builds commit 45115553f32ddbedb1633a6b73751a75a4a4f43a Merge: 48051c3 6d43131 Author: David S. Miller Date: Fri Mar 3 10:06:39 2017 -0800 Merge branch 'sfx-fixes' Edward Cree says: ==================== sfc: couple of fixes First patch addresses a construct that causes sparse to error out. With that fixed, sparse makes some warnings on ef10.c, second patch fixes one of them. ==================== Signed-off-by: David S. Miller commit 6d43131c158f42e2138d83495d19c70ed5cc0ffe Author: Edward Cree Date: Fri Mar 3 15:22:27 2017 +0000 sfc: fix IPID endianness in TSOv2 The value we read from the header is in network byte order, whereas EFX_POPULATE_QWORD_* takes values in host byte order (which it then converts to little-endian, as MCDI is little-endian). Fixes: e9117e5099ea ("sfc: Firmware-Assisted TSO version 2") Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/ef10.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d0346b033899b9affa4da8c32bfb574dfb89859e Author: Edward Cree Date: Fri Mar 3 15:22:09 2017 +0000 sfc: avoid max() in array size It confuses sparse, which thinks the size isn't constant. Let's achieve the same thing with a BUILD_BUG_ON, since we know which one should be bigger and don't expect them ever to change. Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/ef10.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 48051c375cac3e0f8f52ccda30329e35da980066 Merge: a8d63a5 66ddb82 Author: David S. Miller Date: Fri Mar 3 09:58:17 2017 -0800 Merge tag 'linux-can-fixes-for-4.11-20170303' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2017-03-03 this is a pull request for the upcoming v4.11 release. There are two patches by Ethan Zonca for the gs_usb driver, the first one fixes the memory used for USB transfers, the second one the coding style. The last two patches are by me, one fixing a memory leak in the usb_8dev driver the other a typo in the flexcan driver. ==================== Signed-off-by: David S. Miller commit a8d63a53b3eac8626f62336dcc327c18f1bbca78 Author: Zhu Yanjun Date: Fri Mar 3 00:44:26 2017 -0500 rds: remove unnecessary returned value check The function rds_trans_register always returns 0. As such, it is not necessary to check the returned value. Cc: Joe Jin Cc: Junxiao Bi Signed-off-by: Zhu Yanjun Reviewed-by: Yuval Shaia Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller net/rds/ib.c | 6 +----- net/rds/rds.h | 2 +- net/rds/tcp.c | 6 +----- net/rds/transport.c | 4 +--- 4 files changed, 4 insertions(+), 14 deletions(-) commit 37411cad633f5e41f8a13007654909d21b19363a Author: David Howells Date: Thu Mar 2 23:48:52 2017 +0000 rxrpc: Fix potential NULL-pointer exception Fix a potential NULL-pointer exception in rxrpc_do_sendmsg(). The call state check that I added should have gone into the else-body of the if-statement where we actually have a call to check. Found by CoverityScan CID#1414316 ("Dereference after null check"). Fixes: 540b1c48c37a ("rxrpc: Fix deadlock between call creation and sendmsg/recvmsg") Reported-by: Colin Ian King Signed-off-by: David Howells Signed-off-by: David S. Miller net/rxrpc/sendmsg.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit b3b6157a6ad69941e5a2eba1aa2edf9a53cd28dd Merge: e285998 d58cebb Author: David S. Miller Date: Fri Mar 3 09:46:54 2017 -0800 Merge branch 'nfp-fixes' Jakub Kicinski says: ==================== nfp: RX and XDP buffer fixes Two trivial fixes for code introduced with XDP support. First one corrects the buffer size we populate a register with. The register is designed to be used for scatter transfers which the driver (and most FWs) don't support so it's not critical. The other one for DMA direction is mostly cosmetic, DMA API doesn't seem to care today about the precise direction in sync calls. ==================== Signed-off-by: David S. Miller commit d58cebb79b62ff84b537a35423b8d6b7f0746985 Author: Jakub Kicinski Date: Thu Mar 2 15:26:21 2017 -0800 nfp: correct DMA direction in XDP DMA sync dma_sync_single_for_*() takes the direction in which the buffer was mapped, not the direction of the sync. We should sync XDP buffers bidirectionally. Fixes: ecd63a0217d5 ("nfp: add XDP support in the driver") Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9383b33771e566fa547daa2d09c6e0f1aaa298c3 Author: Jakub Kicinski Date: Thu Mar 2 15:26:20 2017 -0800 nfp: don't tell FW about the reserved buffer space Since commit c0f031bc8866 ("nfp_net: use alloc_frag() and build_skb()") we are allocating buffers which have to hold both the data and skb to be created in place by build_skb(). FW should only be told about the buffer space it can DMA to, that is without the build_skb() headroom and tailroom. Note: firmware applications should validate the buffers against both MTU and free list buffer size so oversized packets would not pass through the NIC anyway. Fixes: c0f031bc8866 ("nfp: use alloc_frag() and build_skb()") Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e28599800a1274357492d85a653012ed3220b45c Merge: 2ddbcea fa42245 Author: David S. Miller Date: Fri Mar 3 09:44:28 2017 -0800 Merge branch 'bgmac-fixes' Jon Mason says: ==================== net: ethernet: bgmac: bug fixes Changes in v5: * Rebased to the latest code and fixed up a compile error due to the mac_addr struct going away (found by David Miller) Changes in v4: * Added the udelays from the previous code (per David Miller) Changes in v3: * Reworked the init sequence patch to only remove the device reset if the device is actually in reset. Given that this code doesn't bear much resemblance to the original code, I'm changing the author of the patch. This was tested on NS2 SVK. Changes in v2: * Reworked the first match to make it more obvious what portions of the register were being preserved (Per Rafal Mileki) * Style change to reorder the function variables in patch 2 (per Sergei Shtylyov) Bug fixes for bgmac driver ==================== Signed-off-by: David S. Miller commit fa42245dff4a5f2f8f208da542acbd80c22f7c65 Author: Hari Vyas Date: Thu Mar 2 17:59:57 2017 -0500 net: ethernet: bgmac: mac address change bug ndo_set_mac_address() passes struct sockaddr * as 2nd parameter to bgmac_set_mac_address() but code assumed u8 *. This caused two bytes chopping and the wrong mac address was configured. Signed-off-by: Hari Vyas Signed-off-by: Jon Mason Fixes: 4e209001b86 ("bgmac: write mac address to hardware in ndo_set_mac_address") Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bgmac.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 16206524f6ea57d6dcd56fe46f9f4a06d4a1b113 Author: Jon Mason Date: Thu Mar 2 17:59:56 2017 -0500 net: ethernet: bgmac: init sequence bug Fix a bug in the 'bgmac' driver init sequence that blind writes for init sequence where it should preserve most bits other than the ones it is deliberately manipulating. The code now checks to see if the adapter needs to be brought out of reset (where as before it was doing an IDM write to bring it out of reset regardless of whether it was in reset or not). Also, removed unnecessary usleeps (as there is already a read present to flush the IDM writes). Signed-off-by: Zac Schroff Signed-off-by: Jon Mason Fixes: f6a95a24957 ("net: ethernet: bgmac: Add platform device support") Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bgmac-platform.c | 27 +++++++++++++++++--------- drivers/net/ethernet/broadcom/bgmac.h | 16 +++++++++++++++ 2 files changed, 34 insertions(+), 9 deletions(-) commit 2ddbcea75a36dac2ff62ee33a0a8df37e994201e Merge: f7bb3d8 a254d8f Author: David S. Miller Date: Fri Mar 3 09:36:15 2017 -0800 Merge branch 'xen-netback-fixes' Paul Durrant says: ==================== xen-netback: update memory leak fix to avoid BUG Commit 9a6cdf52b85e "xen-netback: fix memory leaks on XenBus disconnect" added missing code to fix a memory leak by calling vfree() in the appropriate place. Unfortunately subsequent commit f16f1df65f1c "xen-netback: protect resource cleaning on XenBus disconnect" then wrapped this call to vfree() in a spin lock, leading to a BUG due to incorrect context. Patch #1 makes the existing code more readable Patch #2 fixes the problem ==================== Signed-off-by: David S. Miller commit a254d8f9a8a928772ef4608342125ccb35b79d5d Author: Paul Durrant Date: Thu Mar 2 12:54:26 2017 +0000 xen-netback: don't vfree() queues under spinlock This leads to a BUG of the following form: [ 174.512861] switch: port 2(vif3.0) entered disabled state [ 174.522735] BUG: sleeping function called from invalid context at /home/build/linux-linus/mm/vmalloc.c:1441 [ 174.523451] in_atomic(): 1, irqs_disabled(): 0, pid: 28, name: xenwatch [ 174.524131] CPU: 1 PID: 28 Comm: xenwatch Tainted: G W 4.10.0upstream-11073-g4977ab6-dirty #1 [ 174.524819] Hardware name: MSI MS-7680/H61M-P23 (MS-7680), BIOS V17.0 03/14/2011 [ 174.525517] Call Trace: [ 174.526217] show_stack+0x23/0x60 [ 174.526899] dump_stack+0x5b/0x88 [ 174.527562] ___might_sleep+0xde/0x130 [ 174.528208] __might_sleep+0x35/0xa0 [ 174.528840] ? _raw_spin_unlock_irqrestore+0x13/0x20 [ 174.529463] ? __wake_up+0x40/0x50 [ 174.530089] remove_vm_area+0x20/0x90 [ 174.530724] __vunmap+0x1d/0xc0 [ 174.531346] ? delete_object_full+0x13/0x20 [ 174.531973] vfree+0x40/0x80 [ 174.532594] set_backend_state+0x18a/0xa90 [ 174.533221] ? dwc_scan_descriptors+0x24d/0x430 [ 174.533850] ? kfree+0x5b/0xc0 [ 174.534476] ? xenbus_read+0x3d/0x50 [ 174.535101] ? xenbus_read+0x3d/0x50 [ 174.535718] ? xenbus_gather+0x31/0x90 [ 174.536332] ? ___might_sleep+0xf6/0x130 [ 174.536945] frontend_changed+0x6b/0xd0 [ 174.537565] xenbus_otherend_changed+0x7d/0x80 [ 174.538185] frontend_changed+0x12/0x20 [ 174.538803] xenwatch_thread+0x74/0x110 [ 174.539417] ? woken_wake_function+0x20/0x20 [ 174.540049] kthread+0xe5/0x120 [ 174.540663] ? xenbus_printf+0x50/0x50 [ 174.541278] ? __kthread_init_worker+0x40/0x40 [ 174.541898] ret_from_fork+0x21/0x2c [ 174.548635] switch: port 2(vif3.0) entered disabled state This patch defers the vfree() until after the spinlock is released. Reported-by: Juergen Gross Signed-off-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/xenbus.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit d67ce7da3b1eda838db7bdca86d7ec28ef37068e Author: Paul Durrant Date: Thu Mar 2 12:54:25 2017 +0000 xen-netback: keep a local pointer for vif in backend_disconnect() This patch replaces use of 'be->vif' with 'vif' and hence generally makes the function look tidier. No semantic change. Signed-off-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/xenbus.c | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) commit f7bb3d86a64775e0a7636d211dbd80cbeea6e618 Merge: 9f674e4 c74042f Author: David S. Miller Date: Fri Mar 3 09:29:49 2017 -0800 Merge branch '10GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates 2017-03-02 This series contains fixes to ixgbe only. Paolo fixes the driver so that you can actually update the RSS key value via ethtool. Alex fixes an issue on architectures that have a cache line size larger than 64 Bytes, where the amount of headroom for the frame starts shrinking. To take this into account, Alex adds one small check so that we compare the max_frame to the amount of actual data we can store, so we will automatically enable 3K receive buffers as soon as the maximum frame size we can handle drops below the standard Ethernet MTU. ==================== Signed-off-by: David S. Miller commit 65a50c656276b0846bea09dd011c0a3d35b77f3e Author: Todd Brandt Date: Thu Mar 2 16:12:15 2017 -0800 ftrace/graph: Add ftrace_graph_max_depth kernel parameter Early trace callgraphs can be extremely large on systems with several seconds of boot time. The max_depth parameter limits how deep the graph trace goes and reduces the output size. This parameter is the same as the max_graph_depth file in tracefs. Link: http://lkml.kernel.org/r/1488499935-23216-1-git-send-email-todd.e.brandt@linux.intel.com Signed-off-by: Todd Brandt [ changed comments about debugfs to tracefs ] Signed-off-by: Steven Rostedt (VMware) Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ kernel/trace/ftrace.c | 9 +++++++++ 2 files changed, 15 insertions(+) commit bf7165cfa23695c51998231c4efa080fe1d3548d Author: Rik van Riel Date: Wed Sep 28 22:55:54 2016 -0400 tracing: Add #undef to fix compile error There are several trace include files that define TRACE_INCLUDE_FILE. Include several of them in the same .c file (as I currently have in some code I am working on), and the compile will blow up with a "warning: "TRACE_INCLUDE_FILE" redefined #define TRACE_INCLUDE_FILE syscalls" Every other include file in include/trace/events/ avoids that issue by having a #undef TRACE_INCLUDE_FILE before the #define; syscalls.h should have one, too. Link: http://lkml.kernel.org/r/20160928225554.13bd7ac6@annuminas.surriel.com Cc: stable@vger.kernel.org Fixes: b8007ef74222 ("tracing: Separate raw syscall from syscall tracer") Signed-off-by: Rik van Riel Signed-off-by: Steven Rostedt (VMware) include/trace/events/syscalls.h | 1 + 1 file changed, 1 insertion(+) commit b17ef2ed624aa7c1f68ed11acd16ecbf80fe01d7 Author: Steven Rostedt (VMware) Date: Thu Mar 2 17:28:45 2017 -0500 jump_label: Add comment about initialization order for anonymous unions Commit 3821fd35b58d ("jump_label: Reduce the size of struct static_key") broke old compilers that could not handle static initialization of anonymous unions. Boris fixed it with a patch that added brackets around the static initializer. But this creates a dependency between those initializers and the structure's order of its fields. Document this dependency in case new fields are added to struct static_key in the future. Noted-by: Boris Ostrovsky Suggested-by: Chris Mason Signed-off-by: Steven Rostedt (VMware) include/linux/jump_label.h | 7 +++++++ 1 file changed, 7 insertions(+) commit cd8d860dcce906cd477be7d0648ba6f56a52eaa6 Author: Boris Ostrovsky Date: Tue Feb 28 11:32:22 2017 -0500 jump_label: Fix anonymous union initialization Pre-4.6 gcc do not allow direct static initialization of members of anonymous structs/unions. After commit 3821fd35b58d ("jump_label: Reduce the size of struct static_key") STATIC_KEY_INIT_{TRUE|FALSE} definitions cannot be compiled with those older compilers. Placing initializers inside curved brackets works around this problem. Link: http://lkml.kernel.org/r/1488299542-30765-1-git-send-email-boris.ostrovsky@oracle.com Fixes: 3821fd35b58d ("jump_label: Reduce the size of struct static_key") Reviewed-by: Jason Baron Compiled-by: Chris Mason Signed-off-by: Boris Ostrovsky Signed-off-by: Steven Rostedt (VMware) include/linux/jump_label.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ab42632156becd35d3884ee5c14da2bedbf3149a Author: David Daney Date: Wed Mar 1 14:04:53 2017 -0800 module: set __jump_table alignment to 8 For powerpc the __jump_table section in modules is not aligned, this causes a WARN_ON() splat when loading a module containing a __jump_table. Strict alignment became necessary with commit 3821fd35b58d ("jump_label: Reduce the size of struct static_key"), currently in linux-next, which uses the two least significant bits of pointers to __jump_table elements. Fix by forcing __jump_table to 8, which is the same alignment used for this section in the kernel proper. Link: http://lkml.kernel.org/r/20170301220453.4756-1-david.daney@cavium.com Reviewed-by: Jason Baron Acked-by: Jessica Yu Acked-by: Michael Ellerman (powerpc) Tested-by: Sachin Sant Signed-off-by: David Daney Signed-off-by: Steven Rostedt (VMware) scripts/module-common.lds | 2 ++ 1 file changed, 2 insertions(+) commit 92ad18ec26611e8a47639e600bd9dc42fbe2edcf Author: Steven Rostedt (VMware) Date: Thu Mar 2 12:53:26 2017 -0500 ftrace/graph: Do not modify the EMPTY_HASH for the function_graph filter On boot up, if the kernel command line sets a graph funtion with the kernel command line options "ftrace_graph_filter" or "ftrace_graph_notrace" then it updates the corresponding function graph hash, ftrace_graph_hash or ftrace_graph_notrace_hash respectively. Unfortunately, at boot up, these variables are pointers to the "EMPTY_HASH" which is a constant used as a placeholder when a hash has no entities. The problem was that the comand line version to set the hashes updated the actual EMPTY_HASH instead of creating a new hash for the function graph. This broke the EMPTY_HASH because not only did it modify a constant (not sure how that was allowed to happen, except maybe because it was done at early boot, const variables were still mutable), but it made the filters have functions listed in them when they were actually empty. The kernel command line function needs to allocate a new hash for the function graph filters and assign the necessary variables to that new hash instead. Link: http://lkml.kernel.org/r/1488420091.7212.17.camel@linux.intel.com Cc: Namhyung Kim Fixes: b9b0c831bed2 ("ftrace: Convert graph filter to use hash tables") Reported-by: Todd Brandt Tested-by: Todd Brandt Signed-off-by: Steven Rostedt (VMware) kernel/trace/ftrace.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 25e94a997b324b5f167f56d56d7106d38b78c9de Author: Pablo Neira Ayuso Date: Wed Mar 1 12:52:31 2017 +0100 netfilter: nf_tables: don't call nfnetlink_set_err() if nfnetlink_send() fails The underlying nlmsg_multicast() already sets sk->sk_err for us to notify socket overruns, so we should not do anything with this return value. So we just call nfnetlink_set_err() if: 1) We fail to allocate the netlink message. or 2) We don't have enough space in the netlink message to place attributes, which means that we likely need to allocate a larger message. Before this patch, the internal ESRCH netlink error code was propagated to userspace, which is quite misleading. Netlink semantics mandate that listeners just hit ENOBUFS if the socket buffer overruns. Reported-by: Alexander Alemayhu Tested-by: Alexander Alemayhu Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 6 +- net/netfilter/nf_tables_api.c | 133 ++++++++++++++++---------------------- 2 files changed, 58 insertions(+), 81 deletions(-) commit f9121355eb6f9babadb97bf5b34ab0cce7764406 Author: Pablo Neira Ayuso Date: Wed Mar 1 18:15:11 2017 +0100 netfilter: nft_set_rbtree: incorrect assumption on lower interval lookups In case of adjacent ranges, we may indeed see either the high part of the range in first place or the low part of it. Remove this incorrect assumption, let's make sure we annotate the low part of the interval in case of we have adjacent interva intervals so we hit a matching in lookups. Reported-by: Simon Hanisch Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_set_rbtree.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit da2f27e9e615d1c799c9582b15262458da61fddc Author: Christophe Leroy Date: Wed Mar 1 15:33:26 2017 +0100 netfilter: nf_conntrack_sip: fix wrong memory initialisation In commit 82de0be6862cd ("netfilter: Add helper array register/unregister functions"), struct nf_conntrack_helper sip[MAX_PORTS][4] was changed to sip[MAX_PORTS * 4], so the memory init should have been changed to memset(&sip[4 * i], 0, 4 * sizeof(sip[i])); But as the sip[] table is allocated in the BSS, it is already set to 0 Fixes: 82de0be6862cd ("netfilter: Add helper array register/unregister functions") Signed-off-by: Christophe Leroy Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_sip.c | 2 -- 1 file changed, 2 deletions(-) commit 66ddb82129df66a94219844c509074adb4330a28 Author: Marc Kleine-Budde Date: Thu Mar 2 15:42:49 2017 +0100 can: flexcan: fix typo in comment This patch fixes the typo "Disble" -> "Disable". Signed-off-by: Marc Kleine-Budde drivers/net/can/flexcan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7c42631376306fb3f34d51fda546b50a9b6dd6ec Author: Marc Kleine-Budde Date: Thu Mar 2 12:03:40 2017 +0100 can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer The priv->cmd_msg_buffer is allocated in the probe function, but never kfree()ed. This patch converts the kzalloc() to resource-managed kzalloc. Cc: linux-stable Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/usb_8dev.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 540a27aef355e3fd8c598600d4a3c8f92127ee05 Author: Ethan Zonca Date: Fri Feb 24 11:00:34 2017 -0500 can: gs_usb: fix coding style This patch fixes five minor style issues, spaces are between bitwise OR operators. Signed-off-by: Ethan Zonca Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/gs_usb.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit c919a3069c775c1c876bec55e00b2305d5125caa Author: Ethan Zonca Date: Fri Feb 24 11:27:36 2017 -0500 can: gs_usb: Don't use stack memory for USB transfers Fixes: 05ca5270005c can: gs_usb: add ethtool set_phys_id callback to locate physical device The gs_usb driver is performing USB transfers using buffers allocated on the stack. This causes the driver to not function with vmapped stacks. Instead, allocate memory for the transfer buffers. Signed-off-by: Ethan Zonca Cc: linux-stable # >= v4.8 Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/gs_usb.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) commit 5df62771c556e4ec9d7ecea1f070ff6da4bce151 Author: Sean Young Date: Thu Feb 23 06:11:21 2017 -0300 [media] rc: protocol is not set on register for raw IR devices ir_raw_event_register() sets up change_protocol(), and without that set, rc_setup_rx_device() does not set the protocol for the device on register. The standard udev rules run ir-keytable, which writes to the protocols file again, which hides this problem. Fixes: 7ff2c2b ("[media] rc-main: split setup and unregister functions") Signed-off-by: Sean Young Signed-off-by: Mauro Carvalho Chehab drivers/media/rc/rc-main.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 413808685dd7c9b54bbc5af79da2eaddd0fc3cb2 Author: Sean Young Date: Wed Feb 22 18:48:01 2017 -0300 [media] rc: raw decoder for keymap protocol is not loaded on register When the protocol is set via the sysfs protocols attribute, the decoder is loaded. However, when it is not when a device is first plugged in or registered. Fixes: acc1c3c ("[media] media: rc: load decoder modules on-demand") Signed-off-by: Sean Young Cc: # v4.5+ Signed-off-by: Mauro Carvalho Chehab drivers/media/rc/rc-main.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit c1305a40722f3e02f3d971acc22f5991aff239a6 Author: Heiner Kallweit Date: Sun Feb 12 15:01:22 2017 -0200 [media] rc: nuvoton: fix deadlock in nvt_write_wakeup_codes nvt_write_wakeup_codes acquires the same lock as the ISR but doesn't disable interrupts on the local CPU. This caused the following deadlock. Fix this by using spin_lock_irqsave. [ 432.362008] ================================ [ 432.362074] WARNING: inconsistent lock state [ 432.362144] 4.10.0-rc7-next-20170210 #1 Not tainted [ 432.362219] -------------------------------- [ 432.362286] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [ 432.362379] swapper/0/0 [HC1[1]:SC0[0]:HE0:SE1] takes: [ 432.362457] (&(&nvt->lock)->rlock){?.+...}, at: [] nvt_cir_isr+0x2d/0x520 [nuvoton_cir] [ 432.362611] {HARDIRQ-ON-W} state was registered at: [ 432.362686] [ 432.362698] [] __lock_acquire+0x5dc/0x1260 [ 432.362812] [ 432.362817] [] lock_acquire+0xe9/0x1d0 [ 432.362927] [ 432.362934] [] _raw_spin_lock+0x33/0x50 [ 432.363045] [ 432.363051] [] nvt_write_wakeup_codes.isra.12+0x22/0xe0 [nuvoton_cir] [ 432.363193] [ 432.363199] [] wakeup_data_store+0xdf/0xf0 [nuvoton_cir] [ 432.363327] [ 432.363333] [] dev_attr_store+0x13/0x20 [ 432.363441] [ 432.363449] [] sysfs_kf_write+0x40/0x50 [ 432.363558] [ 432.363564] [] kernfs_fop_write+0x150/0x1e0 [ 432.363676] [ 432.363685] [] __vfs_write+0x23/0x120 [ 432.363791] [ 432.363798] [] vfs_write+0xc3/0x1e0 [ 432.363902] [ 432.363909] [] SyS_write+0x44/0xa0 [ 432.364012] [ 432.364021] [] do_syscall_64+0x57/0x140 [ 432.364129] [ 432.364135] [] return_from_SYSCALL_64+0x0/0x7a [ 432.364252] irq event stamp: 415118 [ 432.364313] hardirqs last enabled at (415115): [] cpuidle_enter_state+0x11b/0x370 [ 432.364445] hardirqs last disabled at (415116): [] common_interrupt+0x8b/0x90 [ 432.364573] softirqs last enabled at (415118): [] _local_bh_enable+0x1c/0x50 [ 432.364699] softirqs last disabled at (415117): [] irq_enter+0x43/0x60 [ 432.364814] other info that might help us debug this: [ 432.364909] Possible unsafe locking scenario: [ 432.367821] CPU0 [ 432.370645] ---- [ 432.373432] lock(&(&nvt->lock)->rlock); [ 432.376228] [ 432.378982] lock(&(&nvt->lock)->rlock); [ 432.381757] *** DEADLOCK *** [ 432.389888] no locks held by swapper/0/0. [ 432.392574] stack backtrace: [ 432.397774] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.10.0-rc7-next-20170210 #1 [ 432.400375] Hardware name: ZOTAC ZBOX-CI321NANO/ZBOX-CI321NANO, BIOS B246P105 06/01/2015 [ 432.403023] Call Trace: [ 432.405636] [ 432.408208] dump_stack+0x68/0x93 [ 432.410775] print_usage_bug+0x1dd/0x1f0 [ 432.413334] mark_lock+0x559/0x5c0 [ 432.415871] ? print_shortest_lock_dependencies+0x1a0/0x1a0 [ 432.418431] __lock_acquire+0x6b1/0x1260 [ 432.420941] lock_acquire+0xe9/0x1d0 [ 432.423396] ? nvt_cir_isr+0x2d/0x520 [nuvoton_cir] [ 432.425844] _raw_spin_lock+0x33/0x50 [ 432.428252] ? nvt_cir_isr+0x2d/0x520 [nuvoton_cir] [ 432.430670] nvt_cir_isr+0x2d/0x520 [nuvoton_cir] [ 432.433085] __handle_irq_event_percpu+0x43/0x330 [ 432.435493] handle_irq_event_percpu+0x1e/0x50 [ 432.437884] handle_irq_event+0x34/0x60 [ 432.440236] handle_edge_irq+0x6a/0x150 [ 432.442561] handle_irq+0x15/0x20 [ 432.444854] do_IRQ+0x57/0x110 [ 432.447115] common_interrupt+0x90/0x90 [ 432.449380] RIP: 0010:cpuidle_enter_state+0x120/0x370 [ 432.451653] RSP: 0018:ffffffff81c03dd8 EFLAGS: 00000206 ORIG_RAX: ffffffffffffffcc [ 432.453994] RAX: ffffffff81c14500 RBX: 0000000000000008 RCX: 00000064aac6f2d2 [ 432.456349] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff81c14500 [ 432.458704] RBP: ffffffff81c03e18 R08: cccccccccccccccd R09: 0000000000000018 [ 432.461072] R10: 0000000000000000 R11: 0000000000000000 R12: ffff880100a21260 [ 432.463450] R13: ffffffff81c7e6f8 R14: 0000000000000008 R15: ffffffff81c7e6e0 [ 432.465819] [ 432.468104] ? cpuidle_enter_state+0x11b/0x370 [ 432.470413] cpuidle_enter+0x12/0x20 [ 432.472698] call_cpuidle+0x1e/0x40 [ 432.474967] do_idle+0xe3/0x1c0 [ 432.477172] cpu_startup_entry+0x18/0x20 [ 432.479376] rest_init+0x130/0x140 [ 432.481565] start_kernel+0x3cc/0x3d9 [ 432.483750] x86_64_start_reservations+0x2a/0x2c [ 432.485980] x86_64_start_kernel+0x178/0x18b [ 432.488222] start_cpu+0x14/0x14 [ 432.490453] ? start_cpu+0x14/0x14 Fixes: 97c129747af5 "[media] rc: nuvoton-cir: Add support wakeup via sysfs filter callback" Signed-off-by: Heiner Kallweit Signed-off-by: Sean Young Signed-off-by: Mauro Carvalho Chehab drivers/media/rc/nuvoton-cir.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit db5b15b74ed9a5c04bb808d18ffa2c773f5c18c0 Author: Sean Young Date: Mon Feb 13 10:35:44 2017 -0200 [media] lirc: fix dead lock between open and wakeup_filter The locking in lirc needs improvement, but for now just fix this potential deadlock. ====================================================== [ INFO: possible circular locking dependency detected ] 4.10.0-rc1+ #1 Not tainted ------------------------------------------------------- bash/2502 is trying to acquire lock: (ir_raw_handler_lock){+.+.+.}, at: [] ir_raw_encode_scancode+0x3e/0xb0 [rc_core] but task is already holding lock: (&dev->lock){+.+.+.}, at: [] store_filter+0x9f/0x240 [rc_core] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&dev->lock){+.+.+.}: [] lock_acquire+0xfd/0x200 [] mutex_lock_nested+0x77/0x6d0 [] rc_open+0x2a/0x80 [rc_core] [] lirc_dev_fop_open+0xda/0x1e0 [lirc_dev] [] chrdev_open+0xb0/0x210 [] do_dentry_open+0x20a/0x2f0 [] vfs_open+0x4c/0x80 [] path_openat+0x5bc/0xc00 [] do_filp_open+0x91/0x100 [] do_sys_open+0x130/0x220 [] SyS_open+0x1e/0x20 [] entry_SYSCALL_64_fastpath+0x1f/0xc2 -> #1 (lirc_dev_lock){+.+.+.}: [] lock_acquire+0xfd/0x200 [] mutex_lock_nested+0x77/0x6d0 [] lirc_register_driver+0x67/0x59b [lirc_dev] [] ir_lirc_register+0x1f4/0x260 [ir_lirc_codec] [] ir_raw_handler_register+0x7c/0xb0 [rc_core] [] 0xffffffffc0398010 [] do_one_initcall+0x52/0x1b0 [] do_init_module+0x5f/0x1fa [] load_module+0x2675/0x2b00 [] SYSC_finit_module+0xdf/0x110 [] SyS_finit_module+0xe/0x10 [] do_syscall_64+0x6c/0x1f0 [] return_from_SYSCALL_64+0x0/0x7a -> #0 (ir_raw_handler_lock){+.+.+.}: [] __lock_acquire+0x10f7/0x1290 [] lock_acquire+0xfd/0x200 [] mutex_lock_nested+0x77/0x6d0 [] ir_raw_encode_scancode+0x3e/0xb0 [rc_core] [] loop_set_wakeup_filter+0x62/0xbd [rc_loopback] [] store_filter+0x1aa/0x240 [rc_core] [] dev_attr_store+0x18/0x30 [] sysfs_kf_write+0x45/0x60 [] kernfs_fop_write+0x155/0x1e0 [] __vfs_write+0x37/0x160 [] vfs_write+0xc8/0x1e0 [] SyS_write+0x58/0xc0 [] entry_SYSCALL_64_fastpath+0x1f/0xc2 other info that might help us debug this: Chain exists of: ir_raw_handler_lock --> lirc_dev_lock --> &dev->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&dev->lock); lock(lirc_dev_lock); lock(&dev->lock); lock(ir_raw_handler_lock); *** DEADLOCK *** 4 locks held by bash/2502: #0: (sb_writers#4){.+.+.+}, at: [] vfs_write+0x195/0x1e0 #1: (&of->mutex){+.+.+.}, at: [] kernfs_fop_write+0x11f/0x1e0 #2: (s_active#215){.+.+.+}, at: [] kernfs_fop_write+0x128/0x1e0 #3: (&dev->lock){+.+.+.}, at: [] store_filter+0x9f/0x240 [rc_core] stack backtrace: CPU: 3 PID: 2502 Comm: bash Not tainted 4.10.0-rc1+ #1 Hardware name: /DG45ID, BIOS IDG4510H.86A.0135.2011.0225.1100 02/25/2011 Call Trace: dump_stack+0x86/0xc3 print_circular_bug+0x1be/0x210 __lock_acquire+0x10f7/0x1290 lock_acquire+0xfd/0x200 ? ir_raw_encode_scancode+0x3e/0xb0 [rc_core] ? ir_raw_encode_scancode+0x3e/0xb0 [rc_core] mutex_lock_nested+0x77/0x6d0 ? ir_raw_encode_scancode+0x3e/0xb0 [rc_core] ? loop_set_wakeup_filter+0x44/0xbd [rc_loopback] ir_raw_encode_scancode+0x3e/0xb0 [rc_core] loop_set_wakeup_filter+0x62/0xbd [rc_loopback] ? loop_set_tx_duty_cycle+0x70/0x70 [rc_loopback] store_filter+0x1aa/0x240 [rc_core] dev_attr_store+0x18/0x30 sysfs_kf_write+0x45/0x60 kernfs_fop_write+0x155/0x1e0 __vfs_write+0x37/0x160 ? rcu_read_lock_sched_held+0x4a/0x80 ? rcu_sync_lockdep_assert+0x2f/0x60 ? __sb_start_write+0x10c/0x220 ? vfs_write+0x195/0x1e0 ? security_file_permission+0x3b/0xc0 vfs_write+0xc8/0x1e0 SyS_write+0x58/0xc0 entry_SYSCALL_64_fastpath+0x1f/0xc2 Signed-off-by: Sean Young Signed-off-by: Mauro Carvalho Chehab drivers/media/rc/lirc_dev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2e1e4949f9dfb053122785cd73540bb1e61f768b Author: Qi Hou Date: Fri Mar 3 15:57:11 2017 +0800 i2c: add missing of_node_put in i2c_mux_del_adapters Refcount of of_node is increased with of_node_get() in i2c_mux_add_adapter(). It must be decreased with of_node_put() in i2c_mux_del_adapters(). Cc: stable@vger.kernel.org Signed-off-by: Qi Hou Reviewed-by: Zhang Xiao Signed-off-by: Peter Rosin drivers/i2c/i2c-mux.c | 2 ++ 1 file changed, 2 insertions(+) commit 0265634eb9e04a16ae99941c320718c38eb865e0 Author: Sean Young Date: Sat Feb 25 08:28:16 2017 -0300 [media] serial_ir: ensure we're ready to receive interrupts When the interrupt requested with devm_request_irq(), serial_ir.rcdev is still null so will cause null deference if the irq handler is called early on. Also ensure that timeout_timer is setup. Link: http://lkml.kernel.org/r/CA+55aFxsh2uF8gi5sN_guY3Z+tiLv7LpJYKBw+y8vqLzp+TsnQ@mail.gmail.com [mchehab@s-opensource.com: moved serial_ir_probe() back to its original place] Cc: # 4.10 Signed-off-by: Sean Young Signed-off-by: Mauro Carvalho Chehab drivers/media/rc/serial_ir.c | 123 ++++++++++++++++++++++--------------------- 1 file changed, 62 insertions(+), 61 deletions(-) commit ef65aaede23f75977af56a8c330bb9be8c6e125c Author: Sachin Prabhu Date: Wed Jan 18 15:35:57 2017 +0530 smb2: Enforce sec= mount option If the security type specified using a mount option is not supported, the SMB2 session setup code changes the security type to RawNTLMSSP. We should instead fail the mount and return an error. The patch changes the code for SMB2 to make it similar to the code used for SMB1. Like in SMB1, we now use the global security flags to select the security method to be used when no security method is specified and to return an error when the requested auth method is not available. For SMB2, we also use ntlmv2 as a synonym for nltmssp. Signed-off-by: Sachin Prabhu Acked-by: Pavel Shilovsky Acked-by: Jeff Layton Signed-off-by: Steve French fs/cifs/cifsglob.h | 3 +++ fs/cifs/cifsproto.h | 2 ++ fs/cifs/connect.c | 3 ++- fs/cifs/sess.c | 4 ++-- fs/cifs/smb1ops.c | 1 + fs/cifs/smb2ops.c | 4 ++++ fs/cifs/smb2pdu.c | 37 +++++++++++++++++++++++++++++++++---- fs/cifs/smb2proto.h | 2 ++ 8 files changed, 49 insertions(+), 7 deletions(-) commit 284316dd42a2027afe37df34c5199eb4eabed8fd Author: Steve French Date: Thu Mar 2 15:42:48 2017 -0600 CIFS: Fix sparse warnings Fix two minor sparse compile check warnings Signed-off-by: Steve French Acked-by: Pavel Shilovsky Reviewed-by: Aurelien Aptel fs/cifs/cifs_unicode.h | 6 +++--- fs/cifs/cifssmb.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit c74042f3b3ca982652af99cad85252a2655c6064 Author: Alexander Duyck Date: Fri Feb 3 09:19:40 2017 -0800 ixgbe: Limit use of 2K buffers on architectures with 256B or larger cache lines On architectures that have a cache line size larger than 64 Bytes we start running into issues where the amount of headroom for the frame starts shrinking. The size of skb_shared_info on a system with a 64B L1 cache line size is 320. This increases to 384 with a 128B cache line, and 512 with a 256B cache line. In addition the NET_SKB_PAD value increases as well consistent with the cache line size. As a result when we get to a 256B cache line as seen on the s390 we end up 768 bytes used by padding and shared info leaving us with only 1280 bytes to use for data storage. On architectures such as this we should default to using 3K Rx buffers out of a 8K page instead of trying to do 1.5K buffers out of a 4K page. To take all of this into account I have added one small check so that we compare the max_frame to the amount of actual data we can store. This was already occurring for igb, but I had overlooked it for ixgbe as it doesn't have strict limits for 82599 once we enable jumbo frames. By adding this check we will automatically enable 3K Rx buffers as soon as the maximum frame size we can handle drops below the standard Ethernet MTU. I also went through and fixed one small typo that I found where I had left an IGB in a variable name due to a copy/paste error. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) commit a528d35e8bfcc521d7cb70aaf03e1bd296c8493f Author: David Howells Date: Tue Jan 31 16:46:22 2017 +0000 statx: Add a system call to make enhanced file info available Add a system call to make extended file information available, including file creation and some attribute flags where available through the underlying filesystem. The getattr inode operation is altered to take two additional arguments: a u32 request_mask and an unsigned int flags that indicate the synchronisation mode. This change is propagated to the vfs_getattr*() function. Functions like vfs_stat() are now inline wrappers around new functions vfs_statx() and vfs_statx_fd() to reduce stack usage. ======== OVERVIEW ======== The idea was initially proposed as a set of xattrs that could be retrieved with getxattr(), but the general preference proved to be for a new syscall with an extended stat structure. A number of requests were gathered for features to be included. The following have been included: (1) Make the fields a consistent size on all arches and make them large. (2) Spare space, request flags and information flags are provided for future expansion. (3) Better support for the y2038 problem [Arnd Bergmann] (tv_sec is an __s64). (4) Creation time: The SMB protocol carries the creation time, which could be exported by Samba, which will in turn help CIFS make use of FS-Cache as that can be used for coherency data (stx_btime). This is also specified in NFSv4 as a recommended attribute and could be exported by NFSD [Steve French]. (5) Lightweight stat: Ask for just those details of interest, and allow a netfs (such as NFS) to approximate anything not of interest, possibly without going to the server [Trond Myklebust, Ulrich Drepper, Andreas Dilger] (AT_STATX_DONT_SYNC). (6) Heavyweight stat: Force a netfs to go to the server, even if it thinks its cached attributes are up to date [Trond Myklebust] (AT_STATX_FORCE_SYNC). And the following have been left out for future extension: (7) Data version number: Could be used by userspace NFS servers [Aneesh Kumar]. Can also be used to modify fill_post_wcc() in NFSD which retrieves i_version directly, but has just called vfs_getattr(). It could get it from the kstat struct if it used vfs_xgetattr() instead. (There's disagreement on the exact semantics of a single field, since not all filesystems do this the same way). (8) BSD stat compatibility: Including more fields from the BSD stat such as creation time (st_btime) and inode generation number (st_gen) [Jeremy Allison, Bernd Schubert]. (9) Inode generation number: Useful for FUSE and userspace NFS servers [Bernd Schubert]. (This was asked for but later deemed unnecessary with the open-by-handle capability available and caused disagreement as to whether it's a security hole or not). (10) Extra coherency data may be useful in making backups [Andreas Dilger]. (No particular data were offered, but things like last backup timestamp, the data version number and the DOS archive bit would come into this category). (11) Allow the filesystem to indicate what it can/cannot provide: A filesystem can now say it doesn't support a standard stat feature if that isn't available, so if, for instance, inode numbers or UIDs don't exist or are fabricated locally... (This requires a separate system call - I have an fsinfo() call idea for this). (12) Store a 16-byte volume ID in the superblock that can be returned in struct xstat [Steve French]. (Deferred to fsinfo). (13) Include granularity fields in the time data to indicate the granularity of each of the times (NFSv4 time_delta) [Steve French]. (Deferred to fsinfo). (14) FS_IOC_GETFLAGS value. These could be translated to BSD's st_flags. Note that the Linux IOC flags are a mess and filesystems such as Ext4 define flags that aren't in linux/fs.h, so translation in the kernel may be a necessity (or, possibly, we provide the filesystem type too). (Some attributes are made available in stx_attributes, but the general feeling was that the IOC flags were to ext[234]-specific and shouldn't be exposed through statx this way). (15) Mask of features available on file (eg: ACLs, seclabel) [Brad Boyer, Michael Kerrisk]. (Deferred, probably to fsinfo. Finding out if there's an ACL or seclabal might require extra filesystem operations). (16) Femtosecond-resolution timestamps [Dave Chinner]. (A __reserved field has been left in the statx_timestamp struct for this - if there proves to be a need). (17) A set multiple attributes syscall to go with this. =============== NEW SYSTEM CALL =============== The new system call is: int ret = statx(int dfd, const char *filename, unsigned int flags, unsigned int mask, struct statx *buffer); The dfd, filename and flags parameters indicate the file to query, in a similar way to fstatat(). There is no equivalent of lstat() as that can be emulated with statx() by passing AT_SYMLINK_NOFOLLOW in flags. There is also no equivalent of fstat() as that can be emulated by passing a NULL filename to statx() with the fd of interest in dfd. Whether or not statx() synchronises the attributes with the backing store can be controlled by OR'ing a value into the flags argument (this typically only affects network filesystems): (1) AT_STATX_SYNC_AS_STAT tells statx() to behave as stat() does in this respect. (2) AT_STATX_FORCE_SYNC will require a network filesystem to synchronise its attributes with the server - which might require data writeback to occur to get the timestamps correct. (3) AT_STATX_DONT_SYNC will suppress synchronisation with the server in a network filesystem. The resulting values should be considered approximate. mask is a bitmask indicating the fields in struct statx that are of interest to the caller. The user should set this to STATX_BASIC_STATS to get the basic set returned by stat(). It should be noted that asking for more information may entail extra I/O operations. buffer points to the destination for the data. This must be 256 bytes in size. ====================== MAIN ATTRIBUTES RECORD ====================== The following structures are defined in which to return the main attribute set: struct statx_timestamp { __s64 tv_sec; __s32 tv_nsec; __s32 __reserved; }; struct statx { __u32 stx_mask; __u32 stx_blksize; __u64 stx_attributes; __u32 stx_nlink; __u32 stx_uid; __u32 stx_gid; __u16 stx_mode; __u16 __spare0[1]; __u64 stx_ino; __u64 stx_size; __u64 stx_blocks; __u64 __spare1[1]; struct statx_timestamp stx_atime; struct statx_timestamp stx_btime; struct statx_timestamp stx_ctime; struct statx_timestamp stx_mtime; __u32 stx_rdev_major; __u32 stx_rdev_minor; __u32 stx_dev_major; __u32 stx_dev_minor; __u64 __spare2[14]; }; The defined bits in request_mask and stx_mask are: STATX_TYPE Want/got stx_mode & S_IFMT STATX_MODE Want/got stx_mode & ~S_IFMT STATX_NLINK Want/got stx_nlink STATX_UID Want/got stx_uid STATX_GID Want/got stx_gid STATX_ATIME Want/got stx_atime{,_ns} STATX_MTIME Want/got stx_mtime{,_ns} STATX_CTIME Want/got stx_ctime{,_ns} STATX_INO Want/got stx_ino STATX_SIZE Want/got stx_size STATX_BLOCKS Want/got stx_blocks STATX_BASIC_STATS [The stuff in the normal stat struct] STATX_BTIME Want/got stx_btime{,_ns} STATX_ALL [All currently available stuff] stx_btime is the file creation time, stx_mask is a bitmask indicating the data provided and __spares*[] are where as-yet undefined fields can be placed. Time fields are structures with separate seconds and nanoseconds fields plus a reserved field in case we want to add even finer resolution. Note that times will be negative if before 1970; in such a case, the nanosecond fields will also be negative if not zero. The bits defined in the stx_attributes field convey information about a file, how it is accessed, where it is and what it does. The following attributes map to FS_*_FL flags and are the same numerical value: STATX_ATTR_COMPRESSED File is compressed by the fs STATX_ATTR_IMMUTABLE File is marked immutable STATX_ATTR_APPEND File is append-only STATX_ATTR_NODUMP File is not to be dumped STATX_ATTR_ENCRYPTED File requires key to decrypt in fs Within the kernel, the supported flags are listed by: KSTAT_ATTR_FS_IOC_FLAGS [Are any other IOC flags of sufficient general interest to be exposed through this interface?] New flags include: STATX_ATTR_AUTOMOUNT Object is an automount trigger These are for the use of GUI tools that might want to mark files specially, depending on what they are. Fields in struct statx come in a number of classes: (0) stx_dev_*, stx_blksize. These are local system information and are always available. (1) stx_mode, stx_nlinks, stx_uid, stx_gid, stx_[amc]time, stx_ino, stx_size, stx_blocks. These will be returned whether the caller asks for them or not. The corresponding bits in stx_mask will be set to indicate whether they actually have valid values. If the caller didn't ask for them, then they may be approximated. For example, NFS won't waste any time updating them from the server, unless as a byproduct of updating something requested. If the values don't actually exist for the underlying object (such as UID or GID on a DOS file), then the bit won't be set in the stx_mask, even if the caller asked for the value. In such a case, the returned value will be a fabrication. Note that there are instances where the type might not be valid, for instance Windows reparse points. (2) stx_rdev_*. This will be set only if stx_mode indicates we're looking at a blockdev or a chardev, otherwise will be 0. (3) stx_btime. Similar to (1), except this will be set to 0 if it doesn't exist. ======= TESTING ======= The following test program can be used to test the statx system call: samples/statx/test-statx.c Just compile and run, passing it paths to the files you want to examine. The file is built automatically if CONFIG_SAMPLES is enabled. Here's some example output. Firstly, an NFS directory that crosses to another FSID. Note that the AUTOMOUNT attribute is set because transiting this directory will cause d_automount to be invoked by the VFS. [root@andromeda ~]# /tmp/test-statx -A /warthog/data statx(/warthog/data) = 0 results=7ff Size: 4096 Blocks: 8 IO Block: 1048576 directory Device: 00:26 Inode: 1703937 Links: 125 Access: (3777/drwxrwxrwx) Uid: 0 Gid: 4041 Access: 2016-11-24 09:02:12.219699527+0000 Modify: 2016-11-17 10:44:36.225653653+0000 Change: 2016-11-17 10:44:36.225653653+0000 Attributes: 0000000000001000 (-------- -------- -------- -------- -------- -------- ---m---- --------) Secondly, the result of automounting on that directory. [root@andromeda ~]# /tmp/test-statx /warthog/data statx(/warthog/data) = 0 results=7ff Size: 4096 Blocks: 8 IO Block: 1048576 directory Device: 00:27 Inode: 2 Links: 125 Access: (3777/drwxrwxrwx) Uid: 0 Gid: 4041 Access: 2016-11-24 09:02:12.219699527+0000 Modify: 2016-11-17 10:44:36.225653653+0000 Change: 2016-11-17 10:44:36.225653653+0000 Signed-off-by: David Howells Signed-off-by: Al Viro Documentation/filesystems/Locking | 3 +- Documentation/filesystems/vfs.txt | 3 +- arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + drivers/base/devtmpfs.c | 3 +- drivers/block/loop.c | 3 +- drivers/mtd/ubi/build.c | 2 +- drivers/mtd/ubi/kapi.c | 2 +- drivers/staging/lustre/lustre/llite/file.c | 9 +- .../staging/lustre/lustre/llite/llite_internal.h | 3 +- fs/9p/vfs_inode.c | 10 +- fs/9p/vfs_inode_dotl.c | 5 +- fs/afs/inode.c | 8 +- fs/afs/internal.h | 2 +- fs/bad_inode.c | 4 +- fs/btrfs/inode.c | 6 +- fs/ceph/inode.c | 6 +- fs/ceph/super.h | 4 +- fs/cifs/cifsfs.h | 2 +- fs/cifs/inode.c | 5 +- fs/coda/coda_linux.h | 2 +- fs/coda/inode.c | 7 +- fs/ecryptfs/inode.c | 13 +- fs/exportfs/expfs.c | 3 +- fs/ext4/ext4.h | 3 +- fs/ext4/inode.c | 6 +- fs/f2fs/f2fs.h | 4 +- fs/f2fs/file.c | 6 +- fs/fat/fat.h | 4 +- fs/fat/file.c | 5 +- fs/fuse/dir.c | 6 +- fs/gfs2/inode.c | 11 +- fs/kernfs/inode.c | 8 +- fs/kernfs/kernfs-internal.h | 4 +- fs/libfs.c | 12 +- fs/minix/inode.c | 11 +- fs/minix/minix.h | 2 +- fs/nfs/inode.c | 13 +- fs/nfs/namespace.c | 9 +- fs/nfsd/nfs4xdr.c | 4 +- fs/nfsd/vfs.h | 3 +- fs/ocfs2/file.c | 11 +- fs/ocfs2/file.h | 4 +- fs/orangefs/inode.c | 13 +- fs/orangefs/orangefs-kernel.h | 5 +- fs/overlayfs/copy_up.c | 6 +- fs/overlayfs/dir.c | 10 +- fs/overlayfs/inode.c | 7 +- fs/proc/base.c | 12 +- fs/proc/generic.c | 6 +- fs/proc/internal.h | 2 +- fs/proc/proc_net.c | 6 +- fs/proc/proc_sysctl.c | 5 +- fs/proc/root.c | 6 +- fs/stat.c | 214 ++++++++++++++--- fs/sysv/itree.c | 7 +- fs/sysv/sysv.h | 2 +- fs/ubifs/dir.c | 6 +- fs/ubifs/ubifs.h | 4 +- fs/udf/symlink.c | 5 +- fs/xfs/xfs_iops.c | 9 +- include/linux/fs.h | 35 ++- include/linux/nfs_fs.h | 2 +- include/linux/stat.h | 24 +- include/linux/syscalls.h | 3 + include/uapi/linux/fcntl.h | 5 + include/uapi/linux/stat.h | 131 +++++++++++ mm/shmem.c | 6 +- samples/Kconfig | 6 + samples/Makefile | 2 +- samples/statx/Makefile | 10 + samples/statx/test-statx.c | 254 +++++++++++++++++++++ 72 files changed, 822 insertions(+), 214 deletions(-) commit c82be9d2244aacea9851c86f4fb74694c99cd874 Merge: 3f80dd6 6bff9c6 Author: Linus Torvalds Date: Thu Mar 2 17:41:27 2017 -0800 Merge tag 'pm-turbostat-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull turbostat utility updates from Rafael Wysocki: "Power management turbostat utility updates. These update turbostat significantly and in particular: - default output is now verbose, --debug is no longer required to get all counters. As a result, some options have been added to specify exactly what output is wanted. - added --quiet to skip system configuration output - added --list, --show and --hide parameters - added --cpu parameter - enhanced Baytrail SoC support - added Gemini Lake SoC support - added sysfs C-state columns Also the symbol definitions in arch/x86/include/asm/intel-family.h and arch/x86/include/asm/msr-index.h are updated and the intel_idle and intel_pstate drivers are modified to use the updated symbols. Credits to Len Brown for all of these changes" * tag 'pm-turbostat-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (44 commits) tools/power turbostat: version 17.02.24 tools/power turbostat: bugfix: --add u32 was printed as u64 tools/power turbostat: show error on exec tools/power turbostat: dump p-state software config tools/power turbostat: show package number, even without --debug tools/power turbostat: support "--hide C1" etc. tools/power turbostat: move --Package and --processor into the --cpu option tools/power turbostat: turbostat.8 update tools/power turbostat: update --list feature tools/power turbostat: use wide columns to display large numbers tools/power turbostat: Add --list option to show available header names tools/power turbostat: fix zero IRQ count shown in one-shot command mode tools/power turbostat: add --cpu parameter tools/power turbostat: print sysfs C-state stats tools/power turbostat: extend --add option to accept /sys path tools/power turbostat: skip unused counters on BDX tools/power turbostat: fix decoding for GLM, DNV, SKX turbo-ratio limits tools/power turbostat: skip unused counters on SKX tools/power turbostat: Denverton: use HW CC1 counter, skip C3, C7 tools/power turbostat: initial Gemini Lake SOC support ... commit 3f80dd67c367878aaad16e458eebc3c8980bb841 Merge: 080e416 0cb3b79 Author: Linus Torvalds Date: Thu Mar 2 17:38:30 2017 -0800 Merge tag 'acpi-extra-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fix from Rafael Wysocki: "This fixes an apparent, but actually artificial, resource conflict between the ACPI NVS memory region and the ACPI BERT (Boot Error Record Table) address range (Huang Ying)" * tag 'acpi-extra-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: APEI: Fix BERT resources conflict with ACPI NVS area commit 080e4168c0834ccc853c48259e16a5c556c7ecba Merge: bbe08c0 9b5e9cb Author: Linus Torvalds Date: Thu Mar 2 17:33:52 2017 -0800 Merge tag 'pm-extra-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull more power management updates deom Rafael Wysocki: "These fix two bugs introduced by recent power management updates (in the cpuidle menu governor and intel_pstate) and a few other issues, clean up things and remove unused code. Specifics: - Fix for a cpuidle menu governor problem that started to take an unnecessary spinlock after one of the recent updates and that did not play well with the RT patch (Rafael Wysocki). - Fix for the new intel_pstate operation mode switching feature added recently that did not reinitialize P-state limits properly when switching operation modes (Rafael Wysocki). - Removal of unused global notifiers from the PM QoS framework (Viresh Kumar). - Generic power domains framework update to make it handle asynchronous invocations of PM callbacks in the "noirq" phases of system suspend/hibernation correctly (Ulf Hansson). - Two hibernation core cleanups (Rafael Wysocki). - intel_idle cleanup related to the sysfs interface (Len Brown). - Off-by-one bug fix in the OPP (Operating Performance Points) framework (Andrzej Hajda). - OPP framework's documentation fix (Viresh Kumar). - cpufreq qoriq driver cleanup (Tang Yuantian). - Fixes for typos in comments in the device runtime PM framework (Christophe Jaillet)" * tag 'pm-extra-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: PM / OPP: Documentation: Fix opp-microvolt in examples intel_idle: stop exposing platform acronyms in sysfs cpufreq: intel_pstate: Fix limits issue with operation mode switching PM / hibernate: Define pr_fmt() and use pr_*() instead of printk() PM / hibernate: Untangle power_down() cpuidle: menu: Avoid taking spinlock for accessing QoS values PM / QoS: Remove global notifiers PM / runtime: Fix some typos cpufreq: qoriq: clean up unused code PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop PM / Domains: Power off masters immediately in the power off sequence PM / Domains: Rename is_async to one_dev_on for genpd_power_off() PM / Domains: Move genpd_power_off() above genpd_power_on() commit d3aa9c9f212a729e46653d4c1eb6a9ab190efe3a Author: Paolo Abeni Date: Thu Dec 15 15:20:34 2016 +0100 ixgbe: update the rss key on h/w, when ethtool ask for it Currently ixgbe_set_rxfh() updates the rss_key copy in the driver memory, but does not push the new value into the h/w. This commit add a new helper for the latter operation and call it in ixgbe_set_rxfh(), so that the h/w rss key value can be really updated via ethtool. Signed-off-by: Paolo Abeni Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe.h | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 4 +++- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 19 ++++++++++++++++--- 3 files changed, 20 insertions(+), 4 deletions(-) commit 5eca1c10cbaa9c366c18ca79f81f21c731e3dcc7 Author: Ingo Molnar Date: Mon Feb 6 22:06:35 2017 +0100 sched/headers: Clean up Now that dependencies have been sorted out, do various trivial cleanups: - remove unnecessary structure predeclarations - fix various typos - update comments where necessary - remove pointless comments - use consistent types - tabulate consistently - use a consistent comment style - clean up the header section a bit - use a consistent style of a single field per line - remove line-breaks where they make the code look worse - etc ... No change in functionality. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 1222 ++++++++++++++++++++++++++----------------------- 1 file changed, 651 insertions(+), 571 deletions(-) commit 7f5f8e8d97d77edf33f2836259d1f19c6f4d94f5 Author: Ingo Molnar Date: Mon Feb 6 11:44:12 2017 +0100 sched/headers: Remove #ifdefs from We can remove two pairs of #ifdefs by defining structures in a smarter way. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit ee6a3d19f15b9b10075481088b8d4537f286d7b4 Author: Ingo Molnar Date: Mon Feb 6 10:01:09 2017 +0100 sched/headers: Remove the include from It's used only by a single (rarely used) inline function (task_node(p)), which we can move to . ( Add , because we rely on that. ) Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar arch/mips/sgi-ip27/ip27-smp.c | 1 + include/linux/sched.h | 7 +------ include/linux/sched/topology.h | 7 +++++++ 3 files changed, 9 insertions(+), 6 deletions(-) commit 283cb90305cf1686594ed537c7a8cb188eba1a4d Author: Ingo Molnar Date: Mon Feb 6 09:59:47 2017 +0100 sched/headers, hrtimer: Remove the include from In our quest to simplify 's header dependencies, remove the inclusion from - which does not appear to be necessary, as hrtimer.h does not use waitqueues. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/hrtimer.h | 1 - 1 file changed, 1 deletion(-) commit 1a79a72c65b8f1b4f44e166d1fb5cad560461b26 Author: Ingo Molnar Date: Mon Feb 6 09:58:35 2017 +0100 sched/headers, x86/apic: Remove the header inclusion from We want to simplify 's header dependencies, but one roadblock to that is 's inclusion of pm.h, which brings in other, problematic headers. Remove it, as it appears to be entirely spurious, apic.h does not actually make use of any PM facilities. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar arch/x86/include/asm/apic.h | 1 - 1 file changed, 1 deletion(-) commit b2d5bfea2d00a0000da18f7667c2b0e2c2f168d9 Author: Ingo Molnar Date: Mon Feb 6 09:56:40 2017 +0100 sched/headers, timers: Remove the include from So we want to simplify 's header dependencies, but one roadblock of that is 's inclusion of sysctl.h, which brings in other, problematic headers. Note that timer.h's inclusion of sysctl.h can be avoided if we pre-declare ctl_table - so do that. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/timer.h | 2 +- include/linux/user_namespace.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 50ff9d130014f7b19541dbf607a615a72b75b778 Author: Ingo Molnar Date: Sun Feb 5 16:03:58 2017 +0100 sched/headers: Remove from It's not used by any of the scheduler methods, but needs it to pick up STACK_END_MAGIC. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 1 - kernel/cgroup/cgroup-v1.c | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) commit 5c0d0f36414f9f8a292b42e797f9284b127d79c2 Author: Ingo Molnar Date: Wed Feb 8 18:51:59 2017 +0100 sched/headers: Remove from The file is a self-contained header and users of it either don't need - or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/init.h | 2 -- 1 file changed, 2 deletions(-) commit 2c873d55cd838deef8218b6d5fe9bd336cb3113a Author: Ingo Molnar Date: Sun Feb 5 12:11:03 2017 +0100 sched/core: Remove unused prefetch_stack() prefetch_stack() is defined by IA64, but not actually used anywhere anymore. Remove it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar arch/ia64/include/asm/processor.h | 2 -- arch/ia64/kernel/entry.S | 23 ----------------------- include/linux/sched.h | 6 ------ 3 files changed, 31 deletions(-) commit b68070e146b9c2b4ece8d869a4fab9a4f14bbfb4 Author: Ingo Molnar Date: Sat Feb 4 01:27:20 2017 +0100 sched/headers: Remove from We don't actually need the full rculist.h header anymore, include the smaller rcupdate.h header instead. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1d1954e038435765a623884b626731784cde768f Author: Ingo Molnar Date: Sat Feb 4 01:16:15 2017 +0100 sched/headers: Remove the 'init_pid_ns' prototype from pid.h already defines it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 2 -- 1 file changed, 2 deletions(-) commit 192c9414516e7178a44f9ed48d47501c4c19771c Author: Ingo Molnar Date: Fri Feb 3 23:47:37 2017 +0100 sched/headers: Remove from Instead of including the full , only include the types-only header in , to further decouple the scheduler header from the signal headers. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 1 - 1 file changed, 1 deletion(-) commit cd9c513be34ceaae8bf211474b91b6897574efdd Author: Ingo Molnar Date: Wed Feb 8 18:51:58 2017 +0100 sched/headers: Remove from This is a stray header that is not needed by anything in sched.h, so remove it. Update files that relied on the stray inclusion. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 2 -- include/linux/user_namespace.h | 1 + kernel/utsname_sysctl.c | 1 + 3 files changed, 2 insertions(+), 2 deletions(-) commit fae3c30c2d1ae3ff93877f64e5d55e2443d8f82f Author: Ingo Molnar Date: Wed Feb 8 12:00:08 2017 +0100 sched/headers: Remove the runqueue_is_locked() prototype Remove the runqueue_is_locked() prototype, the function does not exist anymore. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 2 -- 1 file changed, 2 deletions(-) commit a906086ef35129d522047a296e7c4237af75fdcb Author: Ingo Molnar Date: Wed Feb 8 18:51:57 2017 +0100 sched/headers: Remove from The file is a self-contained header and users of it either don't need - or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/hotplug.h | 2 -- 1 file changed, 2 deletions(-) commit 4f079e98a0db5f067c0981a526ff8938e21c52e2 Author: Ingo Molnar Date: Wed Feb 8 18:51:57 2017 +0100 sched/headers: Remove from The file is a self-contained header and users of it either don't need - or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/debug.h | 2 -- 1 file changed, 2 deletions(-) commit b0145d9b332a5117bd0abbb980ab89586a1d5f6c Author: Ingo Molnar Date: Wed Feb 8 18:51:57 2017 +0100 sched/headers: Remove from The file is a self-contained header and users of it either don't need - or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/nohz.h | 2 -- 1 file changed, 2 deletions(-) commit dc1995392d79b0eeee147a792482b991f74c1494 Author: Ingo Molnar Date: Wed Feb 8 18:51:57 2017 +0100 sched/headers: Remove from The file is a largely self-contained header and users of it either don't need - or have already included it. ( Keep the dependency.) This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/stat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f0a0eb699967f4f51567b563818bafe4017bef73 Author: Ingo Molnar Date: Thu Feb 2 20:56:33 2017 +0100 sched/headers: Remove the include from This reduces sched.h header dependencies. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 1 - 1 file changed, 1 deletion(-) commit 9c6da18109d603a99915b257929c0370c9d3ae40 Author: Ingo Molnar Date: Fri Feb 3 10:08:30 2017 +0100 sched/headers: Remove from This reduces header dependencies. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 1 - 1 file changed, 1 deletion(-) commit f780d89a0e820a529cf91fb78b52565e1b37b774 Author: Ingo Molnar Date: Fri Feb 3 10:03:42 2017 +0100 sched/headers: Remove from This reduces header dependencies. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar arch/sh/include/asm/fpu.h | 2 ++ arch/sh/mm/extable_32.c | 2 ++ include/linux/sched.h | 1 - 3 files changed, 4 insertions(+), 1 deletion(-) commit e26512fea5bcd6602dbf02a551ed073cd4529449 Author: Ingo Molnar Date: Thu Feb 2 17:54:15 2017 +0100 sched/headers: Remove inclusion from This reduces header dependencies and speeds up the build. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 1 - 1 file changed, 1 deletion(-) commit 71af2ed5eeea639339e3a1497a0196bab7de4b57 Author: Ingo Molnar Date: Fri Feb 3 09:57:00 2017 +0100 kasan, sched/headers: Remove from is a low level header that is included early in affected kernel headers. But it includes which complicates the cleanup of sched.h dependencies. Remove it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/kasan.h | 1 - 1 file changed, 1 deletion(-) commit ed53742d793bd92ed32114081370b199dc94467d Author: Ingo Molnar Date: Wed Feb 8 18:51:55 2017 +0100 sched/headers: Remove from Make the file a self-contained header and remove the dependency: users of it either don't need - or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/cpufreq.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit aa829c7679a13fca667f772db1f0ea03adc29122 Author: Ingo Molnar Date: Thu Feb 2 11:54:05 2017 +0100 sched/headers: Remove from It's not used by anything in anymore. This reduces the preprocessed size of and speeds up the build a bit. Also fix code that implicitly relied on headers included by . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 1 - include/target/target_core_base.h | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) commit ac4e620967bb72f86371154935aa8b67cf54e225 Author: Ingo Molnar Date: Thu Feb 2 11:44:31 2017 +0100 sched/headers: Remove #include from The header does not actually make use of any types or APIs defined in , so remove its inclusion. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 1 - 1 file changed, 1 deletion(-) commit de8deb0ad79f8a49cea5110c006c8676a11611f7 Author: Ingo Molnar Date: Wed Feb 8 18:51:55 2017 +0100 sched/headers: Remove from If we add then becomes a self-contained header and users of it either don't need or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/user.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 556725839e543bc2b45bd73121c0b1c1d6c23714 Author: Ingo Molnar Date: Thu Feb 2 10:31:24 2017 +0100 sched/headers: Remove unused 'task_can_switch_user()' prototype The function does not exist anymore. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 3 --- 1 file changed, 3 deletions(-) commit ae1cc8823204bb938d039afa43c28a84591ada9f Author: Ingo Molnar Date: Wed Feb 8 18:51:54 2017 +0100 sched/headers: Remove from The file is a self-contained header and users of it either don't need - or have already included it. Include . This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/coredump.h | 1 - 1 file changed, 1 deletion(-) commit b8d6d80b37a98e3910f1b4e799f8ebea88e94bfa Author: Ingo Molnar Date: Wed Feb 8 18:51:54 2017 +0100 sched/headers: Remove from The file is a self-contained header and users of it either don't need - or have already included it. Include kernel.h and atomic.h. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched/mm.h | 2 ++ 1 file changed, 2 insertions(+) commit 5fd73157bdfb57370b69be7c0067f08e610e7daa Author: Ingo Molnar Date: Wed Feb 8 18:51:54 2017 +0100 sched/headers: Remove from The file is a largely self-contained header and users of it either don't need - or have already included it. Add a 'task_struct' predeclaration to make it build standalone. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched/autogroup.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 5a2d6880f461faa416c0d329d46a128cf342c1eb Author: Ingo Molnar Date: Wed Feb 8 18:51:54 2017 +0100 sched/headers: Remove from The file is a self-contained header and users of it either don't need - or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched/loadavg.h | 2 -- 1 file changed, 2 deletions(-) commit cc689c5b352d4a7510b11c975c5c94d4785b37e7 Author: Ingo Molnar Date: Wed Feb 1 16:36:40 2017 +0100 sched/headers: Remove and from The file is a self-contained header and users of it either don't need and - or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/delayacct.h | 2 -- include/linux/fault-inject.h | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) commit ea94763950e49d1aa622c59218ee2fc3b434ba6b Author: Ingo Molnar Date: Wed Feb 1 16:36:40 2017 +0100 sched/headers: Remove from The file is a largely self-contained header and users of it either don't need - or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/clock.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f411229e1dd623a3dee623824d094546789977e0 Author: Ingo Molnar Date: Wed Feb 1 18:49:05 2017 +0100 sched/headers: Remove tsk_is_polling() It's not used by anything. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched/idle.h | 5 ----- 1 file changed, 5 deletions(-) commit c03cb28e7c44055cd00d11b8581b9fa46a3e3764 Author: Ingo Molnar Date: Wed Feb 1 16:36:40 2017 +0100 sched/headers: Remove from The file is a self-contained header and users of it either don't need - or have already included it. This reduces the size of the header dependency graph. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched/topology.h | 2 -- 1 file changed, 2 deletions(-) commit 6f175fc9536355d8aa5c2d4854848a97c244a031 Author: Ingo Molnar Date: Mon Feb 6 11:12:45 2017 +0100 sched/headers: Move the sched_exec() prototype to sched_exec() better fits into the task lifetime APIs than into the core scheduler APIs. This reduces the size of a bit. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 7 ------- include/linux/sched/task.h | 7 +++++++ 2 files changed, 7 insertions(+), 7 deletions(-) commit cda66725c1444db67127115d611c982b62b45d8c Author: Ingo Molnar Date: Sun Feb 5 15:30:50 2017 +0100 sched/headers: Move the get_task_struct()/put_task_struct() and related APIs from to These belong into the task lifetime API header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 14 -------------- include/linux/sched/task.h | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 14 deletions(-) commit dcc2dc45f7cf267d37843059ff75b70260596c69 Author: Ingo Molnar Date: Sun Feb 5 15:05:49 2017 +0100 sched/headers, mm: Move 'struct tlbflush_unmap_batch' from to Unclutter some more. Also move the CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH condition inside the structure body definition, to remove a pair of #ifdefs from sched.h. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/mm_types_task.h | 22 ++++++++++++++++++++++ include/linux/sched.h | 21 --------------------- 2 files changed, 22 insertions(+), 21 deletions(-) commit 93b5a9a7051e51ce50109046af0235268a261ba0 Author: Ingo Molnar Date: Sun Feb 5 14:53:36 2017 +0100 sched/headers, timekeeping: Move the timer tick function prototypes to Move the update_process_times() and xtime_update() prototypes to . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 1 - include/linux/time.h | 2 -- include/linux/timekeeping.h | 4 ++++ 3 files changed, 4 insertions(+), 3 deletions(-) commit c5a21921d55a2aee9d1e031a78cef6cda3eab78b Author: Ingo Molnar Date: Sun Feb 5 14:47:12 2017 +0100 sched/headers: Move _init() prototypes from to trap_init() and cpu_init() belong into , sched_init*() into . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 5 ----- include/linux/sched/init.h | 7 +++++++ 2 files changed, 7 insertions(+), 5 deletions(-) commit 42011db0ed5a9c92b1281e1300eb3d026f3764a8 Author: Ingo Molnar Date: Sun Feb 5 14:35:41 2017 +0100 sched/headers: Move exit_files() and exit_itimers() from to These two functions are task management related, not core scheduler APIs. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 4 ---- include/linux/sched/task.h | 3 +++ 2 files changed, 3 insertions(+), 4 deletions(-) commit 9049863a32fad5d7158318e45f0a41a0f2192c0c Author: Ingo Molnar Date: Sun Feb 5 14:31:22 2017 +0100 sched/headers: Move kstack_end() from to This is a task-stack related API, not core scheduler functionality. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 10 ---------- include/linux/sched/task_stack.h | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) commit 28851755990c832d7050d5e1e2c91ed9d9e6fe59 Author: Ingo Molnar Date: Sun Feb 5 14:24:31 2017 +0100 sched/headers, vfs/execve: Move the do_execve*() prototypes from to These are not scheduler related. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/binfmts.h | 10 ++++++++++ include/linux/sched.h | 8 -------- 2 files changed, 10 insertions(+), 8 deletions(-) commit a2d7a7463c38dd14b845721aac3583a26a97c66d Author: Ingo Molnar Date: Sun Feb 5 12:07:04 2017 +0100 sched/headers: Move sched_info_on() and force_schedstat_enabled() from to These APIs are not core scheduler but scheduler statistics related. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 16 ---------------- include/linux/sched/stat.h | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 16 deletions(-) commit 1050b27c52f615bc0e772b3119881e5304ccde6b Author: Ingo Molnar Date: Sun Feb 5 11:48:36 2017 +0100 sched/headers: Move cputime functionality from and into Move cputime related functionality out of , as most code that includes does not use that functionality. Move data types that are not included in task_struct directly to the signal definitions, into . Also merge the (small) existing header into . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/cputime.h | 13 --- include/linux/sched.h | 89 --------------------- include/linux/sched/cputime.h | 182 +++++++++++++++++++++++++++++++++++++++++- include/linux/sched/signal.h | 33 ++++++++ kernel/sched/stats.h | 111 -------------------------- 5 files changed, 214 insertions(+), 214 deletions(-) commit 56cd697366b6d6f67acb6c58ac7f3b185d11ef07 Author: Ingo Molnar Date: Mon Feb 6 10:57:33 2017 +0100 sched/headers: Move the task_lock()/unlock() APIs to The task_lock()/task_unlock() APIs are not realated to core scheduling, they are task lifetime APIs, i.e. they belong into . Move them. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 20 -------------------- include/linux/sched/task.h | 20 ++++++++++++++++++++ kernel/cgroup/cgroup-v1.c | 1 + kernel/cgroup/namespace.c | 2 +- 4 files changed, 22 insertions(+), 21 deletions(-) commit cdc75e9f7b14f29efcf4b162a3c673733e96db79 Author: Ingo Molnar Date: Sat Feb 4 01:20:53 2017 +0100 sched/headers: Move 'init_task' and 'init_thread_union' from to 'init_task' is really not part of core scheduler APIs but part of the fork() interface between the scheduler and process management. So move the declarations. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 3 --- include/linux/sched/task.h | 6 ++++++ 2 files changed, 6 insertions(+), 3 deletions(-) commit 77ba809e8b39b4e384df0433e2bd3dd0907dad29 Author: Ingo Molnar Date: Sat Feb 4 00:16:44 2017 +0100 sched/headers: Remove the dependency from Use the freshly introduced, reduced size header instead. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar drivers/video/fbdev/auo_k190x.c | 1 + include/linux/sched.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) commit 9e7d2e44dd88ba7e29c165b6fca428e384afa5a8 Author: Ingo Molnar Date: Sat Feb 4 00:12:19 2017 +0100 mm/headers, sched/headers: Move task related MM types from to Separate all the MM types that are embedded directly in 'struct task_struct' into the header. The goal is to include this header in , not the full header, to reduce the size, complexity and coupling of . (This patch does not change yet.) Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/mm_types.h | 49 -------------------------------------- include/linux/mm_types_task.h | 55 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 49 deletions(-) commit 76960dbf9b235b957d9d730be2c6c2a70f709026 Author: Ingo Molnar Date: Fri Feb 3 23:43:50 2017 +0100 signals: Move signal data types from to Separate out just the pure data types - sched.h will be able to use this reduced size header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/signal.h | 54 ---------------------------------------- include/linux/signal_types.h | 59 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 54 deletions(-) commit 70806b21e4d64f01193a2b64a053b75ff53a2b10 Author: Ingo Molnar Date: Fri Feb 3 23:15:21 2017 +0100 sched/headers: Move the 'root_task_group' declaration to Also remove the duplicate declaration from . ( That declaration was originally duplicated for dependency hell reasons, but there's no problem including the much smaller header now, to pick up the right prototype. ) Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/init_task.h | 2 -- include/linux/sched.h | 4 ---- include/linux/sched/autogroup.h | 5 +++++ 3 files changed, 5 insertions(+), 6 deletions(-) commit f3ac60671954c8d413532627b1be13a76f394c49 Author: Ingo Molnar Date: Fri Feb 3 22:59:33 2017 +0100 sched/headers: Move task-stack related APIs from to Split out the task->stack related functionality, which is not really part of the core scheduler APIs. Only keep task_thread_info() because it's used by sched.h. Update the code that uses those facilities. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/mips/kernel/smp-cps.c | 2 +- arch/mips/sibyte/sb1250/smp.c | 2 +- include/linux/sched.h | 115 +++------------------------------------ include/linux/sched/task_stack.h | 104 +++++++++++++++++++++++++++++++++++ 4 files changed, 115 insertions(+), 108 deletions(-) commit d04b0ad37e4b6ac39a56c823ae76ab37cd044dc7 Author: Ingo Molnar Date: Fri Feb 3 22:07:57 2017 +0100 sched/headers: Move the PREEMPT_COUNT defines from to These defines are not really part of the scheduler's driver API, but are related to the preempt count - so move them to . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/preempt.h | 21 +++++++++++++++++++++ include/linux/sched.h | 21 --------------------- 2 files changed, 21 insertions(+), 21 deletions(-) commit c7af7877eeacfeaaf6a1b6f54c481292ef116837 Author: Ingo Molnar Date: Fri Feb 3 22:01:58 2017 +0100 sched/core: Move, sort and clean up structure predeclarations Most of the structure predeclarations were at the head of sched.h, but not all of them - there were a number of lines spread around sched.h, in random places. Move them to the head, and also sort them alphabetically. Remove unused entries. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 56 +++++++++++++++++++++------------------------------ 1 file changed, 23 insertions(+), 33 deletions(-) commit 6bfbaa51ed47774492d83d182a86068cc35aa4c6 Author: Ingo Molnar Date: Fri Feb 3 21:37:49 2017 +0100 sched/headers, RCU: Move rcu_copy_process() from to kernel/fork.c Move rcu_copy_process() into kernel/fork.c, which is the only user of this inline function. This simplifies to the level that does not have to be included in it anymore - which change is done in a subsequent patch. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched/task.h | 15 --------------- kernel/fork.c | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 15 deletions(-) commit 901b14bd946a8b7ea211105b6207e082ddd36846 Author: Ingo Molnar Date: Fri Feb 3 15:24:12 2017 +0100 sched/headers: Move task lifetime APIs from to There's a fair amount of task lifetime management (a.k.a fork()/exit()) related APIs in , but only a small fraction of the users of the generic sched.h header make use of them. Move these functions to the header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 91 ------------------------------------------- include/linux/sched/task.h | 97 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+), 91 deletions(-) commit 0ca0156973a47e689f3bc817e26e15fff3f84eec Author: Ingo Molnar Date: Fri Feb 3 14:52:01 2017 +0100 sched/headers: Split hotplug CPU interfaces out of into Split the CPU hotplug scheduler APIs out of the common header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 15 --------------- include/linux/sched/hotplug.h | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 15 deletions(-) commit 70b8157e61d0143fb44ae9482557d7aca365da3d Author: Ingo Molnar Date: Fri Feb 3 12:11:00 2017 +0100 sched/headers: Move include from the middle of to the header portion Linux-0.01 already defined 'current' in the middle of sched.h, so this is an ancient historical precedent - but still in a modern kernel it looks a bit weird that we have: #include in the middle of the header. Move it further up. If this was done for some obscure dependency reasons then we'll trigger and document it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 63cc9d6fca8c220c2406f1376100a9acb55197af Author: Ingo Molnar Date: Fri Feb 3 12:04:39 2017 +0100 sched/headers, time/timekeeping: Move the xtime_update() prototype from to This was in only for hysterical raisins. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 2 -- include/linux/time.h | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) commit d3d1e320d43a7bad9603acf0214406a1e8795c63 Author: Ingo Molnar Date: Fri Feb 3 11:16:09 2017 +0100 sched/headers: Move debugging functions from to Collect the various scheduler and task state debugging APIs scattered around into the new header. In particular the show_regs() and show_stack() prototype affects many files, update them. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 36 ----------------------------------- include/linux/sched/debug.h | 46 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 36 deletions(-) commit 752b3ca734cbc17c0456b846ae886c0ed39c5703 Author: Ingo Molnar Date: Fri Feb 3 11:12:59 2017 +0100 sched/headers: Move the NOHZ APIs from to There's a number of NOHZ/dyntics related functionality in , but only a handful of timer files are making use of them. Move them into their own header. This better documents these APIs and unclutters . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 35 ----------------------------------- include/linux/sched/nohz.h | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 35 deletions(-) commit 3605df49556ebb7641d1f8ec2e7eeecf4dd734bf Author: Ingo Molnar Date: Fri Feb 3 11:03:12 2017 +0100 sched/headers: Move task statistics APIs from to There are a number of task statistics related variables and methods exported via sched.h - collect them into and include it from their usage sites. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/s390/appldata/appldata_base.c | 1 + include/linux/sched.h | 10 ---------- include/linux/sched/stat.h | 18 ++++++++++++++++++ 3 files changed, 19 insertions(+), 10 deletions(-) commit 74444edaa0b2ef946e846d5ddf1ba90efcd7c200 Author: Ingo Molnar Date: Thu Feb 2 20:43:54 2017 +0100 sched/headers: Move the memalloc_noio_*() APIs to In preparation to remove the include from . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 22 ---------------------- include/linux/sched/mm.h | 22 ++++++++++++++++++++++ 2 files changed, 22 insertions(+), 22 deletions(-) commit 2a1f062a4acf0be50516ceece92a7182a173d55a Author: Ingo Molnar Date: Thu Feb 2 19:15:33 2017 +0100 sched/headers: Move signal wakeup & sigpending methods from into This reduces the size of . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 51 ------------------------------------------ include/linux/sched/signal.h | 53 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 52 insertions(+), 52 deletions(-) commit 9a07000400c853c57477c2a5138ae9f556c40897 Author: Ingo Molnar Date: Thu Feb 2 19:10:05 2017 +0100 sched/headers: Move CONFIG_TASK_XACCT bits from to The CONFIG_TASK_XACCT=y accounting inline functions are only used by fs/read_write.c, so move them into their separate header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 38 -------------------------------------- include/linux/sched/xacct.h | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 38 deletions(-) commit 30a1baab81189f01c427c4939610b2dde2dbec37 Author: Ingo Molnar Date: Fri Feb 3 10:06:45 2017 +0100 sched/headers: Remove various unrelated headers from Remove the following header inclusions from : #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include because they are either not required, or are already included naturally as part of the remaining headers. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 28 ---------------------------- 1 file changed, 28 deletions(-) commit c41cfc6c5ba46050b416c0b0b2621cbe68c4669c Author: Ingo Molnar Date: Thu Feb 2 12:45:58 2017 +0100 sched/headers: Move the JOBCTL_ defines and methods from to Only a small fraction of sched.h users actually utilizes these defines, and they are not scheduler functionality in any case, so move them into their separate header. (Also make a self-contained header.) Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 30 ------------------------------ include/linux/sched/jobctl.h | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 30 deletions(-) commit 5647028d550c959577527cec9c0f29fbcea029ea Author: Ingo Molnar Date: Thu Feb 2 12:39:17 2017 +0100 sched/headers: Move the NUMA balancing interfaces from to Split out the interface between the scheduler and the MM which deals with page fault driven NUMA balancing, into the new header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 35 ------------------------------- include/linux/sched/numa_balancing.h | 40 ++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 35 deletions(-) commit d026ce796cbca3c49678a68bb4a39fb4b9cf8192 Author: Ingo Molnar Date: Thu Feb 2 12:32:21 2017 +0100 sched/headers: Move in_vfork() from to The in_vfork() function deals with task->mm, so it better belongs into . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 26 -------------------------- include/linux/sched/mm.h | 26 ++++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 26 deletions(-) commit abe722a1c59728c6c0ea4e4d5efcfe397c8abebc Author: Ingo Molnar Date: Thu Feb 2 12:27:56 2017 +0100 sched/headers: Move the 'init_mm' declaration from to Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/mm_types.h | 2 ++ include/linux/sched.h | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) commit 4240c8bf877f1145571106a2934c5cea0b51b178 Author: Ingo Molnar Date: Thu Feb 2 12:18:24 2017 +0100 sched/headers: Move more mm_struct related functionality from to Neither the mmap_layout nor the mm_update_next_owner() methods need to be in - move them to the more appropriate header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 21 --------------------- include/linux/sched/mm.h | 21 +++++++++++++++++++++ 2 files changed, 21 insertions(+), 21 deletions(-) commit 7284c6d419b5a6ae9806927f1fd4f0cfd19a16f5 Author: Ingo Molnar Date: Thu Feb 2 12:14:19 2017 +0100 sched/headers: Move the cpufreq interfaces to No need to have this in the generic header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 17 ----------------- include/linux/sched/cpufreq.h | 21 +++++++++++++++++++++ 2 files changed, 21 insertions(+), 17 deletions(-) commit 8d88460edc05224b8d7ae3372173153876a02825 Author: Ingo Molnar Date: Thu Feb 2 12:06:10 2017 +0100 sched/headers: Move 'struct pacct_struct' and 'struct cpu_itimer' form to These structures are actually part of 'struct signal', so move them to where they belong. This further decreases the size and complexity of . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 13 ------------- include/linux/sched/signal.h | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 13 deletions(-) commit d151b27d3f86589308cd8c891fdfd2db5f8e80d6 Author: Ingo Molnar Date: Thu Feb 2 11:17:23 2017 +0100 sched/headers: Move softlockup detector watchdog methods to These methods don't belong into , they are neither directly related to task_struct or are scheduler functionality. Put them next to the other watchdog methods in . ( Arguably that header's name is a misnomer, and this patch makes it more so - but it should be renamed in another patch. ) Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/nmi.h | 37 +++++++++++++++++++++++++++++++++++++ include/linux/sched.h | 37 ------------------------------------- 2 files changed, 37 insertions(+), 37 deletions(-) commit bcbb6a5bf7df6e37ba652d1f426eab042ec4f56b Author: Ingo Molnar Date: Thu Feb 2 10:22:42 2017 +0100 sched/headers: Move 'struct user_struct' definition and APIs to the new header 'struct user_struct' was added to sched.h historically, but it's actually entirely independent of task_struct and of scheduler details, so move it to its own header. Fix up .c files using those facilities. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 53 --------------------------------------------- include/linux/sched/user.h | 54 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 53 deletions(-) commit c3edc4010e9d102eb7b8f17d15c2ebc425fed63c Author: Ingo Molnar Date: Thu Feb 2 08:35:14 2017 +0100 sched/headers: Move task_struct::signal and task_struct::sighand types and accessors into task_struct::signal and task_struct::sighand are pointers, which would normally make it straightforward to not define those types in sched.h. That is not so, because the types are accompanied by a myriad of APIs (macros and inline functions) that dereference them. Split the types and the APIs out of sched.h and move them into a new header, . With this change sched.h does not know about 'struct signal' and 'struct sighand' anymore, trying to put accessors into sched.h as a test fails the following way: ./include/linux/sched.h: In function ‘test_signal_types’: ./include/linux/sched.h:2461:18: error: dereferencing pointer to incomplete type ‘struct signal_struct’ ^ This reduces the size and complexity of sched.h significantly. Update all headers and .c code that relied on getting the signal handling functionality from to include . The list of affected files in the preparatory patch was partly generated by grepping for the APIs, and partly by doing coverage build testing, both all[yes|mod|def|no]config builds on 64-bit and 32-bit x86, and an array of cross-architecture builds. Nevertheless some (trivial) build breakage is still expected related to rare Kconfig combinations and in-flight patches to various kernel code, but most of it should be handled by this patch. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arm/nwfpe/fpmodule.c | 2 +- arch/sh/kernel/cpu/sh4/fpu.c | 3 +- drivers/net/tap.c | 2 +- include/linux/sched.h | 499 +----------------------------------------- include/linux/sched/signal.h | 502 +++++++++++++++++++++++++++++++++++++++++++ kernel/cgroup/cgroup-v1.c | 1 + mm/vmalloc.c | 2 +- net/smc/af_smc.c | 2 + net/smc/smc_clc.c | 2 + net/smc/smc_close.c | 2 + net/smc/smc_rx.c | 2 + net/smc/smc_tx.c | 2 + 12 files changed, 520 insertions(+), 501 deletions(-) commit 11701c6768367294c5086738d49196192aaf3d60 Author: Ingo Molnar Date: Wed Feb 1 19:21:47 2017 +0100 sched/headers: Move task->mm coredumping related defines and methods from to This further reduces the size and complexity of . These are the definitions and APIs that are moved: # MMF_*: fs/binfmt_elf.c fs/binfmt_elf_fdpic.c fs/exec.c fs/proc/base.c include/linux/khugepaged.h include/linux/ksm.h include/linux/sched/coredump.h kernel/events/uprobes.c kernel/fork.c mm/huge_memory.c mm/khugepaged.c mm/ksm.c mm/memory.c mm/oom_kill.c # SUID_DUMP_*: arch/ia64/include/asm/processor.h fs/coredump.c fs/exec.c fs/proc/internal.h include/linux/sched/coredump.h kernel/ptrace.c kernel/sys.c kernel/sysctl.c # get_dumpable(): arch/ia64/include/asm/processor.h fs/coredump.c fs/exec.c fs/proc/internal.h include/linux/sched/coredump.h kernel/ptrace.c kernel/sys.c # set_dumpable(): fs/exec.c include/linux/sched/coredump.h kernel/cred.c kernel/sys.c Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 68 ----------------------------------------- include/linux/sched/coredump.h | 69 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 68 deletions(-) commit 68e21be2916b359fd8afb536c1911dc014cfd03e Author: Ingo Molnar Date: Wed Feb 1 19:08:20 2017 +0100 sched/headers: Move task->mm handling methods to Move the following task->mm helper APIs into a new header file, , to further reduce the size and complexity of . Here are how the APIs are used in various kernel files: # mm_alloc(): arch/arm/mach-rpc/ecard.c fs/exec.c include/linux/sched/mm.h kernel/fork.c # __mmdrop(): arch/arc/include/asm/mmu_context.h include/linux/sched/mm.h kernel/fork.c # mmdrop(): arch/arm/mach-rpc/ecard.c arch/m68k/sun3/mmu_emu.c arch/x86/mm/tlb.c drivers/gpu/drm/amd/amdkfd/kfd_process.c drivers/gpu/drm/i915/i915_gem_userptr.c drivers/infiniband/hw/hfi1/file_ops.c drivers/vfio/vfio_iommu_spapr_tce.c fs/exec.c fs/proc/base.c fs/proc/task_mmu.c fs/proc/task_nommu.c fs/userfaultfd.c include/linux/mmu_notifier.h include/linux/sched/mm.h kernel/fork.c kernel/futex.c kernel/sched/core.c mm/khugepaged.c mm/ksm.c mm/mmu_context.c mm/mmu_notifier.c mm/oom_kill.c virt/kvm/kvm_main.c # mmdrop_async_fn(): include/linux/sched/mm.h # mmdrop_async(): include/linux/sched/mm.h kernel/fork.c # mmget_not_zero(): fs/userfaultfd.c include/linux/sched/mm.h mm/oom_kill.c # mmput(): arch/arc/include/asm/mmu_context.h arch/arc/kernel/troubleshoot.c arch/frv/mm/mmu-context.c arch/powerpc/platforms/cell/spufs/context.c arch/sparc/include/asm/mmu_context_32.h drivers/android/binder.c drivers/gpu/drm/etnaviv/etnaviv_gem.c drivers/gpu/drm/i915/i915_gem_userptr.c drivers/infiniband/core/umem.c drivers/infiniband/core/umem_odp.c drivers/infiniband/core/uverbs_main.c drivers/infiniband/hw/mlx4/main.c drivers/infiniband/hw/mlx5/main.c drivers/infiniband/hw/usnic/usnic_uiom.c drivers/iommu/amd_iommu_v2.c drivers/iommu/intel-svm.c drivers/lguest/lguest_user.c drivers/misc/cxl/fault.c drivers/misc/mic/scif/scif_rma.c drivers/oprofile/buffer_sync.c drivers/vfio/vfio_iommu_type1.c drivers/vhost/vhost.c drivers/xen/gntdev.c fs/exec.c fs/proc/array.c fs/proc/base.c fs/proc/task_mmu.c fs/proc/task_nommu.c fs/userfaultfd.c include/linux/sched/mm.h kernel/cpuset.c kernel/events/core.c kernel/events/uprobes.c kernel/exit.c kernel/fork.c kernel/ptrace.c kernel/sys.c kernel/trace/trace_output.c kernel/tsacct.c mm/memcontrol.c mm/memory.c mm/mempolicy.c mm/migrate.c mm/mmu_notifier.c mm/nommu.c mm/oom_kill.c mm/process_vm_access.c mm/rmap.c mm/swapfile.c mm/util.c virt/kvm/async_pf.c # mmput_async(): include/linux/sched/mm.h kernel/fork.c mm/oom_kill.c # get_task_mm(): arch/arc/kernel/troubleshoot.c arch/powerpc/platforms/cell/spufs/context.c drivers/android/binder.c drivers/gpu/drm/etnaviv/etnaviv_gem.c drivers/infiniband/core/umem.c drivers/infiniband/core/umem_odp.c drivers/infiniband/hw/mlx4/main.c drivers/infiniband/hw/mlx5/main.c drivers/infiniband/hw/usnic/usnic_uiom.c drivers/iommu/amd_iommu_v2.c drivers/iommu/intel-svm.c drivers/lguest/lguest_user.c drivers/misc/cxl/fault.c drivers/misc/mic/scif/scif_rma.c drivers/oprofile/buffer_sync.c drivers/vfio/vfio_iommu_type1.c drivers/vhost/vhost.c drivers/xen/gntdev.c fs/proc/array.c fs/proc/base.c fs/proc/task_mmu.c include/linux/sched/mm.h kernel/cpuset.c kernel/events/core.c kernel/exit.c kernel/fork.c kernel/ptrace.c kernel/sys.c kernel/trace/trace_output.c kernel/tsacct.c mm/memcontrol.c mm/memory.c mm/mempolicy.c mm/migrate.c mm/mmu_notifier.c mm/nommu.c mm/util.c # mm_access(): fs/proc/base.c include/linux/sched/mm.h kernel/fork.c mm/process_vm_access.c # mm_release(): arch/arc/include/asm/mmu_context.h fs/exec.c include/linux/sched/mm.h include/uapi/linux/sched.h kernel/exit.c kernel/fork.c Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/alpha/kernel/smp.c | 2 +- arch/arc/kernel/smp.c | 2 +- arch/arm/kernel/smp.c | 2 +- arch/arm64/kernel/smp.c | 2 +- arch/blackfin/mach-common/smp.c | 2 +- arch/hexagon/kernel/smp.c | 2 +- arch/ia64/kernel/setup.c | 2 +- arch/m32r/kernel/setup.c | 2 +- arch/metag/kernel/smp.c | 2 +- arch/mips/kernel/traps.c | 2 +- arch/parisc/kernel/smp.c | 2 +- arch/powerpc/kernel/smp.c | 2 +- arch/s390/kernel/processor.c | 2 + arch/score/kernel/traps.c | 1 + arch/sh/kernel/smp.c | 2 +- arch/sparc/kernel/leon_smp.c | 2 +- arch/sparc/kernel/smp_64.c | 2 +- arch/sparc/kernel/sun4d_smp.c | 2 +- arch/sparc/kernel/sun4m_smp.c | 2 +- arch/sparc/kernel/traps_32.c | 2 +- arch/sparc/kernel/traps_64.c | 2 +- arch/tile/kernel/smpboot.c | 2 +- arch/x86/kernel/cpu/common.c | 2 +- arch/xtensa/kernel/smp.c | 1 + include/linux/sched.h | 95 ----------------------------------------- include/linux/sched/mm.h | 95 +++++++++++++++++++++++++++++++++++++++++ 26 files changed, 120 insertions(+), 116 deletions(-) commit 3fb66a70a4ae886445743354e4b60e54058bb3ff Author: Laurentiu Tudor Date: Thu Feb 16 09:11:29 2017 -0600 powerpc/booke: Fix boot crash due to null hugepd On 32-bit book-e machines, hugepd_ok() no longer takes into account null hugepd values, causing this crash at boot: Unable to handle kernel paging request for data at address 0x80000000 ... NIP [c0018378] follow_huge_addr+0x38/0xf0 LR [c001836c] follow_huge_addr+0x2c/0xf0 Call Trace: follow_huge_addr+0x2c/0xf0 (unreliable) follow_page_mask+0x40/0x3e0 __get_user_pages+0xc8/0x450 get_user_pages_remote+0x8c/0x250 copy_strings+0x110/0x390 copy_strings_kernel+0x2c/0x50 do_execveat_common+0x478/0x630 do_execve+0x2c/0x40 try_to_run_init_process+0x18/0x60 kernel_init+0xbc/0x110 ret_from_kernel_thread+0x5c/0x64 This impacts all nxp (ex-freescale) 32-bit booke platforms. This was caused by the change of hugepd_t.pd from signed to unsigned, and the update to the nohash version of hugepd_ok(). Previously hugepd_ok() could exclude all non-huge and NULL pgds using > 0, whereas now we need to explicitly check that the value is not zero and also that PD_HUGE is *clear*. This isn't protected by the pgd_none() check in __find_linux_pte_or_hugepte() because on 32-bit we use pgtable-nopud.h, which causes the pgd_none() check to be always false. Fixes: 20717e1ff526 ("powerpc/mm: Fix little-endian 4K hugetlb") Cc: stable@vger.kernel.org # v4.7+ Reported-by: Madalin-Cristian Bucur Signed-off-by: Laurentiu Tudor [mpe: Flesh out change log details.] Signed-off-by: Michael Ellerman arch/powerpc/include/asm/nohash/pgtable.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4dc831aa88132f835cefe876aa0206977c4d7710 Author: Nicholas Piggin Date: Sun Nov 27 13:46:20 2016 +1100 powerpc: Fix compiling a BE kernel with a powerpc64le toolchain GCC can compile with either endian, but the default ABI version is set based on the default endianness of the toolchain. Alan Modra says: you need both -mbig and -mabi=elfv1 to make a powerpc64le gcc generate powerpc64 code The opposite is true for powerpc64 when generating -mlittle it requires -mabi=elfv2 to generate v2 ABI, which we were already doing. This change adds ABI annotations together with endianness for all cases, LE and BE. This fixes the case of building a BE kernel with a toolchain that is LE by default. Signed-off-by: Nicholas Piggin Tested-by: Naveen N. Rao Signed-off-by: Michael Ellerman arch/powerpc/Makefile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit a6d8a21596df041f36f4c2ccc260c459e3e851f1 Author: Sachin Sant Date: Sun Feb 26 11:38:39 2017 +0530 selftest/powerpc: Fix false failures for skipped tests Tests under alignment subdirectory are skipped when executed on previous generation hardware, but harness still marks them as failed. test: test_copy_unaligned tags: git_version:unknown [SKIP] Test skipped on line 26 skip: test_copy_unaligned selftests: copy_unaligned [FAIL] The MAGIC_SKIP_RETURN_VALUE value assigned to rc variable is retained till the program exit which causes the test to be marked as failed. This patch resets the value before returning to the main() routine. With this patch the test o/p is as follows: test: test_copy_unaligned tags: git_version:unknown [SKIP] Test skipped on line 26 skip: test_copy_unaligned selftests: copy_unaligned [PASS] Signed-off-by: Sachin Sant Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/harness.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 424f8acd328a111319ae30bf384e5dfb9bc8f8cb Author: Gautham R. Shenoy Date: Mon Feb 27 11:10:07 2017 +0530 powerpc/powernv: Fix bug due to labeling ambiguity in power_enter_stop Commit 09206b600c76 ("powernv: Pass PSSCR value and mask to power9_idle_stop") added additional code in power_enter_stop() to distinguish between stop requests whose PSSCR had ESL=EC=1 from those which did not. When ESL=EC=1, we do a forward-jump to a location labelled by "1", which had the code to handle the ESL=EC=1 case. Unfortunately just a couple of instructions before this label, is the macro IDLE_STATE_ENTER_SEQ() which also has a label "1" in its expansion. As a result, the current code can result in directly executing stop instruction for deep stop requests with PSSCR ESL=EC=1, without saving the hypervisor state. Fix this BUG by labeling the location that handles ESL=EC=1 case with a more descriptive label ".Lhandle_esl_ec_set" (local label suggestion a la .Lxx from Anton Blanchard). While at it, rename the label "2" labelling the location of the code handling entry into deep stop states with ".Lhandle_deep_stop". For a good measure, change the label in IDLE_STATE_ENTER_SEQ() macro to an not-so commonly used value in order to avoid similar mishaps in the future. Fixes: 09206b600c76 ("powernv: Pass PSSCR value and mask to power9_idle_stop") Signed-off-by: Gautham R. Shenoy Signed-off-by: Michael Ellerman arch/powerpc/include/asm/cpuidle.h | 4 ++-- arch/powerpc/kernel/idle_book3s.S | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) commit 7a70d7288c926ae88e0c773fbb506aa374e99c2d Author: Paul Mackerras Date: Mon Feb 27 14:32:41 2017 +1100 powerpc/64: Invalidate process table caching after setting process table The POWER9 MMU reads and caches entries from the process table. When we kexec from one kernel to another, the second kernel sets its process table pointer but doesn't currently do anything to make the CPU invalidate any cached entries from the old process table. This adds a tlbie (TLB invalidate entry) instruction with parameters to invalidate caching of the process table after the new process table is installed. Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman arch/powerpc/mm/pgtable-radix.c | 4 ++++ 1 file changed, 4 insertions(+) commit 4ceae137bdab2232e57b2e6fd5631a22a0160938 Author: Ravi Bangoria Date: Tue Feb 14 14:46:43 2017 +0530 powerpc: emulate_step() tests for load/store instructions Add new selftest that test emulate_step for Normal, Floating Point, Vector and Vector Scalar - load/store instructions. Test should run at boot time if CONFIG_KPROBES_SANITY_TEST and CONFIG_PPC64 is set. Sample log: emulate_step_test: ld : PASS emulate_step_test: lwz : PASS emulate_step_test: lwzx : PASS emulate_step_test: std : PASS emulate_step_test: ldarx / stdcx. : PASS emulate_step_test: lfsx : PASS emulate_step_test: stfsx : PASS emulate_step_test: lfdx : PASS emulate_step_test: stfdx : PASS emulate_step_test: lvx : PASS emulate_step_test: stvx : PASS emulate_step_test: lxvd2x : PASS emulate_step_test: stxvd2x : PASS Signed-off-by: Ravi Bangoria [mpe: Drop start/complete lines, make it all __init] Signed-off-by: Michael Ellerman arch/powerpc/include/asm/ppc-opcode.h | 7 + arch/powerpc/lib/Makefile | 1 + arch/powerpc/lib/test_emulate_step.c | 434 ++++++++++++++++++++++++++++++++++ 3 files changed, 442 insertions(+) commit e148bd17f48bd17fca2f4f089ec879fa6e47e34c Author: Ravi Bangoria Date: Tue Feb 14 14:46:42 2017 +0530 powerpc: Emulation support for load/store instructions on LE emulate_step() uses a number of underlying kernel functions that were initially not enabled for LE. This has been rectified since. So, fix emulate_step() for LE for the corresponding instructions. Cc: stable@vger.kernel.org # v3.18+ Reported-by: Anton Blanchard Signed-off-by: Ravi Bangoria Signed-off-by: Michael Ellerman arch/powerpc/lib/sstep.c | 20 -------------------- 1 file changed, 20 deletions(-) commit bbe08c0a43e2c5ee3a00de68c0e867a08a9aa990 Merge: 94e877d e9f467d Author: Linus Torvalds Date: Thu Mar 2 16:03:00 2017 -0800 Merge branch 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull more btrfs updates from Chris Mason: "Btrfs round two. These are mostly a continuation of Dave Sterba's collection of cleanups, but Filipe also has some bug fixes and performance improvements" * 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: (69 commits) btrfs: add dummy callback for readpage_io_failed and drop checks btrfs: drop checks for mandatory extent_io_ops callbacks btrfs: document existence of extent_io ops callbacks btrfs: let writepage_end_io_hook return void btrfs: do proper error handling in btrfs_insert_xattr_item btrfs: handle allocation error in update_dev_stat_item btrfs: remove BUG_ON from __tree_mod_log_insert btrfs: derive maximum output size in the compression implementation btrfs: use predefined limits for calculating maximum number of pages for compression btrfs: export compression buffer limits in a header btrfs: merge nr_pages input and output parameter in compress_pages btrfs: merge length input and output parameter in compress_pages btrfs: constify name of subvolume in creation helpers btrfs: constify buffers used by compression helpers btrfs: constify input buffer of btrfs_csum_data btrfs: constify device path passed to relevant helpers btrfs: make btrfs_inode_resume_unlocked_dio take btrfs_inode btrfs: make btrfs_inode_block_unlocked_dio take btrfs_inode btrfs: Make btrfs_add_nondir take btrfs_inode btrfs: Make btrfs_add_link take btrfs_inode ... commit 0cb3b79efabd4174ddeee40c2c1e5499ba67e067 Merge: 43e31e4 41139ac Author: Rafael J. Wysocki Date: Fri Mar 3 00:45:22 2017 +0100 Merge branch 'acpi-apei' * acpi-apei: ACPI: APEI: Fix BERT resources conflict with ACPI NVS area commit 9b5e9cb164ee93ae19c4c6593e8188a55481f78b Merge: 21ff03c de09cdd c3a49c8 2872de1 Author: Rafael J. Wysocki Date: Fri Mar 3 00:43:11 2017 +0100 Merge branches 'pm-cpuidle', 'pm-cpufreq' and 'pm-sleep' * pm-cpuidle: intel_idle: stop exposing platform acronyms in sysfs cpuidle: menu: Avoid taking spinlock for accessing QoS values * pm-cpufreq: cpufreq: intel_pstate: Fix limits issue with operation mode switching cpufreq: qoriq: clean up unused code * pm-sleep: PM / hibernate: Define pr_fmt() and use pr_*() instead of printk() PM / hibernate: Untangle power_down() commit 21ff03c484a86e6ea28fcd1cd2a2fd2c924fb6e9 Merge: 02c3de1 35bfa99 d08d1b2 2da8354 28db0c7 Author: Rafael J. Wysocki Date: Fri Mar 3 00:34:44 2017 +0100 Merge branches 'pm-core', 'pm-qos', 'pm-domains' and 'pm-opp' * pm-core: PM / runtime: Fix some typos * pm-qos: PM / QoS: Remove global notifiers * pm-domains: PM / Domains: Power off masters immediately in the power off sequence PM / Domains: Rename is_async to one_dev_on for genpd_power_off() PM / Domains: Move genpd_power_off() above genpd_power_on() * pm-opp: PM / OPP: Documentation: Fix opp-microvolt in examples PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop commit 94e877d0fb43bec0540d6a37d49cb4f7f05a5348 Merge: 69fd110 653a774 Author: Linus Torvalds Date: Thu Mar 2 15:20:00 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs pile two from Al Viro: - orangefs fix - series of fs/namei.c cleanups from me - VFS stuff coming from overlayfs tree * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: orangefs: Use RCU for destroy_inode vfs: use helper for calling f_op->fsync() mm: use helper for calling f_op->mmap() vfs: use helpers for calling f_op->{read,write}_iter() vfs: pass type instead of fn to do_{loop,iter}_readv_writev() vfs: extract common parts of {compat_,}do_readv_writev() vfs: wrap write f_ops with file_{start,end}_write() vfs: deny copy_file_range() for non regular files vfs: deny fallocate() on directory vfs: create vfs helper vfs_tmpfile() namei.c: split unlazy_walk() namei.c: fold the check for DCACHE_OP_REVALIDATE into d_revalidate() lookup_fast(): clean up the logics around the fallback to non-rcu mode namei: fold unlazy_link() into its sole caller commit 69fd110eb650ea7baa82158f3b89a7d86da1d056 Merge: 821fd6f 4038a2a3 Author: Linus Torvalds Date: Thu Mar 2 15:16:38 2017 -0800 Merge branch 'work.sendmsg' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs sendmsg updates from Al Viro: "More sendmsg work. This is a fairly separate isolated stuff (there's a continuation around lustre, but that one was too late to soak in -next), thus the separate pull request" * 'work.sendmsg' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: ncpfs: switch to sock_sendmsg() ncpfs: don't mess with manually advancing iovec on send ncpfs: sendmsg does *not* bugger iovec these days ceph_tcp_sendpage(): use ITER_BVEC sendmsg afs_send_pages(): use ITER_BVEC rds: remove dead code ceph: switch to sock_recvmsg() usbip_recv(): switch to sock_recvmsg() iscsi_target: deal with short writes on the tx side [nbd] pass iov_iter to nbd_xmit() [nbd] switch sock_xmit() to sock_{send,recv}msg() [drbd] use sock_sendmsg() commit 165a5e22fafb127ecb5914e12e8c32a1f0d3f820 Author: Jan Kara Date: Wed Feb 8 08:05:56 2017 +0100 block: Move bdi_unregister() to del_gendisk() Commit 6cd18e711dd8 "block: destroy bdi before blockdev is unregistered." moved bdi unregistration (at that time through bdi_destroy()) from blk_release_queue() to blk_cleanup_queue() because it needs to happen before blk_unregister_region() call in del_gendisk() for MD. SCSI though will free up the device number from sd_remove() called through a maze of callbacks from device_del() in __scsi_remove_device() before blk_cleanup_queue() and thus similar races as described in 6cd18e711dd8 can happen for SCSI as well as reported by Omar [1]. Moving bdi_unregister() to del_gendisk() works for MD and fixes the problem for SCSI since del_gendisk() gets called from sd_remove() before freeing the device number. This also makes device_add_disk() (calling bdi_register_owner()) more symmetric with del_gendisk(). [1] http://marc.info/?l=linux-block&m=148554717109098&w=2 Tested-by: Lekshmi Pillai Acked-by: Tejun Heo Signed-off-by: Jan Kara Tested-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-core.c | 1 - block/genhd.c | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) commit 9d49640a21bffd730a6ebf2a0032e022f7caf84a Author: Aurelien Aptel Date: Mon Feb 13 16:16:49 2017 +0100 CIFS: implement get_dfs_refer for SMB2+ in SMB2+ the get_dfs_refer operation uses a FSCTL. The request can be made on any Tree Connection according to the specs. Since Samba only accepted it on an IPC connection until recently, try that first. https://lists.samba.org/archive/samba-technical/2017-February/118859.html 3.2.4.20.3 Application Requests DFS Referral Information: > The client MUST search for an existing Session and TreeConnect to any > share on the server identified by ServerName for the user identified by > UserCredentials. If no Session and TreeConnect are found, the client > MUST establish a new Session and TreeConnect to IPC$ on the target > server as described in section 3.2.4.2 using the supplied ServerName and > UserCredentials. Signed-off-by: Aurelien Aptel Reviewed-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/smb2ops.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ fs/cifs/smb2pdu.h | 8 +++++ 2 files changed, 109 insertions(+) commit f0712928be1a66c99c35f871b4df7fa23ec1574a Author: Aurelien Aptel Date: Wed Feb 22 14:47:17 2017 +0100 CIFS: use DFS pathnames in SMB2+ Create requests When connected to a DFS capable share, the client must set the SMB2_FLAGS_DFS_OPERATIONS flag in the SMB2 header and use DFS path names: "\\" *without* leading \\. Sources: [MS-SMB2] 3.2.5.5 Receiving an SMB2 TREE_CONNECT Response > TreeConnect.IsDfsShare MUST be set to TRUE, if the SMB2_SHARE_CAP_DFS > bit is set in the Capabilities field of the response. [MS-SMB2] 3.2.4.3 Application Requests Opening a File > If TreeConnect.IsDfsShare is TRUE, the SMB2_FLAGS_DFS_OPERATIONS flag > is set in the Flags field. [MS-SMB2] 2.2.13 SMB2 CREATE Request, NameOffset: > If SMB2_FLAGS_DFS_OPERATIONS is set in the Flags field of the SMB2 > header, the file name includes a prefix that will be processed during > DFS name normalization as specified in section 3.3.5.9. Otherwise, the > file name is relative to the share that is identified by the TreeId in > the SMB2 header. Signed-off-by: Aurelien Aptel Acked-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/smb2pdu.c | 96 +++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 80 insertions(+), 16 deletions(-) commit 821fd6f6cb6500cd04a6c7e8f701f9b311a5c2b3 Merge: ca4c7d7 c87ba9c Author: Linus Torvalds Date: Thu Mar 2 14:52:05 2017 -0800 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending Pull SCSI target updates from Nicholas Bellinger: "The highlights this round include: - enable dual mode (initiator + target) qla2xxx operation. (Quinn + Himanshu) - add a framework for qla2xxx async fabric discovery. (Quinn + Himanshu) - enable iscsi PDU DDP completion offload in cxgbit/T6 NICs. (Varun) - fix target-core handling of aborted failed commands. (Bart) - fix a long standing target-core issue NULL pointer dereference with active I/O LUN shutdown. (Rob Millner + Bryant + nab)" * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (44 commits) target: Add counters for ABORT_TASK success + failure iscsi-target: Fix early login failure statistics misses target: Fix NULL dereference during LUN lookup + active I/O shutdown target: Delete tmr from list before processing target: Fix handling of aborted failed commands uapi: fix linux/target_core_user.h userspace compilation errors target: export protocol identifier qla2xxx: Fix a warning reported by the "smatch" static checker target/iscsi: Fix unsolicited data seq_end_offset calculation target/cxgbit: add T6 iSCSI DDP completion feature target/cxgbit: Enable DDP for T6 only if data sequence and pdu are in order target/cxgbit: Use T6 specific macros to get ETH/IP hdr len target/cxgbit: use cxgb4_tp_smt_idx() to get smt idx target/iscsi: split iscsit_check_dataout_hdr() target: Remove command flag CMD_T_DEV_ACTIVE target: Remove command flag CMD_T_BUSY target: Move session check from target_put_sess_cmd() into target_release_cmd_kref() target: Inline transport_cmd_check_stop() target: Remove an overly chatty debug message target: Stop execution if CMD_T_STOP has been set ... commit 9f674e48c13dcbc31ac903433727837795b81efe Author: Anoob Soman Date: Thu Mar 2 10:50:20 2017 +0000 xen-netback: Use GFP_ATOMIC to allocate hash Allocation of new_hash, inside xenvif_new_hash(), always happen in softirq context, so use GFP_ATOMIC instead of GFP_KERNEL for new hash allocation. Signed-off-by: Anoob Soman Signed-off-by: David S. Miller drivers/net/xen-netback/hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 31c05415f5b471fd333fe42629788364faea8e0d Author: WANG Cong Date: Thu Mar 2 12:24:36 2017 -0800 bonding: use ETH_MAX_MTU as max mtu This restores the ability of setting bond device's mtu to 9000. Fixes: 91572088e3fd ("net: use core MTU range checking in core net infra") Reported-by: daznis@gmail.com Reported-by: Brad Campbell Cc: Jarod Wilson Signed-off-by: Cong Wang Signed-off-by: Jay Vosburgh Signed-off-by: David S. Miller drivers/net/bonding/bond_main.c | 1 + 1 file changed, 1 insertion(+) commit 152669bd3cd2407d6f556009b95ee249c0c1a462 Author: Dexuan Cui Date: Thu Mar 2 13:00:53 2017 +0000 netvsc: fix use-after-free in netvsc_change_mtu() 'nvdev' is freed in rndis_filter_device_remove -> netvsc_device_remove -> free_netvsc_device, so we mustn't access it, before it's re-created in rndis_filter_device_add -> netvsc_device_add. Signed-off-by: Dexuan Cui Cc: "K. Y. Srinivasan" Cc: Haiyang Zhang Cc: Stephen Hemminger Reviewed-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/netvsc_drv.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) commit 35576ee17f7c15a5ec776570088fd2eff1dbdc2d Merge: 1c296a3 eb1e011 Author: David S. Miller Date: Thu Mar 2 14:39:17 2017 -0800 Merge tag 'mac80211-for-davem-2017-03-02' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== This contains just the average.h change in order to get it into the tree before adding new users through -next trees. ==================== Signed-off-by: David S. Miller commit 1c296a3ea853ca785351fe4e6f389a967758ac60 Merge: 9d6acb3 1657b8f Author: David S. Miller Date: Thu Mar 2 14:38:42 2017 -0800 Merge tag 'wireless-drivers-for-davem-2017-03-02' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.11 Add back a fixed version of an ath10k patch which was reverted during the merge window. ==================== Signed-off-by: David S. Miller commit ca4c7d7c2b6b4bfb293c24da1442cf0336c1912a Merge: 54d7989 2664f3c Author: Linus Torvalds Date: Thu Mar 2 14:36:00 2017 -0800 Merge tag 'dm-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - a dm-raid stable@ fix for possible corruption when triggering a raid reshape via lvm2; and an additional small patch ontop to bump version of the dm-raid target outside of the stable@ fix - a dm-raid fix for a 'dm-4.11-changes' regression introduced by a commit that was meant to only cleanup confusing branching. * tag 'dm-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm raid: bump the target version dm raid: fix data corruption on reshape request dm raid: fix raid "check" regression due to improper cleanup in raid_message() commit 9d6acb3bc9058d1fd7a5297d71f14213679bb4bd Author: WANG Cong Date: Wed Mar 1 20:48:39 2017 -0800 ipv6: ignore null_entry in inet6_rtm_getroute() too Like commit 1f17e2f2c8a8 ("net: ipv6: ignore null_entry on route dumps"), we need to ignore null entry in inet6_rtm_getroute() too. Return -ENETUNREACH here to sync with IPv4 behavior, as suggested by David. Fixes: a1a22c1206 ("net: ipv6: Keep nexthop of multipath route on admin down") Reported-by: Dmitry Vyukov Cc: David Ahern Signed-off-by: Cong Wang Acked-by: David Ahern Signed-off-by: David S. Miller net/ipv6/route.c | 6 ++++++ 1 file changed, 6 insertions(+) commit be12502e2e64854dbe0a2ddff6d26ec1143d6890 Author: Dmitry Torokhov Date: Wed Mar 1 17:24:47 2017 -0800 drivers: net: ethernet: remove incorrect __exit markups Even if bus is not hot-pluggable, devices can be unbound from the driver via sysfs, so we should not be using __exit annotations on remove() methods. The only exception is drivers registered with platform_driver_probe() which specifically disables sysfs bind/unbind attributes. Signed-off-by: Dmitry Torokhov Signed-off-by: David S. Miller drivers/net/ethernet/amd/declance.c | 30 +++++++++++++++--------------- drivers/net/ethernet/broadcom/sb1250-mac.c | 4 ++-- drivers/net/ethernet/faraday/ftgmac100.c | 4 ++-- drivers/net/ethernet/faraday/ftmac100.c | 4 ++-- drivers/net/ethernet/seeq/sgiseeq.c | 4 ++-- drivers/net/ethernet/sgi/meth.c | 4 ++-- 6 files changed, 25 insertions(+), 25 deletions(-) commit ca2dea434d10e3a676482fdf6df17d20cdb3e907 Merge: 332524e 7e6a69e Author: Arnd Bergmann Date: Thu Mar 2 17:54:34 2017 +0100 Merge tag 'juno-fixes-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into next/late Merge "ARMv8 Juno DT fix for v4.11" from Sudeep Holla: Just single patch to fix replicator in order to prevent overflows at the source and reduce the back pressure by splitting the trace output to TPIU and ETR. * tag 'juno-fixes-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux: arm64: dts: juno: update definition for programmable replicator commit 332524eaf739296bfc86c26d1b86a8c0040d7818 Author: Linus Walleij Date: Tue Feb 21 21:42:30 2017 +0100 ARM: deconfig: fix the moxart defconfig The moxart defconfig wasn't even building a kernel for Moxart, it was building a kernel for V4T on the nothing platform. Switch to MULTI_V4 and keep the right drivers, update a few selections. Now it (presumably) builds a minimalist Moxart kernel again. Cc: Jonas Jensen Signed-off-by: Linus Walleij Signed-off-by: Arnd Bergmann arch/arm/configs/moxart_defconfig | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 7db92362d2fee5887f6b0c41653b8c9f8f5d6020 Author: Wei Wang Date: Wed Mar 1 13:29:48 2017 -0800 tcp: fix potential double free issue for fastopen_req tp->fastopen_req could potentially be double freed if a malicious user does the following: 1. Enable TCP_FASTOPEN_CONNECT sockopt and do a connect() on the socket. 2. Call connect() with AF_UNSPEC to disconnect the socket. 3. Make this socket a listening socket by calling listen(). 4. Accept incoming connections and generate child sockets. All child sockets will get a copy of the pointer of fastopen_req. 5. Call close() on all sockets. fastopen_req will get freed multiple times. Fixes: 19f6d3f3c842 ("net/tcp-fastopen: Add new API support") Reported-by: Andrey Konovalov Signed-off-by: Wei Wang Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit 54d7989f476ca57fc3c5cc71524c480ccb74c481 Merge: 0f221a3 c4baad5 Author: Linus Torvalds Date: Thu Mar 2 13:53:13 2017 -0800 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull vhost updates from Michael Tsirkin: "virtio, vhost: optimizations, fixes Looks like a quiet cycle for vhost/virtio, just a couple of minor tweaks. Most notable is automatic interrupt affinity for blk and scsi. Hopefully other devices are not far behind" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio-console: avoid DMA from stack vhost: introduce O(1) vq metadata cache virtio_scsi: use virtio IRQ affinity virtio_blk: use virtio IRQ affinity blk-mq: provide a default queue mapping for virtio device virtio: provide a method to get the IRQ affinity mask for a virtqueue virtio: allow drivers to request IRQ affinity when creating VQs virtio_pci: simplify MSI-X setup virtio_pci: don't duplicate the msix_enable flag in struct pci_dev virtio_pci: use shared interrupts for virtqueues virtio_pci: remove struct virtio_pci_vq_info vhost: try avoiding avail index access when getting descriptor virtio_mmio: expose header to userspace commit 113285b473824922498d07d7f82459507b9792eb Author: Jens Axboe Date: Thu Mar 2 13:26:04 2017 -0700 blk-mq: ensure that bd->last is always set correctly When drivers are called with a request in blk-mq, blk-mq flags the state such that the driver knows if this is the last request in this call chain or not. The driver can then use that information to defer kicking off IO until bd->last is true. However, with blk-mq and scheduling, we need to allocate a driver tag for a request before it can be issued. If we fail to allocate such a tag, we could end up in the situation where the last request issued did not have bd->last == true set. This can then cause a driver hang. This fixes a hang with virtio-blk, which uses bd->last as a hint on whether to kick the queue or not. Reported-by: Chris Mason Tested-by: Chris Mason Reviewed-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq.c | 50 +++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 7 deletions(-) commit 0f221a3102bba2d982d01bad38eb68507c343830 Merge: 4f1f2b8 2651225b Author: Linus Torvalds Date: Thu Mar 2 13:22:18 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem fixes from James Morris: "Two fixes for the security subsystem: - keys: split both rcu_dereference_key() and user_key_payload() into versions which can be called with or without holding the key semaphore. - SELinux: fix Android init(8) breakage due to new cgroup security labeling support when using older policy" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: selinux: wrap cgroup seclabel support with its own policy capability KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() commit 94352d45092c23874532221b4d1e4721df9d63df Author: Arnaldo Carvalho de Melo Date: Wed Mar 1 16:35:08 2017 -0300 net: Introduce sk_clone_lock() error path routine When handling problems in cloning a socket with the sk_clone_locked() function we need to perform several steps that were open coded in it and its callers, so introduce a routine to avoid this duplication: sk_free_unlock_clone(). Cc: Cong Wang Cc: Dmitry Vyukov Cc: Eric Dumazet Cc: Gerrit Renker Cc: Thomas Gleixner Link: http://lkml.kernel.org/n/net-ui6laqkotycunhtmqryl9bfx@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller include/net/sock.h | 1 + net/core/sock.c | 16 +++++++++++----- net/dccp/minisocks.c | 6 +----- 3 files changed, 13 insertions(+), 10 deletions(-) commit d5afb6f9b6bb2c57bd0c05e76e12489dc0d037d9 Author: Arnaldo Carvalho de Melo Date: Wed Mar 1 16:35:07 2017 -0300 dccp: Unlock sock before calling sk_free() The code where sk_clone() came from created a new socket and locked it, but then, on the error path didn't unlock it. This problem stayed there for a long while, till b0691c8ee7c2 ("net: Unlock sock before calling sk_free()") fixed it, but unfortunately the callers of sk_clone() (now sk_clone_locked()) were not audited and the one in dccp_create_openreq_child() remained. Now in the age of the syskaller fuzzer, this was finally uncovered, as reported by Dmitry: ---- 8< ---- I've got the following report while running syzkaller fuzzer on 86292b33d4b7 ("Merge branch 'akpm' (patches from Andrew)") [ BUG: held lock freed! ] 4.10.0+ #234 Not tainted ------------------------- syz-executor6/6898 is freeing memory ffff88006286cac0-ffff88006286d3b7, with a lock still held there! (slock-AF_INET6){+.-...}, at: [] spin_lock include/linux/spinlock.h:299 [inline] (slock-AF_INET6){+.-...}, at: [] sk_clone_lock+0x3d9/0x12c0 net/core/sock.c:1504 5 locks held by syz-executor6/6898: #0: (sk_lock-AF_INET6){+.+.+.}, at: [] lock_sock include/net/sock.h:1460 [inline] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] inet_stream_connect+0x44/0xa0 net/ipv4/af_inet.c:681 #1: (rcu_read_lock){......}, at: [] inet6_csk_xmit+0x12a/0x5d0 net/ipv6/inet6_connection_sock.c:126 #2: (rcu_read_lock){......}, at: [] __skb_unlink include/linux/skbuff.h:1767 [inline] #2: (rcu_read_lock){......}, at: [] __skb_dequeue include/linux/skbuff.h:1783 [inline] #2: (rcu_read_lock){......}, at: [] process_backlog+0x264/0x730 net/core/dev.c:4835 #3: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x1700 net/ipv6/ip6_input.c:59 #4: (slock-AF_INET6){+.-...}, at: [] spin_lock include/linux/spinlock.h:299 [inline] #4: (slock-AF_INET6){+.-...}, at: [] sk_clone_lock+0x3d9/0x12c0 net/core/sock.c:1504 Fix it just like was done by b0691c8ee7c2 ("net: Unlock sock before calling sk_free()"). Reported-by: Dmitry Vyukov Cc: Cong Wang Cc: Eric Dumazet Cc: Gerrit Renker Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170301153510.GE15145@kernel.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller net/dccp/minisocks.c | 1 + 1 file changed, 1 insertion(+) commit 6ab2b999e7babba1ae20c64a90889723c07ade72 Merge: f1304f7 51c6b42 Author: David S. Miller Date: Thu Mar 2 13:16:08 2017 -0800 Merge tag 'batadv-net-for-davem-20170301' of git://git.open-mesh.org/linux-merge Simon Wunderlich says: ==================== Here are two batman-adv bugfixes: - fix a potential double free when fragment merges fail, by Sven Eckelmann - fix failing tranmission of the 16th (last) fragment if that exists, by Linus Lüssing ==================== Signed-off-by: David S. Miller commit f1304f7ba3981e71dcf2ac7db92949eeab49b1bf Author: Peter Downs Date: Wed Mar 1 01:01:17 2017 -0800 openvswitch: actions: fixed a brace coding style warning Fixed a brace coding style warning reported by checkpatch.pl Signed-off-by: Peter Downs Signed-off-by: David S. Miller net/openvswitch/actions.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 11bd44f62d86115796109b0349e6e191bc99b45a Author: Ganesh Goudar Date: Wed Mar 1 11:18:53 2017 +0530 cxgb4: update latest firmware version supported Change t4fw_version.h to update latest firmware version number to 1.16.33.0. Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/t4fw_version.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7b36a7189fc320f0b783dd51bd1f541db56cfbdd Author: Jens Axboe Date: Thu Mar 2 13:59:08 2017 -0700 block: don't call ioc_exit_icq() with the queue lock held for blk-mq For legacy scheduling, we always call ioc_exit_icq() with both the ioc and queue lock held. This poses a problem for blk-mq with scheduling, since the queue lock isn't what we use in the scheduler. And since we don't need the queue lock held for ioc exit there, don't grab it and leave any extra locking up to the blk-mq scheduler. Reported-by: Paolo Valente Tested-by: Paolo Valente Reviewed-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-ioc.c | 44 +++++++++++++++++++++++++++++++------------- block/blk-sysfs.c | 2 -- block/elevator.c | 2 -- 3 files changed, 31 insertions(+), 17 deletions(-) commit a2d35d0b9412b201fbc236c4e6ab62c4517b2515 Merge: 9aea777 2697ea5 Author: David S. Miller Date: Thu Mar 2 12:57:54 2017 -0800 Merge branch 'amd-xgbe-fixes' Tom Lendacky says: ==================== amd-xgbe: AMD XGBE driver fixes 2017-02-28 This patch series addresses some issues in the AMD XGBE driver. The following fixes are included in this driver update series: - Stop the PHY before disabling and releasing device interrupts so that MDIO requests issued by the device can be properly handled - Set the MDIO communication mode on device startup, not just device probe - Do not overwrite SFP settings when mod_absent is detected This patch series is based on net. ==================== Signed-off-by: David S. Miller commit 2697ea5a859b83ca49511dcfd98daf42584eb3cf Author: Lendacky, Thomas Date: Tue Feb 28 15:03:10 2017 -0600 amd-xgbe: Don't overwrite SFP PHY mod_absent settings If an SFP module is not present, xgbe_phy_sfp_phy_settings() should return after applying the default settings. Currently there is no return statement and the default settings are overwritten. Signed-off-by: Tom Lendacky Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 2 ++ 1 file changed, 2 insertions(+) commit b42c6761fd1651f564491b53016046c9ebf0b2a9 Author: Lendacky, Thomas Date: Tue Feb 28 15:03:01 2017 -0600 amd-xgbe: Be sure to set MDIO modes on device (re)start The MDIO register mode is set when the device is probed. But when the device is brought down and then back up, the MDIO register mode has been reset. Be sure to reset the mode during device startup and only change the mode of the address specified. Signed-off-by: Tom Lendacky Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) commit 402168b4c2dc0734b8fbd282eff77da0275c5129 Author: Lendacky, Thomas Date: Tue Feb 28 15:02:51 2017 -0600 amd-xgbe: Stop the PHY before releasing interrupts Some configurations require the use of the hardware's MDIO support to communicate with external PHYs. The MDIO commands indicate completion through the device interrupt. When bringing down the device the interrupts were released before stopping the external PHY, resulting in MDIO command timeouts. Move the stopping of the PHY to before the releasing of the interrupts. Signed-off-by: Tom Lendacky Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 16ce771b93ab569490fd27415694132a7ade0d79 Merge: acc9ab6 4e5acdc Author: Radim Krčmář Date: Thu Mar 2 21:53:25 2017 +0100 Merge branch 'kvm-ppc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into next Two bug fixes for HV KVM on POWER9 machines. commit 9aea7779b764a11e357d3c74af6aee3cf90f2045 Author: Alban Bedel Date: Tue Feb 28 18:08:55 2017 +0100 drivers: net: xgene: Fix crash on DT systems On DT systems the driver require a clock, but the probe just print a warning and continue, leading to a crash when resetting the device. To fix this crash and properly handle probe deferals only ignore the missing clock if DT isn't used or if the clock doesn't exist. Signed-off-by: Alban Bedel Acked-by: Iyappan Subramanian Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 4f1f2b8f0818af9b0e21ba4b17ab615e29b4650d Merge: 474c901 9ad82f1 Author: Linus Torvalds Date: Thu Mar 2 12:45:46 2017 -0800 Merge tag 'watchdog-for-linus-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull more watchdog updates from Guenter Roeck: - fix fallout from enabling COMPILE_TEST - fix gcc-4.3 build of kempld watchdog driver - use hrtimer in softdog * tag 'watchdog-for-linus-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: watchdog: retu: restore MFD dependency watchdog: db8500: add back prmcu dependency watchdog: kempld: fix gcc-4.3 build watchdog: softdog: fire watchdog even if softirqs do not get to run watchdog: kempld: revert to full dependency watchdog: bcm2835: add CONFIG_OF dependency watchdog: sp805: add back AMBA dependency watchdog: menf21bmc: add I2C dependency watchdog: geode: restore hard CS5535_MFGPT dependency watchdog: wm831x watchdog really needs mfd commit e3330039ea28dc199e3b2da993895ff742a91adf Author: WANG Cong Date: Mon Feb 27 16:07:43 2017 -0800 ipv6: check for ip6_null_entry in __ip6_del_rt_siblings() Andrey reported a NULL pointer deref bug in ipv6_route_ioctl() -> ip6_route_del() -> __ip6_del_rt_siblings() code path. This is because ip6_null_entry is returned in this path since ip6_null_entry is kinda default for a ipv6 route table root node. Quote from David Ahern: ip6_null_entry is the root of all ipv6 fib tables making it integrated into the table ... We should ignore any attempt of trying to delete it, like we do in __ip6_del_rt() path and several others. Reported-by: Andrey Konovalov Fixes: 0ae8133586ad ("net: ipv6: Allow shorthand delete of all nexthops in multipath route") Cc: David Ahern Cc: Eric Dumazet Signed-off-by: Cong Wang Acked-by: David Ahern Signed-off-by: David S. Miller net/ipv6/route.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit 474c90156c8dcc2fa815e6716cc9394d7930cb9c Author: Linus Torvalds Date: Thu Mar 2 12:17:22 2017 -0800 give up on gcc ilog2() constant optimizations gcc-7 has an "optimization" pass that completely screws up, and generates the code expansion for the (impossible) case of calling ilog2() with a zero constant, even when the code gcc compiles does not actually have a zero constant. And we try to generate a compile-time error for anybody doing ilog2() on a constant where that doesn't make sense (be it zero or negative). So now gcc7 will fail the build due to our sanity checking, because it created that constant-zero case that didn't actually exist in the source code. There's a whole long discussion on the kernel mailing about how to work around this gcc bug. The gcc people themselevs have discussed their "feature" in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=72785 but it's all water under the bridge, because while it looked at one point like it would be solved by the time gcc7 was released, that was not to be. So now we have to deal with this compiler braindamage. And the only simple approach seems to be to just delete the code that tries to warn about bad uses of ilog2(). So now "ilog2()" will just return 0 not just for the value 1, but for any non-positive value too. It's not like I can recall anybody having ever actually tried to use this function on any invalid value, but maybe the sanity check just meant that such code never made it out in public. Reported-by: Laura Abbott Cc: John Stultz , Cc: Thomas Gleixner Cc: Ard Biesheuvel Signed-off-by: Linus Torvalds include/linux/log2.h | 13 ++----------- tools/include/linux/log2.h | 13 ++----------- 2 files changed, 4 insertions(+), 22 deletions(-) commit 3131d970f0d86bea41811766d55fc638e382daf3 Author: Linus Walleij Date: Mon Feb 27 10:13:38 2017 +0100 ARM: ux500: resume the second core properly The pen hold/release scheme was copied over to Ux500 from the ARM reference designs like most of these at the time. It is not needed at all, and was mostly removed in commit c00def71efd9 "ARM: ux500: simplify secondary CPU boot". However on the suspend/resume path and hot plug/unplug of CPUs, the .cpu_die() callback was still waiting for the pen to be released which made it spin forever and the second core never come back online after suspend/resume. Fix this by simply replacing the strange custom .cpu_die() with a oneline wfi() just like e.g. the qcom platform does. This fixes the issue and makes the second core come up properly after suspend/resume. As a side effect, this rids us of the completely surplus local setup.h and hotplug.c files, and we just compile this into platsmp.c with everything else SMP. Cc: stable@vger.kernel.org Fixes: c00def71efd9 ("ARM: ux500: simplify secondary CPU boot") Cc: Ulf Hansson Signed-off-by: Linus Walleij Signed-off-by: Arnd Bergmann arch/arm/mach-ux500/Makefile | 3 --- arch/arm/mach-ux500/cpu-db8500.c | 2 -- arch/arm/mach-ux500/hotplug.c | 37 ------------------------------------- arch/arm/mach-ux500/platsmp.c | 9 +++++++-- arch/arm/mach-ux500/setup.h | 16 ---------------- 5 files changed, 7 insertions(+), 60 deletions(-) commit d4b80d9aacfa760cf0f363caec33b6d54f3afa2b Merge: b2e3c43 3e01103 Author: Arnd Bergmann Date: Thu Mar 2 17:52:44 2017 +0100 Merge branch 'next/late' with mainline * next/late: (25 commits) arm64: dts: exynos: Add regulators for Vbus and Vbus-Boost arm64: dts: exynos: Add USB 3.0 controller node for Exynos7 arm64: dts: exynos: Use macros for pinctrl configuration on Exynos7 pinctrl: dt-bindings: samsung: Add Exynos7 specific pinctrl macro definitions arm64: dts: exynos: Add initial configuration for DISP clocks for TM2/TM2e ARM64: dts: meson-gxbb-p200: add ADC laddered keys ARM64: dts: meson: meson-gx: add the SAR ADC ARM64: dts: meson-gxl: add the pwm_ao_b pin ARM64: dts: meson-gx: add the missing pwm_AO_ab node clk: gxbb: fix CLKID_ETH defined twice clk: samsung: exynos5433: Add data for 250MHz and 278MHz PLL rates clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks ARM64: dts: meson-gxl: rename Nexbox A95x for consistency clk: gxbb: add the SAR ADC clocks and expose them dt-bindings: amlogic: Add WeTek boards ARM64: dts: meson-gxbb: Add support for WeTek Hub and Play dt-bindings: vendor-prefix: Add wetek vendor prefix ARM64: dts: meson-gxm: Rename q200 and q201 DT files for consistency ARM64: dts: meson-gx: Add HDMI HPD/DDC pinctrl nodes ARM64: dts: meson-gxbb-vega-s95: Add LED ... Signed-off-by: Arnd Bergmann commit 2e4d88009f57057df7672fa69a32b5224af54d37 Author: Janosch Frank Date: Thu Mar 2 15:23:42 2017 +0100 KVM: s390: Fix guest migration for huge guests resulting in panic While we can technically not run huge page guests right now, we can setup a guest with huge pages. Trying to migrate it will trigger a VM_BUG_ON and, if the kernel is not configured to panic on a BUG, it will happily try to work on non-existing page table entries. With this patch, we always return "dirty" if we encounter a large page when migrating. This at least fixes the immediate problem until we have proper handling for both kind of pages. Fixes: 15f36eb ("KVM: s390: Add proper dirty bitmap support to S390 kvm.") Cc: # 3.16+ Signed-off-by: Janosch Frank Acked-by: Christian Borntraeger Signed-off-by: Martin Schwidefsky arch/s390/mm/pgtable.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) commit 7afbeb6df2aa5f9e3a0fc228817a85c16dea0faa Author: Heiko Carstens Date: Fri Feb 24 12:56:12 2017 +0100 s390/ipl: always use load normal for CCW-type re-IPL commit 14890678687c ("s390/ipl: use load normal for LPAR re-ipl") missed to convert one code path to use load normal semantics for re-IPL. Convert the missing code path as well. Fixes: 14890678687c ("s390/ipl: use load normal for LPAR re-ipl") Reported-by: Michael Holzheu Acked-by: Michael Holzheu Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/ipl.c | 2 ++ 1 file changed, 2 insertions(+) commit a5a79d00017c9eee68a9bcb40d5dfd6f45f17461 Author: Jan Kara Date: Thu Mar 2 16:50:13 2017 +0100 block: Initialize bd_bdi on inode initialization So far we initialized bd_bdi only in bdget(). That is fine for normal bdev inodes however for the special case of the root inode of blockdev_superblock that function is never called and thus bd_bdi is left uninitialized. As a result bdev_evict_inode() may oops doing bdi_put(root->bd_bdi) on that inode as can be seen when doing: mount -t bdev none /mnt Fix the problem by initializing bd_bdi when first allocating the inode and then reinitializing bd_bdi in bdev_evict_inode(). Thanks to syzkaller team for finding the problem. Reported-by: Dmitry Vyukov Fixes: b1d2dc5659b4 ("block: Make blk_get_backing_dev_info() safe without open bdev") Signed-off-by: Jan Kara Signed-off-by: Jens Axboe fs/block_dev.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit e02898b423802b1f3a3aaa7f16e896da069ba8f7 Author: Omar Sandoval Date: Wed Mar 1 10:42:38 2017 -0800 loop: fix LO_FLAGS_PARTSCAN hang loop_reread_partitions() needs to do I/O, but we just froze the queue, so we end up waiting forever. This can easily be reproduced with losetup -P. Fix it by moving the reread to after we unfreeze the queue. Fixes: ecdd09597a57 ("block/loop: fix race between I/O and set_status") Reported-by: Tejun Heo Cc: stable@vger.kernel.org Signed-off-by: Omar Sandoval Reviewed-by: Ming Lei Signed-off-by: Jens Axboe drivers/block/loop.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit 302ad8cc09339ea261eef58a8d5f4a116a8ffda5 Author: Keith Busch Date: Wed Mar 1 14:22:12 2017 -0500 nvme: Complete all stuck requests If the nvme driver is shutting down its controller, the drievr will not start the queues up again, preventing blk-mq's hot CPU notifier from making forward progress. To fix that, this patch starts a request_queue freeze when the driver resets a controller so no new requests may enter. The driver will wait for frozen after IO queues are restarted to ensure the queue reference can be reinitialized when nvme requests to unfreeze the queues. If the driver is doing a safe shutdown, the driver will wait for the controller to successfully complete all inflight requests so that we don't unnecessarily fail them. Once the controller has been disabled, the queues will be restarted to force remaining entered requests to end in failure so that blk-mq's hot cpu notifier may progress. Signed-off-by: Keith Busch Reviewed-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ drivers/nvme/host/nvme.h | 4 ++++ drivers/nvme/host/pci.c | 33 ++++++++++++++++++++++++++++----- 3 files changed, 79 insertions(+), 5 deletions(-) commit f91328c40a559362b6e7b7bfee01ca17fda87592 Author: Keith Busch Date: Wed Mar 1 14:22:11 2017 -0500 blk-mq: Provide freeze queue timeout A driver may wish to take corrective action if queued requests do not complete within a set time. Signed-off-by: Keith Busch Signed-off-by: Jens Axboe block/blk-mq.c | 9 +++++++++ include/linux/blk-mq.h | 2 ++ 2 files changed, 11 insertions(+) commit 6bae363ee3057a14eec93440826813603559273a Author: Keith Busch Date: Wed Mar 1 14:22:10 2017 -0500 blk-mq: Export blk_mq_freeze_queue_wait Drivers can start a freeze, so this provides a way to wait for frozen. Signed-off-by: Keith Busch Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe block/blk-mq.c | 3 ++- include/linux/blk-mq.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) commit 6a8a21546507a3ec88e81c2ec927a3fb63efa8ff Author: Josef Bacik Date: Wed Mar 1 11:47:22 2017 -0500 nbd: stop leaking sockets This was introduced in the multi-connection patch, we've been leaking socket's ever since. Fixes: 9561a7a ("nbd: add multi-connection support") cc: stable@vger.kernel.org Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 562bef4259776c19cb2423d43af1f99183910a4d Author: Omar Sandoval Date: Mon Feb 27 09:47:55 2017 -0800 blk-mq: move update of tags->rqs to __blk_mq_alloc_request() No functional difference, it just makes a little more sense to update the tag map where we actually allocate the tag. Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe Tested-by: Sagi Grimberg block/blk-mq-sched.c | 2 -- block/blk-mq.c | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) commit 59748398992c9c3e9d600e56cb2a5c0c546fe129 Author: Omar Sandoval Date: Mon Feb 27 09:47:54 2017 -0800 blk-mq: kill blk_mq_set_alloc_data() Nothing is using it anymore. Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe Tested-by: Sagi Grimberg block/blk-mq.h | 10 ---------- 1 file changed, 10 deletions(-) commit 6d2809d51a5079f01a416d91dd63b0766cb685d0 Author: Omar Sandoval Date: Mon Feb 27 10:28:27 2017 -0800 blk-mq: make blk_mq_alloc_request_hctx() allocate a scheduler request blk_mq_alloc_request_hctx() allocates a driver request directly, unlike its blk_mq_alloc_request() counterpart. It also crashes because it doesn't update the tags->rqs map. Fix it by making it allocate a scheduler request. Reported-by: Sagi Grimberg Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe Tested-by: Sagi Grimberg block/blk-mq-sched.c | 11 +++++------ block/blk-mq.c | 33 +++++++++++++++------------------ 2 files changed, 20 insertions(+), 24 deletions(-) commit 415b806de5576b656f3ff94366589af9a161d0c8 Author: Sagi Grimberg Date: Mon Feb 27 10:04:39 2017 -0700 blk-mq-sched: Allocate sched reserved tags as specified in the original queue tagset Signed-off-by: Sagi Grimberg Modified by me to also check at driver tag allocation time if the original request was reserved, so we can be sure to allocate a properly reserved tag at that point in time, too. Signed-off-by: Jens Axboe block/blk-mq-sched.c | 3 ++- block/blk-mq-tag.c | 2 +- block/blk-mq-tag.h | 6 ++++++ block/blk-mq.c | 3 +++ 4 files changed, 12 insertions(+), 2 deletions(-) commit d3af3ecdc62c46fa67ce7a681f173acb1d750e33 Author: Shaohua Li Date: Wed Feb 1 09:53:16 2017 -0800 nvme: allocate nvme_queue in correct node nvme_queue is per-cpu queue (mostly). Allocating it in node where blk-mq will use it. Signed-off-by: Shaohua Li Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 27ddb689909cd0bab30524a5f720ae3a3e55acac Author: Shaohua Li Date: Wed Feb 1 09:53:15 2017 -0800 PCI: add an API to get node from vector Next patch will use the API to get the node from vector for nvme device Signed-off-by: Shaohua Li Reviewed-by: Christoph Hellwig Acked-by: Bjorn Helgaas Signed-off-by: Jens Axboe drivers/pci/msi.c | 16 ++++++++++++++++ include/linux/pci.h | 6 ++++++ 2 files changed, 22 insertions(+) commit 59f082e464ae0533813d5a1c3149b22563da93d7 Author: Shaohua Li Date: Wed Feb 1 09:53:14 2017 -0800 blk-mq: allocate blk_mq_tags and requests in correct node blk_mq_tags/requests of specific hardware queue are mostly used in specific cpus, which might not be in the same numa node as disk. For example, a nvme card is in node 0. half hardware queue will be used by node 0, the other node 1. Signed-off-by: Shaohua Li Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe block/blk-mq.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) commit e53aff45c490ea04aa5d9e3cffa65b6b54397455 Author: Shuah Khan Date: Wed Mar 1 15:15:07 2017 -0700 selftests: lib.mk Fix individual test builds In commit a8ba798bc8ec ("selftests: enable O and KBUILD_OUTPUT"), added support to generate compile targets in a user specified directory. OUTPUT variable controls the location which is undefined when tests are built in the test directory or with "make -C tools/testing/selftests/x86". make -C tools/testing/selftests/x86/ make: Entering directory '/lkml/linux_4.11/tools/testing/selftests/x86' Makefile:44: warning: overriding recipe for target 'clean' ../lib.mk:51: warning: ignoring old recipe for target 'clean' gcc -m64 -o /single_step_syscall_64 -O2 -g -std=gnu99 -pthread -Wall single_step_syscall.c -lrt -ldl /usr/bin/ld: cannot open output file /single_step_syscall_64: Permission denied collect2: error: ld returned 1 exit status Makefile:50: recipe for target '/single_step_syscall_64' failed make: *** [/single_step_syscall_64] Error 1 make: Leaving directory '/lkml/linux_4.11/tools/testing/selftests/x86' Same failure with "cd tools/testing/selftests/x86/;make" run. Fix this with a change to lib.mk to define OUTPUT to be the pwd when MAKELEVEL is 0. This covers both cases mentioned above. Reported-by: Ingo Molnar Signed-off-by: Shuah Khan tools/testing/selftests/lib.mk | 4 ++++ 1 file changed, 4 insertions(+) commit 653a7746fa2f5369985f5368ffc162b6510db6c8 Merge: f6c99aa 0eb8af4 Author: Al Viro Date: Thu Mar 2 06:41:22 2017 -0500 Merge remote-tracking branch 'ovl/for-viro' into for-linus Overlayfs-related series from Miklos and Amir commit f6c99aad4d9f3521fe38e552fd2a2e12cdc52418 Merge: 0695d7d 4675ac3 Author: Al Viro Date: Thu Mar 2 06:41:12 2017 -0500 Merge branch 'work.namei' into for-linus commit 0695d7dc1d9f19b82ec2cae24856bddce278cfe6 Author: Peter Zijlstra Date: Fri Feb 24 16:43:36 2017 +0100 orangefs: Use RCU for destroy_inode freeing of inodes must be RCU-delayed on all filesystems Cc: stable@vger.kernel.org Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Al Viro fs/orangefs/super.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 5839f555fa576be57371686265206398d9ea1480 Author: Paulo Flabiano Smorigo Date: Wed Mar 1 11:00:00 2017 -0300 crypto: vmx - Use skcipher for xts fallback Cc: stable@vger.kernel.org #4.10 Signed-off-by: Paulo Flabiano Smorigo Signed-off-by: Herbert Xu drivers/crypto/vmx/aes_xts.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) commit c96d0a1c47abd5c4fa544dcedb5fac4d020ac58b Author: Paulo Flabiano Smorigo Date: Wed Mar 1 10:58:20 2017 -0300 crypto: vmx - Use skcipher for cbc fallback Cc: stable@vger.kernel.org #4.10 Signed-off-by: Paulo Flabiano Smorigo Signed-off-by: Herbert Xu drivers/crypto/vmx/aes_cbc.c | 47 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 23 deletions(-) commit 1657b8f84ed9fc1d2a100671f1d42d6286f20073 Author: Waldemar Rymarkiewicz Date: Fri Feb 24 23:30:03 2017 +0100 ath10k: search SMBIOS for OEM board file extension Board Data File (BDF) is loaded upon driver boot-up procedure. The right board data file is identified, among others, by device and sybsystem ids. The problem, however, can occur when the (default) board data file cannot fulfill with the vendor requirements and it is necessary to use a different board data file. To solve the issue QCA uses SMBIOS type 0xF8 to store Board Data File Name Extension to specify the extension/variant name. The driver will take the extension suffix into consideration and will load the right (non-default) board data file if necessary. If it is unnecessary to use extension board data file, please leave the SMBIOS field blank and default configuration will be used. Example: If a default board data file for a specific board is identified by a string "bus=pci,vendor=168c,device=003e,subsystem-vendor=1028, subsystem-device=0310" then the OEM specific data file, if used, could be identified by variant suffix: "bus=pci,vendor=168c,device=003e,subsystem-vendor=1028, subsystem-device=0310,variant=DE_1AB" If board data file name extension is set but board-2.bin does not contain board data file for the variant, the driver will fallback to the default board data file not to break backward compatibility. This was first applied in commit f2593cb1b291 ("ath10k: Search SMBIOS for OEM board file extension") but later reverted in commit 005c3490e9db ("Revert "ath10k: Search SMBIOS for OEM board file extension"". This patch is now otherwise the same as commit f2593cb1b291 except the regression fixed. Signed-off-by: Waldemar Rymarkiewicz Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 101 ++++++++++++++++++++++++++++++++- drivers/net/wireless/ath/ath10k/core.h | 19 +++++++ 2 files changed, 117 insertions(+), 3 deletions(-) commit bb1a2c26165640ba2cbcfe06c81e9f9d6db4e643 Author: Thomas Gleixner Date: Wed Mar 1 21:10:17 2017 +0100 x86/hpet: Prevent might sleep splat on resume Sergey reported a might sleep warning triggered from the hpet resume path. It's caused by the call to disable_irq() from interrupt disabled context. The problem with the low level resume code is that it is not accounted as a special system_state like we do during the boot process. Calling the same code during system boot would not trigger the warning. That's inconsistent at best. In this particular case it's trivial to replace the disable_irq() with disable_hardirq() because this particular code path is solely used from system resume and the involved hpet interrupts can never be force threaded. Reported-and-tested-by: Sergey Senozhatsky Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: "Rafael J. Wysocki" Cc: Sergey Senozhatsky Cc: Borislav Petkov Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1703012108460.3684@nanos Signed-off-by: Thomas Gleixner arch/x86/kernel/hpet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 857811a37129f5d2ba162d7be3986eff44724014 Author: Boqun Feng Date: Wed Mar 1 23:01:38 2017 +0800 locking/ww_mutex: Adjust the lock number for stress test Because there are only 12 bits in held_lock::references, so we only support 4095 nested lock held in the same time, adjust the lock number for ww_mutex stress test to kill one lockdep splat: [ ] [ BUG: bad unlock balance detected! ] [ ] kworker/u2:0/5 is trying to release lock (ww_class_mutex) at: [ ] ww_mutex_unlock() [ ] but there are no more locks to release! ... Signed-off-by: Boqun Feng Signed-off-by: Peter Zijlstra (Intel) Cc: Andrew Morton Cc: Chris Wilson Cc: Fengguang Wu Cc: Linus Torvalds Cc: Nicolai Hähnle Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170301150138.hdixnmafzfsox7nn@tardis.cn.ibm.com Signed-off-by: Ingo Molnar kernel/locking/test-ww_mutex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7fb4a2cea6b18dab56d609530d077f168169ed6b Author: Peter Zijlstra Date: Wed Mar 1 16:23:30 2017 +0100 locking/lockdep: Add nest_lock integrity test Boqun reported that hlock->references can overflow. Add a debug test for that to generate a clear error when this happens. Without this, lockdep is likely to report a mysterious failure on unlock. Reported-by: Boqun Feng Signed-off-by: Peter Zijlstra (Intel) Cc: Andrew Morton Cc: Chris Wilson Cc: Linus Torvalds Cc: Nicolai Hähnle Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/locking/lockdep.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 2b232e0c3b3a09f3e33750aa20e314f1b80e5361 Author: Chris Wilson Date: Tue Feb 28 09:40:11 2017 +0000 locking/ww_mutex: Replace cpu_relax() with cond_resched() for tests When busy-spinning on a ww_mutex_trylock(), we depend upon the other thread advancing and releasing the lock. This can not happen on a single CPU unless we relinquish it: [ ] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [kworker/0:1:18] ... [ ] Call Trace: [ ] mutex_trylock() [ ] test_mutex_work+0x31/0x56 [ ] process_one_work+0x1b4/0x2f9 [ ] worker_thread+0x1b0/0x27c [ ] kthread+0xd1/0xd3 [ ] ret_from_fork+0x19/0x30 Reported-by: Fengguang Wu Signed-off-by: Chris Wilson Signed-off-by: Peter Zijlstra (Intel) Cc: Andrew Morton Cc: Linus Torvalds Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: f2a5fec17395 ("locking/ww_mutex: Begin kselftests for ww_mutex") Link: http://lkml.kernel.org/r/20170228094011.2595-1-chris@chris-wilson.co.uk Signed-off-by: Ingo Molnar kernel/locking/test-ww_mutex.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e2679aecf1060063b97bf187ba1c61430aab0701 Merge: 9dcfe2c 4977ab6 Author: Ingo Molnar Date: Thu Mar 2 08:51:32 2017 +0100 Merge branch 'linus' into locking/urgent, to pick up fixes commit f94c8d116997597fc00f0812b0ab9256e7b0c58f Author: Peter Zijlstra Date: Wed Mar 1 15:53:38 2017 +0100 sched/clock, x86/tsc: Rework the x86 'unstable' sched_clock() interface Wanpeng Li reported that since the following commit: acb04058de49 ("sched/clock: Fix hotplug crash") ... KVM always runs with unstable sched-clock even though KVM's kvm_clock _is_ stable. The problem is that we've tied clear_sched_clock_stable() to the TSC state, and overlooked that sched_clock() is a paravirt function. Solve this by doing two things: - tie the sched_clock() stable state more clearly to the TSC stable state for the normal (!paravirt) case. - only call clear_sched_clock_stable() when we mark TSC unstable when we use native_sched_clock(). The first means we can actually run with stable sched_clock in more situations then before, which is good. And since commit: 12907fbb1a69 ("sched/clock, clocksource: Add optional cs::mark_unstable() method") ... this should be reliable. Since any detection of TSC fail now results in marking the TSC unstable. Reported-by: Wanpeng Li Signed-off-by: Peter Zijlstra (Intel) Cc: Borislav Petkov Cc: Linus Torvalds Cc: Mike Galbraith Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Fixes: acb04058de49 ("sched/clock: Fix hotplug crash") Signed-off-by: Ingo Molnar arch/x86/kernel/cpu/amd.c | 4 ---- arch/x86/kernel/cpu/centaur.c | 2 -- arch/x86/kernel/cpu/common.c | 3 --- arch/x86/kernel/cpu/cyrix.c | 1 - arch/x86/kernel/cpu/intel.c | 4 ---- arch/x86/kernel/cpu/transmeta.c | 2 -- arch/x86/kernel/tsc.c | 35 +++++++++++++++++++++++------------ 7 files changed, 23 insertions(+), 28 deletions(-) commit 0ba87bb27d66b78e278167ac7e20c66520b8a612 Author: Peter Zijlstra Date: Wed Mar 1 10:51:47 2017 +0100 sched/core: Fix pick_next_task() for RT,DL Pavan noticed that the following commit: 49ee576809d8 ("sched/core: Optimize pick_next_task() for idle_sched_class") ... broke RT,DL balancing by robbing them of the opportinty to do new-'idle' balancing when their last runnable task (on that runqueue) goes away. Reported-by: Pavan Kondeti Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Steven Rostedt Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Fixes: 49ee576809d8 ("sched/core: Optimize pick_next_task() for idle_sched_class") Signed-off-by: Ingo Molnar kernel/sched/core.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 4c77b18cf8b7ab37c7d5737b4609010d2ceec5f0 Author: Peter Zijlstra Date: Wed Mar 1 11:24:35 2017 +0100 sched/fair: Make select_idle_cpu() more aggressive Kitsunyan reported desktop latency issues on his Celeron 887 because of commit: 1b568f0aabf2 ("sched/core: Optimize SCHED_SMT") ... even though his CPU doesn't do SMT. The effect of running the SMT code on a !SMT part is basically a more aggressive select_idle_cpu(). Removing the avg condition fixed things for him. I also know FB likes this test gone, even though other workloads like having it. For now, take it out by default, until we get a better idea. Reported-by: kitsunyan Signed-off-by: Peter Zijlstra (Intel) Cc: Chris Mason Cc: Linus Torvalds Cc: Mike Galbraith Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/sched/fair.c | 2 +- kernel/sched/features.h | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) commit de8f1c77313d8c908b2897f268d466c13df161d4 Author: Ingo Molnar Date: Wed Feb 1 18:41:24 2017 +0100 sched/headers: Move autogroup APIs into Further reduce the size of sched.h. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 18 ------------------ include/linux/sched/autogroup.h | 21 +++++++++++++++++++++ 2 files changed, 21 insertions(+), 18 deletions(-) commit dea38c74cb9205341f52b8d8ae18f61247a43ea8 Author: Ingo Molnar Date: Wed Feb 1 18:25:37 2017 +0100 sched/headers: Move loadavg related definitions from to Move these bits to , to reduce the size and complexity of . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 27 --------------------------- include/linux/sched/loadavg.h | 27 +++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 27 deletions(-) commit e2d1e2aec572a2138dea74d53be54a1406d419c0 Author: Ingo Molnar Date: Wed Feb 1 18:07:51 2017 +0100 sched/headers: Move various ABI definitions to Move scheduler ABI types (struct sched_attr, struct sched_param, etc.) into the new UAPI header. This further reduces the size and complexity of . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 70 ++-------------------------------------- include/uapi/linux/sched/types.h | 68 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 68 deletions(-) commit 47913d4ebd99c827c82c4f29eb282a119c3f2aeb Author: Ingo Molnar Date: Wed Feb 1 18:00:26 2017 +0100 sched/headers, delayacct: Move the 'struct task_delay_info' definition from to The 'struct task_delay_info' definition does not have to be in sched.h, because task_struct only has a pointer to it. So move it to to reduce the size of . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/delayacct.h | 36 ++++++++++++++++++++++++++++++++++++ include/linux/sched.h | 39 ++++----------------------------------- 2 files changed, 40 insertions(+), 35 deletions(-) commit 5689810360c2e88ce1619e8bcfa859852f9a1d1a Author: Ingo Molnar Date: Tue Feb 7 12:07:18 2017 +0100 sched/headers: Move scheduler clock interfaces to Move the sched_clock interfaces into a separate header file, to reduce the size of sched.h. Include in all files that made use of one of the Acked-by: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched.h | 100 -------------------------------------------- include/linux/sched/clock.h | 98 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 100 deletions(-) commit eb61baf69871b9836783a81bc451189edb0d9de2 Author: Ingo Molnar Date: Wed Feb 1 17:09:06 2017 +0100 sched/headers: Move the wake-queue types and interfaces from sched.h into Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 54 ++++---------------------------------------- include/linux/sched/wake_q.h | 47 ++++++++++++++++++++++++++++++++++++++ ipc/msg.c | 1 - 3 files changed, 51 insertions(+), 51 deletions(-) commit 5dbe91de599423d243738a205367506444ebb4a4 Author: Ingo Molnar Date: Wed Feb 1 18:47:28 2017 +0100 sched/headers: Move idle polling methods to Further reduce the size of by moving these APIs: tsk_is_polling() __current_set_polling() current_set_polling_and_test() __current_clr_polling() current_clr_polling_and_test() current_clr_polling() Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 76 ---------------------------------------------- include/linux/sched/idle.h | 76 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 76 deletions(-) commit 4437722b0486c36dc90a1adf584fca4cea6cf1de Author: Ingo Molnar Date: Wed Feb 1 16:58:52 2017 +0100 sched/headers: Move the wake_up_if_idle() prototype to No need to clutter with this rarely used prototype. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 2 -- include/linux/sched/idle.h | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) commit b768917d2c08edc4b5616c86a569e524d190434b Author: Ingo Molnar Date: Wed Feb 1 16:51:00 2017 +0100 sched/headers: Move the 'cpu_idle_type' enum from to Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 7 ------- include/linux/sched/idle.h | 7 +++++++ 2 files changed, 7 insertions(+), 7 deletions(-) commit a60b9eda67beac2318fa159545ba7d022f780736 Author: Ingo Molnar Date: Wed Feb 1 16:36:40 2017 +0100 sched/headers: Move scheduler topology interfaces to The vast majority of sched.h users does not require the topology types and interfaces, so split them out into . This reduces the size of linux/sched.h by ~6%. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 212 ---------------------------------------- include/linux/sched/topology.h | 213 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 213 insertions(+), 212 deletions(-) commit b69339ba109549beeaf45c45c52ac7025bfcd954 Author: Ingo Molnar Date: Sun Feb 5 16:15:03 2017 +0100 sched/headers: Prepare to remove spurious inclusion dependencies In the following patches we are going to remove various headers from sched.h and other headers that sched.h includes. To make those patches build cleanly prepare the scene by adding dependencies to various files that learned to rely on those to-be-removed dependencies. These changes all make sense standalone: they add a header for a data type that a particular .c or .h file is using. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar drivers/misc/vmw_vmci/vmci_resource.c | 1 + include/linux/sched.h | 1 + include/sound/control.h | 1 + include/target/target_core_base.h | 1 + 4 files changed, 4 insertions(+) commit 50d34394cee68dd12c5e01fff073d1167700bfce Author: Ingo Molnar Date: Sun Feb 5 16:03:58 2017 +0100 sched/headers: Prepare to remove the include from Update files that depend on the magic.h inclusion. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar drivers/dax/dax.c | 1 + drivers/virtio/virtio_balloon.c | 1 + include/linux/sched/task_stack.h | 1 + mm/zsmalloc.c | 1 + security/integrity/evm/evm_main.c | 2 ++ 5 files changed, 6 insertions(+) commit 0881e7bd341e2158b314596bcf2059e88e68f04e Author: Ingo Molnar Date: Sun Feb 5 15:30:50 2017 +0100 sched/headers: Prepare to move the get_task_struct()/put_task_struct() and related APIs from to But first update usage sites with the new header dependency. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar drivers/dma/dmatest.c | 1 + drivers/gpu/drm/etnaviv/etnaviv_gem.c | 1 + drivers/infiniband/core/umem_odp.c | 1 + drivers/infiniband/hw/mlx4/main.c | 1 + drivers/infiniband/hw/mlx5/main.c | 1 + drivers/md/persistent-data/dm-block-manager.c | 1 + drivers/misc/cxl/main.c | 2 ++ drivers/net/xen-netback/interface.c | 1 + drivers/oprofile/buffer_sync.c | 1 + drivers/tty/tty_ldsem.c | 1 + drivers/usb/usbip/usbip_common.h | 1 + kernel/irq/manage.c | 1 + 12 files changed, 13 insertions(+) commit 1777e4635507265ba53d8dc4cd248e7d7c306fa0 Author: Ingo Molnar Date: Sun Feb 5 14:47:12 2017 +0100 sched/headers: Prepare to move _init() prototypes from to But first introduce a trivial header and update usage sites. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/ia64/kernel/setup.c | 1 + arch/m32r/kernel/traps.c | 1 + arch/s390/kernel/setup.c | 1 + include/linux/cpu.h | 2 ++ include/linux/sched/init.h | 6 ++++++ init/main.c | 1 + kernel/sched/sched.h | 1 + 7 files changed, 13 insertions(+) commit 61855b6b03df9b6a15bd265c2c3ae7b5e23da312 Author: Ingo Molnar Date: Sun Feb 5 14:35:41 2017 +0100 sched/headers: Prepare to move exit_files() and exit_itimers() from to But first update the usage site. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/time/posix-timers.c | 1 + 1 file changed, 1 insertion(+) commit 3f8c24529b42fc5044c2a44bdb8ba69aec2bee37 Author: Ingo Molnar Date: Sun Feb 5 14:31:22 2017 +0100 sched/headers: Prepare to move kstack_end() from to But first update the usage sites with the new header dependency. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/m32r/kernel/traps.c | 2 ++ arch/metag/kernel/stacktrace.c | 1 + arch/openrisc/kernel/traps.c | 1 + arch/um/kernel/sysrq.c | 1 + arch/xtensa/kernel/traps.c | 1 + mm/slab.c | 1 + 6 files changed, 7 insertions(+) commit 5c2c5c5514393e31859439ef83a34051d7c68332 Author: Ingo Molnar Date: Sun Feb 5 14:24:31 2017 +0100 sched/headers, vfs/execve: Prepare to move the do_execve*() prototypes from to But first update the usage sites with the new header dependency. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar init/main.c | 1 + kernel/kmod.c | 1 + 2 files changed, 2 insertions(+) commit 3905f9ad455e0fd2ddb557566c5561b4a3027c07 Author: Ingo Molnar Date: Sun Feb 5 12:07:04 2017 +0100 sched/headers: Prepare to move sched_info_on() and force_schedstat_enabled() from to But first update usage sites with the new header dependency. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/x86.c | 2 ++ fs/proc/base.c | 1 + kernel/latencytop.c | 1 + kernel/profile.c | 2 ++ 5 files changed, 8 insertions(+) commit 32ef5517c298042ed58408545f475df43afe1f24 Author: Ingo Molnar Date: Sun Feb 5 11:48:36 2017 +0100 sched/headers: Prepare to move cputime functionality from into Introduce a trivial, mostly empty header to prepare for the moving of cputime functionality out of sched.h. Update all code that relies on these facilities. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/alpha/kernel/osf_sys.c | 1 + arch/ia64/kernel/time.c | 2 +- arch/powerpc/kernel/time.c | 2 +- arch/s390/kernel/idle.c | 2 +- arch/s390/kernel/vtime.c | 2 +- arch/x86/kernel/apm_32.c | 1 + arch/x86/kvm/hyperv.c | 2 ++ drivers/isdn/mISDN/stack.c | 1 + drivers/s390/cio/cio.c | 2 +- fs/binfmt_elf.c | 1 + fs/binfmt_elf_fdpic.c | 1 + fs/proc/array.c | 1 + fs/proc/stat.c | 2 +- include/linux/sched/cputime.h | 7 +++++++ kernel/acct.c | 2 ++ kernel/delayacct.c | 1 + kernel/exit.c | 1 + kernel/fork.c | 1 + kernel/sched/cputime.c | 2 +- kernel/sched/sched.h | 1 + kernel/signal.c | 1 + kernel/sys.c | 1 + kernel/time/itimer.c | 1 + kernel/time/posix-cpu-timers.c | 1 + kernel/tsacct.c | 1 + 25 files changed, 33 insertions(+), 7 deletions(-) commit f719ff9bcee2a422647790f12d53d3755f47c727 Author: Ingo Molnar Date: Mon Feb 6 10:57:33 2017 +0100 sched/headers: Prepare to move the task_lock()/unlock() APIs to But first update the code that uses these facilities with the new header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/mips/math-emu/dsemul.c | 1 + block/blk-ioc.c | 1 + block/ioprio.c | 1 + drivers/staging/android/ion/ion.c | 1 + drivers/staging/lustre/lustre/ptlrpc/sec.c | 1 + fs/proc/internal.h | 1 + fs/proc/proc_net.c | 1 + fs/proc_namespace.c | 2 ++ include/linux/cpuset.h | 1 + ipc/namespace.c | 1 + kernel/cgroup/cpuset.c | 1 + kernel/sched/debug.c | 1 + kernel/utsname.c | 1 + mm/mempolicy.c | 1 + mm/mmu_context.c | 1 + net/core/net_namespace.c | 2 ++ net/core/netclassid_cgroup.c | 2 ++ net/core/netprio_cgroup.c | 2 ++ 18 files changed, 22 insertions(+) commit b2d091031075ac9a1598e3cc3a29c28f02e64c0d Author: Ingo Molnar Date: Sat Feb 4 01:27:20 2017 +0100 sched/headers: Prepare to use instead of in We don't actually need the full rculist.h header in sched.h anymore, we will be able to include the smaller rcupdate.h header instead. But first update code that relied on the implicit header inclusion. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/powerpc/kvm/book3s_mmu_hpte.c | 1 + arch/x86/kvm/irq_comm.c | 2 ++ arch/x86/kvm/page_track.c | 2 ++ drivers/md/bcache/btree.c | 2 ++ drivers/misc/vmw_vmci/vmci_event.c | 1 + drivers/nvme/target/admin-cmd.c | 2 ++ drivers/nvme/target/core.c | 2 ++ drivers/s390/cio/qdio_thinint.c | 2 ++ drivers/scsi/libfc/fc_disc.c | 2 ++ drivers/scsi/libfc/fc_rport.c | 2 ++ include/linux/dmar.h | 2 +- include/linux/pid.h | 2 +- include/linux/rhashtable.h | 2 +- include/linux/sched/signal.h | 1 + include/net/bluetooth/hci_core.h | 2 ++ kernel/trace/trace_events_hist.c | 1 + kernel/trace/trace_events_trigger.c | 1 + kernel/trace/trace_kprobe.c | 1 + kernel/trace/trace_uprobe.c | 1 + lib/bug.c | 1 + lib/rhashtable.c | 1 + net/mac80211/mesh_plink.c | 2 ++ net/mac802154/llsec.c | 2 ++ security/apparmor/policy.c | 1 + security/tomoyo/domain.c | 2 ++ security/tomoyo/group.c | 2 ++ security/tomoyo/util.c | 2 ++ 27 files changed, 41 insertions(+), 3 deletions(-) commit 9164bb4a18dfa592cd0aca455ea57abf89ca4526 Author: Ingo Molnar Date: Sat Feb 4 01:20:53 2017 +0100 sched/headers: Prepare to move 'init_task' and 'init_thread_union' from to Update all usage sites first. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arm64/kernel/setup.c | 1 + arch/arm64/mm/kasan_init.c | 1 + arch/frv/mm/init.c | 1 + arch/metag/mm/init.c | 1 + arch/nios2/kernel/setup.c | 1 + arch/powerpc/kernel/paca.c | 1 + arch/um/kernel/skas/process.c | 1 + arch/um/kernel/um_arch.c | 2 ++ arch/x86/kernel/cpu/common.c | 1 + arch/x86/mm/kasan_init_64.c | 1 + fs/namespace.c | 2 ++ include/linux/sched/signal.h | 1 + init/init_task.c | 1 + kernel/delayacct.c | 1 + lib/is_single_threaded.c | 1 + mm/vmacache.c | 1 + 16 files changed, 18 insertions(+) commit 589ee62844e042b0b7d19ef57fb4cff77f3ca294 Author: Ingo Molnar Date: Sat Feb 4 00:16:44 2017 +0100 sched/headers: Prepare to remove the dependency from Update code that relied on sched.h including various MM types for them. This will allow us to remove the include from . Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/alpha/include/asm/a.out-core.h | 1 + arch/alpha/include/asm/mmu_context.h | 2 ++ arch/arc/mm/tlb.c | 2 ++ arch/arm/include/asm/mmu_context.h | 2 ++ arch/arm/include/asm/tlbflush.h | 7 ++++--- arch/arm/kernel/suspend.c | 1 + arch/arm/kernel/swp_emulate.c | 1 + arch/arm/mm/idmap.c | 1 + arch/arm64/include/asm/mmu_context.h | 1 + arch/arm64/kernel/traps.c | 1 + arch/avr32/include/asm/mmu_context.h | 2 ++ arch/blackfin/include/asm/mmu_context.h | 2 ++ arch/blackfin/kernel/flat.c | 1 + arch/blackfin/kernel/process.c | 1 + arch/blackfin/mm/sram-alloc.c | 2 ++ arch/cris/arch-v10/mm/tlb.c | 2 ++ arch/cris/arch-v32/mm/tlb.c | 1 + arch/cris/include/asm/pgtable.h | 2 +- arch/cris/mm/tlb.c | 2 ++ arch/h8300/kernel/traps.c | 1 + arch/hexagon/include/asm/mmu_context.h | 2 ++ arch/hexagon/kernel/smp.c | 1 + arch/ia64/include/asm/mmu_context.h | 1 + arch/ia64/include/asm/pgtable.h | 2 +- arch/ia64/sn/kernel/sn2/sn2_smp.c | 1 + arch/m32r/include/asm/mmu_context.h | 2 ++ arch/m68k/include/asm/a.out-core.h | 1 + arch/m68k/include/asm/mmu_context.h | 1 + arch/metag/include/asm/mmu_context.h | 1 + arch/microblaze/include/asm/mmu_context_mm.h | 2 ++ arch/microblaze/mm/pgtable.c | 1 + arch/mips/include/asm/elf.h | 2 ++ arch/mips/include/asm/mmu_context.h | 2 ++ arch/mips/kernel/smp.c | 2 +- arch/mips/math-emu/dsemul.c | 1 + arch/mips/mm/ioremap.c | 1 + arch/mn10300/include/asm/mmu_context.h | 2 ++ arch/mn10300/kernel/smp.c | 2 +- arch/mn10300/mm/tlb-smp.c | 2 +- arch/nios2/include/asm/mmu_context.h | 2 ++ arch/nios2/kernel/process.c | 1 + arch/powerpc/kernel/io-workarounds.c | 2 +- arch/powerpc/kvm/e500_mmu_host.c | 2 +- arch/powerpc/lib/feature-fixups.c | 1 + arch/powerpc/mm/hash_utils_64.c | 2 +- arch/powerpc/mm/pgtable-book3s64.c | 2 ++ arch/powerpc/mm/pgtable-hash64.c | 2 ++ arch/powerpc/mm/pgtable-radix.c | 2 +- arch/powerpc/mm/slb.c | 2 ++ arch/s390/include/asm/elf.h | 2 +- arch/s390/include/asm/mmu_context.h | 1 + arch/s390/kernel/processor.c | 1 + arch/s390/kvm/gaccess.c | 2 ++ arch/s390/kvm/priv.c | 2 ++ arch/score/include/asm/mmu_context.h | 2 ++ arch/score/kernel/traps.c | 1 + arch/sh/include/asm/mmu_context.h | 2 ++ arch/sparc/include/asm/mmu_context_64.h | 2 ++ arch/sparc/include/asm/pgtable_64.h | 3 +++ arch/sparc/kernel/asm-offsets.c | 1 + arch/sparc/kernel/traps_32.c | 1 + arch/sparc/mm/tsb.c | 2 ++ arch/tile/include/asm/mmu_context.h | 2 ++ arch/um/include/asm/mmu_context.h | 2 ++ arch/um/kernel/exec.c | 2 +- arch/um/kernel/reboot.c | 1 + arch/um/kernel/skas/process.c | 3 ++- arch/x86/entry/vsyscall/vsyscall_64.c | 1 + arch/x86/events/core.c | 2 +- arch/x86/include/asm/a.out-core.h | 2 ++ arch/x86/include/asm/mpx.h | 2 ++ arch/x86/mm/mpx.c | 1 + arch/x86/um/syscalls_64.c | 1 + arch/x86/xen/mmu.c | 2 +- arch/xtensa/include/asm/mmu_context.h | 1 + drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c | 2 ++ drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_vi.c | 2 ++ drivers/infiniband/hw/cxgb3/iwch_provider.c | 2 +- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 2 +- drivers/media/v4l2-core/videobuf-dma-sg.c | 2 +- fs/binfmt_misc.c | 2 +- fs/kernfs/file.c | 2 +- include/drm/drm_mm.h | 1 + include/linux/init_task.h | 1 + include/linux/sched/mm.h | 1 + kernel/sched/debug.c | 2 +- kernel/sched/fair.c | 2 +- kernel/signal.c | 2 +- lib/is_single_threaded.c | 1 + 89 files changed, 125 insertions(+), 25 deletions(-) commit 2e58f173ab89b29a1373088b8727133dbf7322b0 Author: Ingo Molnar Date: Sat Feb 4 00:12:19 2017 +0100 mm/headers, sched/headers: Prepare to split out of We are going to separate all the MM types that are embedded directly in 'struct task_struct' into the new header. Create a new that only contains some includes from mm_types.h itself. This should be trivially correct and easy to bisect to. (This patch does not materially move the types yet.) Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/mm_types.h | 6 +++--- include/linux/mm_types_task.h | 10 ++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) commit f361bf4a66c9bfabace46f6ff5d97005c9b524fe Author: Ingo Molnar Date: Fri Feb 3 23:47:37 2017 +0100 sched/headers: Prepare for the reduction of 's signal API dependency Instead of including the full , we are going to include the types-only header in , to further decouple the scheduler header from the signal headers. This means that various files which relied on the full need to be updated to gain an explicit dependency on it. Update the code that relies on sched.h's inclusion of the header. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arm64/kernel/sys_compat.c | 1 + drivers/gpu/drm/i915/i915_gem_request.c | 1 + drivers/isdn/mISDN/stack.c | 2 ++ fs/btrfs/extent-tree.c | 1 + fs/btrfs/free-space-cache.c | 1 + fs/buffer.c | 1 + fs/ceph/addr.c | 1 + fs/dax.c | 1 + fs/ioctl.c | 2 ++ fs/iomap.c | 2 ++ fs/ocfs2/super.c | 1 + include/linux/sched.h | 1 + include/linux/sched/signal.h | 1 + kernel/pid_namespace.c | 1 + mm/page-writeback.c | 1 + 15 files changed, 18 insertions(+) commit e6d930b4e0115eb0732eec0efb11c3b09a8000fc Author: Ingo Molnar Date: Fri Feb 3 23:43:50 2017 +0100 signals: Prepare to split out from Introduce dummy header and add dependencies to places that will depend on it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/mips/include/asm/abi.h | 2 ++ include/linux/signal.h | 3 +-- include/linux/signal_types.h | 7 +++++++ 3 files changed, 10 insertions(+), 2 deletions(-) commit dfc3401a33086a3fd465468e171ea0e82430569b Author: Ingo Molnar Date: Fri Feb 3 23:15:21 2017 +0100 sched/headers: Prepare to move the 'root_task_group' declaration to Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/init_task.h | 1 + kernel/sched/sched.h | 1 + 2 files changed, 2 insertions(+) commit 68db0cf10678630d286f4bbbbdfa102951a35faa Author: Ingo Molnar Date: Wed Feb 8 18:51:37 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/alpha/kernel/osf_sys.c | 1 + arch/alpha/kernel/process.c | 1 + arch/alpha/kernel/ptrace.c | 1 + arch/alpha/kernel/signal.c | 1 + arch/arc/kernel/kgdb.c | 1 + arch/arc/kernel/process.c | 1 + arch/arc/kernel/ptrace.c | 1 + arch/arc/kernel/signal.c | 2 ++ arch/arm/kernel/perf_regs.c | 1 + arch/arm/kernel/process.c | 1 + arch/arm/kernel/ptrace.c | 1 + arch/arm/kernel/smp.c | 1 + arch/arm/kernel/traps.c | 1 + arch/arm64/include/asm/compat.h | 1 + arch/arm64/kernel/debug-monitors.c | 1 + arch/arm64/kernel/kgdb.c | 2 ++ arch/arm64/kernel/perf_regs.c | 1 + arch/arm64/kernel/process.c | 1 + arch/arm64/kernel/ptrace.c | 1 + arch/arm64/kernel/smp.c | 1 + arch/arm64/kernel/stacktrace.c | 1 + arch/arm64/kernel/traps.c | 1 + arch/avr32/kernel/process.c | 1 + arch/avr32/kernel/ptrace.c | 1 + arch/avr32/kernel/stacktrace.c | 1 + arch/blackfin/kernel/process.c | 1 + arch/blackfin/kernel/ptrace.c | 1 + arch/blackfin/kernel/signal.c | 1 + arch/blackfin/kernel/stacktrace.c | 1 + arch/blackfin/mach-common/smp.c | 1 + arch/c6x/kernel/process.c | 1 + arch/c6x/kernel/ptrace.c | 1 + arch/cris/arch-v10/kernel/process.c | 1 + arch/cris/arch-v10/kernel/ptrace.c | 1 + arch/cris/arch-v10/kernel/signal.c | 1 + arch/cris/arch-v32/kernel/process.c | 1 + arch/cris/arch-v32/kernel/ptrace.c | 1 + arch/cris/arch-v32/kernel/signal.c | 1 + arch/frv/kernel/process.c | 1 + arch/h8300/kernel/process.c | 1 + arch/h8300/kernel/signal.c | 1 + arch/hexagon/kernel/kgdb.c | 1 + arch/hexagon/kernel/process.c | 1 + arch/hexagon/kernel/ptrace.c | 1 + arch/hexagon/kernel/signal.c | 2 ++ arch/hexagon/kernel/stacktrace.c | 1 + arch/hexagon/kernel/traps.c | 1 + arch/ia64/kernel/perfmon.c | 1 + arch/ia64/kernel/process.c | 1 + arch/ia64/kernel/ptrace.c | 1 + arch/ia64/kernel/setup.c | 1 + arch/ia64/kernel/sys_ia64.c | 1 + arch/m32r/kernel/process.c | 1 + arch/m32r/kernel/ptrace.c | 1 + arch/m68k/kernel/process.c | 1 + arch/m68k/kernel/ptrace.c | 1 + arch/metag/kernel/process.c | 1 + arch/metag/kernel/ptrace.c | 2 ++ arch/metag/kernel/signal.c | 1 + arch/metag/kernel/smp.c | 1 + arch/metag/kernel/traps.c | 1 + arch/microblaze/kernel/process.c | 1 + arch/microblaze/kernel/ptrace.c | 1 + arch/microblaze/kernel/unwind.c | 1 + arch/mips/include/asm/fpu.h | 1 + arch/mips/kernel/crash.c | 1 + arch/mips/kernel/perf_event.c | 1 + arch/mips/kernel/process.c | 1 + arch/mips/kernel/ptrace.c | 1 + arch/mips/kernel/ptrace32.c | 1 + arch/mips/kernel/stacktrace.c | 1 + arch/mips/kernel/syscall.c | 1 + arch/mips/loongson64/loongson-3/smp.c | 1 + arch/mips/paravirt/paravirt-smp.c | 1 + arch/mips/sibyte/bcm1480/smp.c | 1 + arch/mn10300/kernel/process.c | 1 + arch/mn10300/kernel/ptrace.c | 1 + arch/nios2/kernel/process.c | 1 + arch/nios2/kernel/ptrace.c | 1 + arch/openrisc/kernel/process.c | 1 + arch/openrisc/kernel/ptrace.c | 1 + arch/parisc/kernel/process.c | 1 + arch/powerpc/kernel/process.c | 1 + arch/powerpc/mm/fault.c | 1 + arch/powerpc/perf/perf_regs.c | 1 + arch/s390/include/asm/compat.h | 1 + arch/s390/include/asm/kprobes.h | 1 + arch/s390/kernel/compat_signal.c | 1 + arch/s390/kernel/dumpstack.c | 1 + arch/s390/kernel/process.c | 1 + arch/s390/kernel/ptrace.c | 1 + arch/s390/kernel/runtime_instr.c | 2 ++ arch/s390/kernel/signal.c | 1 + arch/s390/kernel/smp.c | 1 + arch/s390/kernel/uprobes.c | 2 ++ arch/score/kernel/process.c | 1 + arch/score/kernel/ptrace.c | 1 + arch/sh/kernel/cpu/fpu.c | 1 + arch/sh/kernel/dumpstack.c | 1 + arch/sh/kernel/kgdb.c | 2 ++ arch/sh/kernel/process.c | 1 + arch/sh/kernel/process_32.c | 1 + arch/sh/kernel/process_64.c | 1 + arch/sh/kernel/ptrace_32.c | 1 + arch/sh/kernel/ptrace_64.c | 1 + arch/sh/kernel/signal_32.c | 1 + arch/sh/kernel/sys_sh32.c | 1 + arch/sh/kernel/traps.c | 1 + arch/sh/kernel/traps_32.c | 2 ++ arch/sparc/kernel/process_32.c | 1 + arch/sparc/kernel/process_64.c | 1 + arch/sparc/kernel/ptrace_64.c | 1 + arch/tile/kernel/compat_signal.c | 1 + arch/tile/kernel/kgdb.c | 2 ++ arch/tile/kernel/process.c | 1 + arch/tile/kernel/ptrace.c | 2 ++ arch/tile/kernel/signal.c | 1 + arch/tile/kernel/stack.c | 1 + arch/um/kernel/exec.c | 1 + arch/um/kernel/process.c | 1 + arch/um/kernel/skas/process.c | 1 + arch/unicore32/kernel/process.c | 1 + arch/unicore32/kernel/ptrace.c | 1 + arch/unicore32/kernel/traps.c | 1 + arch/x86/entry/common.c | 1 + arch/x86/entry/vdso/vma.c | 1 + arch/x86/ia32/ia32_aout.c | 1 + arch/x86/ia32/ia32_signal.c | 1 + arch/x86/kernel/dumpstack.c | 1 + arch/x86/kernel/fpu/regset.c | 1 + arch/x86/kernel/ioport.c | 1 + arch/x86/kernel/irq_64.c | 1 + arch/x86/kernel/perf_regs.c | 1 + arch/x86/kernel/process.c | 1 + arch/x86/kernel/process_32.c | 1 + arch/x86/kernel/process_64.c | 1 + arch/x86/kernel/ptrace.c | 1 + arch/x86/kernel/signal.c | 1 + arch/x86/kernel/smpboot.c | 1 + arch/x86/kernel/stacktrace.c | 1 + arch/x86/kernel/step.c | 1 + arch/x86/kernel/traps.c | 1 + arch/x86/kernel/unwind_frame.c | 1 + arch/x86/kernel/vm86_32.c | 1 + arch/x86/mm/fault.c | 1 + arch/xtensa/kernel/process.c | 1 + arch/xtensa/kernel/ptrace.c | 1 + arch/xtensa/kernel/signal.c | 1 + arch/xtensa/kernel/smp.c | 1 + block/blk-map.c | 1 + drivers/hv/vmbus_drv.c | 2 ++ drivers/ide/ide-cd.c | 1 + drivers/md/bcache/closure.h | 1 + drivers/misc/lkdtm_usercopy.c | 1 + drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 1 + fs/binfmt_aout.c | 1 + fs/binfmt_elf.c | 1 + fs/binfmt_elf_fdpic.c | 3 ++- fs/binfmt_flat.c | 1 + fs/coredump.c | 1 + include/linux/elfcore.h | 2 ++ include/linux/perf_regs.h | 2 ++ include/linux/sched/task_stack.h | 6 ++++++ init/main.c | 1 + kernel/events/callchain.c | 2 ++ kernel/exit.c | 1 + kernel/fork.c | 1 + kernel/printk/printk.c | 1 + kernel/sched/sched.h | 1 + kernel/seccomp.c | 1 + kernel/signal.c | 1 + kernel/trace/trace_stack.c | 1 + lib/debugobjects.c | 1 + lib/dma-debug.c | 1 + lib/syscall.c | 1 + mm/kasan/kasan.c | 1 + mm/kmemleak.c | 1 + mm/util.c | 1 + 178 files changed, 198 insertions(+), 1 deletion(-) commit 299300258d1bc4e997b7db340a2e06636757fe2e Author: Ingo Molnar Date: Wed Feb 8 18:51:36 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/alpha/kernel/process.c | 1 + arch/arc/kernel/process.c | 2 ++ arch/arm/kernel/process.c | 1 + arch/arm/mm/init.c | 1 + arch/arm64/kernel/process.c | 1 + arch/avr32/kernel/process.c | 1 + arch/blackfin/kernel/process.c | 1 + arch/blackfin/kernel/trace.c | 1 + arch/c6x/kernel/process.c | 1 + arch/cris/arch-v10/kernel/process.c | 1 + arch/cris/arch-v32/kernel/process.c | 1 + arch/cris/kernel/process.c | 1 + arch/frv/kernel/process.c | 1 + arch/frv/mm/mmu-context.c | 1 + arch/h8300/kernel/process.c | 1 + arch/hexagon/kernel/process.c | 1 + arch/ia64/kernel/mca.c | 1 + arch/ia64/kernel/perfmon.c | 1 + arch/ia64/kernel/process.c | 1 + arch/ia64/kernel/ptrace.c | 1 + arch/m32r/kernel/process.c | 1 + arch/m32r/kernel/smpboot.c | 1 + arch/m68k/kernel/process.c | 1 + arch/metag/kernel/process.c | 1 + arch/metag/kernel/traps.c | 1 + arch/microblaze/kernel/process.c | 1 + arch/mips/kernel/mips-mt-fpaff.c | 1 + arch/mips/kernel/process.c | 1 + arch/mn10300/kernel/process.c | 1 + arch/mn10300/kernel/smp.c | 1 + arch/nios2/kernel/process.c | 1 + arch/openrisc/kernel/process.c | 1 + arch/parisc/kernel/process.c | 1 + arch/powerpc/kernel/process.c | 1 + arch/s390/kernel/process.c | 1 + arch/s390/kernel/setup.c | 1 + arch/score/kernel/process.c | 1 + arch/sh/kernel/cpu/fpu.c | 1 + arch/sh/kernel/process_32.c | 1 + arch/sh/kernel/process_64.c | 1 + arch/sh/mm/asids-debugfs.c | 1 + arch/sparc/kernel/process_32.c | 1 + arch/sparc/kernel/process_64.c | 1 + arch/tile/kernel/process.c | 1 + arch/tile/kernel/smpboot.c | 1 + arch/tile/kernel/unaligned.c | 1 + arch/tile/mm/fault.c | 2 ++ arch/um/kernel/exec.c | 1 + arch/um/kernel/process.c | 1 + arch/um/kernel/reboot.c | 1 + arch/unicore32/kernel/process.c | 1 + arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 1 + arch/x86/kernel/fpu/init.c | 1 + arch/x86/kernel/process.c | 1 + arch/x86/kernel/process_32.c | 1 + arch/x86/kernel/process_64.c | 1 + arch/x86/kernel/unwind_frame.c | 1 + arch/xtensa/kernel/process.c | 1 + drivers/misc/kgdbts.c | 2 ++ drivers/tty/sysrq.c | 2 +- drivers/tty/tty_io.c | 1 + fs/exec.c | 1 + fs/fcntl.c | 1 + fs/fs_struct.c | 1 + fs/proc/array.c | 1 + fs/proc/kcore.c | 1 + include/linux/sched/task.h | 6 ++++++ init/main.c | 1 + kernel/cgroup/cgroup.c | 1 + kernel/cpu.c | 1 + kernel/exit.c | 1 + kernel/fork.c | 1 + kernel/kmod.c | 1 + kernel/kthread.c | 1 + kernel/locking/lockdep.c | 1 + kernel/pid.c | 1 + kernel/pid_namespace.c | 1 + kernel/power/process.c | 1 + kernel/ptrace.c | 1 + kernel/sched/sched.h | 1 + kernel/signal.c | 1 + kernel/smpboot.c | 1 + kernel/sys.c | 1 + kernel/trace/ftrace.c | 1 + kernel/tracepoint.c | 1 + lib/dma-debug.c | 1 + mm/kmemleak.c | 1 + mm/memory-failure.c | 1 + mm/memory.c | 1 + mm/oom_kill.c | 1 + mm/rmap.c | 1 + mm/swapfile.c | 1 + mm/usercopy.c | 2 ++ security/keys/keyctl.c | 1 + security/selinux/hooks.c | 1 + 95 files changed, 104 insertions(+), 1 deletion(-) commit ef8bd77f332bb0a4e467d7171bbfc6c57aa08a88 Author: Ingo Molnar Date: Wed Feb 8 18:51:36 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arm/kernel/smp.c | 1 + arch/arm64/include/asm/mmu_context.h | 1 + arch/arm64/kernel/smp.c | 1 + arch/ia64/kernel/process.c | 1 + arch/metag/kernel/smp.c | 1 + arch/mips/cavium-octeon/smp.c | 1 + arch/mips/kernel/smp-bmips.c | 1 + arch/mips/kernel/smp-cps.c | 1 + arch/mips/loongson64/loongson-3/smp.c | 1 + arch/powerpc/platforms/85xx/smp.c | 1 + arch/powerpc/platforms/powermac/smp.c | 1 + arch/powerpc/platforms/powernv/smp.c | 1 + arch/powerpc/platforms/pseries/hotplug-cpu.c | 1 + arch/s390/kernel/smp.c | 1 + arch/sh/kernel/smp.c | 1 + arch/sparc/kernel/smp_64.c | 1 + arch/x86/kernel/smpboot.c | 1 + arch/xtensa/kernel/smp.c | 1 + include/linux/sched/hotplug.h | 6 ++++++ kernel/cpu.c | 1 + kernel/sched/core.c | 1 + kernel/sched/sched.h | 4 +++- 22 files changed, 29 insertions(+), 1 deletion(-) commit b17b01533b719e9949e437abf66436a875739b40 Author: Ingo Molnar Date: Wed Feb 8 18:51:35 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/alpha/kernel/process.c | 1 + arch/alpha/kernel/traps.c | 1 + arch/arc/kernel/ctx_sw.c | 1 + arch/arc/kernel/stacktrace.c | 2 ++ arch/arc/kernel/troubleshoot.c | 1 + arch/arm/kernel/process.c | 1 + arch/arm/kernel/stacktrace.c | 1 + arch/arm/kernel/traps.c | 1 + arch/arm/mm/alignment.c | 1 + arch/arm/mm/fault.c | 1 + arch/arm/probes/kprobes/core.c | 1 + arch/arm64/kernel/probes/kprobes.c | 1 + arch/arm64/kernel/process.c | 1 + arch/arm64/kernel/stacktrace.c | 1 + arch/arm64/kernel/traps.c | 1 + arch/arm64/mm/fault.c | 1 + arch/avr32/kernel/nmi_debug.c | 1 + arch/avr32/kernel/process.c | 1 + arch/blackfin/kernel/dumpstack.c | 2 ++ arch/blackfin/kernel/early_printk.c | 1 + arch/blackfin/kernel/nmi.c | 1 + arch/blackfin/kernel/process.c | 1 + arch/blackfin/kernel/trace.c | 1 + arch/blackfin/kernel/traps.c | 1 + arch/blackfin/mach-common/ints-priority.c | 1 + arch/blackfin/mm/isram-driver.c | 1 + arch/c6x/kernel/traps.c | 1 + arch/cris/arch-v10/kernel/process.c | 1 + arch/cris/arch-v10/kernel/traps.c | 2 ++ arch/cris/arch-v32/kernel/process.c | 1 + arch/cris/arch-v32/kernel/traps.c | 2 ++ arch/cris/kernel/irq.c | 1 + arch/cris/kernel/stacktrace.c | 2 +- arch/cris/kernel/traps.c | 1 + arch/frv/kernel/process.c | 1 + arch/frv/kernel/traps.c | 1 + arch/h8300/kernel/process.c | 1 + arch/h8300/kernel/traps.c | 1 + arch/hexagon/kernel/process.c | 1 + arch/hexagon/kernel/traps.c | 1 + arch/hexagon/kernel/vm_events.c | 1 + arch/ia64/hp/sim/simserial.c | 1 + arch/ia64/kernel/mca.c | 1 + arch/ia64/kernel/process.c | 1 + arch/ia64/kernel/traps.c | 1 + arch/m32r/kernel/process.c | 1 + arch/m32r/kernel/traps.c | 1 + arch/m68k/kernel/process.c | 1 + arch/m68k/kernel/traps.c | 1 + arch/m68k/mac/macints.c | 1 + arch/metag/kernel/process.c | 1 + arch/metag/kernel/stacktrace.c | 1 + arch/metag/kernel/traps.c | 1 + arch/metag/mm/fault.c | 1 + arch/microblaze/kernel/exceptions.c | 1 + arch/microblaze/kernel/process.c | 1 + arch/microblaze/kernel/traps.c | 1 + arch/mips/kernel/process.c | 1 + arch/mips/kernel/stacktrace.c | 1 + arch/mips/kernel/traps.c | 1 + arch/mips/sgi-ip22/ip28-berr.c | 1 + arch/mips/sgi-ip27/ip27-berr.c | 1 + arch/mips/sgi-ip32/ip32-berr.c | 1 + arch/mips/sgi-ip32/ip32-irq.c | 1 + arch/mn10300/kernel/process.c | 1 + arch/mn10300/kernel/traps.c | 1 + arch/nios2/kernel/process.c | 1 + arch/nios2/kernel/traps.c | 1 + arch/nios2/mm/fault.c | 1 + arch/openrisc/kernel/process.c | 1 + arch/openrisc/kernel/traps.c | 1 + arch/parisc/kernel/pa7300lc.c | 1 + arch/parisc/kernel/process.c | 1 + arch/parisc/kernel/signal.c | 1 + arch/parisc/kernel/traps.c | 1 + arch/parisc/kernel/unaligned.c | 1 + arch/parisc/mm/fault.c | 1 + arch/powerpc/kernel/process.c | 1 + arch/powerpc/kernel/stacktrace.c | 1 + arch/powerpc/kernel/traps.c | 1 + arch/s390/kernel/dumpstack.c | 1 + arch/s390/kernel/process.c | 1 + arch/s390/kernel/stacktrace.c | 1 + arch/s390/kernel/traps.c | 1 + arch/s390/mm/fault.c | 1 + arch/score/kernel/traps.c | 1 + arch/sh/kernel/dumpstack.c | 1 + arch/sh/kernel/nmi_debug.c | 1 + arch/sh/kernel/process_32.c | 1 + arch/sh/kernel/process_64.c | 1 + arch/sh/kernel/stacktrace.c | 1 + arch/sh/kernel/traps.c | 1 + arch/sh/kernel/traps_64.c | 1 + arch/sparc/kernel/process_32.c | 1 + arch/sparc/kernel/process_64.c | 1 + arch/sparc/kernel/stacktrace.c | 1 + arch/sparc/kernel/sun4m_irq.c | 1 + arch/sparc/kernel/sys_sparc_32.c | 1 + arch/sparc/kernel/sys_sparc_64.c | 1 + arch/sparc/kernel/traps_32.c | 1 + arch/sparc/kernel/traps_64.c | 1 + arch/sparc/mm/fault_64.c | 1 + arch/tile/include/asm/stack.h | 2 ++ arch/tile/kernel/process.c | 1 + arch/tile/kernel/signal.c | 1 + arch/tile/kernel/stack.c | 1 + arch/tile/kernel/traps.c | 1 + arch/tile/kernel/unaligned.c | 1 + arch/tile/mm/fault.c | 1 + arch/um/drivers/mconsole_kern.c | 1 + arch/um/kernel/process.c | 1 + arch/um/kernel/sysrq.c | 2 ++ arch/um/kernel/trap.c | 1 + arch/unicore32/kernel/process.c | 1 + arch/unicore32/kernel/stacktrace.c | 1 + arch/unicore32/kernel/traps.c | 1 + arch/unicore32/mm/alignment.c | 1 + arch/x86/kernel/amd_gart_64.c | 1 + arch/x86/kernel/doublefault.c | 1 + arch/x86/kernel/dumpstack.c | 1 + arch/x86/kernel/dumpstack_32.c | 1 + arch/x86/kernel/dumpstack_64.c | 1 + arch/x86/kernel/kprobes/core.c | 1 + arch/x86/kernel/nmi.c | 1 + arch/x86/kernel/process.c | 1 + arch/x86/kernel/stacktrace.c | 1 + arch/x86/mm/extable.c | 2 ++ arch/x86/platform/uv/uv_nmi.c | 1 + arch/x86/um/sysrq_32.c | 1 + arch/x86/um/sysrq_64.c | 1 + arch/xtensa/kernel/process.c | 1 + arch/xtensa/kernel/traps.c | 1 + drivers/base/power/main.c | 1 + drivers/tty/sysrq.c | 2 ++ drivers/tty/tty_ldsem.c | 1 + drivers/tty/vt/keyboard.c | 2 ++ fs/proc/base.c | 1 + include/linux/sched/debug.h | 6 ++++++ kernel/debug/kdb/kdb_bt.c | 1 + kernel/debug/kdb/kdb_main.c | 1 + kernel/hung_task.c | 1 + kernel/latencytop.c | 1 + kernel/locking/mutex.c | 1 + kernel/locking/rtmutex-debug.c | 1 + kernel/locking/rtmutex.c | 1 + kernel/locking/rwsem-spinlock.c | 1 + kernel/locking/rwsem-xadd.c | 1 + kernel/locking/rwsem.c | 1 + kernel/locking/semaphore.c | 1 + kernel/panic.c | 1 + kernel/power/process.c | 1 + kernel/printk/printk.c | 1 + kernel/rcu/tree.c | 1 + kernel/rcu/tree_plugin.h | 1 + kernel/rcu/update.c | 1 + kernel/sched/completion.c | 1 + kernel/sched/sched.h | 2 +- kernel/sched/wait.c | 1 + kernel/signal.c | 1 + kernel/time/alarmtimer.c | 1 + kernel/time/hrtimer.c | 1 + kernel/time/timer.c | 1 + kernel/watchdog.c | 1 + kernel/watchdog_hld.c | 2 ++ lib/dump_stack.c | 1 + lib/nmi_backtrace.c | 1 + 166 files changed, 181 insertions(+), 2 deletions(-) commit 370c91355c76cbcaad8ff79b4bb15a7f2ea59433 Author: Ingo Molnar Date: Wed Feb 8 18:51:35 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched/nohz.h | 6 ++++++ kernel/sched/sched.h | 1 + kernel/time/hrtimer.c | 1 + kernel/time/tick-sched.c | 1 + kernel/time/timer.c | 1 + 5 files changed, 10 insertions(+) commit 03441a3482a31462c93509939a388877e3cd9261 Author: Ingo Molnar Date: Wed Feb 8 18:51:35 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/powerpc/kvm/book3s_hv.c | 1 + arch/s390/appldata/appldata_os.c | 1 + crypto/mcryptd.c | 1 + drivers/cpuidle/governors/menu.c | 1 + fs/proc/loadavg.c | 1 + fs/proc/root.c | 1 + fs/proc/stat.c | 1 + include/linux/sched/stat.h | 6 ++++++ kernel/debug/kdb/kdb_main.c | 1 + kernel/exit.c | 1 + kernel/fork.c | 1 + kernel/sched/sched.h | 1 + kernel/sys.c | 1 + kernel/time/tick-sched.c | 1 + virt/kvm/kvm_main.c | 1 + 15 files changed, 20 insertions(+) commit fd7712337ff09a248df424c5843c149586a3f017 Author: Ingo Molnar Date: Thu Feb 2 20:56:33 2017 +0100 sched/headers: Prepare to remove the include from is still needed - also update other headers and .c files that depend on sched.h including gfp.h (and its sub-headers) for them. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 1 + include/linux/sched/mm.h | 1 + lib/percpu_ida.c | 1 + 3 files changed, 3 insertions(+) commit 5b3cc15aff243cb518cbeed8b1a220cbfd023d9c Author: Ingo Molnar Date: Thu Feb 2 20:43:54 2017 +0100 sched/headers: Prepare to move the memalloc_noio_*() APIs to Update the .c files that depend on these APIs. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar drivers/base/power/runtime.c | 2 +- drivers/md/dm-bufio.c | 1 + drivers/md/dm-ioctl.c | 1 + drivers/usb/core/hub.c | 2 +- fs/ocfs2/cluster/tcp.c | 1 + fs/xfs/kmem.c | 1 + fs/xfs/xfs_buf.c | 1 + mm/page_alloc.c | 1 + mm/vmscan.c | 1 + net/ceph/crypto.c | 1 + 10 files changed, 10 insertions(+), 2 deletions(-) commit 174cd4b1e5fbd0d74c68cf3a74f5bd4923485512 Author: Ingo Molnar Date: Thu Feb 2 19:15:33 2017 +0100 sched/headers: Prepare to move signal wakeup & sigpending methods from into Fix up affected files that include this signal functionality via sched.h. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arm/common/bL_switcher.c | 2 +- arch/cris/arch-v10/drivers/sync_serial.c | 2 +- arch/cris/arch-v32/drivers/sync_serial.c | 2 +- arch/mips/kernel/rtlx.c | 2 ++ arch/mips/kvm/mips.c | 2 ++ arch/powerpc/kvm/book3s_hv.c | 2 +- arch/powerpc/kvm/powerpc.c | 1 + arch/powerpc/platforms/83xx/suspend.c | 1 + arch/powerpc/platforms/cell/spufs/sched.c | 2 +- arch/powerpc/platforms/cell/spufs/spufs.h | 1 + arch/s390/crypto/prng.c | 2 ++ arch/s390/kvm/kvm-s390.c | 2 ++ arch/s390/kvm/vsie.c | 2 ++ arch/sh/kernel/cpu/fpu.c | 2 +- arch/sh/kernel/disassemble.c | 2 ++ arch/sh/kernel/process.c | 2 +- arch/um/drivers/random.c | 2 +- arch/x86/kernel/apm_32.c | 2 +- block/blk-cgroup.c | 1 + block/blk-mq.c | 1 + crypto/algboss.c | 2 +- crypto/algif_aead.c | 1 + crypto/algif_skcipher.c | 1 + crypto/api.c | 2 +- drivers/atm/horizon.c | 1 + drivers/base/core.c | 1 + drivers/base/power/wakeup.c | 2 +- drivers/block/drbd/drbd_main.c | 1 + drivers/block/drbd/drbd_receiver.c | 1 + drivers/block/drbd/drbd_worker.c | 2 +- drivers/block/swim3.c | 2 +- drivers/char/applicom.c | 2 +- drivers/char/hpet.c | 1 + drivers/char/hw_random/core.c | 1 + drivers/char/ipmi/ipmi_watchdog.c | 1 + drivers/char/lp.c | 2 +- drivers/char/ppdev.c | 2 +- drivers/char/rtc.c | 2 +- drivers/char/snsc.c | 2 +- drivers/dma-buf/dma-fence.c | 1 + drivers/gpu/drm/omapdrm/displays/panel-dsi-cm.c | 2 +- drivers/gpu/drm/vc4/vc4_gem.c | 1 + drivers/gpu/vga/vgaarb.c | 2 +- drivers/hid/hid-debug.c | 2 +- drivers/hid/hid-roccat.c | 2 +- drivers/hid/hidraw.c | 2 +- drivers/hid/usbhid/hiddev.c | 1 + drivers/hsi/clients/cmt_speech.c | 2 +- drivers/i2c/busses/i2c-ibm_iic.c | 2 ++ drivers/i2c/busses/i2c-mpc.c | 2 +- drivers/iio/industrialio-buffer.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 1 + drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 1 + drivers/isdn/capi/kcapi.c | 2 +- drivers/isdn/mISDN/timerdev.c | 2 ++ drivers/lguest/core.c | 1 + drivers/macintosh/adb.c | 2 +- drivers/macintosh/smu.c | 1 + drivers/macintosh/via-pmu.c | 2 +- drivers/mailbox/mailbox-test.c | 1 + drivers/md/dm.c | 1 + drivers/media/dvb-core/dvb_ca_en50221.c | 2 +- drivers/media/dvb-core/dvb_demux.c | 2 +- drivers/media/dvb-core/dvb_frontend.c | 2 +- drivers/media/pci/cx18/cx18-driver.h | 2 +- drivers/media/pci/ivtv/ivtv-driver.h | 35 +++++++++++----------- drivers/media/pci/pt1/pt1.c | 1 + drivers/media/pci/pt3/pt3.c | 1 + drivers/media/pci/solo6x10/solo6x10-i2c.c | 1 + drivers/media/pci/zoran/zoran_device.c | 1 + drivers/media/platform/vivid/vivid-radio-rx.c | 2 ++ drivers/media/platform/vivid/vivid-radio-tx.c | 1 + drivers/media/rc/lirc_dev.c | 2 +- drivers/media/usb/cpia2/cpia2_core.c | 1 + drivers/media/usb/gspca/cpia1.c | 2 ++ drivers/misc/cxl/fault.c | 2 +- drivers/misc/cxl/file.c | 2 +- drivers/misc/ibmasm/r_heartbeat.c | 2 +- drivers/misc/lis3lv02d/lis3lv02d.c | 1 + drivers/misc/mei/bus.c | 2 +- drivers/misc/mei/client.c | 2 +- drivers/misc/mei/main.c | 2 +- drivers/misc/mic/scif/scif_main.h | 2 +- drivers/misc/vexpress-syscfg.c | 2 +- drivers/mtd/tests/mtd_test.h | 2 +- drivers/net/bonding/bond_options.c | 2 ++ drivers/net/bonding/bond_sysfs.c | 2 +- drivers/net/can/softing/softing_fw.c | 2 +- drivers/net/ethernet/broadcom/tg3.c | 1 + drivers/net/ethernet/cavium/liquidio/octeon_main.h | 2 ++ drivers/net/ethernet/sfc/falcon/falcon.c | 2 ++ drivers/net/irda/stir4200.c | 1 + drivers/net/macvtap.c | 2 +- drivers/net/ppp/ppp_generic.c | 1 + drivers/net/tun.c | 1 + drivers/net/usb/hso.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wan/cosa.c | 2 +- drivers/net/wireless/ath/ath6kl/cfg80211.c | 1 + drivers/net/wireless/broadcom/b43legacy/main.c | 2 +- drivers/net/wireless/intersil/hostap/hostap_hw.c | 2 +- .../net/wireless/intersil/hostap/hostap_ioctl.c | 2 +- drivers/oprofile/event_buffer.c | 2 +- drivers/parport/daisy.c | 2 +- drivers/parport/ieee1284.c | 2 +- drivers/parport/ieee1284_ops.c | 2 +- drivers/parport/parport_ip32.c | 2 +- drivers/parport/parport_pc.c | 2 +- drivers/parport/share.c | 2 +- drivers/pci/access.c | 2 +- drivers/pci/hotplug/cpci_hotplug_core.c | 1 + drivers/pci/hotplug/cpqphp.h | 2 +- drivers/pci/hotplug/pciehp.h | 2 +- drivers/pci/hotplug/shpchp.h | 2 +- drivers/rtc/rtc-dev.c | 2 +- drivers/s390/cio/device.c | 1 + drivers/scsi/lpfc/lpfc_vport.c | 1 + drivers/scsi/osst.c | 2 +- drivers/scsi/st.c | 2 +- drivers/soc/fsl/qbman/dpaa_sys.h | 1 + drivers/staging/comedi/comedi_fops.c | 2 +- drivers/staging/dgnc/dgnc_tty.c | 2 +- drivers/staging/dgnc/dgnc_utils.c | 2 +- drivers/staging/greybus/uart.c | 2 +- .../lustre/lustre/include/lustre/lustre_user.h | 1 + drivers/staging/lustre/lustre/include/lustre_lib.h | 2 +- .../staging/lustre/lustre/include/obd_support.h | 2 ++ drivers/staging/media/lirc/lirc_sir.c | 2 +- drivers/staging/media/lirc/lirc_zilog.c | 2 +- drivers/staging/speakup/speakup_soft.c | 2 +- drivers/target/iscsi/cxgbit/cxgbit_target.c | 2 ++ drivers/tty/n_gsm.c | 2 +- drivers/tty/serial/crisv10.c | 2 +- drivers/tty/serial/serial_core.c | 1 + drivers/tty/tty_ioctl.c | 2 +- drivers/tty/tty_port.c | 2 +- drivers/uio/uio.c | 2 +- drivers/usb/class/cdc-acm.c | 1 + drivers/usb/class/usblp.c | 2 +- drivers/usb/gadget/function/f_fs.c | 1 + drivers/usb/image/mdc800.c | 2 +- drivers/usb/misc/adutux.c | 1 + drivers/usb/misc/idmouse.c | 1 + drivers/usb/misc/rio500.c | 2 +- drivers/usb/misc/uss720.c | 1 + drivers/usb/mon/mon_bin.c | 1 + drivers/usb/mon/mon_text.c | 1 + drivers/usb/serial/digi_acceleport.c | 1 + drivers/usb/serial/generic.c | 1 + drivers/vhost/net.c | 1 + drivers/vhost/vhost.c | 1 + drivers/video/fbdev/cobalt_lcdfb.c | 1 + .../fbdev/omap2/omapfb/displays/panel-dsi-cm.c | 2 +- fs/afs/rxrpc.c | 2 ++ fs/aio.c | 2 +- fs/btrfs/ctree.h | 1 + fs/ceph/caps.c | 2 +- fs/cifs/inode.c | 2 ++ fs/coda/psdev.c | 2 +- fs/dlm/user.c | 1 + fs/ecryptfs/read_write.c | 2 ++ fs/eventfd.c | 2 +- fs/eventpoll.c | 2 +- fs/ext4/ext4.h | 1 + fs/f2fs/data.c | 1 + fs/fuse/dev.c | 1 + fs/gfs2/lock_dlm.c | 1 + fs/gfs2/super.c | 2 +- fs/hpfs/hpfs_fn.h | 2 +- fs/hugetlbfs/inode.c | 2 +- fs/jffs2/nodemgmt.c | 2 +- fs/nfs/inode.c | 2 +- fs/nilfs2/segment.c | 2 ++ fs/notify/fanotify/fanotify_user.c | 1 + fs/notify/inotify/inotify_user.c | 2 +- fs/ntfs/file.c | 2 +- fs/ocfs2/alloc.c | 1 + fs/ocfs2/dlm/dlmdomain.c | 1 + fs/ocfs2/dlmfs/userdlm.c | 1 + fs/ocfs2/dlmglue.c | 1 + fs/orangefs/orangefs-kernel.h | 2 +- fs/overlayfs/copy_up.c | 2 +- fs/splice.c | 2 ++ fs/userfaultfd.c | 2 +- fs/xfs/xfs_linux.h | 2 +- include/drm/drm_os_linux.h | 1 + include/linux/sunrpc/types.h | 1 + include/media/v4l2-ioctl.h | 1 + include/net/busy_poll.h | 1 + kernel/locking/mutex.c | 2 +- kernel/locking/rtmutex.c | 2 +- kernel/locking/rwsem-spinlock.c | 2 +- kernel/locking/rwsem-xadd.c | 2 +- kernel/rcu/rcutorture.c | 2 +- kernel/sched/completion.c | 2 +- kernel/sched/swait.c | 2 +- kernel/sched/wait.c | 2 +- kernel/time/alarmtimer.c | 1 + kernel/time/hrtimer.c | 2 +- kernel/time/timer.c | 2 +- lib/percpu_ida.c | 2 +- mm/compaction.c | 1 + mm/gup.c | 2 +- mm/hugetlb.c | 1 + mm/memory_hotplug.c | 1 + mm/shmem.c | 1 + mm/userfaultfd.c | 1 + net/atm/svc.c | 2 +- net/bluetooth/af_bluetooth.c | 2 ++ net/bluetooth/cmtp/capi.c | 2 +- net/bluetooth/hci_request.c | 2 ++ net/bluetooth/l2cap_sock.c | 1 + net/bluetooth/rfcomm/sock.c | 1 + net/bluetooth/sco.c | 1 + net/bridge/br_sysfs_br.c | 1 + net/bridge/br_sysfs_if.c | 1 + net/core/ethtool.c | 2 +- net/core/net-sysfs.c | 1 + net/dccp/output.c | 1 + net/ipv4/devinet.c | 1 + net/ipv6/addrconf.c | 1 + net/irda/ircomm/ircomm_tty.c | 2 +- net/irda/irnet/irnet_ppp.c | 3 +- net/iucv/af_iucv.c | 2 +- net/kcm/kcmsock.c | 2 ++ net/llc/af_llc.c | 2 ++ net/nfc/llcp_sock.c | 1 + net/phonet/pep.c | 1 + net/phonet/socket.c | 2 ++ net/rxrpc/conn_client.c | 2 ++ net/rxrpc/recvmsg.c | 2 ++ net/rxrpc/sendmsg.c | 2 ++ net/tipc/socket.c | 2 ++ net/vmw_vsock/af_vsock.c | 1 + net/vmw_vsock/virtio_transport_common.c | 1 + sound/core/control.c | 1 + sound/core/hwdep.c | 1 + sound/core/oss/pcm_oss.c | 1 + sound/core/pcm_lib.c | 1 + sound/core/pcm_native.c | 1 + sound/core/rawmidi.c | 2 +- sound/core/seq/oss/seq_oss_device.h | 2 +- sound/core/seq/oss/seq_oss_writeq.c | 1 + sound/core/seq/seq_fifo.c | 2 ++ sound/core/seq/seq_memory.c | 1 + sound/core/timer.c | 1 + sound/firewire/bebob/bebob.h | 1 + sound/firewire/dice/dice.h | 1 + sound/firewire/digi00x/digi00x.h | 1 + sound/firewire/fireworks/fireworks.h | 1 + sound/firewire/oxfw/oxfw.h | 1 + sound/firewire/tascam/tascam.h | 1 + sound/isa/gus/gus_pcm.c | 2 ++ sound/isa/msnd/msnd.c | 1 + sound/isa/sb/emu8000.c | 2 +- sound/isa/sb/emu8000_patch.c | 2 ++ sound/isa/sb/emu8000_pcm.c | 2 ++ sound/isa/wavefront/wavefront_synth.c | 1 + sound/oss/dmabuf.c | 2 ++ sound/oss/dmasound/dmasound_core.c | 1 + sound/oss/midibuf.c | 2 ++ sound/oss/msnd_pinnacle.c | 2 ++ sound/oss/sound_config.h | 1 + sound/oss/swarm_cs4297a.c | 2 +- virt/kvm/kvm_main.c | 2 +- 265 files changed, 319 insertions(+), 139 deletions(-) commit b12fb7f46af7d548503d75be59f493f958c6d1b3 Author: Ingo Molnar Date: Wed Feb 8 18:51:33 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the .c file that is going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar fs/read_write.c | 3 ++- include/linux/sched/xacct.h | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) commit cc5efc2323a89dcf1a02c17b9b9f255c5a6e0492 Author: Ingo Molnar Date: Fri Feb 3 10:06:45 2017 +0100 sched/headers: Prepare for the removal of various unrelated headers from We are going to remove the following header inclusions from : #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include Fix up a single .h file that got hold of via one of these headers. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/user_namespace.h | 1 + 1 file changed, 1 insertion(+) commit 037741a6d4ab2e4b0580dae97aca963d8a8dc68f Author: Ingo Molnar Date: Fri Feb 3 10:08:30 2017 +0100 sched/headers: Prepare for the removal of from Fix up missing #includes in other places that rely on sched.h doing that for them. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/i2c.h | 1 + kernel/fork.c | 1 + kernel/locking/locktorture.c | 1 + kernel/rcu/tree.h | 1 + 4 files changed, 4 insertions(+) commit 4cf421e55d69016989548e0fb8585e69f54bd283 Author: Ingo Molnar Date: Fri Feb 3 10:03:42 2017 +0100 sched/headers: Prepare for the removal of from Fix up missing #includes in other places that rely on sched.h doing that for them. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/alpha/math-emu/math.c | 1 + arch/sh/kernel/cpu/fpu.c | 1 + arch/sh/kernel/process.c | 1 + drivers/oprofile/cpu_buffer.c | 2 ++ 4 files changed, 5 insertions(+) commit 5b825c3af1d8a0af4deb4a5eb349d0d0050c62e5 Author: Ingo Molnar Date: Thu Feb 2 17:54:15 2017 +0100 sched/headers: Prepare to remove inclusion from Add #include dependencies to all .c files rely on sched.h doing that for them. Note that even if the count where we need to add extra headers seems high, it's still a net win, because is included in over 2,200 files ... Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arm/kernel/sys_oabi-compat.c | 1 + arch/mips/kernel/mips-mt-fpaff.c | 1 + arch/x86/include/asm/intel_rdt.h | 1 + arch/x86/kernel/cpu/intel_cacheinfo.c | 1 + block/ioprio.c | 1 + drivers/misc/eeprom/eeprom.c | 1 + drivers/misc/lkdtm_heap.c | 1 + drivers/misc/vmw_vmci/vmci_context.c | 1 + drivers/misc/vmw_vmci/vmci_host.c | 1 + drivers/staging/lustre/lustre/include/lustre_compat.h | 1 + drivers/staging/lustre/lustre/ptlrpc/sec.c | 1 + drivers/xen/balloon.c | 1 + fs/9p/v9fs.c | 1 + fs/affs/inode.c | 1 + fs/affs/super.c | 1 + fs/autofs4/dev-ioctl.c | 1 + fs/befs/linuxvfs.c | 1 + fs/binfmt_elf.c | 1 + fs/cachefiles/internal.h | 1 + fs/compat.c | 1 + fs/exportfs/expfs.c | 1 + fs/ext2/balloc.c | 1 + fs/ext4/ialloc.c | 2 ++ fs/file_table.c | 1 + fs/gfs2/inode.c | 1 + fs/gfs2/sys.c | 1 + fs/hfs/inode.c | 1 + fs/hfsplus/inode.c | 1 + fs/isofs/inode.c | 1 + fs/jffs2/fs.c | 1 + fs/libfs.c | 1 + fs/namespace.c | 1 + fs/ncpfs/ioctl.c | 1 + fs/notify/fanotify/fanotify.c | 1 + fs/notify/inotify/inotify_fsnotify.c | 1 + fs/omfs/inode.c | 1 + fs/overlayfs/copy_up.c | 1 + fs/overlayfs/inode.c | 1 + fs/overlayfs/namei.c | 1 + fs/overlayfs/super.c | 1 + fs/overlayfs/util.c | 1 + fs/posix_acl.c | 1 + fs/proc/proc_sysctl.c | 1 + fs/proc/root.c | 1 + fs/quota/dquot.c | 1 + fs/stat.c | 1 + fs/xfs/xfs_ioctl.c | 1 + include/linux/cred.h | 1 + include/linux/sched/signal.h | 1 + include/linux/wait.h | 1 + include/net/scm.h | 1 + include/rdma/ib.h | 1 + ipc/namespace.c | 1 + kernel/pid_namespace.c | 1 + kernel/ucount.c | 1 + kernel/uid16.c | 1 + kernel/utsname.c | 1 + mm/usercopy.c | 1 + net/dns_resolver/dns_query.c | 2 ++ net/netfilter/xt_owner.c | 2 ++ net/sunrpc/auth.c | 1 + security/apparmor/policy.c | 1 + security/keys/internal.h | 1 + security/keys/keyctl.c | 1 + security/keys/persistent.c | 2 ++ 65 files changed, 69 insertions(+) commit 7fce777cd4eacc0bdcb33017e5a4c495d28afed1 Author: Ingo Molnar Date: Thu Feb 2 14:47:27 2017 +0100 sched/headers: Prepare header dependency changes, move the include to kernel/sched/sched.h Recent header reorganizations unearthed this hidden dependency: kernel/sched/core.c:199:25: error: 'paravirt_steal_rq_enabled' undeclared (first use in this function) kernel/sched/core.c:200:11: error: implicit declaration of function 'paravirt_steal_clock' [-Werror=implicit-function-declaration] So move the asm/paravirt.h include from kernel/sched/cpuclock.c to kernel/sched/sched.h. ( NOTE: We do this change before doing the changes that introduce the build failure, so the series remains fully bisectable. ) Reported-by: kbuild test robot Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar kernel/sched/cputime.c | 4 ---- kernel/sched/sched.h | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) commit 1e4bae6468375f81a3d4bdf436deaa9ea294e12b Author: Ingo Molnar Date: Wed Feb 8 18:51:32 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the file that is going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched/jobctl.h | 4 ++++ include/linux/sched/signal.h | 1 + 2 files changed, 5 insertions(+) commit 6a3827d7509cbf96b7e961f8957c1f01d1bcf894 Author: Ingo Molnar Date: Wed Feb 8 18:51:31 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar fs/exec.c | 1 + fs/proc/array.c | 1 + include/linux/sched/numa_balancing.h | 6 ++++++ include/trace/events/sched.h | 2 +- kernel/fork.c | 1 + kernel/sched/sched.h | 1 + mm/huge_memory.c | 1 + mm/memory.c | 1 + mm/mempolicy.c | 1 + 9 files changed, 14 insertions(+), 1 deletion(-) commit 010426079ec1228a7f980d2eef766a84c0f9241a Author: Ingo Molnar Date: Wed Feb 8 18:51:31 2017 +0100 sched/headers: Prepare for new header dependencies before moving more code to We are going to split more MM APIs out of , which will have to be picked up from a couple of .c files. The APIs that we are going to move are: arch_pick_mmap_layout() arch_get_unmapped_area() arch_get_unmapped_area_topdown() mm_update_next_owner() Include the header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/alpha/kernel/osf_sys.c | 1 + arch/arc/mm/mmap.c | 3 ++- arch/arm/mm/mmap.c | 1 + arch/arm64/mm/mmap.c | 1 + arch/frv/mm/elf-fdpic.c | 1 + arch/ia64/kernel/sys_ia64.c | 1 + arch/mips/mm/mmap.c | 1 + arch/parisc/kernel/cache.c | 1 + arch/parisc/kernel/sys_parisc.c | 1 + arch/parisc/mm/hugetlbpage.c | 1 + arch/powerpc/mm/mmap.c | 1 + arch/s390/mm/mmap.c | 1 + arch/sh/mm/mmap.c | 1 + arch/sparc/kernel/sys_sparc_32.c | 1 + arch/sparc/kernel/sys_sparc_64.c | 1 + arch/sparc/mm/hugetlbpage.c | 1 + arch/tile/mm/hugetlbpage.c | 1 + arch/tile/mm/mmap.c | 1 + arch/x86/kernel/sys_x86_64.c | 1 + arch/x86/mm/hugetlbpage.c | 1 + arch/x86/mm/mmap.c | 1 + arch/xtensa/kernel/syscall.c | 1 + 22 files changed, 23 insertions(+), 1 deletion(-) commit 55687da166bf51129ed6b110d7711f4c7560abe2 Author: Ingo Molnar Date: Wed Feb 8 18:51:31 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar drivers/cpufreq/cpufreq_governor.c | 1 - drivers/cpufreq/cpufreq_governor.h | 1 + drivers/cpufreq/cpufreq_ondemand.c | 1 + drivers/cpufreq/intel_pstate.c | 2 +- include/linux/sched/cpufreq.h | 6 ++++++ kernel/sched/sched.h | 1 + 6 files changed, 10 insertions(+), 2 deletions(-) commit 38b8d208a4544c9a26b10baec89b8a21042e5305 Author: Ingo Molnar Date: Wed Feb 8 18:51:31 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to move softlockup APIs out of , which will have to be picked up from other headers and a couple of .c files. already includes . Include the header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/ia64/kernel/time.c | 1 + arch/ia64/kernel/uncached.c | 1 + arch/powerpc/kernel/swsusp_64.c | 1 + arch/x86/kernel/pvclock.c | 2 ++ arch/x86/xen/smp.c | 1 + drivers/ide/ide-taskfile.c | 1 + drivers/mtd/nand/nand_base.c | 1 + drivers/video/fbdev/nvidia/nv_accel.c | 2 ++ init/main.c | 1 + kernel/debug/debug_core.c | 1 + kernel/power/hibernate.c | 1 + kernel/power/snapshot.c | 1 + kernel/sched/clock.c | 1 + kernel/time/tick-sched.c | 1 + kernel/time/timekeeping.c | 1 + 15 files changed, 17 insertions(+) commit 8703e8a465b1e9cadc3680b4b1248f5987e54518 Author: Ingo Molnar Date: Wed Feb 8 18:51:30 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar block/ioprio.c | 1 + include/linux/cred.h | 2 +- include/linux/sched/user.h | 6 ++++++ ipc/mqueue.c | 1 + kernel/fork.c | 1 + kernel/signal.c | 1 + kernel/user.c | 1 + mm/mlock.c | 1 + net/core/scm.c | 1 + security/keys/process_keys.c | 1 + 10 files changed, 15 insertions(+), 1 deletion(-) commit 3f07c0144132e4f59d88055ac8ff3e691a5fa2b8 Author: Ingo Molnar Date: Wed Feb 8 18:51:30 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/alpha/kernel/osf_sys.c | 2 +- arch/alpha/kernel/signal.c | 2 +- arch/alpha/kernel/traps.c | 2 +- arch/alpha/mm/fault.c | 2 +- arch/arc/kernel/traps.c | 2 +- arch/arc/mm/fault.c | 2 +- arch/arm/kernel/ptrace.c | 2 +- arch/arm/kernel/traps.c | 2 +- arch/arm/mm/alignment.c | 2 +- arch/arm/mm/fault.c | 2 +- arch/arm/mm/init.c | 1 + arch/arm/mm/mmap.c | 2 +- arch/arm/vfp/vfpmodule.c | 2 +- arch/arm64/kernel/fpsimd.c | 2 +- arch/arm64/kernel/ptrace.c | 2 +- arch/arm64/kernel/traps.c | 2 +- arch/arm64/mm/fault.c | 2 +- arch/arm64/mm/mmap.c | 2 +- arch/avr32/kernel/traps.c | 2 +- arch/blackfin/kernel/trace.c | 2 +- arch/blackfin/kernel/traps.c | 1 + arch/cris/mm/fault.c | 1 + arch/frv/kernel/traps.c | 2 +- arch/h8300/kernel/ptrace_s.c | 2 +- arch/hexagon/kernel/traps.c | 2 +- arch/hexagon/mm/vm_fault.c | 1 + arch/ia64/kernel/asm-offsets.c | 2 +- arch/ia64/kernel/brl_emu.c | 2 +- arch/ia64/kernel/mca.c | 2 +- arch/ia64/kernel/traps.c | 2 +- arch/ia64/kernel/unaligned.c | 2 +- arch/ia64/mm/fault.c | 2 +- arch/ia64/mm/init.c | 1 + arch/mips/kernel/branch.c | 2 +- arch/mips/kernel/signal_o32.c | 1 + arch/mips/mm/mmap.c | 2 +- arch/mips/sgi-ip22/ip22-berr.c | 2 +- arch/mips/sgi-ip22/ip22-reset.c | 2 +- arch/mn10300/kernel/fpu.c | 2 ++ arch/openrisc/mm/fault.c | 2 +- arch/parisc/kernel/sys_parisc.c | 1 + arch/parisc/kernel/unaligned.c | 2 +- arch/parisc/math-emu/driver.c | 3 ++- arch/powerpc/kvm/book3s_64_vio.c | 1 + arch/powerpc/mm/mmap.c | 2 +- arch/powerpc/mm/mmu_context_iommu.c | 2 +- arch/powerpc/platforms/cell/spufs/fault.c | 2 +- arch/powerpc/xmon/xmon.c | 2 +- arch/s390/kernel/nmi.c | 3 +++ arch/s390/mm/mmap.c | 1 + arch/score/kernel/traps.c | 2 +- arch/sh/kernel/cpu/sh2a/fpu.c | 2 +- arch/sh/kernel/hw_breakpoint.c | 1 + arch/sh/kernel/traps.c | 2 ++ arch/sh/math-emu/math.c | 2 +- arch/sh/mm/asids-debugfs.c | 2 ++ arch/sh/mm/fault.c | 1 + arch/sparc/kernel/sys_sparc_32.c | 2 +- arch/sparc/kernel/sys_sparc_64.c | 2 +- arch/sparc/kernel/unaligned_32.c | 2 +- arch/tile/mm/mmap.c | 2 +- arch/um/drivers/line.c | 3 ++- arch/um/kernel/reboot.c | 2 +- arch/um/kernel/skas/mmu.c | 3 ++- arch/um/kernel/tlb.c | 3 ++- arch/um/kernel/trap.c | 2 +- arch/unicore32/kernel/fpu-ucf64.c | 2 +- arch/unicore32/kernel/traps.c | 1 + arch/unicore32/mm/fault.c | 2 +- arch/x86/entry/vsyscall/vsyscall_64.c | 1 + arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 2 +- arch/x86/kvm/mmu.c | 1 + arch/x86/mm/mmap.c | 2 +- arch/xtensa/kernel/traps.c | 2 +- drivers/android/binder.c | 2 +- drivers/block/drbd/drbd_int.h | 2 +- drivers/char/snsc_event.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 2 +- drivers/gpu/drm/drm_lock.c | 2 ++ drivers/gpu/drm/ttm/ttm_lock.c | 2 +- drivers/infiniband/core/umem.c | 2 +- drivers/infiniband/hw/hfi1/user_pages.c | 2 +- drivers/infiniband/hw/qib/qib_user_pages.c | 1 + drivers/infiniband/hw/usnic/usnic_uiom.c | 2 +- drivers/isdn/i4l/isdn_tty.c | 1 + drivers/isdn/mISDN/l1oip_core.c | 2 ++ drivers/md/md.c | 1 + drivers/md/raid1.c | 3 +++ drivers/md/raid5.c | 2 ++ drivers/misc/genwqe/card_dev.c | 2 +- drivers/misc/mic/cosm/cosm_scif_server.c | 2 ++ drivers/misc/mic/cosm_client/cosm_scif_client.c | 2 ++ drivers/misc/mic/scif/scif_rma.c | 1 + drivers/net/slip/slip.c | 2 +- drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 2 +- drivers/parisc/power.c | 2 +- drivers/ps3/ps3-sys-manager.c | 1 + drivers/s390/char/fs3270.c | 1 + drivers/s390/char/keyboard.c | 2 +- drivers/scsi/bnx2fc/bnx2fc.h | 2 +- drivers/scsi/bnx2i/bnx2i.h | 2 +- drivers/scsi/libiscsi.c | 1 + drivers/staging/android/lowmemorykiller.c | 2 +- drivers/staging/lustre/lnet/libcfs/linux/linux-prim.c | 2 +- drivers/staging/rtl8188eu/include/osdep_service.h | 2 +- drivers/staging/rtl8712/osdep_service.h | 2 +- drivers/staging/rtl8712/rtl8712_cmd.c | 1 + drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 1 + drivers/staging/vc04_services/interface/vchiq_arm/vchiq_util.h | 2 +- drivers/target/iscsi/iscsi_target.c | 1 + drivers/target/iscsi/iscsi_target_erl0.c | 2 ++ drivers/target/iscsi/iscsi_target_login.c | 1 + drivers/target/iscsi/iscsi_target_nego.c | 1 + drivers/tty/pty.c | 2 +- drivers/tty/sysrq.c | 2 +- drivers/tty/tty_io.c | 2 +- drivers/tty/vt/keyboard.c | 2 +- drivers/tty/vt/vt.c | 2 +- drivers/tty/vt/vt_ioctl.c | 2 +- drivers/usb/atm/usbatm.c | 2 +- drivers/usb/core/devio.c | 1 + drivers/usb/gadget/function/f_mass_storage.c | 1 + drivers/vfio/vfio_iommu_spapr_tce.c | 1 + drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/w1/w1_family.c | 2 +- drivers/w1/w1_int.c | 1 + fs/attr.c | 1 + fs/autofs4/waitq.c | 1 + fs/cifs/connect.c | 1 + fs/coda/upcall.c | 2 +- fs/coredump.c | 2 +- fs/exec.c | 1 + fs/file.c | 2 +- fs/fs_struct.c | 2 +- fs/jffs2/background.c | 2 +- fs/lockd/svc.c | 2 +- fs/ncpfs/inode.c | 1 + fs/ncpfs/sock.c | 1 + fs/nfs/callback.c | 1 + fs/nfsd/nfssvc.c | 2 +- fs/proc/fd.c | 2 +- fs/select.c | 4 ++-- include/linux/oom.h | 2 +- include/linux/ptrace.h | 1 + include/linux/sched/signal.h | 6 ++++++ include/linux/signalfd.h | 2 +- include/linux/taskstats_kern.h | 2 +- ipc/mqueue.c | 1 + kernel/bpf/syscall.c | 1 + kernel/cpu.c | 2 +- kernel/debug/gdbstub.c | 1 + kernel/debug/kdb/kdb_bt.c | 2 +- kernel/hung_task.c | 2 ++ kernel/rcu/update.c | 2 +- kernel/sched/sched.h | 1 + kernel/time/itimer.c | 1 + kernel/time/posix-cpu-timers.c | 2 +- kernel/time/tick-sched.c | 2 +- kernel/tracepoint.c | 2 +- kernel/tsacct.c | 2 +- kernel/user_namespace.c | 1 + lib/is_single_threaded.c | 3 +-- mm/filemap.c | 1 + mm/kmemleak.c | 2 +- mm/memory-failure.c | 2 +- mm/vmacache.c | 2 +- net/9p/client.c | 2 +- net/atm/common.c | 2 +- net/ax25/af_ax25.c | 2 +- net/caif/caif_socket.c | 2 +- net/core/stream.c | 1 + net/decnet/af_decnet.c | 2 +- net/irda/af_irda.c | 1 + net/netrom/af_netrom.c | 2 +- net/rose/af_rose.c | 2 +- net/sctp/socket.c | 1 + net/sunrpc/svc.c | 2 +- net/unix/af_unix.c | 2 +- net/x25/af_x25.c | 2 +- security/selinux/hooks.c | 2 +- 180 files changed, 204 insertions(+), 121 deletions(-) commit f7ccbae45c5e2c1077654b0e857e7efb1aa31c92 Author: Ingo Molnar Date: Wed Feb 8 18:51:30 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar fs/binfmt_elf.c | 1 + fs/binfmt_elf_fdpic.c | 1 + fs/coredump.c | 1 + fs/exec.c | 1 + fs/proc/base.c | 1 + fs/proc/internal.h | 1 + include/linux/khugepaged.h | 3 ++- include/linux/ksm.h | 1 + include/linux/sched/coredump.h | 6 ++++++ kernel/cred.c | 1 + kernel/events/uprobes.c | 1 + kernel/fork.c | 1 + kernel/ptrace.c | 1 + kernel/sys.c | 1 + kernel/sysctl.c | 1 + mm/huge_memory.c | 1 + mm/khugepaged.c | 1 + mm/ksm.c | 1 + mm/memory.c | 1 + mm/oom_kill.c | 1 + 20 files changed, 26 insertions(+), 1 deletion(-) commit 6e84f31522f931027bf695752087ece278c10d3f Author: Ingo Molnar Date: Wed Feb 8 18:51:29 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. The APIs that are going to be moved first are: mm_alloc() __mmdrop() mmdrop() mmdrop_async_fn() mmdrop_async() mmget_not_zero() mmput() mmput_async() get_task_mm() mm_access() mm_release() Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arc/include/asm/mmu_context.h | 1 + arch/arc/kernel/troubleshoot.c | 2 ++ arch/arm/mach-rpc/ecard.c | 1 + arch/frv/mm/mmu-context.c | 1 + arch/m68k/sun3/mmu_emu.c | 1 + arch/powerpc/platforms/cell/spufs/context.c | 2 ++ drivers/android/binder.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 1 + drivers/gpu/drm/etnaviv/etnaviv_gem.c | 1 + drivers/gpu/drm/i915/i915_gem_userptr.c | 1 + drivers/infiniband/core/umem.c | 1 + drivers/infiniband/core/umem_odp.c | 1 + drivers/infiniband/hw/hfi1/file_ops.c | 1 + drivers/infiniband/hw/mlx4/main.c | 2 ++ drivers/infiniband/hw/mlx5/main.c | 1 + drivers/infiniband/hw/usnic/usnic_uiom.c | 1 + drivers/iommu/amd_iommu_v2.c | 1 + drivers/iommu/intel-svm.c | 1 + drivers/lguest/lguest_user.c | 1 + drivers/misc/cxl/fault.c | 1 + drivers/misc/mic/scif/scif_rma.c | 2 ++ drivers/oprofile/buffer_sync.c | 1 + drivers/vfio/vfio_iommu_spapr_tce.c | 2 ++ drivers/vfio/vfio_iommu_type1.c | 1 + drivers/vhost/vhost.c | 1 + drivers/xen/gntdev.c | 1 + fs/exec.c | 1 + fs/proc/array.c | 1 + fs/proc/base.c | 1 + fs/proc/task_mmu.c | 1 + fs/proc/task_nommu.c | 2 ++ fs/userfaultfd.c | 1 + include/linux/sched/mm.h | 6 ++++++ kernel/cgroup/cpuset.c | 1 + kernel/events/core.c | 1 + kernel/events/uprobes.c | 1 + kernel/exit.c | 1 + kernel/fork.c | 1 + kernel/futex.c | 1 + kernel/ptrace.c | 1 + kernel/sched/sched.h | 1 + kernel/sys.c | 1 + kernel/trace/trace_output.c | 1 + kernel/tsacct.c | 1 + mm/khugepaged.c | 1 + mm/ksm.c | 1 + mm/memcontrol.c | 1 + mm/memory.c | 1 + mm/mempolicy.c | 1 + mm/migrate.c | 1 + mm/mmu_context.c | 1 + mm/mmu_notifier.c | 1 + mm/nommu.c | 1 + mm/oom_kill.c | 1 + mm/process_vm_access.c | 1 + mm/rmap.c | 1 + mm/swapfile.c | 1 + mm/util.c | 1 + virt/kvm/async_pf.c | 1 + virt/kvm/kvm_main.c | 1 + 60 files changed, 71 insertions(+) commit 4eb5aaa3af8a54e5e9bac90e2b42bbab1f1ee5a3 Author: Ingo Molnar Date: Wed Feb 8 18:51:29 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar fs/proc/base.c | 1 + include/linux/sched/autogroup.h | 6 ++++++ kernel/exit.c | 1 + kernel/fork.c | 1 + kernel/sched/autogroup.h | 1 + kernel/sys.c | 1 + 6 files changed, 11 insertions(+) commit 4f17722c7256af8e17c2c4f29f170247264bdf48 Author: Ingo Molnar Date: Wed Feb 8 08:45:17 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/m68k/kernel/time.c | 1 + arch/microblaze/kernel/heartbeat.c | 1 + arch/powerpc/platforms/cell/cpufreq_spudemand.c | 1 + arch/powerpc/platforms/cell/spufs/sched.c | 1 + arch/s390/appldata/appldata_os.c | 1 + arch/sh/drivers/heartbeat.c | 1 + arch/sparc/kernel/led.c | 1 + drivers/cpuidle/governors/menu.c | 1 + drivers/leds/trigger/ledtrig-heartbeat.c | 1 + drivers/platform/x86/intel_ips.c | 1 + fs/proc/loadavg.c | 1 + include/linux/sched/loadavg.h | 6 ++++++ kernel/debug/kdb/kdb_main.c | 1 + kernel/sched/core.c | 1 + kernel/sched/loadavg.c | 1 + kernel/sys.c | 1 + kernel/time/timekeeping.c | 1 + net/sched/em_meta.c | 1 + 18 files changed, 23 insertions(+) commit ae7e81c077d60507dcec139e40a6d10cf932cf4b Author: Ingo Molnar Date: Wed Feb 1 18:07:51 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to move scheduler ABI details to , which will be used from a number of .c files. Create empty placeholder header that maps to . Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arm/common/bL_switcher.c | 1 + crypto/crypto_engine.c | 1 + drivers/acpi/acpi_pad.c | 1 + drivers/block/drbd/drbd_receiver.c | 1 + drivers/firmware/psci_checker.c | 1 + drivers/gpu/drm/amd/scheduler/gpu_scheduler.c | 1 + drivers/gpu/drm/i915/intel_breadcrumbs.c | 1 + drivers/media/pci/ivtv/ivtv-driver.c | 1 + drivers/mmc/core/sdio_irq.c | 1 + drivers/spi/spi.c | 1 + drivers/staging/android/ion/ion_heap.c | 1 + drivers/thermal/intel_powerclamp.c | 1 + drivers/tty/serial/sc16is7xx.c | 1 + include/uapi/linux/sched/types.h | 6 ++++++ kernel/irq/manage.c | 1 + kernel/kthread.c | 1 + kernel/locking/locktorture.c | 1 + kernel/rcu/rcuperf.c | 1 + kernel/rcu/rcutorture.c | 1 + kernel/rcu/tree.c | 1 + kernel/rcu/tree_plugin.h | 1 + kernel/sched/core.c | 1 + kernel/sched/cpufreq_schedutil.c | 1 + kernel/trace/ring_buffer_benchmark.c | 1 + kernel/trace/trace_selftest.c | 1 + kernel/watchdog.c | 1 + 26 files changed, 31 insertions(+) commit e601757102cfd3eeae068f53b3bc1234f3a2b2e9 Author: Ingo Molnar Date: Wed Feb 1 16:36:40 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arm/mach-bcm/platsmp.c | 1 + arch/arm/mach-omap2/pm-debug.c | 1 + arch/arm/probes/kprobes/test-core.c | 1 + arch/cris/kernel/time.c | 2 +- arch/ia64/kernel/setup.c | 1 + arch/microblaze/kernel/timer.c | 1 + arch/mn10300/kernel/time.c | 1 + arch/parisc/kernel/setup.c | 1 + arch/parisc/kernel/time.c | 1 + arch/powerpc/kernel/time.c | 1 + arch/s390/kernel/time.c | 1 + arch/sparc/kernel/ds.c | 1 + arch/sparc/kernel/viohs.c | 1 + arch/tile/kernel/time.c | 1 + arch/x86/events/amd/ibs.c | 1 + arch/x86/events/core.c | 1 + arch/x86/kernel/cpu/amd.c | 1 + arch/x86/kernel/cpu/centaur.c | 1 + arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/cpu/cyrix.c | 1 + arch/x86/kernel/cpu/intel.c | 1 + arch/x86/kernel/cpu/transmeta.c | 1 + arch/x86/kernel/kvmclock.c | 1 + arch/x86/kernel/nmi.c | 1 + arch/x86/kernel/tsc.c | 1 + block/cfq-iosched.c | 1 + drivers/acpi/apei/ghes.c | 1 + drivers/clocksource/arm_arch_timer.c | 1 + drivers/clocksource/pxa_timer.c | 1 + drivers/clocksource/timer-digicolor.c | 1 + drivers/cpuidle/cpuidle.c | 1 + drivers/firmware/tegra/bpmp.c | 1 + drivers/gpu/drm/i915/i915_gem_request.c | 2 ++ drivers/gpu/drm/i915/intel_drv.h | 1 + drivers/md/bcache/bset.c | 1 + drivers/md/bcache/btree.c | 1 + drivers/md/bcache/sysfs.c | 1 + drivers/md/bcache/util.c | 1 + drivers/md/bcache/util.h | 1 + drivers/md/bcache/writeback.c | 1 + drivers/misc/cxl/native.c | 1 + drivers/net/irda/pxaficp_ir.c | 1 + drivers/perf/arm_pmu.c | 1 + drivers/vhost/net.c | 1 + include/linux/blkdev.h | 1 + include/linux/sched/clock.h | 6 ++++++ include/linux/skbuff.h | 1 + include/net/busy_poll.h | 1 + kernel/events/core.c | 1 + kernel/locking/lockdep.c | 1 + kernel/locking/qspinlock_stat.h | 1 + kernel/printk/printk.c | 1 + kernel/sched/clock.c | 1 + kernel/sched/core.c | 1 + kernel/sched/sched.h | 1 + kernel/time/sched_clock.c | 1 + kernel/time/tick-sched.c | 1 + kernel/torture.c | 1 + kernel/trace/ring_buffer.c | 1 + kernel/trace/trace_clock.c | 1 + kernel/trace/trace_hwlat.c | 1 + kernel/trace/trace_output.c | 1 + kernel/watchdog.c | 1 + lib/plist.c | 1 + net/ipv4/tcp_cdg.c | 2 ++ 65 files changed, 72 insertions(+), 1 deletion(-) commit 84f001e15737f8214b0f5f0f7dfec0fb1027938f Author: Ingo Molnar Date: Wed Feb 1 16:36:40 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar include/linux/sched/wake_q.h | 6 ++++++ ipc/mqueue.c | 1 + ipc/msg.c | 1 + ipc/sem.c | 1 + kernel/futex.c | 1 + kernel/locking/mutex.c | 1 + kernel/locking/rtmutex.c | 1 + kernel/locking/rtmutex_common.h | 1 + kernel/locking/rwsem-xadd.c | 3 ++- kernel/sched/sched.h | 1 + 10 files changed, 16 insertions(+), 1 deletion(-) commit 4c822698cba8bdd93724117eded12bf34eb80252 Author: Ingo Molnar Date: Wed Feb 1 16:36:40 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/x86/include/asm/mwait.h | 1 + arch/x86/kernel/process.c | 1 + drivers/cpuidle/driver.c | 1 + include/linux/sched/idle.h | 6 ++++++ include/linux/sched/topology.h | 2 ++ kernel/sched/idle.c | 1 + kernel/smp.c | 1 + 7 files changed, 13 insertions(+) commit 105ab3d8ce7269887d24d224054677125e18037c Author: Ingo Molnar Date: Wed Feb 1 16:36:40 2017 +0100 sched/headers: Prepare for new header dependencies before moving code to We are going to split out of , which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder file that just maps to to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/arm/kernel/topology.c | 1 + arch/arm64/kernel/topology.c | 1 + arch/powerpc/kernel/smp.c | 1 + arch/s390/kernel/topology.c | 1 + arch/x86/kernel/smpboot.c | 1 + block/blk-mq.c | 1 + block/blk-softirq.c | 1 + include/linux/cpuset.h | 1 + include/linux/sched/topology.h | 6 ++++++ kernel/sched/fair.c | 2 ++ kernel/sched/sched.h | 1 + 11 files changed, 17 insertions(+) commit af8601ad420f6afa6445c927ad9f36d9700d96d6 Author: Ingo Molnar Date: Fri Feb 3 09:57:00 2017 +0100 kasan, sched/headers: Uninline kasan_enable/disable_current() is a low level header that is included early in affected kernel headers. But it includes which complicates the cleanup of sched.h dependencies. But kasan.h has almost no need for sched.h: its only use of scheduler functionality is in two inline functions which are not used very frequently - so uninline kasan_enable_current() and kasan_disable_current(). Also add a dependency to a .c file that depended on kasan.h including it. This paves the way to remove the include from kasan.h. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/kasan.h | 10 ++-------- lib/sbitmap.c | 1 + mm/kasan/kasan.c | 10 ++++++++++ 3 files changed, 13 insertions(+), 8 deletions(-) commit 314ff7851fc8ea66cbf48eaa93d8ebfb5ca084a9 Author: Ingo Molnar Date: Fri Feb 3 11:03:31 2017 +0100 mm/vmacache, sched/headers: Introduce 'struct vmacache' and move it from to The header includes various vmacache related defines, which are arguably misplaced. Move them to mm_types.h and minimize the sched.h impact by putting all task vmacache state into a new 'struct vmacache' structure. No change in functionality. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/mm_types.h | 12 ++++++++++++ include/linux/sched.h | 11 ++++------- include/linux/vmacache.h | 2 +- kernel/debug/debug_core.c | 4 ++-- mm/nommu.c | 2 +- mm/vmacache.c | 10 +++++----- 6 files changed, 25 insertions(+), 16 deletions(-) commit 780de9dd2720debc14c501dab4dc80d1f75ad50e Author: Ingo Molnar Date: Thu Feb 2 11:50:56 2017 +0100 sched/headers, cgroups: Remove the threadgroup_change_*() wrappery threadgroup_change_begin()/end() is a pointless wrapper around cgroup_threadgroup_change_begin()/end(), minus a might_sleep() in the !CONFIG_CGROUPS=y case. Remove the wrappery, move the might_sleep() (the down_read() already has a might_sleep() check). This debloats a bit and simplifies this API. Update all call sites. No change in functionality. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar fs/exec.c | 6 +++--- include/linux/cgroup-defs.h | 13 ++++++++----- include/linux/sched.h | 28 ---------------------------- kernel/cgroup/pids.c | 2 +- kernel/fork.c | 6 +++--- kernel/signal.c | 6 +++--- 6 files changed, 18 insertions(+), 43 deletions(-) commit f9411ebe3d85cbbea06298241e6053d031d281fc Author: Ingo Molnar Date: Mon Feb 6 09:50:49 2017 +0100 rcu: Separate the RCU synchronization types and APIs into So rcupdate.h is a pretty complex header, in particular it includes which includes - creating a dependency that includes in , which prevents the isolation of from the derived header. Solve part of the problem by decoupling rcupdate.h from completions: this can be done by separating out the rcu_synchronize types and APIs, and updating their usage sites. Since this is a mostly RCU-internal types this will not just simplify 's dependencies, but will make all the hundreds of .c files that include rcupdate.h but not completions or wait.h build faster. ( For rcutiny this means that two dependent APIs have to be uninlined, but that shouldn't be much of a problem as they are rare variants. ) Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Paul E. McKenney Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar fs/autofs4/autofs_i.h | 1 + include/linux/dcache.h | 1 + include/linux/rcupdate.h | 40 ---------------------------------- include/linux/rcupdate_wait.h | 50 +++++++++++++++++++++++++++++++++++++++++++ include/linux/rcutiny.h | 11 ++-------- kernel/rcu/srcu.c | 2 +- kernel/rcu/tiny.c | 14 +++++++++++- kernel/rcu/tree.c | 2 +- kernel/rcu/update.c | 1 + kernel/sched/core.c | 1 + 10 files changed, 71 insertions(+), 52 deletions(-) commit 4b53a3412d6663214ce9c754eff9373a9cff9dee Author: Ingo Molnar Date: Sun Feb 5 15:41:03 2017 +0100 sched/core: Remove the tsk_nr_cpus_allowed() wrapper tsk_nr_cpus_allowed() too is a pretty pointless wrapper that is not used consistently and which makes the code both harder to read and longer as well. So remove it - this also shrinks a bit. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 5 ----- kernel/sched/core.c | 2 +- kernel/sched/deadline.c | 28 ++++++++++++++-------------- kernel/sched/rt.c | 24 ++++++++++++------------ 4 files changed, 27 insertions(+), 32 deletions(-) commit 0c98d344fe5c27f6e4bce42ac503e9e9a51c7d1d Author: Ingo Molnar Date: Sun Feb 5 15:38:10 2017 +0100 sched/core: Remove the tsk_cpus_allowed() wrapper So the original intention of tsk_cpus_allowed() was to 'future-proof' the field - but it's pretty ineffectual at that, because half of the code uses ->cpus_allowed directly ... Also, the wrapper makes the code longer than the original expression! So just get rid of it. This also shrinks a bit. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/powerpc/kernel/smp.c | 2 +- arch/powerpc/platforms/cell/spufs/sched.c | 2 +- arch/sparc/kernel/sysfs.c | 2 +- drivers/cpufreq/sparc-us2e-cpufreq.c | 4 ++-- drivers/cpufreq/sparc-us3-cpufreq.c | 4 ++-- drivers/infiniband/hw/hfi1/affinity.c | 2 +- drivers/infiniband/hw/hfi1/sdma.c | 2 +- include/linux/sched.h | 3 --- kernel/sched/core.c | 20 ++++++++++---------- kernel/sched/cpudeadline.c | 4 ++-- kernel/sched/cpupri.c | 4 ++-- kernel/sched/deadline.c | 7 +++---- kernel/sched/fair.c | 25 ++++++++++++------------- kernel/sched/rt.c | 5 ++--- lib/smp_processor_id.c | 2 +- samples/trace_events/trace-events-sample.c | 2 +- 16 files changed, 42 insertions(+), 48 deletions(-) commit 59ddbcb2f45b958cf1f11f122b666cbcf50cd57b Author: Ingo Molnar Date: Fri Feb 3 23:37:48 2017 +0100 sched/core: Move the get_preempt_disable_ip() inline to sched/core.c It's defined in , but nothing outside the scheduler uses it - so move it to the sched/core.c usage site. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 9 --------- kernel/sched/core.c | 9 +++++++++ 2 files changed, 9 insertions(+), 9 deletions(-) commit c930b2c0de32f45ce8f67affe936ce7a05b07b00 Author: Ingo Molnar Date: Fri Feb 3 12:22:54 2017 +0100 sched/core: Convert ___assert_task_state() link time assert to BUILD_BUG_ON() The length of TASK_STATE_TO_CHAR_STR was still checked using the old link-time manual error method - convert it to BUILD_BUG_ON(). This has a couple of advantages: - it's more obvious what's going on - it reduces the size and complexity of - BUILD_BUG_ON() will fail during compilation, with a clearer error message than the link time assert. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched.h | 3 --- kernel/sched/core.c | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) commit 9ccd27cc2e8bfbec502d7c64a353dc4489536b81 Author: Ingo Molnar Date: Fri Feb 3 21:11:09 2017 +0100 sched/headers: Make all include/linux/sched/*.h headers build standalone Make each header self-sufficient, so that it can be built successfully both in an allnoconfig and allyesconfig kernel. Also standardize the naming of their header guards. Acked-by: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/sched/deadline.h | 8 +++++--- include/linux/sched/prio.h | 6 +++--- include/linux/sched/rt.h | 10 ++++++---- include/linux/sched/sysctl.h | 10 +++++++--- 4 files changed, 21 insertions(+), 13 deletions(-) commit eb1e011a14748a1d9df9a7d7df9a5711721a1bdb Author: Johannes Berg Date: Wed Feb 15 09:49:26 2017 +0100 average: change to declare precision, not factor Declaring the factor is counter-intuitive, and people are prone to using small(-ish) values even when that makes no sense. Change the DECLARE_EWMA() macro to take the fractional precision, in bits, rather than a factor, and update all users. While at it, add some more documentation. Acked-by: David S. Miller Signed-off-by: Johannes Berg drivers/net/virtio_net.c | 2 +- drivers/net/wireless/ath/ath5k/ath5k.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2x00.h | 2 +- include/linux/average.h | 61 +++++++++++++++++++---------- net/batman-adv/types.h | 2 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/sta_info.h | 2 +- 7 files changed, 47 insertions(+), 26 deletions(-) commit 4ec3dd89052a437304e1451733c989b8cec681af Author: Zhao Yan Date: Thu Mar 2 15:12:47 2017 +0800 drm/i915/gvt: fix an error for F_RO flag the ro_mask is not stored into each mmio entry Fixes: 12d14cc43b34 ("drm/i915/gvt: Introduce a framework for tracking HW registers.") Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 1 + 1 file changed, 1 insertion(+) commit d1eb98143c56f24fef125f5bbed49ae0b52fb7d6 Author: Ard Biesheuvel Date: Wed Mar 1 19:05:54 2017 +0000 efi/arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y On ARM and arm64, we use a dedicated mm_struct to map the UEFI Runtime Services regions, which allows us to map those regions on demand, and in a way that is guaranteed to be compatible with incoming kernels across kexec. As it turns out, we don't fully initialize the mm_struct in the same way as process mm_structs are initialized on fork(), which results in the following crash on ARM if CONFIG_CPUMASK_OFFSTACK=y is enabled: ... EFI Variables Facility v0.08 2004-May-17 Unable to handle kernel NULL pointer dereference at virtual address 00000000 [...] Process swapper/0 (pid: 1) ... __memzero() check_and_switch_context() virt_efi_get_next_variable() efivar_init() efivars_sysfs_init() do_one_initcall() ... This is due to a missing call to mm_init_cpumask(), so add it. Signed-off-by: Ard Biesheuvel Cc: # v4.5+ Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1488395154-29786-1-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar drivers/firmware/efi/arm-runtime.c | 1 + 1 file changed, 1 insertion(+) commit 52e51f16407b7b34e26affb500a21e250d9fce0b Author: Ard Biesheuvel Date: Wed Mar 1 19:04:35 2017 +0000 efi/libstub: Treat missing SecureBoot variable as Secure Boot disabled The newly refactored code that infers the firmware's Secure Boot state prints the following error when the EFI variable 'SecureBoot' does not exist: EFI stub: ERROR: Could not determine UEFI Secure Boot status. However, this variable is only guaranteed to be defined on a system that is Secure Boot capable to begin with, and so it is not an error if it is missing. So report Secure Boot as being disabled in this case, without printing any error messages. Signed-off-by: Ard Biesheuvel Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Link: http://lkml.kernel.org/r/1488395076-29712-2-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar drivers/firmware/efi/libstub/secureboot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9d020d33fc1b2faa0eb35859df1381ca5dc94ffe Merge: 6b0b755 4977ab6 Author: Ingo Molnar Date: Thu Mar 2 08:05:45 2017 +0100 Merge branch 'linus' into perf/urgent, to resolve conflict Conflicts: arch/powerpc/configs/85xx/kmp204x_defconfig Signed-off-by: Ingo Molnar commit 48cac18ecf1de82f76259a54402c3adb7839ad01 Author: Eric Dumazet Date: Wed Mar 1 14:45:06 2017 -0800 ipv6: orphan skbs in reassembly unit Andrey reported a use-after-free in IPv6 stack. Issue here is that we free the socket while it still has skb in TX path and in some queues. It happens here because IPv6 reassembly unit messes skb->truesize, breaking skb_set_owner_w() badly. We fixed a similar issue for IPV4 in commit 8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()") Acked-by: Joe Stringer ================================================================== BUG: KASAN: use-after-free in sock_wfree+0x118/0x120 Read of size 8 at addr ffff880062da0060 by task a.out/4140 page:ffffea00018b6800 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 flags: 0x100000000008100(slab|head) raw: 0100000000008100 0000000000000000 0000000000000000 0000000180130013 raw: dead000000000100 dead000000000200 ffff88006741f140 0000000000000000 page dumped because: kasan: bad access detected CPU: 0 PID: 4140 Comm: a.out Not tainted 4.10.0-rc3+ #59 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:15 dump_stack+0x292/0x398 lib/dump_stack.c:51 describe_address mm/kasan/report.c:262 kasan_report_error+0x121/0x560 mm/kasan/report.c:370 kasan_report mm/kasan/report.c:392 __asan_report_load8_noabort+0x3e/0x40 mm/kasan/report.c:413 sock_flag ./arch/x86/include/asm/bitops.h:324 sock_wfree+0x118/0x120 net/core/sock.c:1631 skb_release_head_state+0xfc/0x250 net/core/skbuff.c:655 skb_release_all+0x15/0x60 net/core/skbuff.c:668 __kfree_skb+0x15/0x20 net/core/skbuff.c:684 kfree_skb+0x16e/0x4e0 net/core/skbuff.c:705 inet_frag_destroy+0x121/0x290 net/ipv4/inet_fragment.c:304 inet_frag_put ./include/net/inet_frag.h:133 nf_ct_frag6_gather+0x1125/0x38b0 net/ipv6/netfilter/nf_conntrack_reasm.c:617 ipv6_defrag+0x21b/0x350 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn ./include/linux/netfilter.h:102 nf_hook_slow+0xc3/0x290 net/netfilter/core.c:310 nf_hook ./include/linux/netfilter.h:212 __ip6_local_out+0x52c/0xaf0 net/ipv6/output_core.c:160 ip6_local_out+0x2d/0x170 net/ipv6/output_core.c:170 ip6_send_skb+0xa1/0x340 net/ipv6/ip6_output.c:1722 ip6_push_pending_frames+0xb3/0xe0 net/ipv6/ip6_output.c:1742 rawv6_push_pending_frames net/ipv6/raw.c:613 rawv6_sendmsg+0x2cff/0x4130 net/ipv6/raw.c:927 inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:744 sock_sendmsg_nosec net/socket.c:635 sock_sendmsg+0xca/0x110 net/socket.c:645 sock_write_iter+0x326/0x620 net/socket.c:848 new_sync_write fs/read_write.c:499 __vfs_write+0x483/0x760 fs/read_write.c:512 vfs_write+0x187/0x530 fs/read_write.c:560 SYSC_write fs/read_write.c:607 SyS_write+0xfb/0x230 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x1f/0xc2 arch/x86/entry/entry_64.S:203 RIP: 0033:0x7ff26e6f5b79 RSP: 002b:00007ff268e0ed98 EFLAGS: 00000206 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007ff268e0f9c0 RCX: 00007ff26e6f5b79 RDX: 0000000000000010 RSI: 0000000020f50fe1 RDI: 0000000000000003 RBP: 00007ff26ebc1220 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 00007ff268e0f9c0 R14: 00007ff26efec040 R15: 0000000000000003 The buggy address belongs to the object at ffff880062da0000 which belongs to the cache RAWv6 of size 1504 The buggy address ffff880062da0060 is located 96 bytes inside of 1504-byte region [ffff880062da0000, ffff880062da05e0) Freed by task 4113: save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:502 set_track mm/kasan/kasan.c:514 kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:578 slab_free_hook mm/slub.c:1352 slab_free_freelist_hook mm/slub.c:1374 slab_free mm/slub.c:2951 kmem_cache_free+0xb2/0x2c0 mm/slub.c:2973 sk_prot_free net/core/sock.c:1377 __sk_destruct+0x49c/0x6e0 net/core/sock.c:1452 sk_destruct+0x47/0x80 net/core/sock.c:1460 __sk_free+0x57/0x230 net/core/sock.c:1468 sk_free+0x23/0x30 net/core/sock.c:1479 sock_put ./include/net/sock.h:1638 sk_common_release+0x31e/0x4e0 net/core/sock.c:2782 rawv6_close+0x54/0x80 net/ipv6/raw.c:1214 inet_release+0xed/0x1c0 net/ipv4/af_inet.c:425 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:431 sock_release+0x8d/0x1e0 net/socket.c:599 sock_close+0x16/0x20 net/socket.c:1063 __fput+0x332/0x7f0 fs/file_table.c:208 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x19b/0x270 kernel/task_work.c:116 exit_task_work ./include/linux/task_work.h:21 do_exit+0x186b/0x2800 kernel/exit.c:839 do_group_exit+0x149/0x420 kernel/exit.c:943 SYSC_exit_group kernel/exit.c:954 SyS_exit_group+0x1d/0x20 kernel/exit.c:952 entry_SYSCALL_64_fastpath+0x1f/0xc2 arch/x86/entry/entry_64.S:203 Allocated by task 4115: save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57 save_stack+0x43/0xd0 mm/kasan/kasan.c:502 set_track mm/kasan/kasan.c:514 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:605 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:544 slab_post_alloc_hook mm/slab.h:432 slab_alloc_node mm/slub.c:2708 slab_alloc mm/slub.c:2716 kmem_cache_alloc+0x1af/0x250 mm/slub.c:2721 sk_prot_alloc+0x65/0x2a0 net/core/sock.c:1334 sk_alloc+0x105/0x1010 net/core/sock.c:1396 inet6_create+0x44d/0x1150 net/ipv6/af_inet6.c:183 __sock_create+0x4f6/0x880 net/socket.c:1199 sock_create net/socket.c:1239 SYSC_socket net/socket.c:1269 SyS_socket+0xf9/0x230 net/socket.c:1249 entry_SYSCALL_64_fastpath+0x1f/0xc2 arch/x86/entry/entry_64.S:203 Memory state around the buggy address: ffff880062d9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880062d9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff880062da0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff880062da0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880062da0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Reported-by: Andrey Konovalov Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv6/netfilter/nf_conntrack_reasm.c | 1 + net/openvswitch/conntrack.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) commit 13baa00ad01bb3a9f893e3a08cbc2d072fc0c15d Author: Eric Dumazet Date: Wed Mar 1 14:28:39 2017 -0800 net: net_enable_timestamp() can be called from irq contexts It is now very clear that silly TCP listeners might play with enabling/disabling timestamping while new children are added to their accept queue. Meaning net_enable_timestamp() can be called from BH context while current state of the static key is not enabled. Lets play safe and allow all contexts. The work queue is scheduled only under the problematic cases, which are the static key enable/disable transition, to not slow down critical paths. This extends and improves what we did in commit 5fa8bbda38c6 ("net: use a work queue to defer net_disable_timestamp() work") Fixes: b90e5794c5bd ("net: dont call jump_label_dec from irq context") Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Signed-off-by: David S. Miller net/core/dev.c | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) commit 540e2894f7905538740aaf122bd8e0548e1c34a4 Author: Alexander Potapenko Date: Wed Mar 1 12:57:20 2017 +0100 net: don't call strlen() on the user buffer in packet_bind_spkt() KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of uninitialized memory in packet_bind_spkt(): Acked-by: Eric Dumazet ================================================================== BUG: KMSAN: use of unitialized memory CPU: 0 PID: 1074 Comm: packet Not tainted 4.8.0-rc6+ #1891 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 0000000000000000 ffff88006b6dfc08 ffffffff82559ae8 ffff88006b6dfb48 ffffffff818a7c91 ffffffff85b9c870 0000000000000092 ffffffff85b9c550 0000000000000000 0000000000000092 00000000ec400911 0000000000000002 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x238/0x290 lib/dump_stack.c:51 [] kmsan_report+0x276/0x2e0 mm/kmsan/kmsan.c:1003 [] __msan_warning+0x5b/0xb0 mm/kmsan/kmsan_instr.c:424 [< inline >] strlen lib/string.c:484 [] strlcpy+0x9d/0x200 lib/string.c:144 [] packet_bind_spkt+0x144/0x230 net/packet/af_packet.c:3132 [] SYSC_bind+0x40d/0x5f0 net/socket.c:1370 [] SyS_bind+0x82/0xa0 net/socket.c:1356 [] entry_SYSCALL_64_fastpath+0x13/0x8f arch/x86/entry/entry_64.o:? chained origin: 00000000eba00911 [] save_stack_trace+0x27/0x50 arch/x86/kernel/stacktrace.c:67 [< inline >] kmsan_save_stack_with_flags mm/kmsan/kmsan.c:322 [< inline >] kmsan_save_stack mm/kmsan/kmsan.c:334 [] kmsan_internal_chain_origin+0x118/0x1e0 mm/kmsan/kmsan.c:527 [] __msan_set_alloca_origin4+0xc3/0x130 mm/kmsan/kmsan_instr.c:380 [] SYSC_bind+0x129/0x5f0 net/socket.c:1356 [] SyS_bind+0x82/0xa0 net/socket.c:1356 [] entry_SYSCALL_64_fastpath+0x13/0x8f arch/x86/entry/entry_64.o:? origin description: ----address@SYSC_bind (origin=00000000eb400911) ================================================================== (the line numbers are relative to 4.8-rc6, but the bug persists upstream) , when I run the following program as root: ===================================== #include #include #include #include int main() { struct sockaddr addr; memset(&addr, 0xff, sizeof(addr)); addr.sa_family = AF_PACKET; int fd = socket(PF_PACKET, SOCK_PACKET, htons(ETH_P_ALL)); bind(fd, &addr, sizeof(addr)); return 0; } ===================================== This happens because addr.sa_data copied from the userspace is not zero-terminated, and copying it with strlcpy() in packet_bind_spkt() results in calling strlen() on the kernel copy of that non-terminated buffer. Signed-off-by: Alexander Potapenko Signed-off-by: David S. Miller net/packet/af_packet.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 8953de2f02ad7b15e4964c82f9afd60f128e4e98 Author: Mike Manning Date: Wed Mar 1 09:55:28 2017 +0000 net: bridge: allow IPv6 when multicast flood is disabled Even with multicast flooding turned off, IPv6 ND should still work so that IPv6 connectivity is provided. Allow this by continuing to flood multicast traffic originated by us. Fixes: b6cb5ac8331b ("net: bridge: add per-port multicast flood flag") Cc: Nikolay Aleksandrov Signed-off-by: Mike Manning Acked-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_forward.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b9043cc5b99e9c93596a28647fd9f526f5bfa22c Author: Aurelien Aptel Date: Mon Feb 13 16:19:04 2017 +0100 CIFS: set signing flag in SMB2+ TreeConnect if needed cifs_enable_signing() already sets server->sign according to what the server requires/offers and what mount options allows/forbids, so use that. this is required for IPC tcon that connects to signing-required servers. Signed-off-by: Aurelien Aptel Acked-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/smb2pdu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7f9f6d2ec51449a20bc35359c9e190bf861b57e1 Author: Aurelien Aptel Date: Tue Feb 28 15:26:30 2017 +0100 CIFS: let ses->ipc_tid hold smb2 TreeIds the TreeId field went from 2 bytes in CIFS to 4 bytes in SMB2+. this commit updates the size of the ipc_tid field of a cifs_ses, which was still using 2 bytes. Signed-off-by: Aurelien Aptel Reviewed-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/cifsglob.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 51146625f34b348c15d55c378b5ae5c2fb963fc8 Author: Aurelien Aptel Date: Tue Feb 28 15:08:41 2017 +0100 CIFS: add use_ipc flag to SMB2_ioctl() when set, use the session IPC tree id instead of the tid in the provided tcon. Signed-off-by: Aurelien Aptel Reviewed-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/smb2file.c | 3 ++- fs/cifs/smb2ops.c | 23 ++++++++++++++++------- fs/cifs/smb2pdu.c | 17 +++++++++++++++-- fs/cifs/smb2proto.h | 3 ++- 4 files changed, 35 insertions(+), 11 deletions(-) commit 268a635d414df45a4a8da699d431da8f8ffcf014 Author: Aurelien Aptel Date: Mon Feb 13 16:14:17 2017 +0100 CIFS: add build_path_from_dentry_optional_prefix() this function does the same thing as add build_path_from_dentry() but takes a boolean parameter to decide whether or not to prefix the path with the tree name. we cannot rely on tcon->Flags & SMB_SHARE_IS_IN_DFS for SMB2 as smb2 code never sets tcon->Flags but it sets tcon->share_flags and it seems the SMB_SHARE_IS_IN_DFS has different semantics in SMB2: the prefix shouldn't be added everytime it was in SMB1. Signed-off-by: Aurelien Aptel Acked-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/cifs_dfs_ref.c | 4 +++- fs/cifs/cifsproto.h | 2 ++ fs/cifs/dir.c | 13 ++++++++++++- 3 files changed, 17 insertions(+), 2 deletions(-) commit 4ecce920e13ace16a5ba45efe8909946c28fb2ad Author: Aurelien Aptel Date: Mon Feb 13 16:03:47 2017 +0100 CIFS: move DFS response parsing out of SMB1 code since the DFS payload is not tied to the SMB version we can: * isolate the DFS payload in its own struct, and include that struct in packet structs * move the function that parses the response to misc.c and make it work on the new DFS payload struct (add payload size and utf16 flag as a result). Signed-off-by: Aurelien Aptel Acked-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/cifspdu.h | 16 ++++--- fs/cifs/cifsproto.h | 5 +++ fs/cifs/cifssmb.c | 119 +++------------------------------------------------- fs/cifs/misc.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 125 insertions(+), 120 deletions(-) commit 8893cf6cb1cf56334c05120e23092dbfc9423ebb Author: Bart Van Assche Date: Wed Mar 1 09:00:36 2017 -0800 scsi: mpt3sas: Avoid sleeping in interrupt context Commit 669f044170d8 ("scsi: srp_transport: Move queuecommand() wait code to SCSI core") can make scsi_internal_device_block() sleep. However, the mpt3sas driver can call this function from an interrupt handler. Hence add a second argument to scsi_internal_device_block() that restores the old behavior of this function for the mpt3sas handler. The call chain that triggered an "IRQ handler enabled interrupts" complaint is as follows: _base_interrupt() -> _base_async_event() -> mpt3sas_scsih_event_callback() -> _scsih_check_topo_delete_events() -> _scsih_block_io_to_children_attached_directly() -> _scsih_block_io_device() -> _scsih_internal_device_block() -> scsi_internal_device_block() Reported-by: Omar Sandoval Signed-off-by: Bart Van Assche Cc: Omar Sandoval Cc: Hannes Reinecke Cc: Sagi Grimberg Cc: Christoph Hellwig Cc: Sathya Prakash Cc: Chaitra P B Cc: Suganath Prabu Subramani Cc: Sreekanth Reddy Cc: # v4.10+ Tested-by: Omar Sandoval Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_base.h | 3 --- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 4 ++-- drivers/scsi/scsi_lib.c | 14 ++++++++++---- drivers/scsi/scsi_priv.h | 3 --- include/scsi/scsi_device.h | 4 ++++ 5 files changed, 16 insertions(+), 12 deletions(-) commit c46f09175dabd5dd6a1507f36250bfa734a0156e Author: Damien Le Moal Date: Wed Mar 1 17:27:00 2017 +0900 scsi: sd: Check for unaligned partial completion Commit ("mpt3sas: Force request partial completion alignment") was not considering the case of commands not operating on logical block size units (e.g. REQ_OP_ZONE_REPORT and its 64B aligned partial replies). In this case, forcing alignment of resid to the device logical block size can break the command result, e.g. in the case of REQ_OP_ZONE_REPORT, the exact number of zone reported by the device. Move the partial completion alignement check of mpt3sas to a generic implementation in sd_done(). The check is added within the default section of the initial req_op() switch case so that the report and reset zone commands are ignored. In addition, as sd_done() is not called for passthrough requests, resid corrections are not done as intended by the initial mpt3sas patch. Fixes: f2e767bb5d6e ("mpt3sas: Force request partial completion alignment") Cc: # v4.10 Signed-off-by: Damien Le Moal Acked-by: Christoph Hellwig Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_scsih.c | 15 --------------- drivers/scsi/sd.c | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 15 deletions(-) commit a4b0e8a4e92b1baa860e744847fbdb84a50a5071 Author: Potomski, MichalX Date: Thu Feb 23 09:05:30 2017 +0000 scsi: ufs: Factor out ufshcd_read_desc_param Since in UFS 2.1 specification some of the descriptor lengths differs from 2.0 specification and some devices, which are reporting spec version 2.0 have different descriptor lengths we can not rely on hardcoded values taken from 2.0 specification. This patch introduces reading these lengths per each device from descriptor headers at probe time to ensure their correctness. Signed-off-by: Michal' Potomski Reviewed-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufs.h | 22 ++--- drivers/scsi/ufs/ufshcd.c | 231 ++++++++++++++++++++++++++++++++++------------ drivers/scsi/ufs/ufshcd.h | 15 +++ 3 files changed, 196 insertions(+), 72 deletions(-) commit 4977ab6e92e267afe9d8f78438c3db330ca8434c Merge: 8f03cf5 e390f9a Author: Linus Torvalds Date: Wed Mar 1 17:04:50 2017 -0800 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull objtool relocation fixes from Ingo Molnar: "Two fixes related to the module loading regression introduced by the recent objtool changes" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool, modules: Discard objtool annotation sections for modules objtool, compiler.h: Fix __unreachable section relocation size commit 8f03cf50bc9443e92d6e54ac4d599357d6cb7cbb Merge: 25c4e6c ed92d8c Author: Linus Torvalds Date: Wed Mar 1 16:10:30 2017 -0800 Merge tag 'nfs-for-4.11-1' of git://git.linux-nfs.org/projects/anna/linux-nfs Pull NFS client updates from Anna Schumaker: "Highlights include: Stable bugfixes: - NFSv4: Fix memory and state leak in _nfs4_open_and_get_state - xprtrdma: Fix Read chunk padding - xprtrdma: Per-connection pad optimization - xprtrdma: Disable pad optimization by default - xprtrdma: Reduce required number of send SGEs - nlm: Ensure callback code also checks that the files match - pNFS/flexfiles: If the layout is invalid, it must be updated before retrying - NFSv4: Fix reboot recovery in copy offload - Revert "NFSv4.1: Handle NFS4ERR_BADSESSION/NFS4ERR_DEADSESSION replies to OP_SEQUENCE" - NFSv4: fix getacl head length estimation - NFSv4: fix getacl ERANGE for sum ACL buffer sizes Features: - Add and use dprintk_cont macros - Various cleanups to NFS v4.x to reduce code duplication and complexity - Remove unused cr_magic related code - Improvements to sunrpc "read from buffer" code - Clean up sunrpc timeout code and allow changing TCP timeout parameters - Remove duplicate mw_list management code in xprtrdma - Add generic functions for encoding and decoding xdr streams Bugfixes: - Clean up nfs_show_mountd_netid - Make layoutreturn_ops static and use NULL instead of 0 to fix sparse warnings - Properly handle -ERESTARTSYS in nfs_rename() - Check if register_shrinker() failed during rpcauth_init() - Properly clean up procfs/pipefs entries - Various NFS over RDMA related fixes - Silence unititialized variable warning in sunrpc" * tag 'nfs-for-4.11-1' of git://git.linux-nfs.org/projects/anna/linux-nfs: (64 commits) NFSv4: fix getacl ERANGE for some ACL buffer sizes NFSv4: fix getacl head length estimation Revert "NFSv4.1: Handle NFS4ERR_BADSESSION/NFS4ERR_DEADSESSION replies to OP_SEQUENCE" NFSv4: Fix reboot recovery in copy offload pNFS/flexfiles: If the layout is invalid, it must be updated before retrying NFSv4: Clean up owner/group attribute decode SUNRPC: Add a helper function xdr_stream_decode_string_dup() NFSv4: Remove bogus "struct nfs_client" argument from decode_ace() NFSv4: Fix the underestimation of delegation XDR space reservation NFSv4: Replace callback string decode function with a generic NFSv4: Replace the open coded decode_opaque_inline() with the new generic NFSv4: Replace ad-hoc xdr encode/decode helpers with xdr_stream_* generics SUNRPC: Add generic helpers for xdr_stream encode/decode sunrpc: silence uninitialized variable warning nlm: Ensure callback code also checks that the files match sunrpc: Allow xprt->ops->timer method to sleep xprtrdma: Refactor management of mw_list field xprtrdma: Handle stale connection rejection xprtrdma: Properly recover FRWRs with in-flight FASTREG WRs xprtrdma: Shrink send SGEs array ... commit 25c4e6c3f0c14d1575aa488ff4ca47e045ae51a0 Merge: 6053dc9 900f736 Author: Linus Torvalds Date: Wed Mar 1 15:55:04 2017 -0800 Merge tag 'for-f2fs-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs Pull f2fs updates from Jaegeuk Kim: "This round introduces several interesting features such as on-disk NAT bitmaps, IO alignment, and a discard thread. And it includes a couple of major bug fixes as below. Enhancements: - introduce on-disk bitmaps to avoid scanning NAT blocks when getting free nids - support IO alignment to prepare open-channel SSD integration in future - introduce a discard thread to avoid long latency during checkpoint and fstrim - use SSR for warm node and enable inline_xattr by default - introduce in-memory bitmaps to check FS consistency for debugging - improve write_begin by avoiding needless read IO Bug fixes: - fix broken zone_reset behavior for SMR drive - fix wrong victim selection policy during GC - fix missing behavior when preparing discard commands - fix bugs in atomic write support and fiemap - workaround to handle multiple f2fs_add_link calls having same name ... and it includes a bunch of clean-up patches as well" * tag 'for-f2fs-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (97 commits) f2fs: avoid to flush nat journal entries f2fs: avoid to issue redundant discard commands f2fs: fix a plint compile warning f2fs: add f2fs_drop_inode tracepoint f2fs: Fix zoned block device support f2fs: remove redundant set_page_dirty() f2fs: fix to enlarge size of write_io_dummy mempool f2fs: fix memory leak of write_io_dummy mempool during umount f2fs: fix to update F2FS_{CP_}WB_DATA count correctly f2fs: use MAX_FREE_NIDS for the free nids target f2fs: introduce free nid bitmap f2fs: new helper cur_cp_crc() getting crc in f2fs_checkpoint f2fs: update the comment of default nr_pages to skipping f2fs: drop the duplicate pval in f2fs_getxattr f2fs: Don't update the xattr data that same as the exist f2fs: kill __is_extent_same f2fs: avoid bggc->fggc when enough free segments are avaliable after cp f2fs: select target segment with closer temperature in SSR mode f2fs: show simple call stack in fault injection message f2fs: no need lock_op in f2fs_write_inline_data ... commit c4baad50297d84bde1a7ad45e50c73adae4a2192 Author: Omar Sandoval Date: Wed Feb 1 00:02:27 2017 -0800 virtio-console: avoid DMA from stack put_chars() stuffs the buffer it gets into an sg, but that buffer may be on the stack. This breaks with CONFIG_VMAP_STACK=y (for me, it manifested as printks getting turned into NUL bytes). Signed-off-by: Omar Sandoval Signed-off-by: Michael S. Tsirkin Reviewed-by: Amit Shah drivers/char/virtio_console.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit f889491380582b4ba2981cf0b0d7d6a40fb30ab7 Author: Jason Wang Date: Tue Feb 28 17:56:02 2017 +0800 vhost: introduce O(1) vq metadata cache When device IOTLB is enabled, all address translations were stored in interval tree. O(lgN) searching time could be slow for virtqueue metadata (avail, used and descriptors) since they were accessed much often than other addresses. So this patch introduces an O(1) array which points to the interval tree nodes that store the translations of vq metadata. Those array were update during vq IOTLB prefetching and were reset during each invalidation and tlb update. Each time we want to access vq metadata, this small array were queried before interval tree. This would be sufficient for static mappings but not dynamic mappings, we could do optimizations on top. Test were done with l2fwd in guest (2M hugepage): noiommu | before | after tx 1.32Mpps | 1.06Mpps(82%) | 1.30Mpps(98%) rx 2.33Mpps | 1.46Mpps(63%) | 2.29Mpps(98%) We can almost reach the same performance as noiommu mode. Signed-off-by: Jason Wang Signed-off-by: Michael S. Tsirkin drivers/vhost/vhost.c | 136 ++++++++++++++++++++++++++++++++++++++++---------- drivers/vhost/vhost.h | 8 +++ 2 files changed, 118 insertions(+), 26 deletions(-) commit 2651225b5ebcdde60f684c4db8ec7e9e3800a74f Author: Stephen Smalley Date: Tue Feb 28 10:35:56 2017 -0500 selinux: wrap cgroup seclabel support with its own policy capability commit 1ea0ce40690dff38935538e8dab7b12683ded0d3 ("selinux: allow changing labels for cgroupfs") broke the Android init program, which looks up security contexts whenever creating directories and attempts to assign them via setfscreatecon(). When creating subdirectories in cgroup mounts, this would previously be ignored since cgroup did not support userspace setting of security contexts. However, after the commit, SELinux would attempt to honor the requested context on cgroup directories and fail due to permission denial. Avoid breaking existing userspace/policy by wrapping this change with a conditional on a new cgroup_seclabel policy capability. This preserves existing behavior until/unless a new policy explicitly enables this capability. Reported-by: John Stultz Signed-off-by: Stephen Smalley Signed-off-by: Paul Moore Signed-off-by: James Morris security/selinux/hooks.c | 7 ++++--- security/selinux/include/security.h | 2 ++ security/selinux/selinuxfs.c | 3 ++- security/selinux/ss/services.c | 4 ++++ 4 files changed, 12 insertions(+), 4 deletions(-) commit 0837e49ab3fa8d903a499984575d71efee8097ce Author: David Howells Date: Wed Mar 1 15:11:23 2017 +0000 KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() rcu_dereference_key() and user_key_payload() are currently being used in two different, incompatible ways: (1) As a wrapper to rcu_dereference() - when only the RCU read lock used to protect the key. (2) As a wrapper to rcu_dereference_protected() - when the key semaphor is used to protect the key and the may be being modified. Fix this by splitting both of the key wrappers to produce: (1) RCU accessors for keys when caller has the key semaphore locked: dereference_key_locked() user_key_payload_locked() (2) RCU accessors for keys when caller holds the RCU read lock: dereference_key_rcu() user_key_payload_rcu() This should fix following warning in the NFS idmapper =============================== [ INFO: suspicious RCU usage. ] 4.10.0 #1 Tainted: G W ------------------------------- ./include/keys/user-type.h:53 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 1 lock held by mount.nfs/5987: #0: (rcu_read_lock){......}, at: [] nfs_idmap_get_key+0x15c/0x420 [nfsv4] stack backtrace: CPU: 1 PID: 5987 Comm: mount.nfs Tainted: G W 4.10.0 #1 Call Trace: dump_stack+0xe8/0x154 (unreliable) lockdep_rcu_suspicious+0x140/0x190 nfs_idmap_get_key+0x380/0x420 [nfsv4] nfs_map_name_to_uid+0x2a0/0x3b0 [nfsv4] decode_getfattr_attrs+0xfac/0x16b0 [nfsv4] decode_getfattr_generic.constprop.106+0xbc/0x150 [nfsv4] nfs4_xdr_dec_lookup_root+0xac/0xb0 [nfsv4] rpcauth_unwrap_resp+0xe8/0x140 [sunrpc] call_decode+0x29c/0x910 [sunrpc] __rpc_execute+0x140/0x8f0 [sunrpc] rpc_run_task+0x170/0x200 [sunrpc] nfs4_call_sync_sequence+0x68/0xa0 [nfsv4] _nfs4_lookup_root.isra.44+0xd0/0xf0 [nfsv4] nfs4_lookup_root+0xe0/0x350 [nfsv4] nfs4_lookup_root_sec+0x70/0xa0 [nfsv4] nfs4_find_root_sec+0xc4/0x100 [nfsv4] nfs4_proc_get_rootfh+0x5c/0xf0 [nfsv4] nfs4_get_rootfh+0x6c/0x190 [nfsv4] nfs4_server_common_setup+0xc4/0x260 [nfsv4] nfs4_create_server+0x278/0x3c0 [nfsv4] nfs4_remote_mount+0x50/0xb0 [nfsv4] mount_fs+0x74/0x210 vfs_kern_mount+0x78/0x220 nfs_do_root_mount+0xb0/0x140 [nfsv4] nfs4_try_mount+0x60/0x100 [nfsv4] nfs_fs_mount+0x5ec/0xda0 [nfs] mount_fs+0x74/0x210 vfs_kern_mount+0x78/0x220 do_mount+0x254/0xf70 SyS_mount+0x94/0x100 system_call+0x38/0xe0 Reported-by: Jan Stancek Signed-off-by: David Howells Tested-by: Jan Stancek Signed-off-by: James Morris Documentation/security/keys.txt | 17 +++++++++++++++-- drivers/md/dm-crypt.c | 2 +- fs/cifs/connect.c | 2 +- fs/crypto/keyinfo.c | 2 +- fs/ecryptfs/ecryptfs_kernel.h | 2 +- fs/fscache/object-list.c | 2 +- fs/nfs/nfs4idmap.c | 2 +- include/keys/user-type.h | 9 +++++++-- include/linux/key.h | 5 ++++- lib/digsig.c | 2 +- net/dns_resolver/dns_query.c | 4 ++-- security/keys/dh.c | 2 +- security/keys/encrypted-keys/encrypted.c | 4 ++-- security/keys/trusted.c | 4 ++-- security/keys/user_defined.c | 6 +++--- 15 files changed, 43 insertions(+), 22 deletions(-) commit 16c54ac903042aca583e51a40bbe2f5503fe53c7 Merge: 449809a 19d19e9 Author: David S. Miller Date: Wed Mar 1 15:08:34 2017 -0800 Merge tag 'mac80211-for-davem-2017-02-28' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== First round of fixes - details in the commits: * use a valid hrtimer clock ID in mac80211_hwsim * don't reorder frames prior to BA session * flush a delayed work at suspend so the state is all valid before suspend/resume * fix packet statistics in fast-RX, the RX packets counter increment was simply missing * don't try to re-transmit filtered frames in an aggregation session * shorten (for tracing) a debug message * typo fix in another debug message * fix nul-termination with HWSIM_ATTR_RADIO_NAME in hwsim * fix mgmt RX processing when station is looked up by driver/device ==================== Signed-off-by: David S. Miller commit 449809a66c1d0b1563dee84493e14bf3104d2d7e Author: Eric Dumazet Date: Wed Mar 1 08:39:49 2017 -0800 tcp/dccp: block BH for SYN processing SYN processing really was meant to be handled from BH. When I got rid of BH blocking while processing socket backlog in commit 5413d1babe8f ("net: do not block BH while processing socket backlog"), I forgot that a malicious user could transition to TCP_LISTEN from a state that allowed (SYN) packets to be parked in the socket backlog while socket is owned by the thread doing the listen() call. Sure enough syzkaller found this and reported the bug ;) ================================= [ INFO: inconsistent lock state ] 4.10.0+ #60 Not tainted --------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. syz-executor0/5090 [HC0[0]:SC0[0]:HE1:SE1] takes: (&(&hashinfo->ehash_locks[i])->rlock){+.?...}, at: [] spin_lock include/linux/spinlock.h:299 [inline] (&(&hashinfo->ehash_locks[i])->rlock){+.?...}, at: [] inet_ehash_insert+0x240/0xad0 net/ipv4/inet_hashtables.c:407 {IN-SOFTIRQ-W} state was registered at: mark_irqflags kernel/locking/lockdep.c:2923 [inline] __lock_acquire+0xbcf/0x3270 kernel/locking/lockdep.c:3295 lock_acquire+0x241/0x580 kernel/locking/lockdep.c:3753 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:299 [inline] inet_ehash_insert+0x240/0xad0 net/ipv4/inet_hashtables.c:407 reqsk_queue_hash_req net/ipv4/inet_connection_sock.c:753 [inline] inet_csk_reqsk_queue_hash_add+0x1b7/0x2a0 net/ipv4/inet_connection_sock.c:764 tcp_conn_request+0x25cc/0x3310 net/ipv4/tcp_input.c:6399 tcp_v4_conn_request+0x157/0x220 net/ipv4/tcp_ipv4.c:1262 tcp_rcv_state_process+0x802/0x4130 net/ipv4/tcp_input.c:5889 tcp_v4_do_rcv+0x56b/0x940 net/ipv4/tcp_ipv4.c:1433 tcp_v4_rcv+0x2e12/0x3210 net/ipv4/tcp_ipv4.c:1711 ip_local_deliver_finish+0x4ce/0xc40 net/ipv4/ip_input.c:216 NF_HOOK include/linux/netfilter.h:257 [inline] ip_local_deliver+0x1ce/0x710 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:492 [inline] ip_rcv_finish+0xb1d/0x2110 net/ipv4/ip_input.c:396 NF_HOOK include/linux/netfilter.h:257 [inline] ip_rcv+0xd90/0x19c0 net/ipv4/ip_input.c:487 __netif_receive_skb_core+0x1ad1/0x3400 net/core/dev.c:4179 __netif_receive_skb+0x2a/0x170 net/core/dev.c:4217 netif_receive_skb_internal+0x1d6/0x430 net/core/dev.c:4245 napi_skb_finish net/core/dev.c:4602 [inline] napi_gro_receive+0x4e6/0x680 net/core/dev.c:4636 e1000_receive_skb drivers/net/ethernet/intel/e1000/e1000_main.c:4033 [inline] e1000_clean_rx_irq+0x5e0/0x1490 drivers/net/ethernet/intel/e1000/e1000_main.c:4489 e1000_clean+0xb9a/0x2910 drivers/net/ethernet/intel/e1000/e1000_main.c:3834 napi_poll net/core/dev.c:5171 [inline] net_rx_action+0xe70/0x1900 net/core/dev.c:5236 __do_softirq+0x2fb/0xb7d kernel/softirq.c:284 invoke_softirq kernel/softirq.c:364 [inline] irq_exit+0x19e/0x1d0 kernel/softirq.c:405 exiting_irq arch/x86/include/asm/apic.h:658 [inline] do_IRQ+0x81/0x1a0 arch/x86/kernel/irq.c:250 ret_from_intr+0x0/0x20 native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:53 arch_safe_halt arch/x86/include/asm/paravirt.h:98 [inline] default_idle+0x8f/0x410 arch/x86/kernel/process.c:271 arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:262 default_idle_call+0x36/0x60 kernel/sched/idle.c:96 cpuidle_idle_call kernel/sched/idle.c:154 [inline] do_idle+0x348/0x440 kernel/sched/idle.c:243 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:345 start_secondary+0x344/0x440 arch/x86/kernel/smpboot.c:272 verify_cpu+0x0/0xfc irq event stamp: 1741 hardirqs last enabled at (1741): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (1741): [] _raw_spin_unlock_irqrestore+0xf7/0x1a0 kernel/locking/spinlock.c:191 hardirqs last disabled at (1740): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (1740): [] _raw_spin_lock_irqsave+0xa2/0x110 kernel/locking/spinlock.c:159 softirqs last enabled at (1738): [] __do_softirq+0x7cf/0xb7d kernel/softirq.c:310 softirqs last disabled at (1571): [] do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:902 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&hashinfo->ehash_locks[i])->rlock); lock(&(&hashinfo->ehash_locks[i])->rlock); *** DEADLOCK *** 1 lock held by syz-executor0/5090: #0: (sk_lock-AF_INET6){+.+.+.}, at: [] lock_sock include/net/sock.h:1460 [inline] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] sock_setsockopt+0x233/0x1e40 net/core/sock.c:683 stack backtrace: CPU: 1 PID: 5090 Comm: syz-executor0 Not tainted 4.10.0+ #60 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x292/0x398 lib/dump_stack.c:51 print_usage_bug+0x3ef/0x450 kernel/locking/lockdep.c:2387 valid_state kernel/locking/lockdep.c:2400 [inline] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] mark_lock+0xf30/0x1410 kernel/locking/lockdep.c:3065 mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0x6dc/0x3270 kernel/locking/lockdep.c:3295 lock_acquire+0x241/0x580 kernel/locking/lockdep.c:3753 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:299 [inline] inet_ehash_insert+0x240/0xad0 net/ipv4/inet_hashtables.c:407 reqsk_queue_hash_req net/ipv4/inet_connection_sock.c:753 [inline] inet_csk_reqsk_queue_hash_add+0x1b7/0x2a0 net/ipv4/inet_connection_sock.c:764 dccp_v6_conn_request+0xada/0x11b0 net/dccp/ipv6.c:380 dccp_rcv_state_process+0x51e/0x1660 net/dccp/input.c:606 dccp_v6_do_rcv+0x213/0x350 net/dccp/ipv6.c:632 sk_backlog_rcv include/net/sock.h:896 [inline] __release_sock+0x127/0x3a0 net/core/sock.c:2052 release_sock+0xa5/0x2b0 net/core/sock.c:2539 sock_setsockopt+0x60f/0x1e40 net/core/sock.c:1016 SYSC_setsockopt net/socket.c:1782 [inline] SyS_setsockopt+0x2fb/0x3a0 net/socket.c:1765 entry_SYSCALL_64_fastpath+0x1f/0xc2 RIP: 0033:0x4458b9 RSP: 002b:00007fe8b26c2b58 EFLAGS: 00000292 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000004458b9 RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000006 RBP: 00000000006e2110 R08: 0000000000000010 R09: 0000000000000000 R10: 00000000208c3000 R11: 0000000000000292 R12: 0000000000708000 R13: 0000000020000000 R14: 0000000000001000 R15: 0000000000000000 Fixes: 5413d1babe8f ("net: do not block BH while processing socket backlog") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Acked-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller net/dccp/input.c | 10 ++++++++-- net/ipv4/tcp_input.c | 10 ++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) commit eba38a968258b5ad9d70722ab8c584e1753f4b16 Author: Gary Lin Date: Wed Mar 1 16:25:51 2017 +0800 bpf: update the comment about the length of analysis Commit 07016151a446 ("bpf, verifier: further improve search pruning") increased the limit of processed instructions from 32k to 64k, but the comment still mentioned the 32k limit. This commit updates the comment to reflect the change. Cc: Alexei Starovoitov Cc: Daniel Borkmann Signed-off-by: Gary Lin Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/verifier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit df2c43343b47a7138431f431118eb5819e205365 Author: Yotam Gigi Date: Wed Mar 1 16:50:45 2017 +0200 bridge: Fix error path in nbp_vlan_init Fix error path order in nbp_vlan_init, so if switchdev_port_attr_set call failes, the vlan_hash wouldn't be destroyed before inited. Fixes: efa5356b0d97 ("bridge: per vlan dst_metadata netlink support") CC: Roopa Prabhu Signed-off-by: Yotam Gigi Acked-by: Roopa Prabhu Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller net/bridge/br_vlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 61cfac6f267dabcf2740a7ec8a0295833b28b5f5 Author: Pavel Shilovsky Date: Tue Feb 28 16:05:19 2017 -0800 CIFS: Fix possible use after free in demultiplex thread The recent changes that added SMB3 encryption support introduced a possible use after free in the demultiplex thread. When we process an encrypted packed we obtain a pointer to SMB session but do not obtain a reference. This can possibly lead to a situation when this session was freed before we copy a decryption key from there. Fix this by obtaining a copy of the key rather than a pointer to the session under a spinlock. Signed-off-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/smb2ops.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) commit 6bff9c609f3df4e325da08783f691cab9316d643 Merge: 02c3de1 e3942ed Author: Rafael J. Wysocki Date: Wed Mar 1 23:34:38 2017 +0100 Merge branch 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux Pull changes related to turbostat for v4.11 from Len Brown. * 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux: (44 commits) tools/power turbostat: version 17.02.24 tools/power turbostat: bugfix: --add u32 was printed as u64 tools/power turbostat: show error on exec tools/power turbostat: dump p-state software config tools/power turbostat: show package number, even without --debug tools/power turbostat: support "--hide C1" etc. tools/power turbostat: move --Package and --processor into the --cpu option tools/power turbostat: turbostat.8 update tools/power turbostat: update --list feature tools/power turbostat: use wide columns to display large numbers tools/power turbostat: Add --list option to show available header names tools/power turbostat: fix zero IRQ count shown in one-shot command mode tools/power turbostat: add --cpu parameter tools/power turbostat: print sysfs C-state stats tools/power turbostat: extend --add option to accept /sys path tools/power turbostat: skip unused counters on BDX tools/power turbostat: fix decoding for GLM, DNV, SKX turbo-ratio limits tools/power turbostat: skip unused counters on SKX tools/power turbostat: Denverton: use HW CC1 counter, skip C3, C7 tools/power turbostat: initial Gemini Lake SOC support ... commit 28db0c7b1c7fbca3637994c1ce3c4ffe142e2755 Author: Viresh Kumar Date: Wed Mar 1 16:39:55 2017 +0530 PM / OPP: Documentation: Fix opp-microvolt in examples The triplet present in "opp-microvolt" property should be in the order , while all the examples have it in the order . Fix it. Luckily all of the users of "opp-microvolt" property have applied brain instead of copying the examples from documentation and none of the actual dts files have it wrong. Reported-by: Rob Herring Signed-off-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki Documentation/devicetree/bindings/opp/opp.txt | 44 +++++++++++++-------------- 1 file changed, 22 insertions(+), 22 deletions(-) commit b46dcfa378b0cdea1ee832802c9e36750e0fffa9 Author: Max Filippov Date: Wed Jan 4 10:40:49 2017 -0800 xtensa: allow merging vectors into .text section Currently code for exception/IRQ vectors is stored in kernel image as initialization data and is copied to its working addresses during startup. It doesn't always make sense. In many cases vectors location can be automatically decided at kernel link time and code can be placed right there. This is especially useful for XIP kernel. Signed-off-by: Max Filippov arch/xtensa/include/asm/vectors.h | 4 ++++ arch/xtensa/kernel/setup.c | 3 +++ arch/xtensa/kernel/vmlinux.lds.S | 41 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+) commit 9a736fcb096b43b68af8329eb12abc8256dceaba Author: Max Filippov Date: Sun Dec 25 04:58:57 2016 -0800 xtensa: clean up bootable image build targets Currently xtensa uses 'zImage' as a synonym of 'all', but in fact xtensa supports three targets: 'Image' (ELF image with reset vector), 'zImage' (compressed redboot image) and 'uImage' (U-Boot image). Provide separate 'Image', 'zImage' and 'uImage' make targets that only build corresponding image type. Make 'all' build all images appropriate for a platform. Signed-off-by: Max Filippov arch/xtensa/Makefile | 8 +++----- arch/xtensa/boot/Makefile | 23 ++++++++++++++++------- arch/xtensa/boot/boot-elf/Makefile | 2 +- arch/xtensa/boot/boot-redboot/Makefile | 2 +- arch/xtensa/boot/boot-uboot/Makefile | 14 -------------- 5 files changed, 21 insertions(+), 28 deletions(-) commit 4ab18701c66552944188dbcd0ce0012729baab84 Author: Max Filippov Date: Tue Jan 3 09:37:34 2017 -0800 xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD FDT tag parsing is not related to whether BLK_DEV_INITRD is configured or not, move it out of the corresponding #ifdef/#endif block. This fixes passing external FDT to the kernel configured w/o BLK_DEV_INITRD support. Cc: stable@vger.kernel.org Signed-off-by: Max Filippov arch/xtensa/kernel/setup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e390f9a9689a42f477a6073e2e7df530a4c1b740 Author: Josh Poimboeuf Date: Wed Mar 1 12:04:44 2017 -0600 objtool, modules: Discard objtool annotation sections for modules The '__unreachable' and '__func_stack_frame_non_standard' sections are only used at compile time. They're discarded for vmlinux but they should also be discarded for modules. Since this is a recurring pattern, prefix the section names with ".discard.". It's a nice convention and vmlinux.lds.h already discards such sections. Also remove the 'a' (allocatable) flag from the __unreachable section since it doesn't make sense for a discarded section. Suggested-by: Linus Torvalds Signed-off-by: Josh Poimboeuf Cc: Jessica Yu Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: d1091c7fa3d5 ("objtool: Improve detection of BUG() and other dead ends") Link: http://lkml.kernel.org/r/20170301180444.lhd53c5tibc4ns77@treble Signed-off-by: Ingo Molnar arch/x86/kernel/vmlinux.lds.S | 2 -- include/linux/compiler-gcc.h | 2 +- include/linux/frame.h | 2 +- scripts/mod/modpost.c | 1 + scripts/module-common.lds | 5 ++++- tools/objtool/builtin-check.c | 6 +++--- 6 files changed, 10 insertions(+), 8 deletions(-) commit 6053dc981449718d90a429933e99b441e1adaea6 Merge: b286ced 638f863 Author: Linus Torvalds Date: Wed Mar 1 10:32:30 2017 -0800 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "The main fix here addresses a kernel panic triggered on Qualcomm QDF2400 due to incorrect register usage in an erratum workaround introduced during the merge window. Summary: - Fix kernel panic on specific Qualcomm platform due to broken erratum workaround - Revert contiguous bit support due to TLB conflict aborts in simulation - Don't treat all CPU ID register fields as 4-bit quantities" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64/cpufeature: check correct field width when updating sys_val Revert "arm64: mm: set the contiguous bit for kernel mappings where appropriate" arm64: Avoid clobbering mm in erratum workaround on QDF2400 commit 3b45a4106f146c336cbcaccb9d8d0fa0e5c3dc1d Author: Liping Zhang Date: Mon Feb 27 20:59:39 2017 +0800 net: route: add missing nla_policy entry for RTA_MARK attribute This will add stricter validating for RTA_MARK attribute. Signed-off-by: Liping Zhang Signed-off-by: David S. Miller net/ipv4/fib_frontend.c | 1 + net/ipv6/route.c | 1 + 2 files changed, 2 insertions(+) commit 8c171d6ca56c6891372a97af26b58b2cfad7fd9a Author: Felix Jia Date: Mon Feb 27 12:41:23 2017 +1300 net/ipv6: avoid possible dead locking on addr_gen_mode sysctl The addr_gen_mode variable can be accessed by both sysctl and netlink. Repleacd rtnl_lock() with rtnl_trylock() protect the sysctl operation to avoid the possbile dead lock.` Signed-off-by: Felix Jia Signed-off-by: David S. Miller net/ipv6/addrconf.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) commit b286cedd473006b33d5ae076afac509e6b2c3bf4 Merge: 522214d 9f3768e Author: Linus Torvalds Date: Wed Mar 1 10:10:16 2017 -0800 Merge tag 'powerpc-4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull more powerpc updates from Michael Ellerman: "Highlights include: - an update of the disassembly code used by xmon to the latest versions in binutils. We've received permission from all the authors of the relevant binutils changes to relicense their changes to the relevant files from GPLv3 to GPLv2, for inclusion in Linux. Thanks to Peter Bergner for doing the leg work to get permission from everyone. - addition of the "architected" Power9 CPU table entry, allowing us to boot in Power9 architected mode under a hypervisor. - updates to the Power9 PMU code. - implementation of clear_bit_unlock_is_negative_byte() to optimise unlock_page(). - Freescale updates from Scott: "Highlights include 8xx breakpoints and perf, t1042rdb display support, and board updates." Thanks to: Al Viro, Andrew Donnellan, Aneesh Kumar K.V, Balbir Singh, Douglas Miller, Frédéric Weisbecker, Gavin Shan, Madhavan Srinivasan, Michael Roth, Nathan Fontenot, Naveen N. Rao, Nicholas Piggin, Peter Bergner, Paul E. McKenney, Rashmica Gupta, Russell Currey, Sahil Mehta, Stewart Smith" * tag 'powerpc-4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (48 commits) powerpc: Remove leftover cputime_to_nsecs call causing build error powerpc/mm/hash: Always clear UPRT and Host Radix bits when setting up CPU powerpc/optprobes: Fix TOC handling in optprobes trampoline powerpc/pseries: Advertise Hot Plug Event support to firmware cxl: fix nested locking hang during EEH hotplug powerpc/xmon: Dump memory in CPU endian format powerpc/pseries: Revert 'Auto-online hotplugged memory' powerpc/powernv: Make PCI non-optional powerpc/64: Implement clear_bit_unlock_is_negative_byte() powerpc/powernv: Remove unused variable in pnv_pci_sriov_disable() powerpc/kernel: Remove error message in pcibios_setup_phb_resources() powerpc/mm: Fix typo in set_pte_at() pci/hotplug/pnv-php: Disable MSI and PCI device properly pci/hotplug/pnv-php: Disable surprise hotplug capability on conflicts pci/hotplug/pnv-php: Remove WARN_ON() in pnv_php_put_slot() powerpc: Add POWER9 architected mode to cputable powerpc/perf: use is_kernel_addr macro in perf_get_misc_flags() powerpc/perf: Avoid FAB_*_MATCH checks for power9 powerpc/perf: Add restrictions to PMC5 in power9 DD1 powerpc/perf: Use Instruction Counter value ... commit 522214d9be9c9f00f34ed89cb95e901b7ac31c59 Author: Benjamin Tissoires Date: Wed Mar 1 09:57:00 2017 +0100 Input: rmi4 - f30: detect INPUT_PROP_BUTTONPAD from the button count INPUT_PROP_BUTTONPAD is currently only set through the platform data. The RMI4 header doc says that this property is there to force the buttonpad property, so we also need to detect it by looking at the exported buttons count. Signed-off-by: Benjamin Tissoires Reported-and-tested-by: Linus Torvalds Signed-off-by: Linus Torvalds drivers/input/rmi4/rmi_f30.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 044d5dfd6262d0ef91f6f5b19e3973f82fc7e1d2 Merge: 544a068 f3ac9f7 Author: Linus Torvalds Date: Wed Mar 1 09:59:21 2017 -0800 Merge tag 'sound-fix-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "A few last-minute fixes for rc1: - ALSA core timer and sequencer fixes for bugs spotted by syzkaller - a couple of trivial HD-audio fixups - additional PCI / codec IDs for Intel Geminilake - fixes for CT-XFi DMA mask bugs" * tag 'sound-fix-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: seq: Fix link corruption by event error handling ALSA: hda - Add subwoofer support for Dell Inspiron 17 7000 Gaming ALSA: ctxfi: Fallback DMA mask to 32bit ALSA: timer: Reject user params with too small ticks ALSA: hda: Add Geminilake HDMI codec ID ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine ALSA: hda - Add Geminilake PCI ID commit a3695e9751b3c616170b552f8561b5a7c5b7a3ca Merge: 39e6c82 a717e3f Author: David S. Miller Date: Wed Mar 1 09:58:46 2017 -0800 Merge branch 'vxlan-geneve-rcu-fixes' Jakub Kicinski says: ==================== VXLAN/geneve RCU fixes VXLAN and GENEVE need to take RCU lock explicitly because TX path only has the _bh() flavour of RCU locked. Making the reconfiguration path wait for both normal and _bh() RCU would be bigger hassle so just acquire the lock, as suggested by Pravin: https://www.mail-archive.com/netdev@vger.kernel.org/msg155583.html ==================== Signed-off-by: David S. Miller commit a717e3f740803cc88bd5c9a70c93504f6a368663 Author: Jakub Kicinski Date: Fri Feb 24 11:43:37 2017 -0800 geneve: lock RCU on TX path There is no guarantees that callers of the TX path will hold the RCU lock. Grab it explicitly. Fixes: fceb9c3e3825 ("geneve: avoid using stale geneve socket.") Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/geneve.c | 2 ++ 1 file changed, 2 insertions(+) commit 56de859e9967c070464a9a9f4f18d73f9447298e Author: Jakub Kicinski Date: Fri Feb 24 11:43:36 2017 -0800 vxlan: lock RCU on TX path There is no guarantees that callers of the TX path will hold the RCU lock. Grab it explicitly. Fixes: c6fcc4fc5f8b ("vxlan: avoid using stale vxlan socket.") Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/vxlan.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 544a068f1f88da89254d2e334a7d4f0dc4ae9ab7 Merge: 545b282 6fefe19 Author: Linus Torvalds Date: Wed Mar 1 09:54:32 2017 -0800 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal management updates from Zhang Rui: - add thermal driver for R-Car Gen3 thermal sensors. - add thermal driver for ZTE' zx2967 family thermal sensors. - convert thermal ID allocation from IDR to IDA. - fix a possible NULL dereference in imx thermal driver. - fix a ti-soc-thermal driver dependency issue so that critical thermal control is still available when CPU_THERMAL is not defined. - update binding information for QorIQ thermal driver. - a couple of cleanups in thermal core, intel_powerclamp, exynos, dra752-thermal, mtk-thermal driver. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: powerpc/mpc85xx: Update TMU device tree node for T1023/T1024 powerpc/mpc85xx: Update TMU device tree node for T1040/T1042 dt-bindings: Update QorIQ TMU thermal bindings thermal: mtk_thermal: Staticise a number of data variables thermal: arm: dra752: Remove all TSHUT related definitions thermal: arm: dra752: Remove TSHUT configuration thermal: ti-soc-thermal: Remove CPU_THERMAL Dependency from TI_THERMAL thermal: imx: Fix possible NULL dereference. thermal: exynos: Remove parsing unused samsung,tmu_cal_mode property thermal: zx2967: add thermal driver for ZTE's zx2967 family thermal: use cpumask_var_t for on-stack cpu masks dt: bindings: add documentation for zx2967 family thermal sensor thermal/intel_powerclamp: Remove set-but-not-used variables thermal: rcar_gen3_thermal: Add R-Car Gen3 thermal driver thermal: rcar_gen3_thermal: Document the R-Car Gen3 thermal: convert devfreq_cooling to use an IDA thermal: convert cpu_cooling to use an IDA thermal: convert clock cooling to use an IDA thermal core: convert ID allocation to IDA commit 39e6c8208d7b6fb9d2047850fb3327db567b564b Author: Eric Dumazet Date: Tue Feb 28 10:34:50 2017 -0800 net: solve a NAPI race While playing with mlx4 hardware timestamping of RX packets, I found that some packets were received by TCP stack with a ~200 ms delay... Since the timestamp was provided by the NIC, and my probe was added in tcp_v4_rcv() while in BH handler, I was confident it was not a sender issue, or a drop in the network. This would happen with a very low probability, but hurting RPC workloads. A NAPI driver normally arms the IRQ after the napi_complete_done(), after NAPI_STATE_SCHED is cleared, so that the hard irq handler can grab it. Problem is that if another point in the stack grabs NAPI_STATE_SCHED bit while IRQ are not disabled, we might have later an IRQ firing and finding this bit set, right before napi_complete_done() clears it. This can happen with busy polling users, or if gro_flush_timeout is used. But some other uses of napi_schedule() in drivers can cause this as well. thread 1 thread 2 (could be on same cpu, or not) // busy polling or napi_watchdog() napi_schedule(); ... napi->poll() device polling: read 2 packets from ring buffer Additional 3rd packet is available. device hard irq // does nothing because NAPI_STATE_SCHED bit is owned by thread 1 napi_schedule(); napi_complete_done(napi, 2); rearm_irq(); Note that rearm_irq() will not force the device to send an additional IRQ for the packet it already signaled (3rd packet in my example) This patch adds a new NAPI_STATE_MISSED bit, that napi_schedule_prep() can set if it could not grab NAPI_STATE_SCHED Then napi_complete_done() properly reschedules the napi to make sure we do not miss something. Since we manipulate multiple bits at once, use cmpxchg() like in sk_busy_loop() to provide proper transactions. In v2, I changed napi_watchdog() to use a relaxed variant of napi_schedule_prep() : No need to set NAPI_STATE_MISSED from this point. In v3, I added more details in the changelog and clears NAPI_STATE_MISSED in busy_poll_stop() In v4, I added the ideas given by Alexander Duyck in v3 review Signed-off-by: Eric Dumazet Cc: Alexander Duyck Signed-off-by: David S. Miller include/linux/netdevice.h | 29 ++++++------------ net/core/dev.c | 76 ++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 81 insertions(+), 24 deletions(-) commit b2d0fe35471d1a71471f99147ffb5986bd60e744 Author: Dan Carpenter Date: Tue Feb 28 15:02:15 2017 +0300 net/mlx4: && vs & typo Bitwise & was obviously intended here. Fixes: 745d8ae4622c ("net/mlx4: Spoofcheck and zero MAC can't coexist") Signed-off-by: Dan Carpenter Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller include/linux/mlx4/driver.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4f3de46f7a57a8ecc16c7ef69c6917b3731a7c5f Author: Colin Ian King Date: Tue Feb 28 11:58:22 2017 +0000 net: usb: asix_devices: fix missing return code check on call to asix_write_medium_mode The call to asix_write_medium_mode is not updating the return code ret and yet ret is being checked for an error. Fix this by assigning ret to the return code from the call asix_write_medium_mode. Detected by CoverityScan, CID#1357148 ("Logically Dead Code") Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/usb/asix_devices.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0bf09c397e13b70ab6064eb2af69b8fa8e68a24e Author: Baruch Siach Date: Tue Feb 28 10:39:48 2017 +0200 MAINTAINERS: Orphan usb/net/hso driver The email address of Jan Dumon bounces, and there is not relevant information in the linked website. Signed-off-by: Baruch Siach Signed-off-by: David S. Miller MAINTAINERS | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit f7df4923fa986247e93ec2cdff5ca168fff14dcf Author: Ido Schimmel Date: Tue Feb 28 08:55:40 2017 +0100 mlxsw: spectrum_router: Avoid potential packets loss When the structure of the LPM tree changes (f.e., due to the addition of a new prefix), we unbind the old tree and then bind the new one. This may result in temporary packet loss. Instead, overwrite the old binding with the new one. Fixes: 6b75c4807db3 ("mlxsw: spectrum_router: Add virtual router management") Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 30 ++++++++++++++-------- 1 file changed, 20 insertions(+), 10 deletions(-) commit 4f7bfb3982e02aacc5fb6e1a121e5326c1778ac3 Author: Zhu Yanjun Date: Tue Feb 28 01:45:40 2017 -0500 rds: ib: add the static type to the variables The variables rds_ib_mr_1m_pool_size and rds_ib_mr_8k_pool_size are used only in the ib.c file. As such, the static type is added to limit them in this file. Cc: Joe Jin Cc: Junxiao Bi Signed-off-by: Zhu Yanjun Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller net/rds/ib.c | 4 ++-- net/rds/ib_mr.h | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) commit 5179b26694c92373275e4933f5d0ff32d585c675 Author: Xin Long Date: Tue Feb 28 12:41:29 2017 +0800 sctp: call rcu_read_lock before checking for duplicate transport nodes Commit cd2b70875058 ("sctp: check duplicate node before inserting a new transport") called rhltable_lookup() to check for the duplicate transport node in transport rhashtable. But rhltable_lookup() doesn't call rcu_read_lock inside, it could cause a use-after-free issue if it tries to dereference the node that another cpu has freed it. Note that sock lock can not avoid this as it is per sock. This patch is to fix it by calling rcu_read_lock before checking for duplicate transport nodes. Fixes: cd2b70875058 ("sctp: check duplicate node before inserting a new transport") Reported-by: Andrey Konovalov Signed-off-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/input.c | 3 +++ 1 file changed, 3 insertions(+) commit 540b1c48c37ac0ad66212004db21e1ff7e2d78be Author: David Howells Date: Mon Feb 27 15:43:06 2017 +0000 rxrpc: Fix deadlock between call creation and sendmsg/recvmsg All the routines by which rxrpc is accessed from the outside are serialised by means of the socket lock (sendmsg, recvmsg, bind, rxrpc_kernel_begin_call(), ...) and this presents a problem: (1) If a number of calls on the same socket are in the process of connection to the same peer, a maximum of four concurrent live calls are permitted before further calls need to wait for a slot. (2) If a call is waiting for a slot, it is deep inside sendmsg() or rxrpc_kernel_begin_call() and the entry function is holding the socket lock. (3) sendmsg() and recvmsg() or the in-kernel equivalents are prevented from servicing the other calls as they need to take the socket lock to do so. (4) The socket is stuck until a call is aborted and makes its slot available to the waiter. Fix this by: (1) Provide each call with a mutex ('user_mutex') that arbitrates access by the users of rxrpc separately for each specific call. (2) Make rxrpc_sendmsg() and rxrpc_recvmsg() unlock the socket as soon as they've got a call and taken its mutex. Note that I'm returning EWOULDBLOCK from recvmsg() if MSG_DONTWAIT is set but someone else has the lock. Should I instead only return EWOULDBLOCK if there's nothing currently to be done on a socket, and sleep in this particular instance because there is something to be done, but we appear to be blocked by the interrupt handler doing its ping? (3) Make rxrpc_new_client_call() unlock the socket after allocating a new call, locking its user mutex and adding it to the socket's call tree. The call is returned locked so that sendmsg() can add data to it immediately. From the moment the call is in the socket tree, it is subject to access by sendmsg() and recvmsg() - even if it isn't connected yet. (4) Lock new service calls in the UDP data_ready handler (in rxrpc_new_incoming_call()) because they may already be in the socket's tree and the data_ready handler makes them live immediately if a user ID has already been preassigned. Note that the new call is locked before any notifications are sent that it is live, so doing mutex_trylock() *ought* to always succeed. Userspace is prevented from doing sendmsg() on calls that are in a too-early state in rxrpc_do_sendmsg(). (5) Make rxrpc_new_incoming_call() return the call with the user mutex held so that a ping can be scheduled immediately under it. Note that it might be worth moving the ping call into rxrpc_new_incoming_call() and then we can drop the mutex there. (6) Make rxrpc_accept_call() take the lock on the call it is accepting and release the socket after adding the call to the socket's tree. This is slightly tricky as we've dequeued the call by that point and have to requeue it. Note that requeuing emits a trace event. (7) Make rxrpc_kernel_send_data() and rxrpc_kernel_recv_data() take the new mutex immediately and don't bother with the socket mutex at all. This patch has the nice bonus that calls on the same socket are now to some extent parallelisable. Note that we might want to move rxrpc_service_prealloc() calls out from the socket lock and give it its own lock, so that we don't hang progress in other calls because we're waiting for the allocator. We probably also want to avoid calling rxrpc_notify_socket() from within the socket lock (rxrpc_accept_call()). Signed-off-by: David Howells Tested-by: Marc Dionne Signed-off-by: David S. Miller include/trace/events/rxrpc.h | 2 ++ net/rxrpc/af_rxrpc.c | 12 +++++++--- net/rxrpc/ar-internal.h | 1 + net/rxrpc/call_accept.c | 48 +++++++++++++++++++++++++++++++++++++ net/rxrpc/call_object.c | 18 ++++++++++++-- net/rxrpc/input.c | 1 + net/rxrpc/recvmsg.c | 39 +++++++++++++++++++++++++----- net/rxrpc/sendmsg.c | 57 +++++++++++++++++++++++++++++++++++--------- 8 files changed, 156 insertions(+), 22 deletions(-) commit 545b2820c4a48245412d97030134cc1d38918726 Merge: 3437f9f 38b0a52 Author: Linus Torvalds Date: Wed Mar 1 09:46:02 2017 -0800 Merge tag 'pwm/for-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm updates from Thierry Reding: "This set contains mostly fixes to existing drivers as well as cleanup of code that's not been in active use for a while" * tag 'pwm/for-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: (27 commits) acpi: lpss: call pwm_add_table() for BSW PWM device pwm: Try to load modules during pwm_get() pwm: Don't hold pwm_lookup_lock longer than necessary pwm: Make the PWM_POLARITY flag in DTB optional pwm: Print error messages with pr_err() instead of pr_debug() pwm: imx: Add polarity inversion support to i.MX's PWMv2 pwm: imx: doc: Update imx-pwm.txt documentation entry pwm: imx: Remove redundant i.MX PWMv2 code pwm: imx: Provide atomic PWM support for i.MX PWMv2 pwm: imx: Move PWMv2 wait for fifo slot code to a separate function pwm: imx: Move PWMv2 software reset code to a separate function pwm: imx: Rewrite v1 code to facilitate switch to atomic PWM pwm: imx: Add separate set of PWM ops for v1 and v2 pwm: imx: Remove ipg clock and enable per clock when required pwm: lpss: Add Intel Gemini Lake PCI ID pwm: lpss: Do not export board infos for different PWM types pwm: lpss: Avoid reconfiguring while UPDATE bit is still enabled pwm: lpss: Switch to new atomic API pwm: lpss: Allow duty cycle to be 0 pwm: lpss: Avoid potential overflow of base_unit ... commit 3437f9f0a69c7c9e926f702fb0d1abd1f750a40e Merge: f3ecc84 9bb92f5 Author: Linus Torvalds Date: Wed Mar 1 09:42:42 2017 -0800 Merge tag 'drm-ast-2500-for-v4.11' of git://people.freedesktop.org/~airlied/linux Pull drm AST2500 support from Dave Airlie: "This is a set of changes to enable the AST2500 BMC hardware, and also fix some bugs interacting with the older AST hardware. Some of the bug fixes are cc'ed to stable" * tag 'drm-ast-2500-for-v4.11' of git://people.freedesktop.org/~airlied/linux: drm/ast: Call open_key before enable_mmio in POST code drm/ast: Fix test for VGA enabled drm/ast: POST code for the new AST2500 drm/ast: Rename ast_init_dram_2300 to ast_post_chip_2300 drm/ast: Factor mmc_test code in POST code drm/ast: Fixed vram size incorrect issue on POWER drm/ast: Base support for AST2500 drm/ast: Fix calculation of MCLK drm/ast: Remove spurious include drm/ast: const'ify mode setting tables drm/ast: Handle configuration without P2A bridge drm/ast: Fix AST2400 POST failure without BMC FW or VBIOS commit f3ecc84b09df461639d59a313f50dc21d205e0b1 Merge: 2d6be4a a44ddbc Author: Linus Torvalds Date: Wed Mar 1 08:50:33 2017 -0800 Merge tag 'drm-fixes-for-v4.11-rc1' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Misc fixes for v4.11-rc1. This is a selection of fixes for recent bugs, the vmwgfx one is important to avoid a regression, and compat ioctl one is pretty urgent for stable. Otherwise nothing too much. I've got a separate pull req for some AST hw IBM need to enable" * tag 'drm-fixes-for-v4.11-rc1' of git://people.freedesktop.org/~airlied/linux: dma-buf: add support for compat ioctl drm/vmwgfx: Work around drm removal of control nodes drm/rockchip: cdn-dp: Fix error handling drm/rockchip: add extcon dependency for DP drm: zte: fix static checker warning on variable 'fmt' commit acc9ab60132739e0c5ab40644444cd7b22d12886 Author: Wanpeng Li Date: Mon Feb 27 04:24:39 2017 -0800 KVM: nVMX: Fix pending events injection L2 fails to boot on a non-APICv box dues to 'commit 0ad3bed6c5ec ("kvm: nVMX: move nested events check to kvm_vcpu_running")' KVM internal error. Suberror: 3 extra data[0]: 800000ef extra data[1]: 1 RAX=0000000000000000 RBX=ffffffff81f36140 RCX=0000000000000000 RDX=0000000000000000 RSI=0000000000000000 RDI=0000000000000000 RBP=ffff88007c92fe90 RSP=ffff88007c92fe90 R8 =ffff88007fccdca0 R9 =0000000000000000 R10=00000000fffedb3d R11=0000000000000000 R12=0000000000000003 R13=0000000000000000 R14=0000000000000000 R15=ffff88007c92c000 RIP=ffffffff810645e6 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88007fcc0000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 ffff88007fcd4200 00002087 00008b00 DPL=0 TSS64-busy GDT= ffff88007fcc9000 0000007f IDT= ffffffffff578000 00000fff CR0=80050033 CR2=00000000ffffffff CR3=0000000001e0a000 CR4=003406e0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 We should try to reinject previous events if any before trying to inject new event if pending. If vmexit is triggered by L2 guest and L0 interested in, we should reinject IDT-vectoring info to L2 through vmcs02 if any, otherwise, we can consider new IRQs/NMIs which can be injected and call nested events callback to switch from L2 to L1 if needed and inject the proper vmexit events. However, 'commit 0ad3bed6c5ec ("kvm: nVMX: move nested events check to kvm_vcpu_running")' results in the handle events order reversely on non-APICv box. This patch fixes it by bailing out for pending events and not consider new events in this scenario. Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Jan Kiszka Signed-off-by: Wanpeng Li Fixes: 0ad3bed6c5ec ("kvm: nVMX: move nested events check to kvm_vcpu_running") Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 0fce546f9f07b94ccc9de09cf48d35e18946d2fa Author: Jérémy Lefaure Date: Sat Feb 25 17:46:53 2017 -0500 x86/kvm/vmx: remove unused variable in segment_base() The pointer 'struct desc_struct *d' is unused since commit 8c2e41f7ae12 ("x86/kvm/vmx: Simplify segment_base()") so let's remove it. Signed-off-by: Jérémy Lefaure Reviewed-by: David Hildenbrand Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 1 - 1 file changed, 1 deletion(-) commit 0eb1d0fa6a68324b51db4f7ae16d9b042c5b2de4 Author: Andy Lutomirski Date: Wed Feb 22 07:36:17 2017 -0800 selftests/x86: Add a basic selftest for ioperm This doesn't fully exercise the interaction between KVM and ioperm(), but it does test basic functionality. Signed-off-by: Andy Lutomirski Signed-off-by: Radim Krčmář tools/testing/selftests/x86/Makefile | 2 +- tools/testing/selftests/x86/ioperm.c | 170 +++++++++++++++++++++++++++++++++++ 2 files changed, 171 insertions(+), 1 deletion(-) commit b7ceaec112aa35aa287325754d8c52b8304892cd Author: Andy Lutomirski Date: Wed Feb 22 07:36:16 2017 -0800 x86/asm: Tidy up TSS limit code In an earlier version of the patch ("x86/kvm/vmx: Defer TR reload after VM exit") that introduced TSS limit validity tracking, I confused which helper was which. On reflection, the names I chose sucked. Rename the helpers to make it more obvious what's going on and add some comments. While I'm at it, clear __tss_limit_invalid when force-reloading as well as when contitionally reloading, since any TR reload fixes the limit. Signed-off-by: Andy Lutomirski Signed-off-by: Radim Krčmář arch/x86/include/asm/desc.h | 18 +++++++++++------- arch/x86/kernel/ioport.c | 8 +++++++- arch/x86/kernel/process.c | 6 +++--- 3 files changed, 21 insertions(+), 11 deletions(-) commit e3736c3eb3a6f7c0966923b629c9f92b558aa9c7 Author: Elena Reshetova Date: Mon Feb 20 13:06:21 2017 +0200 kvm: convert kvm.users_count from atomic_t to refcount_t refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova Signed-off-by: Hans Liljestrand Signed-off-by: Kees Cook Signed-off-by: David Windsor Signed-off-by: Radim Krčmář include/linux/kvm_host.h | 3 ++- virt/kvm/kvm_main.c | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) commit 9ad82f117f057ed04643cc60ce16fbf59e1b167f Author: Arnd Bergmann Date: Wed Mar 1 10:15:31 2017 +0100 watchdog: retu: restore MFD dependency The retu watchdog calls into the respective mfd driver, but fails to link if that is diabled: drivers/watchdog/built-in.o: In function `retu_wdt_set_timeout': ziirave_wdt.c:(.text+0x8c88): undefined reference to `retu_write' ziirave_wdt.c:(.text+0x8c88): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `retu_write' drivers/watchdog/built-in.o: In function `retu_wdt_start': ziirave_wdt.c:(.text+0x8cc8): undefined reference to `retu_write' ziirave_wdt.c:(.text+0x8cc8): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `retu_write' This restores the dependency as it was before Fixes: da2a68b3eb47 ("watchdog: Enable COMPILE_TEST where possible") Signed-off-by: Arnd Bergmann Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9297b652bd0a11e29251ffaac93369b8ad45932d Author: Arnd Bergmann Date: Wed Mar 1 10:15:30 2017 +0100 watchdog: db8500: add back prmcu dependency When the db8500 watchdog is enabled without the PRCMU, we get a lot of warnings about duplicate or missing helper functions: In file included from drivers/watchdog/ux500_wdt.c:21:0: include/linux/mfd/dbx500-prcmu.h:422:19: error: redefinition of 'prcmu_abb_read' static inline int prcmu_abb_read(u8 slave, u8 reg, u8 *value, u8 size) This restores the dependency as it was. Fixes: da2a68b3eb47 ("watchdog: Enable COMPILE_TEST where possible") Signed-off-by: Arnd Bergmann Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3736d4eb6af37492aeded7fec0072dedd959c842 Author: Arnd Bergmann Date: Wed Mar 1 10:15:29 2017 +0100 watchdog: kempld: fix gcc-4.3 build gcc-4.3 can't decide whether the constant value in kempld_prescaler[PRESCALER_21] is built-time constant or not, and gets confused by the logic in do_div(): drivers/watchdog/kempld_wdt.o: In function `kempld_wdt_set_stage_timeout': kempld_wdt.c:(.text.kempld_wdt_set_stage_timeout+0x130): undefined reference to `__aeabi_uldivmod' This adds a call to ACCESS_ONCE() to force it to not consider it to be constant, and leaves the more efficient normal case in place for modern compilers, using an #ifdef to annotate why we do this hack. Signed-off-by: Arnd Bergmann Signed-off-by: Guenter Roeck drivers/watchdog/kempld_wdt.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 8d5755b3f77b57447ce5de253ef704ad028474d3 Author: Niklas Cassel Date: Mon Feb 27 13:49:09 2017 +0100 watchdog: softdog: fire watchdog even if softirqs do not get to run Checking for timer expiration is done from the softirq TIMER_SOFTIRQ. Since commit 4cd13c21b207 ("softirq: Let ksoftirqd do its job"), pending softirqs are no longer always handled immediately, instead, if there are pending softirqs, and ksoftirqd is in state TASK_RUNNING, the handling of the softirqs are deferred, and are instead supposed to be handled by ksoftirqd, when ksoftirqd gets scheduled. If a user space process with a real-time policy starts to misbehave by never relinquishing the CPU while ksoftirqd is in state TASK_RUNNING, what will happen is that all softirqs will get deferred, while ksoftirqd, which is supposed to handle the deferred softirqs, will never get to run. To make sure that the watchdog is able to fire even when we do not get to run softirqs, replace the timers with hrtimers. Signed-off-by: Niklas Cassel Signed-off-by: Guenter Roeck drivers/watchdog/softdog.c | 44 +++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) commit ed4a9eca66720366d117d9b39f2335ca9b0a7aae Author: Arnd Bergmann Date: Tue Feb 28 22:01:23 2017 +0100 watchdog: kempld: revert to full dependency The kempld watchdog driver requires the respective MFD driver: drivers/watchdog/built-in.o: In function `kempld_wdt_probe': kempld_wdt.c:(.text+0x5c78): undefined reference to `kempld_get_mutex' kempld_wdt.c:(.text+0x5c84): undefined reference to `kempld_read8' kempld_wdt.c:(.text+0x5c8e): undefined reference to `kempld_release_mutex' kempld_wdt.c:(.text+0x5d1c): undefined reference to `kempld_read8' kempld_wdt.c:(.text+0x5d2c): undefined reference to `kempld_write8' This adds the Kconfig dependency back. Fixes: da2a68b3eb47 ("watchdog: Enable COMPILE_TEST where possible") Signed-off-by: Arnd Bergmann Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2672b7e01abbe147a0a391216bc0dbd656608e0a Author: Arnd Bergmann Date: Tue Feb 28 22:01:22 2017 +0100 watchdog: bcm2835: add CONFIG_OF dependency Without CONFIG_OF, the driver fails to link: drivers/watchdog/built-in.o: In function `bcm2835_power_off': bcm2835_wdt.c:(.text+0x1946): undefined reference to `of_find_device_by_node' This adds a new dependency, to allow the COMPILE_TEST check to succeed. Fixes: da2a68b3eb47 ("watchdog: Enable COMPILE_TEST where possible") Signed-off-by: Arnd Bergmann Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3eafee95643360d22c6725ea2188bd700c09c986 Author: Arnd Bergmann Date: Tue Feb 28 22:01:21 2017 +0100 watchdog: sp805: add back AMBA dependency The driver fails to link if ARM_AMBA is disabled: drivers/watchdog/sp805_wdt.o: In function `sp805_wdt_driver_init': sp805_wdt.c:(.init.text+0x4): undefined reference to `amba_driver_register' It seems that the COMPILE_TEST was added in the wrong place, as there is no architecture dependency, but a bus dependency. This moves the dependency accordingly. Fixes: da2a68b3eb47 ("watchdog: Enable COMPILE_TEST where possible") Signed-off-by: Arnd Bergmann Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6fb303a81a0b106e7f5522df929bbf4596780c48 Author: Arnd Bergmann Date: Tue Feb 28 22:01:20 2017 +0100 watchdog: menf21bmc: add I2C dependency This driver fails to link when CONFIG_I2C is disabled or a loadable module while the watchdog is built-in: drivers/watchdog/built-in.o: In function `menf21bmc_wdt_shutdown': menf21bmc_wdt.c:(.text+0x9b44): undefined reference to `i2c_smbus_write_word_data' menf21bmc_wdt.c:(.text+0x9b44): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `i2c_smbus_write_word_data' This adds a Kconfig dependency for it, to enforce a valid configuration. Fixes: da2a68b3eb47 ("watchdog: Enable COMPILE_TEST where possible") Signed-off-by: Arnd Bergmann Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 0369fdf2e1169896529bd53c3b5fb15511768276 Author: Arnd Bergmann Date: Tue Feb 28 22:01:19 2017 +0100 watchdog: geode: restore hard CS5535_MFGPT dependency Wtihout CONFIG_CS5535_MFGPT, the driver does not link right: drivers/watchdog/built-in.o: In function `geodewdt_probe': geodewdt.c:(.init.text+0xca3): undefined reference to `cs5535_mfgpt_alloc_timer' geodewdt.c:(.init.text+0xcd4): undefined reference to `cs5535_mfgpt_write' geodewdt.c:(.init.text+0xcef): undefined reference to `cs5535_mfgpt_toggle_event' This adds back the dependency on this base driver. Fixes: da2a68b3eb47 ("watchdog: Enable COMPILE_TEST where possible") Signed-off-by: Arnd Bergmann Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d0e32fba85d5b7902db2715a9d5540fb0efdba83 Author: Arnd Bergmann Date: Tue Feb 28 22:01:18 2017 +0100 watchdog: wm831x watchdog really needs mfd The wm831x watchdog driver can now be built without the wm831x mfd driver, which results in a link error: (.text+0x1a95c): undefined reference to `wm831x_set_bits' (.text+0x1a95c): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `wm831x_set_bits' (.text+0x1a968): undefined reference to `wm831x_reg_lock' (.text+0x1a968): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `wm831x_reg_lock' (.text+0x1a9dc): undefined reference to `wm831x_reg_unlock' (.text+0x1a9dc): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `wm831x_reg_unlock' This adds back the dependency that was removed. We can still build test this driver on all architectures by enabling the MFD driver for it first. Fixes: da2a68b3eb47 ("watchdog: Enable COMPILE_TEST where possible") Signed-off-by: Arnd Bergmann Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 55149d06534ae2a7ba5f7a078353deb89b3fe891 Author: Josh Poimboeuf Date: Wed Mar 1 00:05:04 2017 -0600 objtool, compiler.h: Fix __unreachable section relocation size Linus reported the following commit broke module loading on his laptop: d1091c7fa3d5 ("objtool: Improve detection of BUG() and other dead ends") It showed errors like the following: module: overflow in relocation type 10 val ffffffffc02afc81 module: 'nvme' likely not compiled with -mcmodel=kernel The problem is that the __unreachable section addresses are stored using the '.long' asm directive, which isn't big enough for .text section kernel addresses. Use relative addresses instead: ".long %c0b - .\t\n" Suggested-by: Linus Torvalds Reported-by: Linus Torvalds Signed-off-by: Josh Poimboeuf Cc: Peter Zijlstra Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: d1091c7fa3d5 ("objtool: Improve detection of BUG() and other dead ends") Link: http://lkml.kernel.org/r/20170301060504.oltm3iws6fmubnom@treble Signed-off-by: Ingo Molnar include/linux/compiler-gcc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bba82fd75694832b59433bf4e9d7ede8de1dfd42 Author: Robert O'Callahan Date: Wed Feb 1 17:06:11 2017 +1300 KVM: x86: never specify a sample period for virtualized in_tx_cp counters pmc_reprogram_counter() always sets a sample period based on the value of pmc->counter. However, hsw_hw_config() rejects sample periods less than 2^31 - 1. So for example, if a KVM guest does struct perf_event_attr attr; memset(&attr, 0, sizeof(attr)); attr.type = PERF_TYPE_RAW; attr.size = sizeof(attr); attr.config = 0x2005101c4; // conditional branches retired IN_TXCP attr.sample_period = 0; int fd = syscall(__NR_perf_event_open, &attr, 0, -1, -1, 0); ioctl(fd, PERF_EVENT_IOC_DISABLE, 0); ioctl(fd, PERF_EVENT_IOC_ENABLE, 0); the guest kernel counts some conditional branch events, then updates the virtual PMU register with a nonzero count. The host reaches pmc_reprogram_counter() with nonzero pmc->counter, triggers EOPNOTSUPP in hsw_hw_config(), prints "kvm_pmu: event creation failed" in pmc_reprogram_counter(), and silently (from the guest's point of view) stops counting events. We fix event counting by forcing attr.sample_period to always be zero for in_tx_cp counters. Sampling doesn't work, but it already didn't work and can't be fixed without major changes to the approach in hsw_hw_config(). Signed-off-by: Robert O'Callahan Signed-off-by: Radim Krčmář arch/x86/kvm/pmu.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 25b68a8f0ab13a98de02650208ec927796659898 Author: Stephen Smalley Date: Fri Feb 17 10:13:59 2017 -0500 timerfd: Only check CAP_WAKE_ALARM when it is needed timerfd_create() and do_timerfd_settime() evaluate capable(CAP_WAKE_ALARM) unconditionally although CAP_WAKE_ALARM is only required for CLOCK_REALTIME_ALARM and CLOCK_BOOTTIME_ALARM. This can cause extraneous audit messages when using a LSM such as SELinux, incorrectly causes PF_SUPERPRIV to be set even when no privilege was exercised, and is inefficient. Flip the order of the tests in both functions so that we only call capable() if the capability is truly required for the operation. Signed-off-by: Stephen Smalley Cc: linux-security-module@vger.kernel.org Cc: selinux@tycho.nsa.gov Link: http://lkml.kernel.org/r/1487344439-22293-1-git-send-email-sds@tycho.nsa.gov Signed-off-by: Thomas Gleixner fs/timerfd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1c68bb0f62bf8de8bb30123ea840d5168f25abea Author: Laura Abbott Date: Tue Feb 28 14:07:25 2017 -0800 crypto: testmgr - Pad aes_ccm_enc_tv_template vector Running with KASAN and crypto tests currently gives BUG: KASAN: global-out-of-bounds in __test_aead+0x9d9/0x2200 at addr ffffffff8212fca0 Read of size 16 by task cryptomgr_test/1107 Address belongs to variable 0xffffffff8212fca0 CPU: 0 PID: 1107 Comm: cryptomgr_test Not tainted 4.10.0+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014 Call Trace: dump_stack+0x63/0x8a kasan_report.part.1+0x4a7/0x4e0 ? __test_aead+0x9d9/0x2200 ? crypto_ccm_init_crypt+0x218/0x3c0 [ccm] kasan_report+0x20/0x30 check_memory_region+0x13c/0x1a0 memcpy+0x23/0x50 __test_aead+0x9d9/0x2200 ? kasan_unpoison_shadow+0x35/0x50 ? alg_test_akcipher+0xf0/0xf0 ? crypto_skcipher_init_tfm+0x2e3/0x310 ? crypto_spawn_tfm2+0x37/0x60 ? crypto_ccm_init_tfm+0xa9/0xd0 [ccm] ? crypto_aead_init_tfm+0x7b/0x90 ? crypto_alloc_tfm+0xc4/0x190 test_aead+0x28/0xc0 alg_test_aead+0x54/0xd0 alg_test+0x1eb/0x3d0 ? alg_find_test+0x90/0x90 ? __sched_text_start+0x8/0x8 ? __wake_up_common+0x70/0xb0 cryptomgr_test+0x4d/0x60 kthread+0x173/0x1c0 ? crypto_acomp_scomp_free_ctx+0x60/0x60 ? kthread_create_on_node+0xa0/0xa0 ret_from_fork+0x2c/0x40 Memory state around the buggy address: ffffffff8212fb80: 00 00 00 00 01 fa fa fa fa fa fa fa 00 00 00 00 ffffffff8212fc00: 00 01 fa fa fa fa fa fa 00 00 00 00 01 fa fa fa >ffffffff8212fc80: fa fa fa fa 00 05 fa fa fa fa fa fa 00 00 00 00 ^ ffffffff8212fd00: 01 fa fa fa fa fa fa fa 00 00 00 00 01 fa fa fa ffffffff8212fd80: fa fa fa fa 00 00 00 00 00 05 fa fa fa fa fa fa This always happens on the same IV which is less than 16 bytes. Per Ard, "CCM IVs are 16 bytes, but due to the way they are constructed internally, the final couple of bytes of input IV are dont-cares. Apparently, we do read all 16 bytes, which triggers the KASAN errors." Fix this by padding the IV with null bytes to be at least 16 bytes. Cc: stable@vger.kernel.org Fixes: 0bc5a6c5c79a ("crypto: testmgr - Disable rfc4309 test and convert test vectors") Acked-by: Ard Biesheuvel Signed-off-by: Laura Abbott Signed-off-by: Herbert Xu crypto/testmgr.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit efa7cebdbfde8506b54acd8947822394768cd476 Author: Ard Biesheuvel Date: Tue Feb 28 14:36:57 2017 +0000 crypto: arm/crc32 - add build time test for CRC instruction support The accelerated CRC32 module for ARM may use either the scalar CRC32 instructions, the NEON 64x64 to 128 bit polynomial multiplication (vmull.p64) instruction, or both, depending on what the current CPU supports. However, this also requires support in binutils, and as it turns out, versions of binutils exist that support the vmull.p64 instruction but not the crc32 instructions. So refactor the Makefile logic so that this module only gets built if binutils has support for both. Signed-off-by: Ard Biesheuvel Acked-by: Jon Hunter Tested-by: Jon Hunter Signed-off-by: Herbert Xu arch/arm/crypto/Makefile | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 1fb1683cb343d80736625f3048de2107cf5bbf79 Author: Ard Biesheuvel Date: Tue Feb 28 14:36:56 2017 +0000 crypto: arm/crc32 - fix build error with outdated binutils Annotate a vmov instruction with an explicit element size of 32 bits. This is inferred by recent toolchains, but apparently, older versions need some help figuring this out. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu arch/arm/crypto/crc32-ce-core.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8392f16d38bb5222c03073a3906b7fd272386faf Author: Borislav Petkov Date: Tue Feb 21 19:36:39 2017 +0100 x86/boot: Correct setup_header.start_sys name It is called start_sys_seg elsewhere so rename it to that. It is an obsolete field so we could just as well directly call it __u16 __pad... No functional change. Signed-off-by: Borislav Petkov Link: http://lkml.kernel.org/r/20170221183639.16554-1-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/include/uapi/asm/bootparam.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e98fe5127b9cc8ab33d1094b81c19deb1f9082bf Author: Tobin C. Harding Date: Mon Feb 20 10:12:36 2017 +1100 x86/purgatory: Fix sparse warning, symbol not declared Sparse emits warning, 'symbol not declared' for a function that has neither file scope nor a forward declaration. The functions only call site is an ASM file. Add a header file with the function declaration. Include the header file in the C source file defining the function in order to fix the sparse warning. Include the header file in ASM file containing the call site to document the usage. Signed-off-by: Tobin C. Harding Link: http://lkml.kernel.org/r/1487545956-2547-3-git-send-email-me@tobin.cc Signed-off-by: Thomas Gleixner arch/x86/purgatory/purgatory.c | 1 + arch/x86/purgatory/purgatory.h | 8 ++++++++ arch/x86/purgatory/setup-x86_64.S | 1 + 3 files changed, 10 insertions(+) commit 72042a8c7b01048a36ece216aaf206b7d60ca661 Author: Tobin C. Harding Date: Mon Feb 20 10:12:35 2017 +1100 x86/purgatory: Make functions and variables static Sparse emits several 'symbol not declared' warnings for various functions and variables. Add static keyword to functions and variables which have file scope only. Signed-off-by: Tobin C. Harding Link: http://lkml.kernel.org/r/1487545956-2547-2-git-send-email-me@tobin.cc Signed-off-by: Thomas Gleixner arch/x86/purgatory/purgatory.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 940b2f2fd963c043418ce8af64605783b2b19140 Author: Borislav Petkov Date: Sat Feb 18 12:31:40 2017 +0100 x86/events: Remove last remnants of old filenames Update to the new file paths, remove them from introductory comments. Signed-off-by: Borislav Petkov Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20170218113140.8051-1-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/events/amd/core.c | 2 +- arch/x86/events/intel/cstate.c | 2 +- arch/x86/events/intel/rapl.c | 2 +- arch/x86/events/intel/uncore.h | 6 +++--- tools/perf/util/intel-pt-decoder/intel-pt-insn-decoder.c | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) commit 58ab9a088ddac4efe823471275859d64f735577e Author: Dave Hansen Date: Thu Feb 23 14:26:03 2017 -0800 x86/pkeys: Check against max pkey to avoid overflows Kirill reported a warning from UBSAN about undefined behavior when using protection keys. He is running on hardware that actually has support for it, which is not widely available. The warning triggers because of very large shifts of integers when doing a pkey_free() of a large, invalid value. This happens because we never check that the pkey "fits" into the mm_pkey_allocation_map(). I do not believe there is any danger here of anything bad happening other than some aliasing issues where somebody could do: pkey_free(35); and the kernel would effectively execute: pkey_free(8); While this might be confusing to an app that was doing something stupid, it has to do something stupid and the effects are limited to the app shooting itself in the foot. Signed-off-by: Dave Hansen Cc: stable@vger.kernel.org Cc: linux-kselftest@vger.kernel.org Cc: shuah@kernel.org Cc: kirill.shutemov@linux.intel.com Link: http://lkml.kernel.org/r/20170223222603.A022ED65@viggo.jf.intel.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/pkeys.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit f2ae5da726172fcf82f7be801489dd585f6a38eb Author: Rui Wang Date: Tue Feb 28 21:34:29 2017 +0800 x86/ioapic: Split IOAPIC hot-removal into two steps The hot removal of IOAPIC is handling PCI and ACPI removal in one go. That only works when the PCI drivers released the interrupt resources, but breaks when a IOAPIC interrupt is still associated to a PCI device. The new pcibios_release_device() callback allows to solve that problem by splitting the removal into two steps: 1) PCI removal: Release all PCI resources including eventually not yet released IOAPIC interrupts via the new pcibios_release_device() callback. 2) ACPI removal: After release of all PCI resources the ACPI resources can be released without issue. [ tglx: Rewrote changelog ] Signed-off-by: Rui Wang Cc: tony.luck@intel.com Cc: linux-pci@vger.kernel.org Cc: rjw@rjwysocki.net Cc: linux-acpi@vger.kernel.org Cc: fengguang.wu@intel.com Cc: helgaas@kernel.org Cc: kbuild-all@01.org Cc: bhelgaas@google.com Link: http://lkml.kernel.org/r/1488288869-31290-3-git-send-email-rui.y.wang@intel.com Signed-off-by: Thomas Gleixner drivers/acpi/internal.h | 2 ++ drivers/acpi/ioapic.c | 22 ++++++++++++++++------ drivers/acpi/pci_root.c | 4 ++-- 3 files changed, 20 insertions(+), 8 deletions(-) commit 153654dbe595a68845ba14d5b0bfe299fa6a7e99 Author: Rui Wang Date: Tue Feb 28 21:34:28 2017 +0800 x86/PCI: Implement pcibios_release_device to release IRQ from IOAPIC The revert of 991de2e59090 ("PCI, x86: Implement pcibios_alloc_irq() and pcibios_free_irq()") causes a problem for IOAPIC hotplug. The problem is that IRQs are allocated and freed in pci_enable_device() and pci_disable_device(). But there are some drivers which don't call pci_disable_device(), and they have good reasons not calling it, so if they're using IOAPIC their IRQs won't have a chance to be released from the IOAPIC. When this happens IOAPIC hot-removal fails with a kernel stack dump and an error message like this: [149335.697989] pin16 on IOAPIC2 is still in use. It turns out that we can fix it in a different way without moving IRQ allocation into pcibios_alloc_irq(), thus avoiding the regression of 991de2e59090. We can keep the allocation and freeing of IRQs as is within pci_enable_device()/pci_disable_device(), without breaking any previous assumption of the rest of the system, keeping compatibility with both the legacy and the modern drivers. We can accomplish this by implementing the existing __weak hook of pcibios_release_device() thus when a pci device is about to be deleted we get notified in the hook and take the chance to release its IRQ, if any, from the IOAPIC. Implement pcibios_release_device() for x86 to release any IRQ not released by the driver. Signed-off-by: Rui Wang Cc: tony.luck@intel.com Cc: linux-pci@vger.kernel.org Cc: rjw@rjwysocki.net Cc: linux-acpi@vger.kernel.org Cc: fengguang.wu@intel.com Cc: helgaas@kernel.org Cc: kbuild-all@01.org Cc: bhelgaas@google.com Link: http://lkml.kernel.org/r/1488288869-31290-2-git-send-email-rui.y.wang@intel.com Signed-off-by: Thomas Gleixner arch/x86/pci/common.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit e86a2d2d34e20289ae7d46692e16d43c3a785db9 Author: Masanari Iida Date: Mon Feb 27 22:07:03 2017 +0900 x86/intel_rdt: Remove duplicate inclusion of linux/cpu.h Signed-off-by: Masanari Iida Cc: fenghua.yu@intel.com Link: http://lkml.kernel.org/r/20170227130703.26968-1-standby24x7@gmail.com Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 1 - 1 file changed, 1 deletion(-) commit aa5ec3f715d576353c7d8f4f8085634bd845b73f Author: Masanari Iida Date: Mon Feb 27 21:29:22 2017 +0900 x86/vmware: Remove duplicate inclusion of asm/timer.h Signed-off-by: Masanari Iida Cc: akataria@vmware.com Cc: virtualization@lists.linux-foundation.org Link: http://lkml.kernel.org/r/20170227122922.26230-1-standby24x7@gmail.com Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/vmware.c | 1 - 1 file changed, 1 deletion(-) commit 73667e31a153a66da97feb1584726222504924f8 Author: Arnd Bergmann Date: Tue Feb 14 22:17:17 2017 +0100 x86/hyperv: Hide unused label This new 32-bit warning just showed up: arch/x86/hyperv/hv_init.c: In function 'hyperv_init': arch/x86/hyperv/hv_init.c:167:1: error: label 'register_msr_cs' defined but not used [-Werror=unused-label] The easiest solution is to move the label up into the existing #ifdef that has the goto. Fixes: dee863b571b0 ("hv: export current Hyper-V clocksource") Signed-off-by: Arnd Bergmann Acked-by: Stephen Hemminger Cc: Greg Kroah-Hartman Cc: Haiyang Zhang Cc: devel@linuxdriverproject.org Cc: Vitaly Kuznetsov Cc: "K. Y. Srinivasan" Link: http://lkml.kernel.org/r/20170214211736.2641241-1-arnd@arndb.de Signed-off-by: Thomas Gleixner arch/x86/hyperv/hv_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 90b28ded88dda8bea82b4a86923e73ba0746d884 Author: Matjaz Hegedic Date: Sun Feb 19 19:32:48 2017 +0100 x86/reboot/quirks: Add ASUS EeeBook X205TA reboot quirk Without the parameter reboot=a, ASUS EeeBook X205TA will hang when it should reboot. This adds the appropriate quirk, thus fixing the problem. Signed-off-by: Matjaz Hegedic Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Signed-off-by: Ingo Molnar arch/x86/kernel/reboot.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 1b17c6df852851b40c3c27c66b8fa2fd99cf25d8 Author: Andrew Banman Date: Fri Feb 17 11:07:49 2017 -0600 x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register Writing to the software acknowledge clear register when there are no pending messages causes a HUB error to assert. The original intent of this write was to clear the pending bits before start of operation, but this is an incorrect method and has been determined to be unnecessary. Signed-off-by: Andrew Banman Acked-by: Mike Travis Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: akpm@linux-foundation.org Cc: rja@hpe.com Cc: sivanich@hpe.com Link: http://lkml.kernel.org/r/1487351269-181133-1-git-send-email-abanman@hpe.com Signed-off-by: Ingo Molnar arch/x86/platform/uv/tlb_uv.c | 1 - 1 file changed, 1 deletion(-) commit 6b0b7551428e4caae1e2c023a529465a9a9ae2d4 Author: Anton Blanchard Date: Thu Feb 16 17:00:50 2017 +1100 perf/core: Rename CONFIG_[UK]PROBE_EVENT to CONFIG_[UK]PROBE_EVENTS We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as well as CONFIG_UPROBE_EVENTS and CONFIG_KPROBE_EVENTS. Consistently use the plurals. Signed-off-by: Anton Blanchard Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: acme@kernel.org Cc: alexander.shishkin@linux.intel.com Cc: davem@davemloft.net Cc: sparclinux@vger.kernel.org Link: http://lkml.kernel.org/r/20170216060050.20866-1-anton@ozlabs.org Signed-off-by: Ingo Molnar Documentation/trace/kprobetrace.txt | 2 +- Documentation/trace/uprobetracer.txt | 2 +- arch/powerpc/configs/85xx/kmp204x_defconfig | 2 +- arch/s390/configs/default_defconfig | 2 +- arch/s390/configs/gcov_defconfig | 2 +- arch/s390/configs/performance_defconfig | 2 +- arch/s390/defconfig | 2 +- kernel/trace/Kconfig | 6 +++--- kernel/trace/Makefile | 4 ++-- kernel/trace/trace.c | 10 +++++----- kernel/trace/trace_probe.h | 4 ++-- 11 files changed, 19 insertions(+), 19 deletions(-) commit 2a4d0c627f5374f365a873dea4e10ae0bb437680 Author: Dmitry Safonov Date: Mon Feb 13 13:13:36 2017 +0300 x86/selftests: Add clobbers for int80 on x86_64 Kernel erases R8..R11 registers prior returning to userspace from int80: https://lkml.org/lkml/2009/10/1/164 GCC can reuse these registers and doesn't expect them to change during syscall invocation. I met this kind of bug in CRIU once GCC 6.1 and CLANG stored local variables in those registers and the kernel zerofied them during syscall: https://github.com/xemul/criu/commit/990d33f1a1cdd17bca6c2eb059ab3be2564f7fa2 By that reason I suggest to add those registers to clobbers in selftests. Also, as noted by Andy - removed unneeded clobber for flags in INT $0x80 inline asm. Signed-off-by: Dmitry Safonov Acked-by: Andy Lutomirski Cc: 0x7f454c46@gmail.com Cc: Borislav Petkov Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Shuah Khan Cc: Thomas Gleixner Cc: linux-kselftest@vger.kernel.org Link: http://lkml.kernel.org/r/20170213101336.20486-1-dsafonov@virtuozzo.com Signed-off-by: Ingo Molnar tools/testing/selftests/x86/fsgsbase.c | 2 +- tools/testing/selftests/x86/ldt_gdt.c | 16 +++++++++++----- tools/testing/selftests/x86/ptrace_syscall.c | 3 ++- tools/testing/selftests/x86/single_step_syscall.c | 5 ++++- 4 files changed, 18 insertions(+), 8 deletions(-) commit 11277aabcbbe13916151af897d29a5e9f71ca73f Author: Dou Liyang Date: Thu Feb 23 17:16:41 2017 +0800 x86/apic: Simplify enable_IR_x2apic(), remove try_to_enable_IR() The following commit: 2e63ad4bd5dd ("x86/apic: Do not init irq remapping if ioapic is disabled") ... added a check for skipped IO-APIC setup to enable_IR_x2apic(), but this check is also duplicated in try_to_enable_IR() - and it will never succeed in calling irq_remapping_enable(). Remove the whole irq_remapping_enable() complication: if the IO-APIC is disabled we cannot enable IRQ remapping. Signed-off-by: Dou Liyang Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: bp@alien8.de Cc: nicstange@gmail.com Cc: wanpeng.li@hotmail.com Link: http://lkml.kernel.org/r/1487841401-1543-1-git-send-email-douly.fnst@cn.fujitsu.com Signed-off-by: Ingo Molnar arch/x86/kernel/apic/apic.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) commit bb3f0a52630c84807fca9bdd76ac2f5dcec82689 Author: Dou Liyang Date: Tue Feb 28 13:50:52 2017 +0800 x86/apic: Fix a warning message in logical CPU IDs allocation The current warning message in allocate_logical_cpuid() is somewhat confusing: Only 1 processors supported.Processor 2/0x2 and the rest are ignored. As it might imply that there's only one CPU in the system - while what we ran into here is a kernel limitation. Fix the warning message to clarify all that: APIC: NR_CPUS/possible_cpus limit of 2 reached. Processor 2/0x2 and the rest are ignored. ( Also update the error return from -1 to -EINVAL, which is the more canonical return value. ) Signed-off-by: Dou Liyang Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: bp@alien8.de Cc: nicstange@gmail.com Cc: wanpeng.li@hotmail.com Link: http://lkml.kernel.org/r/1488261052-25753-1-git-send-email-douly.fnst@cn.fujitsu.com Signed-off-by: Ingo Molnar arch/x86/kernel/apic/apic.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b28ace12661fbcfd90959c1e84ff5a85113a82a1 Author: Franck Demathieu Date: Thu Feb 23 10:48:55 2017 +0100 irqchip/crossbar: Fix incorrect type of local variables The max and entry variables are unsigned according to the dt-bindings. Fix following 3 sparse issues (-Wtypesign): drivers/irqchip/irq-crossbar.c:222:52: warning: incorrect type in argument 3 (different signedness) drivers/irqchip/irq-crossbar.c:222:52: expected unsigned int [usertype] *out_value drivers/irqchip/irq-crossbar.c:222:52: got int * drivers/irqchip/irq-crossbar.c:245:56: warning: incorrect type in argument 4 (different signedness) drivers/irqchip/irq-crossbar.c:245:56: expected unsigned int [usertype] *out_value drivers/irqchip/irq-crossbar.c:245:56: got int * drivers/irqchip/irq-crossbar.c:263:56: warning: incorrect type in argument 4 (different signedness) drivers/irqchip/irq-crossbar.c:263:56: expected unsigned int [usertype] *out_value drivers/irqchip/irq-crossbar.c:263:56: got int * Signed-off-by: Franck Demathieu Cc: marc.zyngier@arm.com Cc: jason@lakedaemon.net Link: http://lkml.kernel.org/r/20170223094855.6546-1-fdemathieu@gmail.com Signed-off-by: Thomas Gleixner drivers/irqchip/irq-crossbar.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d03bd0454b101adb94d0b5a9cc11396182943cb4 Author: Martin Schwidefsky Date: Wed Mar 1 09:47:57 2017 +0100 s390/timex: micro optimization for tod_to_ns The conversion of a TOD value to nano-seconds currently uses a 32/32 bit split with the calculation for "nsecs = (TOD * 125) >> 9". Using a 55/9 bit split saves an instruction. Signed-off-by: Martin Schwidefsky arch/s390/include/asm/timex.h | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit e53051e757d6cd66741955b93581e54415e48a70 Author: Martin Schwidefsky Date: Wed Mar 1 09:21:10 2017 +0100 s390/cputime: provide archicture specific cputime_to_nsecs The generic cputime_to_nsecs function first converts the cputime to micro-seconds and then multiplies the result with 1000. This looses some bits of accuracy, provide our own version of cputime_to_nsecs that does not loose precision. Signed-off-by: Martin Schwidefsky arch/s390/include/asm/cputime.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 3c915bdc1775acfa214195da1ffb39dabdd1a389 Author: Martin Schwidefsky Date: Wed Mar 1 09:18:34 2017 +0100 s390/cputime: reset all accounting fields on fork copy_thread has to reset all cputime related field in the task struct, not only user_timer and system_timer. Signed-off-by: Martin Schwidefsky arch/s390/kernel/process.c | 3 +++ 1 file changed, 3 insertions(+) commit e69ca822ce0ed3ba006ce384d7d205c81d92373f Author: Martin Schwidefsky Date: Wed Mar 1 09:16:03 2017 +0100 s390/cputime: remove last traces of cputime_t The cputime_t type is a thing of the past, replace the last occurences of the type in the s390 code with a simple u64. Signed-off-by: Martin Schwidefsky arch/s390/include/asm/cputime.h | 14 ++------------ arch/s390/kernel/vtime.c | 2 +- 2 files changed, 3 insertions(+), 13 deletions(-) commit d9fcf2a1cbd1ff65d0109b1b400938808007fcd5 Author: Martin Schwidefsky Date: Tue Feb 28 07:42:01 2017 +0100 s390: fix in-kernel program checks A program check inside the kernel takes a slightly different path in entry.S compare to a normal user fault. A recent change moved the store of the breaking event address into the path taken for in-kernel program checks as well, but %r14 has not been setup to point to the correct location. A wild store is the consequence. Move the store of the breaking event address to the code path for user space faults. Fixes: 34525e1f7e8d ("s390: store breaking event address only for program checks") Reported-by: Michael Holzheu Signed-off-by: Martin Schwidefsky arch/s390/kernel/entry.S | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit e7c95effcd3a7a0c9535c809141ca499fede2c31 Author: Martin Schwidefsky Date: Tue Feb 28 07:05:59 2017 +0100 s390/crypt: fix missing unlock in ctr_paes_crypt on error path The ctr mode of protected key aes uses the ctrblk page if the ctrblk_lock could be acquired. If the protected key has to be reestablished and this operation fails the unlock for the ctrblk_lock is missing. Add it. Signed-off-by: Martin Schwidefsky arch/s390/crypto/paes_s390.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 10bce8410607a18eb3adf5d2739db8c8593e110d Author: Borislav Petkov Date: Mon Feb 27 23:50:58 2017 +0100 x86/kdebugfs: Move boot params hierarchy under (debugfs)/x86/ ... since this is all x86-specific data and it makes sense to have it under x86/ logically instead in the toplevel debugfs dir. Signed-off-by: Borislav Petkov Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170227225058.27289-1-bp@alien8.de Signed-off-by: Ingo Molnar arch/x86/kernel/kdebugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 75013fb16f8484898eaa8d0b08fed942d790f029 Author: Masami Hiramatsu Date: Wed Mar 1 01:23:24 2017 +0900 kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed Fix to the exception table entry check by using probed address instead of the address of copied instruction. This bug may cause unexpected kernel panic if user probe an address where an exception can happen which should be fixup by __ex_table (e.g. copy_from_user.) Unless user puts a kprobe on such address, this doesn't cause any problem. This bug has been introduced years ago, by commit: 464846888d9a ("x86/kprobes: Fix a bug which can modify kernel code permanently"). Signed-off-by: Masami Hiramatsu Cc: Borislav Petkov Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 464846888d9a ("x86/kprobes: Fix a bug which can modify kernel code permanently") Link: http://lkml.kernel.org/r/148829899399.28855.12581062400757221722.stgit@devbox Signed-off-by: Ingo Molnar arch/x86/kernel/kprobes/common.h | 2 +- arch/x86/kernel/kprobes/core.c | 6 +++--- arch/x86/kernel/kprobes/opt.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) commit 86ef58a4e35e8fa66afb5898cf6dec6a3bb29f67 Author: Dan Williams Date: Tue Feb 28 18:32:48 2017 -0800 nfit, libnvdimm: fix interleave set cookie calculation The interleave-set cookie is a sum that sanity checks the composition of an interleave set has not changed from when the namespace was initially created. The checksum is calculated by sorting the DIMMs by their location in the interleave-set. The comparison for the sort must be 64-bit wide, not byte-by-byte as performed by memcmp() in the broken case. Fix the implementation to accept correct cookie values in addition to the Linux "memcmp" order cookies, but only allow correct cookies to be generated going forward. It does mean that namespaces created by third-party-tooling, or created by newer kernels with this fix, will not validate on older kernels. However, there are a couple mitigating conditions: 1/ platforms with namespace-label capable NVDIMMs are not widely available. 2/ interleave-sets with a single-dimm are by definition not affected (nothing to sort). This covers the QEMU-KVM NVDIMM emulation case. The cookie stored in the namespace label will be fixed by any write the namespace label, the most straightforward way to achieve this is to write to the "alt_name" attribute of a namespace in sysfs. Cc: Fixes: eaf961536e16 ("libnvdimm, nfit: add interleave-set state-tracking infrastructure") Reported-by: Nicholas Moulin Tested-by: Nicholas Moulin Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 16 +++++++++++++++- drivers/nvdimm/namespace_devs.c | 18 ++++++++++++++---- drivers/nvdimm/nd.h | 1 + drivers/nvdimm/region_devs.c | 9 +++++++++ include/linux/libnvdimm.h | 2 ++ 5 files changed, 41 insertions(+), 5 deletions(-) commit 9dcfe2c75b51f454f39c2de4756e841228865b47 Author: Ingo Molnar Date: Wed Mar 1 09:25:55 2017 +0100 locking/refcounts: Change WARN() to WARN_ONCE() Linus noticed that the new refcount.h APIs used WARN(), which would turn into a dmesg DoS if it triggers frequently on some buggy driver. So make sure we only warn once. These warnings are never supposed to happen, so it's typically not a problem to lose subsequent warnings. Suggested-by: Linus Torvalds Cc: Peter Zijlstra (Intel) Cc: Elena Reshetova Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/CA+55aFzbYUTZ=oqZ2YgDjY0C2_n6ODhTfqj6V+m5xWmDxsuB0w@mail.gmail.com Signed-off-by: Ingo Molnar lib/refcount.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit a45e47f4b342884dcf9e40a530033f64c379ffc7 Author: Arnd Bergmann Date: Mon Feb 27 21:42:16 2017 +0100 staging: fsl-mc: fix warning in DT ranges parser The fsl-mc-bus driver in staging contains a copy of the standard 'ranges' property parsing algorithm with a hack to treat a missing property the same way as an empty one. This code produces false-positive warnings for me in an allmodconfig build: drivers/staging/fsl-mc/bus/fsl-mc-bus.c: In function 'fsl_mc_bus_probe': drivers/staging/fsl-mc/bus/fsl-mc-bus.c:645:6: error: 'mc_size_cells' may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/staging/fsl-mc/bus/fsl-mc-bus.c:682:8: error: 'mc_addr_cells' may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/staging/fsl-mc/bus/fsl-mc-bus.c:644:6: note: 'mc_addr_cells' was declared here drivers/staging/fsl-mc/bus/fsl-mc-bus.c:684:8: error: 'paddr_cells' may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/staging/fsl-mc/bus/fsl-mc-bus.c:643:6: note: 'paddr_cells' was declared here To avoid the warnings, I'm simplifying the argument handling to pass the number of valid ranges in the property as the function return code rather than passing it by reference. With this change, gcc can see that we don't evaluate the cell numbers for an missing ranges property. Signed-off-by: Arnd Bergmann Acked-by: Laurentiu Tudor Signed-off-by: Greg Kroah-Hartman drivers/staging/fsl-mc/bus/fsl-mc-bus.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) commit 87bfbddd0935f7a3acf36b883707aee816d4bb49 Author: Noralf Trønnes Date: Sun Feb 26 15:44:42 2017 +0100 MAINTAINERS: Remove Noralf Trønnes as fbtft maintainer Due to personal reasons I'm unable to continue as fbtft maintainer. Signed-off-by: Noralf Trønnes Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 1 - 1 file changed, 1 deletion(-) commit df06a2d57711a1472ced72207373eeb6422d4721 Author: Dan Williams Date: Wed Mar 1 00:03:37 2017 -0800 tools/testing/nvdimm: make iset cookie predictable For testing changes to the iset cookie algorithm we need a value that is constant from run-to-run. Stop including dynamic data in the emulated region_offset values. Also, pick values that sort in a different order depending on whether the comparison is a memcmp() of two 8-byte arrays or subtraction of two 64-bit values. Signed-off-by: Dan Williams tools/testing/nvdimm/test/nfit.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit b6b6fbc8310e1b12b05717da9df6953b138f812b Author: Chuanxiao Dong Date: Wed Mar 1 14:34:52 2017 +0800 drm/i915/gvt: use pfn_valid for better checking Before get the page from pfn, use pfn_valid to check if pfn is able to translate to page structure. Signed-off-by: Chuanxiao Dong Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e3942ed8c66bcff496abee5182422cd542962d9e Author: Len Brown Date: Sat Jan 21 02:33:23 2017 -0500 tools/power turbostat: version 17.02.24 The turbostat before this last set of changes is obsolete. This new version can do a lot more, but it also has some different defaults, that might catch some off-guard. So it seems a good time to give a new version number. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5f3aea57773dc7f788e374994636ffc0234a355f Author: Len Brown Date: Thu Feb 23 18:10:27 2017 -0500 tools/power turbostat: bugfix: --add u32 was printed as u64 When the "u32" keyword is used with --add, it means that the output should be truncated to 32-bits. This was not happening and all 64-bits were printed. Also, when no column name was used for an added MSR, The default column name was in deximal, eg. MSR16. Users report that they tend to use hex MSR numbers, so print them in hex. To always fit into the columns, use the syntax M0x10. Note that the user can always supply any column header that they want. eg --add msr0x10,MY_TSC Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) commit 0815a3d09baf2cd330f75020bdaad0f1adac0ecb Author: Len Brown Date: Thu Feb 23 17:00:51 2017 -0500 tools/power turbostat: show error on exec When turbostat is run in one-shot command mode, the parent takes the 'before' counter snapshot, fork/exec/wait for the child to exit, takes the 'after' counter snapshot, and prints the results. however, if the child fails to exec the command, it immediately returns, without indicating that anythign was wrong. Add an error message showing that exec failed: sudo turbostat sleeeep 4 ... turbostat: exec sleeeep: No such file or directory ... Note that the parent will still print out the statistics, because it can't tell the difference between the failed exec and a command that is purposefully returning the same status. Unfortunately, this may obscure the error message. However, if the --out parameter is used, the error message is evident on stderr. Reported-by: Wendy Wang Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 1 + 1 file changed, 1 insertion(+) commit 7293fccdffdec0ab0c36c4e4cffacb3ff114928e Author: Len Brown Date: Wed Feb 22 00:11:12 2017 -0500 tools/power turbostat: dump p-state software config cpu1: cpufreq driver: acpi-cpufreq cpu1: cpufreq governor: ondemand cpufreq boost: 1 or cpu0: cpufreq driver: intel_pstate cpu0: cpufreq governor: powersave cpufreq intel_pstate no_turbo: 0 Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 50 +++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) commit 7da6e3e2125d24040b3648ddc61edf70eb533849 Author: Len Brown Date: Tue Feb 21 23:43:41 2017 -0500 tools/power turbostat: show package number, even without --debug On multi-package systems, the "Package" column was being displayed only if --debug was used. Show it always. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dd778a5e6bbd0f52f34c61ae9b42b725c5f22398 Author: Len Brown Date: Tue Feb 21 23:21:13 2017 -0500 tools/power turbostat: support "--hide C1" etc. Originally, the only way to hide the sysfs C-state statistics columns was with "--hide sysfs". This was because we process "--hide" before we probe for those columns. hack --hide to remember deferred hide requests, and apply them when sysfs is probed. "--hide sysfs" is still available as short-hand to refer to the entire group of counters. The down-side of this change is that we no longer error check for bogus --hide column names. But the user will quickly figure that out if a column they mean to hide is still there... Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 115 +++++++++++++++++++++------------- 2 files changed, 73 insertions(+), 44 deletions(-) commit 4e4e1e7c6eaf387f8ec803f37f154fdd60e303c0 Author: Len Brown Date: Tue Feb 21 22:33:42 2017 -0500 tools/power turbostat: move --Package and --processor into the --cpu option --Package is now "--cpu package", which will display just the 1st CPU in each package --processor is not "--cpu core" which will display just the 1st CPU in each core Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 6 +----- tools/power/x86/turbostat/turbostat.c | 31 ++++++++++++++++++++----------- 2 files changed, 21 insertions(+), 16 deletions(-) commit da67e2b9fd1d846a41978690da0a899d8e4378ec Author: Len Brown Date: Wed Feb 15 00:30:22 2017 -0500 tools/power turbostat: turbostat.8 update update examples to show recently updated features. In particular --add --show --hide --cpu --list Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 238 ++++++++++++++++++++-------------- 1 file changed, 140 insertions(+), 98 deletions(-) commit 6168c2e0fb5084d187aa8f3ec4093db5e161d4dc Author: Len Brown Date: Thu Feb 16 23:07:51 2017 -0500 tools/power turbostat: update --list feature Make it possible to take the entire un-edited output from `turbostat --list` and feed it to "turbostat --show" or "turbostat --hide". To do this, the leading comma was removed (no mater what columns are active) and also they dynamic C-state "C1, C2, C3" etc are replaced by the string "sysfs", which refers to them as a group. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 219 ++++++++++++++++++---------------- 1 file changed, 113 insertions(+), 106 deletions(-) commit 0de6c0df4ecc32ffaf064fea3a43846ba4474bd0 Author: Len Brown Date: Wed Feb 15 21:45:40 2017 -0500 tools/power turbostat: use wide columns to display large numbers When a counter overlfows 7 columns, it shifts the remaining columns to the right, so they no longer line up under their column header. Update turbostat to dectect when it is handling large numbers, and switch to wider columns where, necessary. Reported-by: Artem Bityutskiy Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 68 ++++++++++++++++++++++++++++------- 1 file changed, 55 insertions(+), 13 deletions(-) commit c8ade3616a1a5cf7767c0338d2b02007796f5d88 Author: Len Brown Date: Wed Feb 15 17:15:11 2017 -0500 tools/power turbostat: Add --list option to show available header names It is handy to know the list of column header names, so that they can be used with --add and --skip The new --list option shows them: sudo ./turbostat --list --hide sysfs ,Core,CPU,Avg_MHz,Busy%,Bzy_MHz,TSC_MHz,IRQ,SMI,CPU%c1,CPU%c3,CPU%c6,CPU%c7,CoreTmp,PkgTmp,GFX%rc6,GFXMHz,PkgWatt,CorWatt,GFXWatt Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 118 +++++++++++++++++++--------------- 1 file changed, 66 insertions(+), 52 deletions(-) commit 218f0e8d5c388767be9c78fd2c5bc0a6f416d6d0 Author: Len Brown Date: Tue Feb 14 22:07:52 2017 -0500 tools/power turbostat: fix zero IRQ count shown in one-shot command mode The IRQ column has been working for periodic mode, but not in one-shot command mode, it shows only 0. until now. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 1ef7d21afe2197013aefe0e93641aa2c5a9ac3db Author: Len Brown Date: Fri Feb 10 23:54:15 2017 -0500 tools/power turbostat: add --cpu parameter With the --cpu parameter, turbostat prints only lines for the specified set of CPUs: sudo ./turbostat --quiet --show Core,CPU --cpu 0,1,3..5,6-7 Core CPU - - 0 0 0 4 1 1 1 5 2 6 3 3 3 7 Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 2 + tools/power/x86/turbostat/turbostat.c | 95 ++++++++++++++++++++++++++++++++++- 2 files changed, 95 insertions(+), 2 deletions(-) commit 41618e63f2a869902f8534f0db337e85d6bd04c8 Author: Len Brown Date: Thu Feb 9 18:25:22 2017 -0500 tools/power turbostat: print sysfs C-state stats When turbostat shows % of time in a CPU idle power state, it has always been showing information from underlying hardware residency counters. While this reflects what the hardware is doing, and is thus useful for understanding the hardware, it doesn't directly tell us what Linux requested -- which is useful for tuning Linux itself. Here we add columns to turbostat to show the Linux cpuidle sub-system statistics: /sys/devices/system/cpu/cpu*/cpuidle/state*/* The first group of columns are the "usage", which is the number of times software requested that C-state in the measurement interval. eg C1 below. The second group of columns are the "time", which is the percentage of the measurement interval time that software has requested the specified C-state. eg C1% below. These software counters can be compared to the underlying hardware residency counters (eg CPU%c1 CPU%c3 CPU%c6 CPU%c7) to compare what sofware requested to what the hardware delivered. These sysfs attributes are discovered when turbostat starts, rather than being "built in". So the --show and --hide parameters do not know about these dynamic column names. However "--show sysfs" and "--hide sysfs" act on the entire group of columns: turbostat --show sysfs ... cpu4: POLL: CPUIDLE CORE POLL IDLE cpu4: C1: MWAIT 0x00 cpu4: C1E: MWAIT 0x01 cpu4: C3: MWAIT 0x10 cpu4: C6: MWAIT 0x20 cpu4: C7s: MWAIT 0x32 ... C1 C1E C3 C6 C7s C1% C1E% C3% C6% C7s% 3 6 5 1 188 0.00 0.02 0.00 0.00 99.93 0 6 5 0 58 0.00 0.16 0.02 0.00 99.70 0 0 0 0 9 0.00 0.00 0.00 0.00 99.96 0 0 0 1 24 0.00 0.00 0.00 0.02 99.93 0 0 0 0 9 0.00 0.00 0.00 0.00 99.97 0 0 0 0 32 0.00 0.00 0.00 0.00 99.96 0 0 0 0 7 0.00 0.00 0.00 0.00 99.98 2 0 0 0 36 0.00 0.00 0.00 0.00 99.97 1 0 0 0 13 0.00 0.00 0.00 0.00 99.98 Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 4 +- tools/power/x86/turbostat/turbostat.c | 161 ++++++++++++++++++++++++++++++---- 2 files changed, 147 insertions(+), 18 deletions(-) commit 495c7654ccfb771d19ce1b9fbc7be21e45b14636 Author: Len Brown Date: Wed Feb 8 02:41:51 2017 -0500 tools/power turbostat: extend --add option to accept /sys path Previously, the --add option could specify only an MSR. Here is is extended so an arbitrary /sys attribute, as specified by an absolute file path name. sudo ./turbostat --add /sys/devices/system/cpu/cpu0/cpuidle/state5/usage Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 92 ++++++++++++++++++++++++++--------- 1 file changed, 69 insertions(+), 23 deletions(-) commit ade0ebacdf03591b3dab642e6e92da60c20ebdb3 Author: Len Brown Date: Fri Feb 10 01:56:47 2017 -0500 tools/power turbostat: skip unused counters on BDX Skip these two counters on BDX, as they are always zero: cc7, pc7 Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 31e07522be566cd039ff7a770550076cc1707a0c Author: Len Brown Date: Tue Jan 31 23:07:49 2017 -0500 tools/power turbostat: fix decoding for GLM, DNV, SKX turbo-ratio limits Newer processors do not hard-code the the number of cpus in each bin to {1, 2, 3, 4, 5, 6, 7, 8} Rather, they can specify any number of CPUS in each of the 8 bins: eg. ... 37 * 100.0 = 3600.0 MHz max turbo 4 active cores 38 * 100.0 = 3700.0 MHz max turbo 3 active cores 39 * 100.0 = 3800.0 MHz max turbo 2 active cores 39 * 100.0 = 3900.0 MHz max turbo 1 active cores could now look something like this: ... 37 * 100.0 = 3600.0 MHz max turbo 16 active cores 38 * 100.0 = 3700.0 MHz max turbo 8 active cores 39 * 100.0 = 3800.0 MHz max turbo 4 active cores 39 * 100.0 = 3900.0 MHz max turbo 2 active cores Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 90 ++++++++++++++++++++++++++--------- 1 file changed, 67 insertions(+), 23 deletions(-) commit 34c7619762f7b4ebbd5157b312e6022b725c031e Author: Len Brown Date: Fri Jan 27 02:36:41 2017 -0500 tools/power turbostat: skip unused counters on SKX Skip these four counters on SKX, as they are always zero: cc3, pc3 cc7, pc7 Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 7170a374377d7c70d63a2d3eb38f8fe32e6ffadd Author: Len Brown Date: Fri Jan 27 02:13:27 2017 -0500 tools/power turbostat: Denverton: use HW CC1 counter, skip C3, C7 The CC1 column in tubostat can be computed by subtracting the core c-state residency countes from the total Cx residency. CC1 = (Idle_time_as_measured by MPERF) - (all core C-states with residency counters) However, as the underlying counter reads are not atomic, error can be noticed in this calculations, especially when the numbers are small. Denverton has a hardware CC1 residency counter to improve the accuracy of the cc1 statistic -- use it. At the same time, Denverton has no concept of CC3, PC3, CC7, PC7, so skip collecting and printing those columns. Finally, a note of clarification. Turbostat prints the standard PC2 residency counter, but on Denverton hardware, that actually means PC1E. Turbostat prints the standard PC6 residency counter, but on Denverton hardware, that actually means PC2. At this point, we document that differnce in this commit message, rather than adding a quirk to the software. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit ac01ac1371d01beb02827f89fff9aac9d7941e91 Author: Len Brown Date: Fri Jan 27 01:45:35 2017 -0500 tools/power turbostat: initial Gemini Lake SOC support Gemini Lake is similar to Apollo Lake (Broxton/Goldmont) Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 5 +++++ 1 file changed, 5 insertions(+) commit 311f77708f362c1af0a999ba5ebbbc062fdc5601 Author: Len Brown Date: Thu Feb 16 23:48:50 2017 -0500 x86: intel-family.h: Add GEMINI_LAKE SOC Cc: x86@kernel.org Signed-off-by: Len Brown arch/x86/include/asm/intel-family.h | 1 + 1 file changed, 1 insertion(+) commit 0f47c08d8ccf8252a5c007502919bdc2126ffb1f Author: Len Brown Date: Fri Jan 27 00:50:45 2017 -0500 tools/power turbostat: bug fixes to --add, --show/--hide features Fix a bug with --add, where the title of the column is un-initialized if not specified by the user. The initial implementation of --show and --hide neglected to handle the pc8/pc9/pc10 counters. Fix a bug where "--show Core" only worked with --debug Reported-by: Wendy Wang Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 138 +++++++++++++++++++--------------- 1 file changed, 77 insertions(+), 61 deletions(-) commit 008d396eb219ee5a1c98c9ef01c35752d35f0d6c Author: Len Brown Date: Fri Feb 10 00:29:51 2017 -0500 tools/power turbostat: use tsc_tweak everwhere it is needed The CPU ticks at a rate in the "bus clock" domain. eg. 100 MHz * bus_ratio. On newer processors, the TSC has been moved out of this BCLK domain and into a separate crystal-clock domain. While the TSC ticks "close to" the base frequency, those that look closely at the numbers will notice small errors in calculations that mix units of TSC clocks and bus clocks. "tsc_tweak" was introduced to address the most visible mixing -- the %Busy and the the Busy_MHz calculations. (A simplification as since removed TSC from the BusyMHz calculation) Here we apply the tsc_tweak to everyplace where BCLK and TSC units are mixed. The results is that on a system which is 100% idle, the sum of the C-states are now much more likely to be closer to 100%. Reported-by: Travis Downs Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 48 ++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 23 deletions(-) commit 96e4715857cf184536ef46e6ea92465f58a7b12d Author: Len Brown Date: Sat Jan 21 02:26:00 2017 -0500 tools/power turbostat: print system config, unless --quiet Some users want turbostat to tell them everything, by default. Some users want turbostat to be quiet, by default. I find that I'm in the 1st camp, and so I've never liked needing to type the --debug parameter to decode the system configuration. So here we change the default and print the system configuration, by default. (The --debug option is now un-documented, though it does still exist for debugging turbostat internals) When you do not want to see the system configuration header, use the new "--quiet" option. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 7 +-- tools/power/x86/turbostat/turbostat.c | 105 +++++++++++++++++----------------- 2 files changed, 52 insertions(+), 60 deletions(-) commit fee86541d28934da4eb235367f7e2137acb1b359 Author: Len Brown Date: Sat Jan 21 01:59:12 2017 -0500 tools/power turbostat: show all columns, independent of --debug Some time ago, turbostat overflowed 80 columns. So on the assumption that a "casual" user would always want topology and frequency columns, we hid the rest of the columns and the system configuration decoding behind the --debug option. Not everybody liked that change -- including me. I use --debug 99% of the time... Well, now we have "-o file" to put turbostat output into a file, so unless you are watching real-time in a small window, column count is less frequently a factor. And more recently, we got the "--hide columnA,columnB" option to specify columns to skip. So now we "un-hide" the rest of the columns from behind --debug, and show them all, by default. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 7 ------- 1 file changed, 7 deletions(-) commit 33148d671cc191fceaca5017e1bb060e9f30fbf7 Author: Len Brown Date: Sat Jan 21 01:26:16 2017 -0500 tools/power turbostat: decode MSR_MISC_FEATURE_CONTROL useful for observing if the BIOS disabled prefetch Not architectural, but docuemented as present on NHM, SNB and is present on others. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit 98af74599ea0757098a5776ea29e581b661dcf6f Author: Len Brown Date: Sat Jan 21 01:15:09 2017 -0500 x86 msr_index.h: Define MSR_MISC_FEATURE_CONTROL This non-architectural MSR has disable bits for various prefetchers on modern processors. While these bits are generally touched only by the BIOS, say, via BIOS SETUP, it is useful to dump them when examining options that can alter performance. Cc: x86@kernel.org Signed-off-by: Len Brown arch/x86/include/asm/msr-index.h | 1 + 1 file changed, 1 insertion(+) commit b3a34e9382a4aacfa7c0b24f9548737bbb20338e Author: Len Brown Date: Sat Jan 21 00:50:08 2017 -0500 tools/power turbostat: decode CPUID(6).TURBO show the CPUID feature for turbo to clarify the case when it may not be shown in MISC_ENABLE CPUID(6): APERF, TURBO, DTS, PTM, No-HWP, No-HWPnotify, No-HWPwindow, No-HWPepp, No-HWPpkg, EPB cpu4: MSR_IA32_MISC_ENABLE: 0x00850089 (TCC EIST MWAIT TURBO) Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 0f7887c49b0c454aef9936a6eadabe1c91b5af55 Author: Len Brown Date: Thu Jan 12 23:49:18 2017 -0500 tools/power turbostat: dump Atom P-states correctly Turbostat dumps MSR_TURBO_RATIO_LIMIT on Core Architecture. But Atom Architecture uses MSR_ATOM_CORE_RATIOS and MSR_ATOM_CORE_TURBO_RATIOS. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 103 +++++++++++++++++++++++++++------- 1 file changed, 82 insertions(+), 21 deletions(-) commit 92134bdbc6272da6e98e9242cc6f1576cedc0735 Author: Len Brown Date: Sat Feb 25 16:55:17 2017 -0500 intel_pstate: use MSR_ATOM_RATIOS definitions from msr-index.h Originally, these MSRs were locally defined in this driver. Now the definitions are in msr-index.h -- use them. Signed-off-by: Len Brown drivers/cpufreq/intel_pstate.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) commit 8a34fd0226eaae64d61ff9a113d276e28acb6b5c Author: Len Brown Date: Thu Jan 12 23:22:28 2017 -0500 x86 msr-index.h: Define Atom specific core ratio MSR locations These MSRs are currently used by the intel_pstate driver, using a local definition. Cc: x86@kernel.org Signed-off-by: Len Brown arch/x86/include/asm/msr-index.h | 6 ++++++ 1 file changed, 6 insertions(+) commit e651262477c6d8cba79dffc1a6039da43d9c96b0 Author: Len Brown Date: Wed Jan 11 23:17:24 2017 -0500 tools/power turbostat: further decode MSR_IA32_MISC_ENABLE Decode MISC_ENABLE.NO_TURBO, also use the #defines in msr-index.h for decoding this register cpu0: MSR_IA32_MISC_ENABLE: 0x00850089 (TCC EIST MWAIT TURBO) Although it is not architectural, decode also MSR_IA32_MISC_ENABLE.prefetch-disable (bit-9). documented to be present on: Core, P4, Intel-Xeon reserved on: Atom, Silvermont, Nehalem, SNB, PHI ec. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 710f273ba96182fd93ee8540ae06583c7d889d7c Author: Len Brown Date: Wed Jan 11 22:12:25 2017 -0500 tools/power turbostat: add precision to --debug frequency output Add a digit of precision to the --debug output for frequency range. This is useful when BCLK is not an integer. old: 6 * 83 = 500 MHz max efficiency frequency 26 * 83 = 2166 MHz base frequency new: 6 * 83.3 = 499.8 MHz max efficiency frequency 26 * 83.3 = 2165.8 MHz base frequency Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) commit 0539ba118fe241b0d03202fda0cd19cb758b7fbd Author: Len Brown Date: Fri Feb 10 00:27:20 2017 -0500 tools/power turbostat: Baytrail c-state support The Baytrail SOC, with its Silvermont core, has some unique properties: 1. a hardware CC1 residency counter 2. a module-c6 residency counter 3. a package-c6 counter at traditional package-c7 counter address. The SOC does not support c3, pc3, c7 or pc7 counters. Signed-off-by: Len Brown arch/x86/include/asm/msr-index.h | 2 ++ tools/power/x86/turbostat/turbostat.c | 46 ++++++++++++++++++++++++++++------- 2 files changed, 39 insertions(+), 9 deletions(-) commit 419c9e986ea453d07140bffb9708d730b6317e8e Author: Len Brown Date: Sat Jan 7 23:26:22 2017 -0500 x86: msr-index.h: Remove unused MSR_NHM_SNB_PKG_CST_CFG_CTL The two users, intel_idle driver and turbostat utility are using the new name, MSR_PKG_CST_CONFIG_CONTROL Cc: x86@kernel.org Signed-off-by: Len Brown arch/x86/include/asm/msr-index.h | 1 - 1 file changed, 1 deletion(-) commit 1df2e55abce64e2f3117fac3968a9ac382fbc9c3 Author: Len Brown Date: Sat Jan 7 23:24:57 2017 -0500 tools/power turbostat: use new name for MSR_PKG_CST_CONFIG_CONTROL Previously called MSR_NHM_SNB_PKG_CST_CFG_CTL Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 6cfb2374f83bc70b8acb0ddb989988ba3f140b61 Author: Len Brown Date: Sat Jan 7 23:23:25 2017 -0500 intel_idle: use new name for MSR_PKG_CST_CONFIG_CONTROL previously known as MSR_NHM_SNB_PKG_CST_CFG_CTL Signed-off-by: Len Brown drivers/idle/intel_idle.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 40496c8ee73a5ca4fa581badf2247418980586b1 Author: Len Brown Date: Sat Jan 7 23:21:18 2017 -0500 x86: msr-index.h: Define MSR_PKG_CST_CONFIG_CONTROL define MSR_PKG_CST_CONFIG_CONTROL (0xE2), which is the string used by Intel Documentation. We use this MSR in intel_idle and turbostat by a previous name, to be updated in the next patch. Cc: x86@kernel.org Signed-off-by: Len Brown arch/x86/include/asm/msr-index.h | 1 + 1 file changed, 1 insertion(+) commit 2d6be4abf514fc26c83d239c7f31da1f95e4a31d Merge: cf39319 eb99459 Author: Linus Torvalds Date: Tue Feb 28 21:06:30 2017 -0800 Merge tag 'for-linus-4.11' of git://git.code.sf.net/p/openipmi/linux-ipmi Pull IPMI updates from Corey Minyard: "This is a few small fixes to the main IPMI driver, make some things const, fix typos, etc. The last patch came in about a week ago, but IMHO it's best to go in now. It is not for the main driver, it's for the bt-bmc driver, which runs on the managment controller side, not on the host side, so the scope is limited and the change is necessary" * tag 'for-linus-4.11' of git://git.code.sf.net/p/openipmi/linux-ipmi: ipmi: bt-bmc: Use a regmap for register access char: ipmi: constify ipmi_smi_handlers structures acpi:ipmi: Make IPMI user handler const ipmi: make ipmi_usr_hndl const Documentation: Fix a typo in IPMI.txt. commit cf393195c3ba5d4c0a8e237eb00f7ef104876ee5 Merge: 5ecc5ac c6ce3e2 Author: Linus Torvalds Date: Tue Feb 28 20:29:41 2017 -0800 Merge branch 'idr-4.11' of git://git.infradead.org/users/willy/linux-dax Pull IDR rewrite from Matthew Wilcox: "The most significant part of the following is the patch to rewrite the IDR & IDA to be clients of the radix tree. But there's much more, including an enhancement of the IDA to be significantly more space efficient, an IDR & IDA test suite, some improvements to the IDR API (and driver changes to take advantage of those improvements), several improvements to the radix tree test suite and RCU annotations. The IDR & IDA rewrite had a good spin in linux-next and Andrew's tree for most of the last cycle. Coupled with the IDR test suite, I feel pretty confident that any remaining bugs are quite hard to hit. 0-day did a great job of watching my git tree and pointing out problems; as it hit them, I added new test-cases to be sure not to be caught the same way twice" Willy goes on to expand a bit on the IDR rewrite rationale: "The radix tree and the IDR use very similar data structures. Merging the two codebases lets us share the memory allocation pools, and results in a net deletion of 500 lines of code. It also opens up the possibility of exposing more of the features of the radix tree to users of the IDR (and I have some interesting patches along those lines waiting for 4.12) It also shrinks the size of the 'struct idr' from 40 bytes to 24 which will shrink a fair few data structures that embed an IDR" * 'idr-4.11' of git://git.infradead.org/users/willy/linux-dax: (32 commits) radix tree test suite: Add config option for map shift idr: Add missing __rcu annotations radix-tree: Fix __rcu annotations radix-tree: Add rcu_dereference and rcu_assign_pointer calls radix tree test suite: Run iteration tests for longer radix tree test suite: Fix split/join memory leaks radix tree test suite: Fix leaks in regression2.c radix tree test suite: Fix leaky tests radix tree test suite: Enable address sanitizer radix_tree_iter_resume: Fix out of bounds error radix-tree: Store a pointer to the root in each node radix-tree: Chain preallocated nodes through ->parent radix tree test suite: Dial down verbosity with -v radix tree test suite: Introduce kmalloc_verbose idr: Return the deleted entry from idr_remove radix tree test suite: Build separate binaries for some tests ida: Use exceptional entries for small IDAs ida: Move ida_bitmap to a percpu variable Reimplement IDR and IDA using the radix tree radix-tree: Add radix_tree_iter_delete ... commit 5ecc5ac215bc4d88243a2f4909e70ccc1bda710f Merge: 8313064c b7a42b9 Author: Linus Torvalds Date: Tue Feb 28 20:18:44 2017 -0800 Merge tag 'iommu-fix-v4.11-rc0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU fixes from Joerg Roedel: "Fix an issue introduced this merge window into the AMD and Intel IOMMU drivers that causes an oops when the vendor-specific sysfs-entries are accessed. The reason for this issue is that I forgot to update the sysfs code in the drivers when moving the iommu 'struct device' to the iommu-core" * tag 'iommu-fix-v4.11-rc0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/amd: Fix crash when accessing AMD-Vi sysfs entries iommu/vt-d: Fix crash when accessing VT-d sysfs entries commit 6f8830f5bbab16e54f261de187f3df4644a5b977 Author: Chris Leech Date: Mon Feb 27 16:58:36 2017 -0800 scsi: libiscsi: add lock around task lists to fix list corruption regression There's a rather long standing regression from the commit "libiscsi: Reduce locking contention in fast path" Depending on iSCSI target behavior, it's possible to hit the case in iscsi_complete_task where the task is still on a pending list (!list_empty(&task->running)). When that happens the task is removed from the list while holding the session back_lock, but other task list modification occur under the frwd_lock. That leads to linked list corruption and eventually a panicked system. Rather than back out the session lock split entirely, in order to try and keep some of the performance gains this patch adds another lock to maintain the task lists integrity. Major enterprise supported kernels have been backing out the lock split for while now, thanks to the efforts at IBM where a lab setup has the most reliable reproducer I've seen on this issue. This patch has been tested there successfully. Signed-off-by: Chris Leech Fixes: 659743b02c41 ("[SCSI] libiscsi: Reduce locking contention in fast path") Reported-by: Prashantha Subbarao Reviewed-by: Guilherme G. Piccoli Cc: # v3.15+ Signed-off-by: Martin K. Petersen drivers/scsi/libiscsi.c | 26 +++++++++++++++++++++++++- include/scsi/libiscsi.h | 1 + 2 files changed, 26 insertions(+), 1 deletion(-) commit d1a9ccc4b1374a5a7762031fd8e4e398c68549e6 Author: Colin Ian King Date: Tue Feb 28 11:02:48 2017 +0000 scsi: qedi: fix missing return error code check on call to qedi_setup_int The call to qedi_setup_int is not updating the return code rc yet rc is being checked for an error. Fix this by assigning rc to the return code from the call to qedi_setup_int. Signed-off-by: Colin Ian King Acked-by: Manish Rangankar Signed-off-by: Martin K. Petersen drivers/scsi/qedi/qedi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 858b0f571d30916bd69c45922045f24f26d6bfc9 Author: Bing Niu Date: Tue Feb 28 11:39:48 2017 -0500 drm/i915/gvt: set SFUSE_STRAP properly for vitual monitor detection update the correct virtual montior connection status to vreg v2: address yulei's comment on commit message Signed-off-by: Bing Niu Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/display.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit 1f58af304cce9e4a25b62b3619e69c586203c8ca Author: Zhao Yan Date: Tue Feb 28 15:41:03 2017 +0800 drm/i915/gvt: fix an error for one register register 0x20e0 should be mode register v2: rebased to latest code base Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9112caafdf01439a6e43f4d8c09ceed7dc613d4a Author: Zhao Yan Date: Tue Feb 28 15:40:10 2017 +0800 drm/i915/gvt: add more registers into handlers list those registers are render registers with F_CMD_ACCESS flag set Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) commit 0aa5277c3a6dbe9d5991c490ef23fe900254d931 Author: Zhao Yan Date: Tue Feb 28 15:39:25 2017 +0800 drm/i915/gvt: have more registers with F_CMD_ACCESS flags set those registers are render registers, should have F_CMD_ACCESS flag set v4: rebase to lastest code base v3: per zhenyu's comments, move newly added registers to a separate patch v2: per Kevin's comments, move newly added registers to the tails of lists. Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 223 ++++++++++++++++++++---------------- 1 file changed, 123 insertions(+), 100 deletions(-) commit 4e5acdc23a3dcbd6ad6dc93a9783dd9c838987c8 Author: Paul Mackerras Date: Tue Feb 28 11:05:47 2017 +1100 KVM: PPC: Book3S HV: Don't use ASDR for real-mode HPT faults on POWER9 In HPT mode on POWER9, the ASDR register is supposed to record segment information for hypervisor page faults. It turns out that POWER9 DD1 does not record the page size information in the ASDR for faults in guest real mode. We have the necessary information in memory already, so by moving the checks for real mode that already existed, we can use the in-memory copy. Since a load is likely to be faster than reading an SPR, we do this unconditionally (not just for POWER9 DD1). Signed-off-by: Paul Mackerras arch/powerpc/kvm/book3s_hv_rmhandlers.S | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 70cd4c10b290dd77fff6dc702a9a2c8c679df121 Author: Paul Mackerras Date: Mon Feb 27 11:51:37 2017 +1100 KVM: PPC: Book3S HV: Fix software walk of guest process page tables This fixes some bugs in the code that walks the guest's page tables. These bugs cause MMIO emulation to fail whenever the guest is in virtial mode (MMU on), leading to the guest hanging if it tried to access a virtio device. The first bug was that when reading the guest's process table, we were using the whole of arch->process_table, not just the field that contains the process table base address. The second bug was that the mask used when reading the process table entry to get the radix tree base address, RPDB_MASK, had the wrong value. Fixes: 9e04ba69beec ("KVM: PPC: Book3S HV: Add basic infrastructure for radix guests") Fixes: e99833448c5f ("powerpc/mm/radix: Add partition table format & callback") Signed-off-by: Paul Mackerras arch/powerpc/include/asm/book3s/64/mmu.h | 3 ++- arch/powerpc/kvm/book3s_64_mmu_radix.c | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) commit de09cdd09fa12c3f837902680c3011d96e811821 Author: Len Brown Date: Tue Feb 28 16:32:44 2017 -0500 intel_idle: stop exposing platform acronyms in sysfs Cosmetic only -- no functional change in this patch. sysfs before: state4/desc:MWAIT 0x20 state4/name:C6-HSW sysfs after: state4/desc:MWAIT 0x20 state4/name:C6 We remove the platform acronyms from the end of the state name (-HSW in this case) for three reasonse. 1. more consistency with acpi_idle, which prints C1, C2, C3 etc. 2. users know what platform they are on already an acronym for the processor code name here seems to cause more confusion than clarity. 3. less clutter in "cpupower monitor" output, which truncates the names to 4 columns. The precise definition of the state continues to be available in "desc". Reported-by: Artem Bityutskiy Signed-off-by: Len Brown Signed-off-by: Rafael J. Wysocki drivers/idle/intel_idle.c | 172 +++++++++++++++++++++++----------------------- 1 file changed, 86 insertions(+), 86 deletions(-) commit 8313064c2e75542201e557e2b496668811c2484a Merge: b2deee2 ff7d117 Author: Linus Torvalds Date: Tue Feb 28 15:39:09 2017 -0800 Merge tag 'nfsd-4.11' of git://linux-nfs.org/~bfields/linux Pull nfsd updates from Bruce Fields: "The nfsd update this round is mainly a lot of miscellaneous cleanups and bugfixes. A couple changes could theoretically break working setups on upgrade. I don't expect complaints in practice, but they seem worth calling out just in case: - NFS security labels are now off by default; a new security_label export flag reenables it per export. But, having them on by default is a disaster, as it generally only makes sense if all your clients and servers have similar enough selinux policies. Thanks to Jason Tibbitts for pointing this out. - NFSv4/UDP support is off. It was never really supported, and the spec explicitly forbids it. We only ever left it on out of laziness; thanks to Jeff Layton for finally fixing that" * tag 'nfsd-4.11' of git://linux-nfs.org/~bfields/linux: (34 commits) nfsd: Fix display of the version string nfsd: fix configuration of supported minor versions sunrpc: don't register UDP port with rpcbind when version needs congestion control nfs/nfsd/sunrpc: enforce transport requirements for NFSv4 sunrpc: flag transports as having congestion control sunrpc: turn bitfield flags in svc_version into bools nfsd: remove superfluous KERN_INFO nfsd: special case truncates some more nfsd: minor nfsd_setattr cleanup NFSD: Reserve adequate space for LOCKT operation NFSD: Get response size before operation for all RPCs nfsd/callback: Drop a useless data copy when comparing sessionid nfsd/callback: skip the callback tag nfsd/callback: Cleanup callback cred on shutdown nfsd/idmap: return nfserr_inval for 0-length names SUNRPC/Cache: Always treat the invalid cache as unexpired SUNRPC: Drop all entries from cache_detail when cache_purge() svcrdma: Poll CQs in "workqueue" mode svcrdma: Combine list fields in struct svc_rdma_op_ctxt svcrdma: Remove unused sc_dto_q field ... commit b2deee2dc06db7cdf99b84346e69bdb9db9baa85 Merge: d4f4cf7 54ea004 Author: Linus Torvalds Date: Tue Feb 28 15:36:09 2017 -0800 Merge tag 'ceph-for-4.11-rc1' of git://github.com/ceph/ceph-client Pull ceph updates from Ilya Dryomov: "This time around we have: - support for rbd data-pool feature, which enables rbd images on erasure-coded pools (myself). CEPH_PG_MAX_SIZE has been bumped to allow erasure-coded profiles with k+m up to 32. - a patch for ceph_d_revalidate() performance regression introduced in 4.9, along with some cleanups in the area (Jeff Layton) - a set of fixes for unsafe ->d_parent accesses in CephFS (Jeff Layton) - buffered reads are now processed in rsize windows instead of rasize windows (Andreas Gerstmayr). The new default for rsize mount option is 64M. - ack vs commit distinction is gone, greatly simplifying ->fsync() and MOSDOpReply handling code (myself) ... also a few filesystem bug fixes from Zheng, a CRUSH sync up (CRUSH computations are still serialized though) and several minor fixes and cleanups all over" * tag 'ceph-for-4.11-rc1' of git://github.com/ceph/ceph-client: (52 commits) libceph, rbd, ceph: WRITE | ONDISK -> WRITE libceph: get rid of ack vs commit ceph: remove special ack vs commit behavior ceph: tidy some white space in get_nonsnap_parent() crush: fix dprintk compilation crush: do is_out test only if we do not collide ceph: remove req from unsafe list when unregistering it rbd: constify device_type structure rbd: kill obj_request->object_name and rbd_segment_name_cache rbd: store and use obj_request->object_no rbd: RBD_V{1,2}_DATA_FORMAT macros rbd: factor out __rbd_osd_req_create() rbd: set offset and length outside of rbd_obj_request_create() rbd: support for data-pool feature rbd: introduce rbd_init_layout() rbd: use rbd_obj_bytes() more rbd: remove now unused rbd_obj_request_wait() and helpers rbd: switch rbd_obj_method_sync() to ceph_osdc_call() libceph: pass reply buffer length through ceph_osdc_call() rbd: do away with obj_request in rbd_obj_read_sync() ... commit e9f467d028cd7d8bee2a4d6c4fb806caf8cd580b Merge: ef6ebf3 20a7db8 Author: Chris Mason Date: Tue Feb 28 14:35:09 2017 -0800 Merge branch 'for-chris-4.11-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.11 commit 2664f3c94abc7181171b7c05b2aaa76ea7d9d613 Author: Mike Snitzer Date: Tue Feb 28 15:31:44 2017 -0500 dm raid: bump the target version This version bump reflects that the reshape corruption fix (commit 92a39f6cc "dm raid: fix data corruption on reshape request") is present. Done as a separate fix because the above referenced commit is marked for stable and target version bumps in a stable@ fix are a recipe for the fix to never get backported to stable@ kernels (because of target version number conflicts). Also, move RESUME_STAY_FROZEN_FLAGS up with the reset the the _FLAGS definitions now that we don't need to worry about stable@ conflicts as a result of missing context. Signed-off-by: Mike Snitzer drivers/md/dm-raid.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit d36a19541fe8f392778ac137d60f9be8dfdd8f9d Author: Heinz Mauelshagen Date: Tue Feb 28 19:17:49 2017 +0100 dm raid: fix data corruption on reshape request The lvm2 sequence to manage dm-raid constructor flags that trigger a rebuild or a reshape is defined as: 1) load table with flags (e.g. rebuild/delta_disks/data_offset) 2) clear out the flags in lvm2 metadata 3) store the lvm2 metadata, reload the table to reset the flags previously established during the initial load (1) -- in order to prevent repeatedly requesting a rebuild or a reshape on activation Currently, loading an inactive table with rebuild/reshape flags specified will cause dm-raid to rebuild/reshape on resume and thus start updating the raid metadata (about the progress). When the second table reload, to reset the flags, occurs the constructor accesses the volatile progress state kept in the raid superblocks. Because the active mapping is still processing the rebuild/reshape, that position will be stale by the time the device is resumed. In the reshape case, this causes data corruption by processing already reshaped stripes again. In the rebuild case, it does _not_ cause data corruption but instead involves superfluous rebuilds. Fix by keeping the raid set frozen during the first resume and then allow the rebuild/reshape during the second resume. Fixes: 9dbd1aa3a ("dm raid: add reshaping support to the target") Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer Cc: stable@vger.kernel.org # 4.8+ drivers/md/dm-raid.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit ad47047220777460c6d7dc8333808591f29e5c17 Author: Mike Snitzer Date: Tue Feb 28 11:55:16 2017 -0500 dm raid: fix raid "check" regression due to improper cleanup in raid_message() While cleaning up awkward branching in raid_message() a raid set "check" regression was introduced because "check" needs both MD_RECOVERY_SYNC and MD_RECOVERY_REQUESTED flags set. Fix this regression by explicitly setting both flags for the "check" case (like is also done for the "repair" case, but redundant set_bit()s are perfectly fine because it adds clarity to what is needed in response to both messages -- in addition this isn't fast path code). Fixes: 105db59912 ("dm raid: cleanup awkward branching in raid_message() option processing") Reported-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer drivers/md/dm-raid.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit f3ac9f737603da80c2da3e84b89e74429836bb6d Author: Takashi Iwai Date: Tue Feb 28 22:15:51 2017 +0100 ALSA: seq: Fix link corruption by event error handling The sequencer FIFO management has a bug that may lead to a corruption (shortage) of the cell linked list. When a sequencer client faces an error at the event delivery, it tries to put back the dequeued cell. When the first queue was put back, this forgot the tail pointer tracking, and the link will be screwed up. Although there is no memory corruption, the sequencer client may stall forever at exit while flushing the pending FIFO cells in snd_seq_pool_done(), as spotted by syzkaller. This patch addresses the missing tail pointer tracking at snd_seq_fifo_cell_putback(). Also the patch makes sure to clear the cell->enxt pointer at snd_seq_fifo_event_in() for avoiding a similar mess-up of the FIFO linked list. Reported-by: Dmitry Vyukov Cc: Signed-off-by: Takashi Iwai sound/core/seq/seq_fifo.c | 3 +++ 1 file changed, 3 insertions(+) commit 2a7275a3d867b228216886aae35e1f64291180b1 Author: Ley Foon Tan Date: Tue Feb 28 18:37:16 2017 +0800 PCI: altera: Fix TLP_CFG_DW0 for TLP write eb5767122feb ("PCI: altera: Simplify TLB_CFG_DW0 usage") used TLP_FMTTYPE_CFGRD* (instead of TLP_FMTTYPE_CFGWR*) for TLP writes, which causes writing to configuration space to fail. Fix it by using correct FMTTYPE for write operation. Fixes: eb5767122feb ("PCI: altera: Simplify TLB_CFG_DW0 usage") Signed-off-by: Ley Foon Tan Signed-off-by: Bjorn Helgaas CC: stable@vger.kernel.org # v4.9+ drivers/pci/host/pcie-altera.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit d4f4cf77b37eaea58ef863a4cbc95dad3880b524 Merge: f89db78 17a870b Author: Linus Torvalds Date: Tue Feb 28 11:50:53 2017 -0800 Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM updates from Russell King: - nommu updates from Afzal Mohammed cleaning up the vectors support - allow DMA memory "mapping" for nommu Benjamin Gaignard - fixing a correctness issue with R_ARM_PREL31 relocations in the module linker - add strlen() prototype for the decompressor - support for DEBUG_VIRTUAL from Florian Fainelli - adjusting memory bounds after memory reservations have been registered - unipher cache handling updates from Masahiro Yamada - initrd and Thumb Kconfig cleanups * 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: (23 commits) ARM: mm: round the initrd reservation to page boundaries ARM: mm: clean up initrd initialisation ARM: mm: move initrd init code out of arm_memblock_init() ARM: 8655/1: improve NOMMU definition of pgprot_*() ARM: 8654/1: decompressor: add strlen prototype ARM: 8652/1: cache-uniphier: clean up active way setup code ARM: 8651/1: cache-uniphier: include instead of ARM: 8650/1: module: handle negative R_ARM_PREL31 addends correctly ARM: 8649/2: nommu: remove Hivecs configuration is asm ARM: 8648/2: nommu: display vectors base ARM: 8647/2: nommu: dynamic exception base address setting ARM: 8646/1: mmu: decouple VECTORS_BASE from Kconfig ARM: 8644/1: Reduce "CPU: shutdown" message to debug level ARM: 8641/1: treewide: Replace uses of virt_to_phys with __pa_symbol ARM: 8640/1: Add support for CONFIG_DEBUG_VIRTUAL ARM: 8639/1: Define KERNEL_START and KERNEL_END ARM: 8638/1: mtd: lart: Rename partition defines to be prefixed with PART_ ARM: 8637/1: Adjust memory boundaries after reservations ARM: 8636/1: Cleanup sanity_check_meminfo ARM: add CPU_THUMB_CAPABLE to indicate possible Thumb support ... commit f89db789de2157441d3b5e879a742437ed69cbbc Merge: 65314ed 8312593 Author: Linus Torvalds Date: Tue Feb 28 11:46:00 2017 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Two documentation updates, plus a debugging annotation fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/crash: Update the stale comment in reserve_crashkernel() x86/irq, trace: Add __irq_entry annotation to x86's platform IRQ handlers Documentation, x86, resctrl: Recommend locking for resctrlfs commit 65314ed08e9c4a94ba85f7d52a7ad324050b152e Merge: 3f26b0c 96b7774 Author: Linus Torvalds Date: Tue Feb 28 11:44:01 2017 -0800 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Ingo Molnar: "Two rq-clock warnings related fixes, plus a cgroups related crash fix" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/cgroup: Move sched_online_group() back into css_online() to fix crash sched/fair: Update rq clock before changing a task's CPU affinity sched/core: Fix update_rq_clock() splat on hotplug (and suspend/resume) commit 3f26b0c876bbfeed74325ada0329de53efbdf7a6 Merge: 74efe07 1572e45 Author: Linus Torvalds Date: Tue Feb 28 11:38:18 2017 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Misc fixes on the kernel and tooling side - nothing in particular stands out" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (21 commits) perf/core: Fix the perf_cpu_time_max_percent check perf/core: Fix perf_event_enable_on_exec() timekeeping (again) perf/core: Remove confusing comment and move put_ctx() perf record: Honor --quiet option properly perf annotate: Add -q/--quiet option perf diff: Add -q/--quiet option perf report: Add -q/--quiet option perf utils: Check verbose flag properly perf utils: Add perf_quiet_option() perf record: Add -a as default target perf stat: Add -a as default target perf tools: Fail on using multiple bits long terms without value perf tools: Move new_term arguments into struct parse_events_term template perf build: Add special fixdep cleaning rule perf tools: Replace _SC_NPROCESSORS_CONF with max_present_cpu in cpu_topology_map perf header: Make build_cpu_topology skip offline/absent CPUs perf cpumap: Add cpu__max_present_cpu() perf session: Fix DEBUG=1 build with clang tools lib traceevent: It's preempt not prempt perf python: Filter out -specs=/a/b/c from the python binding cc options ... commit 74efe07bc38c538ba7ac40a895910f4f3bee3152 Merge: e72e58f 318b1de Author: Linus Torvalds Date: Tue Feb 28 10:44:16 2017 -0800 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking fixes from Ingo Molnar: "The main change is the uninlining of large refcount_t APIs, plus a header dependency fix. Note that the uninlining allowed us to enable the underflow/overflow warnings unconditionally and remove the debug Kconfig switch: this might trigger new warnings in buggy code and turn crashes/use-after-free bugs into less harmful memory leaks" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/refcounts: Add missing kernel.h header to have UINT_MAX defined locking/refcounts: Out-of-line everything commit e72e58faa709d554f95431dbafd3374db5ed3fbb Merge: 74e3f63 4e4636c Author: Linus Torvalds Date: Tue Feb 28 10:15:59 2017 -0800 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull objtool fixes from Ingo Molnar: "A handful of objtool fixes related to unreachable code, plus a build fix for out of tree modules" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Enclose contents of unreachable() macro in a block objtool: Prevent GCC from merging annotate_unreachable() objtool: Improve detection of BUG() and other dead ends objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules commit 74e3f63ce60eb81fbd39aa6c0353059b7e2cb5f7 Merge: c2eca00 96297ae Author: Linus Torvalds Date: Tue Feb 28 10:13:40 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide Pull IDE updates from David Miller: "Just one actual change here this time around, adding some init data annotations. The other change was bogus and got reverted" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide: ide: palm_bk3710: add __initdata to palm_bk3710_port_info Revert "ide: Fix interface autodetection in legacy IDE driver (trial #2)" ide: Fix interface autodetection in legacy IDE driver (trial #2) commit c2eca00fec40a9b3551f0605834acad9336099d1 Merge: 86292b3 2f44f75 Author: Linus Torvalds Date: Tue Feb 28 10:00:39 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Don't save TIPC header values before the header has been validated, from Jon Paul Maloy. 2) Fix memory leak in RDS, from Zhu Yanjun. 3) We miss to initialize the UID in the flow key in some paths, from Julian Anastasov. 4) Fix latent TOS masking bug in the routing cache removal from years ago, also from Julian. 5) We forget to set the sockaddr port in sctp_copy_local_addr_list(), fix from Xin Long. 6) Missing module ref count drop in packet scheduler actions, from Roman Mashak. 7) Fix RCU annotations in rht_bucket_nested, from Herbert Xu. 8) Fix use after free which happens because L2TP's ipv4 support returns non-zero values from it's backlog_rcv function which ipv4 interprets as protocol values. Fix from Paul Hüber. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (35 commits) qed: Don't use attention PTT for configuring BW qed: Fix race with multiple VFs l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv xfrm: provide correct dst in xfrm_neigh_lookup rhashtable: Fix RCU dereference annotation in rht_bucket_nested rhashtable: Fix use before NULL check in bucket_table_free net sched actions: do not overwrite status of action creation. rxrpc: Kernel calls get stuck in recvmsg net sched actions: decrement module reference count after table flush. lib: Allow compile-testing of parman ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt sctp: set sin_port for addr param when checking duplicate address net/mlx4_en: fix overflow in mlx4_en_init_timestamp() netfilter: nft_set_bitmap: incorrect bitmap size net: s2io: fix typo argumnet argument net: vxge: fix typo argumnet argument netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value. ipv4: mask tos for input route ipv4: add missing initialization for flowi4_uid lib: fix spelling mistake: "actualy" -> "actually" ... commit 900f736251c81886f3064c9d489c85eddee921b7 Author: Jaegeuk Kim Date: Mon Feb 27 21:28:53 2017 -0800 f2fs: avoid to flush nat journal entries This patch adds a missing condition which flushes nat journal entries unnecessarily introduced by: f2fs: add bitmaps for empty or full NAT blocks Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/node.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ac28e47ccc3ff8dabce1aec6b224760c3e524044 Author: Ladislav Michl Date: Tue Feb 21 10:44:45 2017 +0100 ARM: OMAP2+: Remove legacy gpmc-nand.c This code is no longer used and can be removed as we are using device tree. Removing this code also removes a dependency between drivers/mtd and arch/arm/mach-omap2 making furhter driver changes easier. Signed-off-by: Ladislav Michl [tony@atomide.com: removed from header too, updated comments] Signed-off-by: Tony Lindgren arch/arm/mach-omap2/Makefile | 3 - arch/arm/mach-omap2/gpmc-nand.c | 154 ---------------------------------------- include/linux/omap-gpmc.h | 11 --- 3 files changed, 168 deletions(-) commit 7807e086a2d1f69cc1a57958cac04fea79fc2112 Author: Ladislav Michl Date: Sat Feb 11 14:02:49 2017 +0100 ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure gpmc_probe_onenand_child returns success even on gpmc_onenand_init failure. Fix that. Signed-off-by: Ladislav Michl Acked-by: Roger Quadros Signed-off-by: Tony Lindgren arch/arm/mach-omap2/gpmc-onenand.c | 10 ++++++---- drivers/memory/omap-gpmc.c | 4 +--- include/linux/omap-gpmc.h | 5 +++-- 3 files changed, 10 insertions(+), 9 deletions(-) commit 493de342748cc6f52938096f5480cf291da58a0b Author: Takashi Iwai Date: Tue Feb 28 17:27:57 2017 +0100 ALSA: hda - Add subwoofer support for Dell Inspiron 17 7000 Gaming Dell Inspiron 17 7000 Gaming laptop needs a similar quirk like Inspiron 7599 to support its subwoofer speaker. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=194191 Cc: Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) commit 15c75b09f8d190f89ab4db463b87d411ca349dfe Author: Takashi Iwai Date: Tue Feb 28 17:16:48 2017 +0100 ALSA: ctxfi: Fallback DMA mask to 32bit Currently ctxfi driver tries to set only the 64bit DMA mask on 64bit architectures, and bails out if it fails. This causes a problem on some platforms since the 64bit DMA isn't always guaranteed. We should fall back to the default 32bit DMA when 64bit DMA fails. Fixes: 6d74b86d3c0f ("ALSA: ctxfi - Allow 64bit DMA") Cc: Signed-off-by: Takashi Iwai sound/pci/ctxfi/cthw20k1.c | 19 ++++++------------- sound/pci/ctxfi/cthw20k2.c | 19 ++++++------------- 2 files changed, 12 insertions(+), 26 deletions(-) commit 1bd49882d78a9b976fe7380ec1bdeb454d68a358 Merge: 0341735 4838589 Author: Tony Lindgren Date: Tue Feb 28 08:46:30 2017 -0800 Merge branch 'gpio-key-wakeup-fix' into omap-for-v4.11/fixes commit 48385896e9c53e1061f103e1271a6be9a7ea00c4 Author: Teresa Remmet Date: Fri Feb 10 13:29:07 2017 +0100 ARM: dts: am335x-pcm953: Fix legacy wakeup source binding Replaced the legacy binding "gpio-key,wakeup" with "wakeup-source" as noted in the kernel documentation. Signed-off-by: Teresa Remmet Reported-by: Sudeep Holla Signed-off-by: Tony Lindgren arch/arm/boot/dts/am335x-pcm-953.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0341735226dcfa9d3727ff001e030f879ab91ca2 Author: Tony Lindgren Date: Fri Feb 17 06:51:17 2017 -0800 ARM: omap2plus_defconfig: Enable INPUT_MOUSEDEV as loadable modules Otherwise mice won't be happy. Signed-off-by: Tony Lindgren arch/arm/configs/omap2plus_defconfig | 1 + 1 file changed, 1 insertion(+) commit f5432f01240ef69a391940d623b6a51768aefd65 Author: Sekhar Nori Date: Wed Feb 15 20:42:52 2017 +0530 ARM: dts: am57xx-idk: tpic2810 is on I2C bus, not SPI commit 50e95b6b854c ("ARM: dts: am57xx-idk: Add Industrial output support") added the TPIC2810 device-tree node under SPI bus instead of I2C1. Fix it. Tested on AM572x IDK by driving on-board LEDs connected to TPIC2810 Fixes: 50e95b6b854c ("ARM: dts: am57xx-idk: Add Industrial output support") Signed-off-by: Sekhar Nori Acked-by: Andrew F. Davis Signed-off-by: Tony Lindgren arch/arm/boot/dts/am57xx-idk-common.dtsi | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 715e82cf93ec9e8f728e42284abe9998dec2888e Merge: c470abd 448c077 Author: Tony Lindgren Date: Tue Feb 28 07:45:36 2017 -0800 Merge branch 'omap-for-v4.10/fixes' into omap-for-v4.11/fixes commit b7a42b9d38063e58cdf201c575da75943f71051e Author: Joerg Roedel Date: Tue Feb 28 13:57:18 2017 +0100 iommu/amd: Fix crash when accessing AMD-Vi sysfs entries The link between the iommu sysfs-device and the struct amd_iommu is no longer stored as driver-data. Update the code to the new correct way of getting from device to amd_iommu. Reported-by: Dave Jones Fixes: 39ab9555c241 ('iommu: Add sysfs bindings for struct iommu_device') Signed-off-by: Joerg Roedel drivers/iommu/amd_iommu_init.c | 4 ++-- drivers/iommu/amd_iommu_types.h | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) commit a7fdb6e648fb10a4174483b5fc4dac9c25bd2093 Author: Joerg Roedel Date: Tue Feb 28 13:57:18 2017 +0100 iommu/vt-d: Fix crash when accessing VT-d sysfs entries The link between the iommu sysfs-device and the struct intel_iommu is no longer stored as driver-data. Update the code to use the new access method. Reported-by: Dave Jones Fixes: 39ab9555c241 ('iommu: Add sysfs bindings for struct iommu_device') Signed-off-by: Joerg Roedel drivers/iommu/intel-iommu.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 71321eb3f2d0df4e6c327e0b936eec4458a12054 Author: Takashi Iwai Date: Tue Feb 28 14:49:07 2017 +0100 ALSA: timer: Reject user params with too small ticks When a user sets a too small ticks with a fine-grained timer like hrtimer, the kernel tries to fire up the timer irq too frequently. This may lead to the condensed locks, eventually the kernel spinlock lockup with warnings. For avoiding such a situation, we define a lower limit of the resolution, namely 1ms. When the user passes a too small tick value that results in less than that, the kernel returns -EINVAL now. Reported-by: Dmitry Vyukov Cc: Signed-off-by: Takashi Iwai sound/core/timer.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) commit 20a7db8ab3f2057a518448b1728d504ffadef65e Author: David Sterba Date: Fri Feb 17 16:24:29 2017 +0100 btrfs: add dummy callback for readpage_io_failed and drop checks Make extent_io_ops::readpage_io_failed_hook callback mandatory and define a dummy function for btrfs_extent_io_ops. As the failed IO callback is not performance critical, the branch vs extra trade off does not hurt. Signed-off-by: David Sterba fs/btrfs/disk-io.c | 2 +- fs/btrfs/extent_io.c | 2 +- fs/btrfs/extent_io.h | 2 +- fs/btrfs/inode.c | 7 +++++++ 4 files changed, 10 insertions(+), 3 deletions(-) commit 20c9801d393d9f077c476f40440b481daaccb9d6 Author: David Sterba Date: Fri Feb 17 15:59:35 2017 +0100 btrfs: drop checks for mandatory extent_io_ops callbacks We know that eadpage_end_io_hook, submit_bio_hook and merge_bio_hook are always defined so we can drop the checks before we call them. Signed-off-by: David Sterba fs/btrfs/extent_io.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 4d53dddbec671bcb64a936a3d2b7bf1ce2252ed0 Author: David Sterba Date: Fri Feb 17 15:27:44 2017 +0100 btrfs: document existence of extent_io ops callbacks Some of the callbacks defined in btree_extent_io_ops and btrfs_extent_io_ops do always exist so we don't need to check the existence before each call. This patch just reorders the definition and documents which are mandatory/optional. Signed-off-by: David Sterba fs/btrfs/disk-io.c | 7 +++++-- fs/btrfs/extent_io.h | 23 ++++++++++++++++------- fs/btrfs/inode.c | 7 +++++-- 3 files changed, 26 insertions(+), 11 deletions(-) commit c3988d630a4dfec5c09f2b6496734f320949ea9c Author: David Sterba Date: Fri Feb 17 15:18:32 2017 +0100 btrfs: let writepage_end_io_hook return void There's no error path in any of the instances, always return 0. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/extent_io.c | 9 +++------ fs/btrfs/extent_io.h | 2 +- fs/btrfs/inode.c | 6 ++---- 3 files changed, 6 insertions(+), 11 deletions(-) commit b9d04c607c21fafe0a346792d0d358e7ab9a768e Author: David Sterba Date: Fri Feb 17 19:42:43 2017 +0100 btrfs: do proper error handling in btrfs_insert_xattr_item The space check in btrfs_insert_xattr_item is duplicated in it's caller (do_setxattr) so we won't hit the BUG_ON. Continuing without any check could be disasterous so turn it to a proper error handling. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/dir-item.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit fa2529923d3bc5f0b39ff7a7c52be74c4aea6f2a Author: David Sterba Date: Wed Feb 15 09:35:01 2017 +0100 btrfs: handle allocation error in update_dev_stat_item Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/volumes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 047e5e17c1e3551ef0fb34b629c66bec0591db0d Author: David Sterba Date: Tue Feb 14 17:33:27 2017 +0100 btrfs: remove BUG_ON from __tree_mod_log_insert All callers dereference the 'tm' parameter before it gets to this function, the NULL check does not make much sense here. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.c | 2 -- 1 file changed, 2 deletions(-) commit e5d74902362f1a06ea3674042d09f1af178c0a20 Author: David Sterba Date: Tue Feb 14 19:45:05 2017 +0100 btrfs: derive maximum output size in the compression implementation The value of max_out can be calculated from the parameters passed to the compressors, which is number of pages and the page size, and we don't have to needlessly pass it around. Signed-off-by: David Sterba fs/btrfs/compression.c | 6 ++---- fs/btrfs/compression.h | 6 ++---- fs/btrfs/inode.c | 3 +-- fs/btrfs/lzo.c | 4 ++-- fs/btrfs/zlib.c | 4 ++-- 5 files changed, 9 insertions(+), 14 deletions(-) commit 069eac7850890acf0d3c21a6c8ca9f33ddb34a0d Author: David Sterba Date: Tue Feb 14 19:36:54 2017 +0100 btrfs: use predefined limits for calculating maximum number of pages for compression Signed-off-by: David Sterba fs/btrfs/inode.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit ff7638665c9a82894cabd18d26a9f8957f280f55 Author: David Sterba Date: Tue Feb 14 19:30:39 2017 +0100 btrfs: export compression buffer limits in a header Move the buffer limit definitions out of compress_file_range. Reviewed-by: Qu Wenruo Signed-off-by: David Sterba fs/btrfs/compression.h | 15 +++++++++++++++ fs/btrfs/inode.c | 10 ---------- 2 files changed, 15 insertions(+), 10 deletions(-) commit 4d3a800ebb1299944408f3b40b5b6b996477fba2 Author: David Sterba Date: Tue Feb 14 19:04:07 2017 +0100 btrfs: merge nr_pages input and output parameter in compress_pages The parameter saying how many pages can be allocated at maximum can be merged with the output page counter, to save some stack space. The compression implementation will sink the parameter to a local variable so everything works as before. The nr_pages variables can also be simply merged in compress_file_range into one. Signed-off-by: David Sterba fs/btrfs/compression.c | 7 +++---- fs/btrfs/compression.h | 2 -- fs/btrfs/inode.c | 13 ++++++------- fs/btrfs/lzo.c | 2 +- fs/btrfs/zlib.c | 2 +- 5 files changed, 11 insertions(+), 15 deletions(-) commit 38c31464089f639630b7c28ce933a4d60e135a02 Author: David Sterba Date: Tue Feb 14 19:04:07 2017 +0100 btrfs: merge length input and output parameter in compress_pages The length parameter is basically duplicated for input and output in the top level caller of the compress_pages chain. We can simply use one variable for that and reduce stack consumption. The compression implementation will sink the parameter to a local variable so everything works as before. Signed-off-by: David Sterba fs/btrfs/compression.c | 24 +++++++++++------------- fs/btrfs/compression.h | 5 ++--- fs/btrfs/inode.c | 2 +- fs/btrfs/lzo.c | 4 ++-- fs/btrfs/zlib.c | 3 ++- 5 files changed, 18 insertions(+), 20 deletions(-) commit 52f75f4fe74ce86376d68b30c94d5fb11cb4019e Author: David Sterba Date: Tue Feb 14 18:33:53 2017 +0100 btrfs: constify name of subvolume in creation helpers Signed-off-by: David Sterba fs/btrfs/ioctl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 14a3357b4097d94ac6401c597abc2d02965e0fdd Author: David Sterba Date: Tue Feb 14 17:58:04 2017 +0100 btrfs: constify buffers used by compression helpers Signed-off-by: David Sterba fs/btrfs/compression.c | 2 +- fs/btrfs/compression.h | 2 +- fs/btrfs/lzo.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit 9ed573674ae607bc616c804657bfaf5b6ea5889d Author: David Sterba Date: Tue Feb 14 18:03:49 2017 +0100 btrfs: constify input buffer of btrfs_csum_data The function does not modify the input buffer, also update a typecast in one caller. Signed-off-by: David Sterba fs/btrfs/disk-io.c | 4 ++-- fs/btrfs/disk-io.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit da353f6b30bc02da29b54f5f024039698fbd23f4 Author: David Sterba Date: Tue Feb 14 17:55:53 2017 +0100 btrfs: constify device path passed to relevant helpers Signed-off-by: David Sterba fs/btrfs/dev-replace.c | 5 +++-- fs/btrfs/dev-replace.h | 5 +++-- fs/btrfs/volumes.c | 18 ++++++++++-------- fs/btrfs/volumes.h | 12 ++++++------ 4 files changed, 22 insertions(+), 18 deletions(-) commit c3a49c8991212e1ef795c7a46881ac5cc7766993 Author: Rafael J. Wysocki Date: Tue Feb 28 00:05:01 2017 +0100 cpufreq: intel_pstate: Fix limits issue with operation mode switching There is a problem with intel_pstate operation mode switching introduced by commit fb1fe1041c04 (cpufreq: intel_pstate: Operation mode control from sysfs), because the global sysfs limits are preserved across operation modes while per-policy limits are reinitialized from scratch on a mode switch and both sets of limits may get out of sync this way. Fix that by always reinitializing the global limits upon the registration of the driver. Fixes: fb1fe1041c04 (cpufreq: intel_pstate: Operation mode control from sysfs) Signed-off-by: Rafael J. Wysocki Acked-by: Srinivas Pandruvada drivers/cpufreq/intel_pstate.c | 65 ++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 43 deletions(-) commit 29e09229d9f26129a39462fae0ddabc4d9533989 Author: Florian Westphal Date: Fri Feb 17 08:39:28 2017 +0100 netfilter: use skb_to_full_sk in ip_route_me_harder inet_sk(skb->sk) is illegal in case skb is attached to request socket. Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener") Reported by: Daniel J Blueman Signed-off-by: Florian Westphal Tested-by: Daniel J Blueman Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 17a870bea3b86f464706b6ba2736210cb8602693 Merge: 9e34404 cdcc5fa c466bda Author: Russell King Date: Tue Feb 28 11:08:11 2017 +0000 Merge branches 'fixes' and 'misc'; commit 'kuser^{/add CPU_THUMB_CAPABLE to indicate}' into for-linus commit cdcc5fa0415d943288c6316bd32e76befb1027c5 Author: Russell King Date: Mon Jan 16 15:21:05 2017 +0000 ARM: mm: round the initrd reservation to page boundaries Round the initrd memblock reservation to page boundaries to prevent other data sharing the initrd pages. This prevents an allocation possibly overlapping with the initrd, which would later get trampled on in free_initrd_mem(). Signed-off-by: Russell King arch/arm/mm/init.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) commit 68b32f361f3892fc376051b1702954b2dc692d13 Author: Russell King Date: Mon Jan 16 15:13:25 2017 +0000 ARM: mm: clean up initrd initialisation Rather than repeatedly testing phys_initrd_size to see if the initrd is still enabled, return from the new function to avoid executing the remaining initialisation. Signed-off-by: Russell King arch/arm/mm/init.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) commit 3928624812dcfa39b6a67f9de46efcb51c573ad0 Author: Russell King Date: Mon Jan 16 15:11:10 2017 +0000 ARM: mm: move initrd init code out of arm_memblock_init() Move the ARM initrd initialisation code out of arm_memblock_init() into its own function, so it can be cleaned up. Signed-off-by: Russell King arch/arm/mm/init.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit e2fce0a28d8f4293d68abf6485956e7794a30124 Author: Arnd Bergmann Date: Thu Feb 2 13:30:40 2017 +0100 ARM: 8655/1: improve NOMMU definition of pgprot_*() The tegra DRM driver produces a harmless warning when built for NOMMU: drivers/gpu/drm/tegra/gem.c: In function 'tegra_drm_mmap': drivers/gpu/drm/tegra/gem.c:508:12: unused variable 'prot' This is because pgprot_writecombine() on ARM returns a constant and ignores its argument. The version in asm-generic doesn't have that problem, so let's use that one instead. We don't actually care about the value on NOMMU, and this is consistent with what some other architectures do. Signed-off-by: Arnd Bergmann Acked-by: Thierry Reding Signed-off-by: Russell King arch/arm/include/asm/pgtable-nommu.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7b96ddd02ec33d705df02260e2d5dcfb1d498f4b Author: Arnd Bergmann Date: Thu Feb 2 13:29:36 2017 +0100 ARM: 8654/1: decompressor: add strlen prototype The decompress.c file contains a declaration for strstr() so we can include some compression library code. With the updated LZ4 implementation, we run into the same problem again for strlen(): In file included from ../include/linux/rcupdate.h:40:0, from ../include/linux/srcu.h:33, from ../include/linux/notifier.h:15, from ../include/linux/memory_hotplug.h:6, from ../include/linux/mmzone.h:749, from ../include/linux/gfp.h:5, from ../include/linux/kmod.h:22, from ../include/linux/module.h:13, from ../arch/arm/boot/compressed/../../../../lib/lz4/lz4_decompress.c:39, from ../arch/arm/boot/compressed/../../../../lib/decompress_unlz4.c:13, from ../arch/arm/boot/compressed/decompress.c:55: include/linux/cpumask.h: In function 'cpumask_parse': include/linux/cpumask.h:592:53: error: implicit declaration of function 'strlen';did you mean 'strstr'? [-Werror=implicit-function-declaration] This adds another declaration to work around the new problem. Fixes: ce83d9ab80d6 ("lib: update LZ4 compressor module") Signed-off-by: Arnd Bergmann Signed-off-by: Russell King arch/arm/boot/compressed/decompress.c | 1 + 1 file changed, 1 insertion(+) commit 06369a1e58bd5eb89c02f9a2cf1a35152cbf1154 Author: Masahiro Yamada Date: Wed Feb 1 14:30:09 2017 +0100 ARM: 8652/1: cache-uniphier: clean up active way setup code Now, the active way setup function is called with a fixed value zero for the second argument. The code can be simpler. Signed-off-by: Masahiro Yamada Signed-off-by: Russell King arch/arm/mm/cache-uniphier.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) commit 1c63d4c5e16394698072d671029e753715af100a Author: Masahiro Yamada Date: Wed Feb 1 14:29:22 2017 +0100 ARM: 8651/1: cache-uniphier: include instead of Nothing in this header file depends on . Rather, should be included for -ENODEV. Signed-off-by: Masahiro Yamada Signed-off-by: Russell King arch/arm/include/asm/hardware/cache-uniphier.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 050d18d1c65113b4558d86d53465ebe1d04910fb Author: Ard Biesheuvel Date: Mon Jan 30 18:29:28 2017 +0100 ARM: 8650/1: module: handle negative R_ARM_PREL31 addends correctly According to the spec 'ELF for the ARM Architecture' (IHI 0044E), addends for R_ARM_PREL31 relocations are 31-bit signed quantities, so we need to sign extend the value to 32 bits before it can be used as an offset in the calculation of the relocated value. We have not been bitten by this because these relocations are usually emitted against the start of a section, which means the addends never assume negative values in practice. But it is a bug nonetheless, so fix it. Signed-off-by: Ard Biesheuvel Signed-off-by: Russell King arch/arm/kernel/module.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit ad475117d2015781789364d599b85c67254680a1 Author: Afzal Mohammed Date: Wed Feb 1 13:47:34 2017 +0100 ARM: 8649/2: nommu: remove Hivecs configuration is asm Now that exception based address is handled dynamically for processors with CP15, remove Hivecs configuration in assembly. Signed-off-by: afzal mohammed Tested-by: Vladimir Murzin Signed-off-by: Russell King arch/arm/kernel/head-nommu.S | 5 ----- 1 file changed, 5 deletions(-) commit 58c16709f9cad7e6daabeaa5c94ac4dcb260aedd Author: Afzal Mohammed Date: Wed Feb 1 13:39:18 2017 +0100 ARM: 8648/2: nommu: display vectors base VECTORS_BASE displays the exception base address. Now on no-MMU as the exception base address is dynamically estimated, define VECTORS_BASE to the variable holding it. As it is the case, limit VECTORS_BASE constant definition to MMU. Suggested-by: Russell King Signed-off-by: afzal mohammed Tested-by: Vladimir Murzin Signed-off-by: Russell King arch/arm/include/asm/memory.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit f8300a0b5de08c09db105db3c34a2a1c618e147e Author: Afzal Mohammed Date: Wed Feb 1 13:46:36 2017 +0100 ARM: 8647/2: nommu: dynamic exception base address setting No-MMU dynamic exception base address configuration on CP15 processors. In the case of low vectors, decision based on whether security extensions are enabled & whether remap vectors to RAM CONFIG option is selected. For no-MMU without CP15, current default value of 0x0 is retained. Signed-off-by: afzal mohammed Tested-by: Vladimir Murzin Signed-off-by: Russell King arch/arm/mm/nommu.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) commit d2ca5f2491c1246adf3847101fdc538a3b89439c Author: Afzal Mohammed Date: Sun Jan 29 17:31:32 2017 +0100 ARM: 8646/1: mmu: decouple VECTORS_BASE from Kconfig For MMU configurations, VECTORS_BASE is always 0xffff0000, a macro definition will suffice. For no-MMU, exception base address is dynamically determined in subsequent patches. To preserve bisectability, now make the macro applicable for no-MMU scenario too. Thanks to 0-DAY kernel test infrastructure that found the bisectability issue. This macro will be restricted to MMU case upon dynamically determining exception base address for no-MMU. Once exception address is handled dynamically for no-MMU, VECTORS_BASE can be removed from Kconfig. Signed-off-by: afzal mohammed Tested-by: Vladimir Murzin Signed-off-by: Russell King arch/arm/include/asm/memory.h | 2 ++ arch/arm/mach-berlin/platsmp.c | 3 ++- arch/arm/mm/dump.c | 5 +++-- arch/arm/mm/init.c | 4 ++-- 4 files changed, 9 insertions(+), 5 deletions(-) commit 035e787543de709f29b38752251d4724200ec353 Author: Florian Fainelli Date: Thu Jan 19 01:26:28 2017 +0100 ARM: 8644/1: Reduce "CPU: shutdown" message to debug level Similar to c68b0274fb3c ("ARM: reduce "Booted secondary processor" message to debug level"), demote the "CPU: shutdown" pr_notice() into a pr_debug(). Signed-off-by: Florian Fainelli Signed-off-by: Russell King arch/arm/kernel/smp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 64fc2a947a9873700929ec0ef02b4654a04e0476 Author: Florian Fainelli Date: Sun Jan 15 03:59:29 2017 +0100 ARM: 8641/1: treewide: Replace uses of virt_to_phys with __pa_symbol All low-level PM/SMP code using virt_to_phys() should actually use __pa_symbol() against kernel symbols. Update code where relevant to move away from virt_to_phys(). Acked-by: Russell King Reviewed-by: Laura Abbott Signed-off-by: Florian Fainelli Signed-off-by: Russell King arch/arm/common/mcpm_entry.c | 12 ++++++------ arch/arm/mach-alpine/platsmp.c | 2 +- arch/arm/mach-axxia/platsmp.c | 2 +- arch/arm/mach-bcm/bcm63xx_smp.c | 2 +- arch/arm/mach-bcm/platsmp-brcmstb.c | 2 +- arch/arm/mach-bcm/platsmp.c | 4 ++-- arch/arm/mach-berlin/platsmp.c | 2 +- arch/arm/mach-exynos/firmware.c | 4 ++-- arch/arm/mach-exynos/mcpm-exynos.c | 2 +- arch/arm/mach-exynos/platsmp.c | 4 ++-- arch/arm/mach-exynos/pm.c | 6 +++--- arch/arm/mach-exynos/suspend.c | 6 +++--- arch/arm/mach-hisi/platmcpm.c | 2 +- arch/arm/mach-hisi/platsmp.c | 6 +++--- arch/arm/mach-imx/platsmp.c | 2 +- arch/arm/mach-imx/pm-imx6.c | 2 +- arch/arm/mach-imx/src.c | 2 +- arch/arm/mach-mediatek/platsmp.c | 2 +- arch/arm/mach-mvebu/pm.c | 2 +- arch/arm/mach-mvebu/pmsu.c | 2 +- arch/arm/mach-mvebu/system-controller.c | 2 +- arch/arm/mach-omap2/control.c | 8 ++++---- arch/arm/mach-omap2/omap-mpuss-lowpower.c | 12 ++++++------ arch/arm/mach-omap2/omap-smp.c | 4 ++-- arch/arm/mach-prima2/platsmp.c | 2 +- arch/arm/mach-prima2/pm.c | 2 +- arch/arm/mach-pxa/palmz72.c | 2 +- arch/arm/mach-pxa/pxa25x.c | 2 +- arch/arm/mach-pxa/pxa27x.c | 2 +- arch/arm/mach-pxa/pxa3xx.c | 2 +- arch/arm/mach-realview/platsmp-dt.c | 2 +- arch/arm/mach-rockchip/platsmp.c | 4 ++-- arch/arm/mach-rockchip/pm.c | 2 +- arch/arm/mach-s3c24xx/mach-jive.c | 2 +- arch/arm/mach-s3c24xx/pm-s3c2410.c | 2 +- arch/arm/mach-s3c24xx/pm-s3c2416.c | 2 +- arch/arm/mach-s3c64xx/pm.c | 2 +- arch/arm/mach-s5pv210/pm.c | 2 +- arch/arm/mach-sa1100/pm.c | 2 +- arch/arm/mach-shmobile/platsmp-apmu.c | 6 +++--- arch/arm/mach-shmobile/platsmp-scu.c | 4 ++-- arch/arm/mach-socfpga/platsmp.c | 4 ++-- arch/arm/mach-spear/platsmp.c | 2 +- arch/arm/mach-sti/platsmp.c | 2 +- arch/arm/mach-sunxi/platsmp.c | 4 ++-- arch/arm/mach-tango/platsmp.c | 2 +- arch/arm/mach-tango/pm.c | 2 +- arch/arm/mach-tegra/reset.c | 4 ++-- arch/arm/mach-ux500/platsmp.c | 2 +- arch/arm/mach-vexpress/dcscb.c | 2 +- arch/arm/mach-vexpress/platsmp.c | 2 +- arch/arm/mach-vexpress/tc2_pm.c | 4 ++-- arch/arm/mach-zx/platsmp.c | 4 ++-- arch/arm/mach-zynq/platsmp.c | 2 +- 54 files changed, 86 insertions(+), 86 deletions(-) commit e377cd8221ebbe0b517861aa3d823bb42f9abbd4 Author: Florian Fainelli Date: Sun Jan 15 03:59:00 2017 +0100 ARM: 8640/1: Add support for CONFIG_DEBUG_VIRTUAL x86 has an option: CONFIG_DEBUG_VIRTUAL to do additional checks on virt_to_phys calls. The goal is to catch users who are calling virt_to_phys on non-linear addresses immediately. This includes caller using __virt_to_phys() on image addresses instead of __pa_symbol(). This is a generally useful debug feature to spot bad code (particulary in drivers). Acked-by: Russell King Acked-by: Laura Abbott Signed-off-by: Florian Fainelli Signed-off-by: Russell King arch/arm/Kconfig | 1 + arch/arm/include/asm/memory.h | 15 ++++++++++-- arch/arm/mm/Makefile | 1 + arch/arm/mm/physaddr.c | 57 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 2 deletions(-) commit 399f157afd30ad942e08dfa0ab28734c50bc6b00 Merge: a09975b 1a08e3d Author: Russell King Date: Tue Feb 28 11:05:54 2017 +0000 Merge branch 'devel-stable' into misc commit a09975bf6c756e4555a95258ff4b2286dcfddc4e Author: Florian Fainelli Date: Sun Jan 15 03:57:40 2017 +0100 ARM: 8639/1: Define KERNEL_START and KERNEL_END In preparation for adding CONFIG_DEBUG_VIRTUAL support, define a set of common constants: KERNEL_START and KERNEL_END which abstract CONFIG_XIP_KERNEL vs. !CONFIG_XIP_KERNEL. Update the code where relevant. Acked-by: Russell King Signed-off-by: Florian Fainelli Signed-off-by: Russell King arch/arm/include/asm/memory.h | 7 +++++++ arch/arm/mm/init.c | 7 ++----- arch/arm/mm/mmu.c | 6 +----- 3 files changed, 10 insertions(+), 10 deletions(-) commit 4e23612bb09809ef89eb396fd5f568392e0f1ec7 Author: Florian Fainelli Date: Sun Jan 15 03:57:03 2017 +0100 ARM: 8638/1: mtd: lart: Rename partition defines to be prefixed with PART_ In preparation for defining KERNEL_START on ARM, rename KERNEL_START to PART_KERNEL_START, and to be consistent, do this for all partition-related constants. Acked-by: Boris Brezillon Signed-off-by: Florian Fainelli Signed-off-by: Russell King drivers/mtd/devices/lart.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 985626564eedc470ce2866e53938303368ad41b7 Author: Laura Abbott Date: Fri Jan 13 22:51:45 2017 +0100 ARM: 8637/1: Adjust memory boundaries after reservations adjust_lowmem_bounds is responsible for setting up the boundary for lowmem/highmem. This needs to be setup before memblock reservations can occur. At the time memblock reservations can occur, memory can also be removed from the system. The lowmem/highmem boundary and end of memory may be affected by this but it is currently not recalculated. On some systems this may be harmless, on others this may result in incorrect ranges being passed to the main memory allocator. Correct this by recalculating the lowmem/highmem boundary after all reservations have been made. Tested-by: Magnus Lilja Signed-off-by: Laura Abbott Signed-off-by: Russell King arch/arm/kernel/setup.c | 6 ++++++ arch/arm/mm/mmu.c | 9 ++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) commit 374d446d25d6271ee615952a3b7f123ba4983c35 Author: Laura Abbott Date: Fri Jan 13 22:51:08 2017 +0100 ARM: 8636/1: Cleanup sanity_check_meminfo The logic for sanity_check_meminfo has become difficult to follow. Clean up the code so it's more obvious what the code is actually trying to do. Additionally, meminfo is now removed so rename the function to better describe its purpose. Tested-by: Magnus Lilja Reviewed-by: Nicolas Pitre Signed-off-by: Laura Abbott Signed-off-by: Laura Abbott Signed-off-by: Russell King arch/arm/kernel/setup.c | 4 +-- arch/arm/mm/mmu.c | 66 ++++++++++++++++++------------------------------- arch/arm/mm/nommu.c | 8 +++--- 3 files changed, 30 insertions(+), 48 deletions(-) commit 0b581701d9771c55a908c612ca49850e6088fe08 Author: Nikolay Borisov Date: Mon Feb 20 13:51:11 2017 +0200 btrfs: make btrfs_inode_resume_unlocked_dio take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/btrfs_inode.h | 5 ++--- fs/btrfs/inode.c | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) commit abcefb1eeeff04734a59b4dd3724abbf0688252c Author: Nikolay Borisov Date: Mon Feb 20 13:51:10 2017 +0200 btrfs: make btrfs_inode_block_unlocked_dio take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/btrfs_inode.h | 4 ++-- fs/btrfs/inode.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit cef415af208984650de925e28d40aa4a6e8513f4 Author: Nikolay Borisov Date: Mon Feb 20 13:51:09 2017 +0200 btrfs: Make btrfs_add_nondir take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/inode.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) commit db0a669fb002416faafe34481d6a6e21cdf0e926 Author: Nikolay Borisov Date: Mon Feb 20 13:51:08 2017 +0200 btrfs: Make btrfs_add_link take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/inode.c | 39 ++++++++++++++++++++------------------- fs/btrfs/tree-log.c | 8 +++++--- 3 files changed, 26 insertions(+), 23 deletions(-) commit 9e3e97f45c1f4debe53f72ad309ec06890d3aac2 Author: Nikolay Borisov Date: Mon Feb 20 13:51:07 2017 +0200 btrfs: Make btrfs_del_delalloc_inode take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/inode.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit fc4f21b1d8d023cf0a2b1b050ae18e15dbe7068e Author: Nikolay Borisov Date: Mon Feb 20 13:51:06 2017 +0200 btrfs: Make get_extent_t take btrfs_inode In addition to changing the signature, this patch also switches all the functions which are used as an argument to also take btrfs_inode. Namely those are: btrfs_get_extent and btrfs_get_extent_filemap. Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 12 ++++++------ fs/btrfs/disk-io.c | 6 +++--- fs/btrfs/extent_io.c | 6 +++--- fs/btrfs/extent_io.h | 2 +- fs/btrfs/file.c | 7 ++++--- fs/btrfs/inode.c | 34 ++++++++++++++++++---------------- fs/btrfs/ioctl.c | 2 +- fs/btrfs/tests/inode-tests.c | 44 +++++++++++++++++++++++--------------------- 8 files changed, 59 insertions(+), 54 deletions(-) commit 1c8c9c5216295711c79d0e512dc8b3d5f1bfc35d Author: Nikolay Borisov Date: Mon Feb 20 13:51:05 2017 +0200 btrfs: Make check_extent_to_block take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/scrub.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit a2f392e4015a45c896528d5fdfcec4bad3ddd121 Author: Nikolay Borisov Date: Mon Feb 20 13:51:04 2017 +0200 btrfs: Make clone_update_extent_map take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ioctl.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) commit 6fc0ef687029760476e309aa85d437a47313eb08 Author: Nikolay Borisov Date: Mon Feb 20 13:51:03 2017 +0200 btrfs: Make btrfs_clear_bit_hook take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/extent_io.c | 3 ++- fs/btrfs/extent_io.h | 6 ++++-- fs/btrfs/inode.c | 37 +++++++++++++++++++------------------ 3 files changed, 25 insertions(+), 21 deletions(-) commit 9cdc51241090a36d3b7b4ff374fb18b764b3b3a4 Author: Nikolay Borisov Date: Mon Feb 20 13:51:02 2017 +0200 btrfs: Make btrfs_extent_item_to_extent_map take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/file-item.c | 10 +++++----- fs/btrfs/inode.c | 3 ++- fs/btrfs/ioctl.c | 3 ++- 4 files changed, 10 insertions(+), 8 deletions(-) commit 19df27a9e47085dcc81cbf9e7b464e7402511e18 Author: Nikolay Borisov Date: Mon Feb 20 13:51:01 2017 +0200 btrfs: make btrfs_log_inode_parent take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/tree-log.c | 50 ++++++++++++++++++++++++-------------------------- 1 file changed, 24 insertions(+), 26 deletions(-) commit aefa6115c04ee561302e133ab5916246cd3695f7 Author: Nikolay Borisov Date: Mon Feb 20 13:51:00 2017 +0200 btrfs: Make check_parent_dirs_for_sync take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/tree-log.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 73f2e545b68f6af033fd2c083ca9dc3079e79083 Author: Nikolay Borisov Date: Mon Feb 20 13:50:59 2017 +0200 btrfs: Make btrfs_orphan_add take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 3 ++- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/inode.c | 39 ++++++++++++++++++++------------------- fs/btrfs/relocation.c | 2 +- 4 files changed, 24 insertions(+), 22 deletions(-) commit 3d6ae7bb6a64b7dbc516863eeb99c3182d499aba Author: Nikolay Borisov Date: Mon Feb 20 13:50:58 2017 +0200 btrfs: make btrfs_orphan_del take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/inode.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) commit 7ab7956ec3fc77667739d065748d96f87bff6c5d Author: Nikolay Borisov Date: Mon Feb 20 13:50:57 2017 +0200 btrfs: make btrfs_free_io_failure_record take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/extent_io.c | 4 ++-- fs/btrfs/extent_io.h | 3 ++- fs/btrfs/inode.c | 9 +++++---- 3 files changed, 9 insertions(+), 7 deletions(-) commit b30cb441fcf8786773dab590739ca4ebc2b4628b Author: Nikolay Borisov Date: Mon Feb 20 13:50:56 2017 +0200 btrfs: make clean_io_failure take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/extent_io.c | 21 +++++++++++---------- fs/btrfs/extent_io.h | 4 ++-- fs/btrfs/inode.c | 4 ++-- 3 files changed, 15 insertions(+), 14 deletions(-) commit 9d4f7f8ad69112137da0bbe4036b94739ae25f78 Author: Nikolay Borisov Date: Mon Feb 20 13:50:55 2017 +0200 btrfs: make repair_io_failure take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/extent_io.c | 13 +++++++------ fs/btrfs/extent_io.h | 8 ++++---- fs/btrfs/scrub.c | 2 +- 3 files changed, 12 insertions(+), 11 deletions(-) commit f898ac6ae339782bc304b2b15c9e187e438da9f7 Author: Nikolay Borisov Date: Mon Feb 20 13:50:54 2017 +0200 btrfs: make check_compressed_csum take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/compression.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 0970a22e58d4c49f2c3e84519613a9db8f00f579 Author: Nikolay Borisov Date: Mon Feb 20 13:50:53 2017 +0200 btrfs: make btrfs_print_data_csum_error take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/btrfs_inode.h | 8 ++++---- fs/btrfs/compression.c | 5 +++-- fs/btrfs/inode.c | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) commit 4ac1f4acd7c60c95e3efa63d463418093aff9ce5 Author: Nikolay Borisov Date: Mon Feb 20 13:50:52 2017 +0200 btrfs: make free_io_failure take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/extent_io.c | 14 +++++++------- fs/btrfs/extent_io.h | 4 +++- fs/btrfs/inode.c | 6 +++--- 3 files changed, 13 insertions(+), 11 deletions(-) commit 2cff578cfceba883eef199c52674a301a8f91d19 Author: Nikolay Borisov Date: Mon Feb 20 13:50:51 2017 +0200 btrfs: Make lock_and_cleanup_extent_if_need take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/file.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 85b7ab6705d9a2e6173361f5da7cbf8f9eb07864 Author: Nikolay Borisov Date: Mon Feb 20 13:50:50 2017 +0200 btrfs: Make check_can_nocow take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/file.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) commit a776c6fa1feba7a84519170ebdb7f4a4155b89d6 Author: Nikolay Borisov Date: Mon Feb 20 13:50:49 2017 +0200 btrfs: Make btrfs_lookup_ordered_range take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/extent_io.c | 4 ++-- fs/btrfs/file.c | 4 ++-- fs/btrfs/inode.c | 11 ++++++----- fs/btrfs/ordered-data.c | 9 ++++----- fs/btrfs/ordered-data.h | 7 ++++--- fs/btrfs/scrub.c | 2 +- 6 files changed, 19 insertions(+), 18 deletions(-) commit 7a6d7067958c32d1c76e0bfd1a0d46be06340b2e Author: Nikolay Borisov Date: Mon Feb 20 13:50:48 2017 +0200 btrfs: Make btrfs_mark_extent_written take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/file.c | 8 ++++---- fs/btrfs/inode.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) commit a012a74e78d99aa27f8487c050e9ac3183bc3785 Author: Nikolay Borisov Date: Mon Feb 20 13:50:47 2017 +0200 btrfs: Make fill_holes take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/file.c | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) commit 35339c245b5939315e8763deb7f9b68fffe54912 Author: Nikolay Borisov Date: Mon Feb 20 13:50:46 2017 +0200 btrfs: Make hole_mergeable take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/file.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit dcdbc059f01e242f92e3239654a1a57d15b0da5a Author: Nikolay Borisov Date: Mon Feb 20 13:50:45 2017 +0200 btrfs: Make btrfs_drop_extent_cache take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/file.c | 11 ++++++----- fs/btrfs/inode.c | 31 +++++++++++++++++-------------- fs/btrfs/ioctl.c | 2 +- fs/btrfs/relocation.c | 8 ++++---- fs/btrfs/tests/inode-tests.c | 2 +- 6 files changed, 30 insertions(+), 26 deletions(-) commit 46e59791836c75210bdf1f715592b49836fad848 Author: Nikolay Borisov Date: Mon Feb 20 13:50:44 2017 +0200 btrfs: Make btrfs_requeue_inode_defrag take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/file.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 6158e1ce1cc620df650ebdcfb3cc08a3d86f5a4c Author: Nikolay Borisov Date: Mon Feb 20 13:50:43 2017 +0200 btrfs: Make (__)btrfs_add_inode_defrag take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/file.c | 22 +++++++++++----------- fs/btrfs/inode.c | 9 +++++---- 3 files changed, 17 insertions(+), 16 deletions(-) commit 691fa059673b3b33c25d7925acb0a58e8204dbd6 Author: Nikolay Borisov Date: Mon Feb 20 13:50:42 2017 +0200 btrfs: all btrfs_delalloc_release_metadata take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/extent-tree.c | 18 +++++++++--------- fs/btrfs/file.c | 5 +++-- fs/btrfs/free-space-cache.c | 3 ++- fs/btrfs/inode-map.c | 2 +- fs/btrfs/inode.c | 7 ++++--- fs/btrfs/relocation.c | 4 ++-- 7 files changed, 22 insertions(+), 19 deletions(-) commit 9f3db423f98c5c6c53b47f4bb2729901500bc330 Author: Nikolay Borisov Date: Mon Feb 20 13:50:41 2017 +0200 btrfs: Make btrfs_delalloc_reserve_metadata take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/extent-tree.c | 69 +++++++++++++++++++++++++------------------------- fs/btrfs/file.c | 3 ++- fs/btrfs/relocation.c | 3 ++- 4 files changed, 39 insertions(+), 38 deletions(-) commit 703b391a0362e0ee35260dd16d7d0c7a12fef0e6 Author: Nikolay Borisov Date: Mon Feb 20 13:50:40 2017 +0200 btrfs: Make btrfs_orphan_release_metadata take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/extent-tree.c | 10 +++++----- fs/btrfs/inode.c | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) commit 8ed7a2a0e0732b62d925041ff04a5e9621e0e58b Author: Nikolay Borisov Date: Mon Feb 20 13:50:39 2017 +0200 btrfs: Make btrfs_orphan_reserve_metadata take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/extent-tree.c | 10 +++++----- fs/btrfs/inode.c | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) commit 0e6bf9b13caa41b34592369c47faab916233343b Author: Nikolay Borisov Date: Mon Feb 20 13:50:38 2017 +0200 btrfs: Make calc_csum_metadata_size take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) commit baa3ba39b91bdfa270b3f6db6fdc81a1a6b4ab34 Author: Nikolay Borisov Date: Mon Feb 20 13:50:37 2017 +0200 btrfs: Make drop_outstanding_extent take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) commit 04f4f916531adc7d2ca6fdb16a68b6f2ff2a8a3b Author: Nikolay Borisov Date: Mon Feb 20 13:50:36 2017 +0200 btrfs: make btrfs_alloc_data_chunk_ondemand take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/extent-tree.c | 8 ++++---- fs/btrfs/file.c | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) commit 70ddc553b5522b96e65a162be1cecba532630841 Author: Nikolay Borisov Date: Mon Feb 20 13:50:35 2017 +0200 btrfs: make btrfs_is_free_space_inode take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/btrfs_inode.h | 8 ++++---- fs/btrfs/ctree.h | 2 +- fs/btrfs/extent-tree.c | 4 ++-- fs/btrfs/file-item.c | 2 +- fs/btrfs/inode.c | 23 ++++++++++++----------- 5 files changed, 20 insertions(+), 19 deletions(-) commit 6ef06d27903d9c15505dc1a3ccf424f5018562f7 Author: Nikolay Borisov Date: Mon Feb 20 13:50:34 2017 +0200 btrfs: Make btrfs_i_size_write take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/btrfs_inode.h | 6 +++--- fs/btrfs/delayed-inode.c | 2 +- fs/btrfs/free-space-cache.c | 2 +- fs/btrfs/inode.c | 19 +++++++++---------- fs/btrfs/ioctl.c | 4 ++-- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 2 +- 7 files changed, 18 insertions(+), 19 deletions(-) commit 877574e2548bbfd792b0b1200d4b46eef54c05f5 Author: Nikolay Borisov Date: Mon Feb 20 13:50:33 2017 +0200 btrfs: Make btrfs_set_inode_index take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/inode.c | 22 +++++++++++----------- fs/btrfs/ioctl.c | 2 +- fs/btrfs/transaction.c | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) commit 4c570655f4f95609e9f682a36647f84b54b8a721 Author: Nikolay Borisov Date: Mon Feb 20 13:50:32 2017 +0200 btrfs: make btrfs_set_inode_index_count take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/inode.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 8e7611cf38765f1bf1324ed1190f1f8e76ab9546 Author: Nikolay Borisov Date: Mon Feb 20 13:50:31 2017 +0200 btrfs: Make btrfs_insert_dir_item take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/dir-item.c | 6 +++--- fs/btrfs/inode.c | 2 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/transaction.c | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) commit d0a0b78de4a641ff0924687bfd5a9698f1a97f7a Author: Nikolay Borisov Date: Mon Feb 20 13:50:30 2017 +0200 btrfs: Make btrfs_log_all_parents take btrfs_inode Signed-off-by: Nikolay Borisov Signed-off-by: David Sterba fs/btrfs/tree-log.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 3b30460c5b0ed762be75a004e924ec3f8711e032 Author: Ard Biesheuvel Date: Mon Feb 27 15:30:56 2017 +0000 crypto: ccm - move cbcmac input off the stack Commit f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver") refactored the CCM driver to allow separate implementations of the underlying MAC to be provided by a platform. However, in doing so, it moved some data from the linear region to the stack, which violates the SG constraints when the stack is virtually mapped. So move idata/odata back to the request ctx struct, of which we can reasonably expect that it has been allocated using kmalloc() et al. Reported-by: Johannes Berg Fixes: f15f05b0a5de ("crypto: ccm - switch to separate cbcmac driver") Signed-off-by: Ard Biesheuvel Tested-by: Johannes Berg Signed-off-by: Herbert Xu crypto/ccm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 86292b33d4b79ee03e2f43ea0381ef85f077c760 Merge: 1ac884f 3e761a4 Author: Linus Torvalds Date: Mon Feb 27 23:09:29 2017 -0800 Merge branch 'akpm' (patches from Andrew) Merge yet more updates from Andrew Morton: - a few MM remainders - misc things - autofs updates - signals - affs updates - ipc - nilfs2 - spelling.txt updates * emailed patches from Andrew Morton : (78 commits) mm, x86: fix HIGHMEM64 && PARAVIRT build config for native_pud_clear() mm: add arch-independent testcases for RODATA hfs: atomically read inode size mm: clarify mm_struct.mm_{users,count} documentation mm: use mmget_not_zero() helper mm: add new mmget() helper mm: add new mmgrab() helper checkpatch: warn when formats use %Z and suggest %z lib/vsprintf.c: remove %Z support scripts/spelling.txt: add some typo-words scripts/spelling.txt: add "followings" pattern and fix typo instances scripts/spelling.txt: add "therfore" pattern and fix typo instances scripts/spelling.txt: add "overwriten" pattern and fix typo instances scripts/spelling.txt: add "overwritting" pattern and fix typo instances scripts/spelling.txt: add "deintialize(d)" pattern and fix typo instances scripts/spelling.txt: add "disassocation" pattern and fix typo instances scripts/spelling.txt: add "omited" pattern and fix typo instances scripts/spelling.txt: add "explictely" pattern and fix typo instances scripts/spelling.txt: add "applys" pattern and fix typo instances scripts/spelling.txt: add "configuartion" pattern and fix typo instances ... commit 1ac884f173d4842216f6a24c03c9833e3ce6e982 Merge: 08e32dc 5739438 Author: Linus Torvalds Date: Mon Feb 27 23:07:59 2017 -0800 Merge tag 'ktest-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-ktest Pull ktest updates from Steven Rostedt: "These are various fixes that I have made and never got around to pushing. I've been asked to get the upstream repo back up-to-date" * tag 'ktest-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-ktest: ktest: Add variable run_command_status to save status of commands executed ktest.pl: Powercycle the box on reboot if no connection can be made ktest: Add timeout to ssh command ktest: Fix child exit code processing ktest: Have POST_TEST run after the test has totally completed commit 08e32dcc86e10db1c444942b23bd418968955842 Merge: 3f5595e 73ec494 Author: Linus Torvalds Date: Mon Feb 27 23:05:42 2017 -0800 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu Pull m68nommu update from Greg Ungerer: "Only a single change, to update the amcore board defconfig" * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68k/defconfig: amcore board defconfig tuning commit 3f5595e3d0180305cfef9a9c7c6265d7ade85dea Merge: 12dfdfe fb94a68 Author: Linus Torvalds Date: Mon Feb 27 23:03:04 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull more s390 updates from Martin Schwidefsky: "Next to the usual bug fixes (including the TASK_SIZE fix), there is one larger crypto item. It allows to use protected keys with the in-kernel crypto API The protected key support has two parts, the pkey user space API to convert key formats and the paes crypto module that uses a protected key instead of a standard AES key" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390: TASK_SIZE for kernel threads s390/crypt: Add protected key AES module s390/dasd: fix spelling mistake: "supportet" -> "supported" s390/pkey: Introduce pkey kernel module s390/zcrypt: export additional symbols s390/zcrypt: Rework CONFIG_ZCRYPT Kconfig text. s390/zcrypt: Cleanup leftover module code. s390/nmi: purge tlbs after control register validation s390/nmi: fix order of register validation s390/crypto: Add PCKMO inline function s390/zcrypt: Enable request count reset for cards and queues. s390/mm: use _SEGMENT_ENTRY_EMPTY in the code s390/chsc: Add exception handler for CHSC instruction s390: opt into HAVE_COPY_THREAD_TLS s390: restore address space when returning to user space s390: rename CIF_ASCE to CIF_ASCE_PRIMARY commit 4e4636cf981b5b629fbfb78aa9f232e015f7d521 Author: Josh Poimboeuf Date: Mon Feb 27 22:21:16 2017 -0600 objtool: Enclose contents of unreachable() macro in a block Guenter Roeck reported a boot failure in mips64. It was bisected to the following commit: d1091c7fa3d5 ("objtool: Improve detection of BUG() and other dead ends") The unreachable() macro was formerly only composed of a single statement. The above commit added a second statement, but neglected to enclose the statements in a block. Suggested-by: Guenter Roeck Reported-by: Guenter Roeck Signed-off-by: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: d1091c7fa3d5 ("objtool: Improve detection of BUG() and other dead ends") Link: http://lkml.kernel.org/r/20170228042116.glmwmwiohcix7o4a@treble Signed-off-by: Ingo Molnar include/linux/compiler-gcc.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 19d19e960598161be92a7e4828eb7706c6410ce6 Author: Johannes Berg Date: Mon Feb 27 09:38:11 2017 +0100 mac80211: use driver-indicated transmitter STA only for data frames When I originally introduced using the driver-indicated station as an optimisation to avoid the hashtable lookup/iteration, of course it wasn't intended to really functionally change anything. I neglected, however, to take into account VLAN interfaces, which have the property that management and data frames are handled differently: data frames go directly to the station and the VLAN while management frames continue to be processed over the underlying/associated AP-type interface. As a consequence, when a driver used this optimisation for management frames and the user enabled VLANs, my change broke things since any management frames, particularly disassoc/deauth, were missed by hostapd. Fix this by restoring the original code path for non-data frames, they aren't critical for performance to begin with. This fixes https://bugzilla.kernel.org/show_bug.cgi?id=194713. Big thanks goes to Jarek who bisected the issue and provided a very detailed bug report, including the crucial information that he was using VLANs in his configuration. Cc: stable@vger.kernel.org Fixes: 771e846bea9e ("mac80211: allow passing transmitter station on RX") Reported-and-tested-by: Jarek Kamiński Signed-off-by: Johannes Berg net/mac80211/rx.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit 12dfdfedbf8ce3b1464e2cea80014fa0a92ed3e2 Merge: f7878dc a45463c Author: Linus Torvalds Date: Mon Feb 27 22:12:20 2017 -0800 Merge branch 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq Pull workqueue update from Tejun Heo: "Just one patch to silence clang's warnings" * 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: avoid clang warning commit f7878dc3a9d3d900c86a66d9742f7e06681b06cd Merge: fb15a78 f83f3c5 Author: Linus Torvalds Date: Mon Feb 27 21:41:08 2017 -0800 Merge branch 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup updates from Tejun Heo: "Several noteworthy changes. - Parav's rdma controller is finally merged. It is very straight forward and can limit the abosolute numbers of common rdma constructs used by different cgroups. - kernel/cgroup.c got too chubby and disorganized. Created kernel/cgroup/ subdirectory and moved all cgroup related files under kernel/ there and reorganized the core code. This hurts for backporting patches but was long overdue. - cgroup v2 process listing reimplemented so that it no longer depends on allocating a buffer large enough to cache the entire result to sort and uniq the output. v2 has always mangled the sort order to ensure that users don't depend on the sorted output, so this shouldn't surprise anybody. This makes the pid listing functions use the same iterators that are used internally, which have to have the same iterating capabilities anyway. - perf cgroup filtering now works automatically on cgroup v2. This patch was posted a long time ago but somehow fell through the cracks. - misc fixes asnd documentation updates" * 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: (27 commits) kernfs: fix locking around kernfs_ops->release() callback cgroup: drop the matching uid requirement on migration for cgroup v2 cgroup, perf_event: make perf_event controller work on cgroup2 hierarchy cgroup: misc cleanups cgroup: call subsys->*attach() only for subsystems which are actually affected by migration cgroup: track migration context in cgroup_mgctx cgroup: cosmetic update to cgroup_taskset_add() rdmacg: Fixed uninitialized current resource usage cgroup: Add missing cgroup-v2 PID controller documentation. rdmacg: Added documentation for rdmacg IB/core: added support to use rdma cgroup controller rdmacg: Added rdma cgroup controller cgroup: fix a comment typo cgroup: fix RCU related sparse warnings cgroup: move namespace code to kernel/cgroup/namespace.c cgroup: rename functions for consistency cgroup: move v1 mount functions to kernel/cgroup/cgroup-v1.c cgroup: separate out cgroup1_kf_syscall_ops cgroup: refactor mount path and clearly distinguish v1 and v2 paths cgroup: move cgroup v1 specific code to kernel/cgroup/cgroup-v1.c ... commit fb15a78210f169cf39a42df208cff09cdac86574 Merge: 5782fd1 aaf0f2f Author: Linus Torvalds Date: Mon Feb 27 21:39:19 2017 -0800 Merge branch 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu Pull percpu update from Tejun Heo: "This contains just one minor cleanup patch which gets rid of an unnecessary irqsave/restore in the cpu dead callback" * 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: percpu_counter: percpu_counter_hotcpu_callback() cleanup commit 5782fd14aaecc72f27473f380ba2044c7598b14a Merge: 45554b2 d4f6c6f Author: Linus Torvalds Date: Mon Feb 27 19:59:21 2017 -0800 Merge tag 'rtc-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux Pull RTC updates from Alexandre Belloni: "Subsystem: - constify rtc_class_ops structures New driver: - STM32 Drivers: - armada38x: fix errata, Armada 7K/8K support - ds3232: fix wakeup support - gemini: DT support - m48t86: huge cleanup and platform_data removal - mcp795: alarm support - sun6i: proper oscillator handling - tegra: proper clock handling - tps65910: calibration support" * tag 'rtc-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: (44 commits) rtc: ds3232: Call device_init_wakeup before device_register rtc: pcf2127: bulk read only date and time registers. rtc: armada38x: Add support for Armada 7K/8K rtc: armada38x: Prepare driver to manage different versions rtc: ds3232: Add regmap max_register definition. rtc: ds3232: Cleanup whitespace around register and bit definitions. rtc: m48t86: remove unused platform_data ARM: Orion5x: ts78xx: allow rtc-m48t86 to manage it's own resources ARM: Orion5x: ts78xx: remove RTC detection ARM: ep93xx: ts72xx: allow rtc-m48t86 to manage its own resources rtc: m48t86: verify that the RTC is actually present rtc: m48t86: add NVRAM support rtc: m48t86: allow driver to manage its resources rtc: m48t86: shorten register name defines bindings: rtc: correct wrong reference in required properties rtc: sun6i: Fix return value check in sun6i_rtc_clk_init() rtc: sun6i: extend test coverage rtc: sun6i: Fix compatibility with old DT binding rtc: snvs: add a missing write sync rtc: bq32000: add support to enable disable the trickle charge FET bypass ... commit 9bb92f51558f2ef5f56c257bdcea0588f31d857e Author: Y.C. Chen Date: Wed Feb 22 15:14:19 2017 +1100 drm/ast: Call open_key before enable_mmio in POST code open_key enables access the registers used by enable_mmio Signed-off-by: Y.C. Chen Signed-off-by: Benjamin Herrenschmidt Acked-by: Joel Stanley Tested-by: Y.C. Chen Cc: Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_post.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 905f21a49d388de3e99438235f3301cabf0c0ef4 Author: Y.C. Chen Date: Wed Feb 22 15:10:50 2017 +1100 drm/ast: Fix test for VGA enabled The test to see if VGA was already enabled is doing an unnecessary second test from a register that may or may not have been initialized to a valid value. Remove it. Signed-off-by: Y.C. Chen Signed-off-by: Benjamin Herrenschmidt Cc: Acked-by: Joel Stanley Tested-by: Y.C. Chen Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_post.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit 42a70abddd90374518057e989f5b7289b7b535d8 Author: Dupuis, Chad Date: Fri Feb 24 00:31:56 2017 -0800 scsi: qedi: Fix memory leak in tmf response processing. Signed-off-by: Manish Rangankar Signed-off-by: Chad Dupuis Signed-off-by: Martin K. Petersen drivers/scsi/qedi/qedi_fw.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit fbdab3e7fd547e1ce558db1521659707bdf02cc6 Author: Colin Ian King Date: Fri Feb 24 14:43:30 2017 +0000 scsi: aacraid: remove redundant zero check on ret The check for ret being zero is redundant as a few statements earlier we break out of the while loop if ret is non-zero. Thus we can remove the zero check and also the dead-code non-zero case too. Detected by CoverityScan, CID#1411632 ("Logically Dead Code") Signed-off-by: Colin Ian King Acked-by: Dave Carroll Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commsup.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 94fdc2a86a927b409d9a09ba28bcb08e34f3ac8d Author: Y.C. Chen Date: Fri Feb 17 14:45:07 2017 +1100 drm/ast: POST code for the new AST2500 This is used when the BMC isn't running any code and thus has to be initialized by the host. The code originates from Aspeed (Y.C. Chen) and has been cleaned up for coding style purposes by BenH. Signed-off-by: Y.C. Chen Acked-by: Joel Stanley Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_dram_tables.h | 62 +++++ drivers/gpu/drm/ast/ast_post.c | 417 +++++++++++++++++++++++++++++++++- 2 files changed, 476 insertions(+), 3 deletions(-) commit d95618ef0a05236a2642d1a829fffd90de88e5f0 Author: Benjamin Herrenschmidt Date: Fri Feb 17 13:51:34 2017 +1100 drm/ast: Rename ast_init_dram_2300 to ast_post_chip_2300 The function does more than initializing the DRAM and in turns calls other functions to do the actual init. This will keeping things more consistent with the upcoming AST2500 POST code. Signed-off-by: Benjamin Herrenschmidt Acked-by: Joel Stanley Tested-by: Y.C. Chen Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_post.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b368e53aae7694e0fb2bdec9667c9acc5108b629 Author: Benjamin Herrenschmidt Date: Sat Feb 18 14:19:10 2017 +1100 drm/ast: Factor mmc_test code in POST code There's a some duplication for what's essentially copies of two loops, so factor it. The upcoming AST2500 POST code adds more of them. Also cleanup return types for the test functions, most of them return a boolean, some return a u32. Signed-off-by: Benjamin Herrenschmidt Acked-by: Joel Stanley Tested-by: Y.C. Chen Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_post.c | 82 ++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 51 deletions(-) commit bad09da6deab157440a3f0dd5e6c03cdc60c0a91 Author: Y.C. Chen Date: Fri Feb 17 10:56:47 2017 +0800 drm/ast: Fixed vram size incorrect issue on POWER The default value of VGA scratch may incorrect. Should initial h/w before get vram info. Acked-by: Joel Stanley Tested-by: Y.C. Chen Signed-off-by: Y.C. Chen Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_main.c | 6 +++--- drivers/gpu/drm/ast/ast_post.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit 9f93c8b3c08f8c456aad86fd05caa6a1688320ff Author: Y.C. Chen Date: Fri Feb 17 14:36:46 2017 +1100 drm/ast: Base support for AST2500 Add detection and mode setting updates for AST2500 generation chip, code originally from Aspeed and slightly reworked for coding style mostly by Ben. This doesn't contain the BMC DRAM POST code which is in a separate patch. Signed-off-by: Y.C. Chen Signed-off-by: Benjamin Herrenschmidt Acked-by: Joel Stanley Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_drv.h | 2 ++ drivers/gpu/drm/ast/ast_main.c | 32 +++++++++++++++++++--- drivers/gpu/drm/ast/ast_mode.c | 30 ++++++++++++++++----- drivers/gpu/drm/ast/ast_tables.h | 58 +++++++++++++++++++++++++++++++++------- 4 files changed, 103 insertions(+), 19 deletions(-) commit 6475a7cce61967fca4dd793b60acf5a7dc70bc9a Author: Benjamin Herrenschmidt Date: Fri Feb 17 13:57:30 2017 +1100 drm/ast: Fix calculation of MCLK Some braces were missing causing an incorrect calculation. Y.C. Chen from Aspeed provided me with the right formula which I tested on AST2400 and 2500. The MCLK isn't currently used by the driver (it will eventually to filter modes) so the issue isn't catastrophic. Also make the printed value a bit more meaningful Signed-off-by: Benjamin Herrenschmidt Acked-by: Joel Stanley Tested-by: Y.C. Chen Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit cf2f6bd402470caed4e4d75b783d2d48277a3568 Author: Benjamin Herrenschmidt Date: Fri Feb 17 13:55:58 2017 +1100 drm/ast: Remove spurious include Signed-off-by: Benjamin Herrenschmidt Acked-by: Joel Stanley Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_main.c | 2 -- 1 file changed, 2 deletions(-) commit 22acdbb1bdbd56cc9939e18516dfcf214a9d835b Author: Benjamin Herrenschmidt Date: Fri Feb 17 13:45:24 2017 +1100 drm/ast: const'ify mode setting tables And fix some comment alignment & space/tabs while at it Signed-off-by: Benjamin Herrenschmidt Acked-by: Joel Stanley Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_drv.h | 4 +- drivers/gpu/drm/ast/ast_mode.c | 8 +-- drivers/gpu/drm/ast/ast_tables.h | 106 +++++++++++++++++++-------------------- 3 files changed, 59 insertions(+), 59 deletions(-) commit 71f677a91046599ece96ebab21df956ce909c456 Author: Russell Currey Date: Fri Feb 17 14:33:01 2017 +1100 drm/ast: Handle configuration without P2A bridge The ast driver configures a window to enable access into BMC memory space in order to read some configuration registers. If this window is disabled, which it can be from the BMC side, the ast driver can't function. Closing this window is a necessity for security if a machine's host side and BMC side are controlled by different parties; i.e. a cloud provider offering machines "bare metal". A recent patch went in to try to check if that window is open but it does so by trying to access the registers in question and testing if the result is 0xffffffff. This method will trigger a PCIe error when the window is closed which on some systems will be fatal (it will trigger an EEH for example on POWER which will take out the device). This patch improves this in two ways: - First, if the firmware has put properties in the device-tree containing the relevant configuration information, we use these. - Otherwise, a bit in one of the SCU scratch registers (which are readable via the VGA register space and writeable by the BMC) will indicate if the BMC has closed the window. This bit has been defined by Y.C Chen from Aspeed. If the window is closed and the configuration isn't available from the device-tree, some sane defaults are used. Those defaults are hopefully sufficient for standard video modes used on a server. Signed-off-by: Russell Currey Acked-by: Joel Stanley Cc: Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_drv.h | 6 +- drivers/gpu/drm/ast/ast_main.c | 264 +++++++++++++++++++++++++---------------- drivers/gpu/drm/ast/ast_post.c | 7 +- 3 files changed, 168 insertions(+), 109 deletions(-) commit 3856081eede297b617560b85e948cfb00bb395ec Author: Y.C. Chen Date: Thu Feb 23 15:52:33 2017 +0800 drm/ast: Fix AST2400 POST failure without BMC FW or VBIOS The current POST code for the AST2300/2400 family doesn't work properly if the chip hasn't been initialized previously by either the BMC own FW or the VBIOS. This fixes it. Signed-off-by: Y.C. Chen Signed-off-by: Benjamin Herrenschmidt Tested-by: Y.C. Chen Acked-by: Joel Stanley Cc: Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_post.c | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) commit 825c6abbc316f496cd2b66e1fa72892cf4b49a9f Author: Arnd Bergmann Date: Mon Feb 27 21:37:12 2017 +0100 scsi: lpfc: use proper format string for dma_addr_t dma_addr_t may be either u32 or u64, depending on the kernel configuration, and we get a warning for the 32-bit case: drivers/scsi/lpfc/lpfc_nvme.c: In function 'lpfc_nvme_ls_req': drivers/scsi/lpfc/lpfc_logmsg.h:52:52: error: format '%llu' expects argument of type 'long long unsigned int', but argument 11 has type 'dma_addr_t {aka unsigned int}' [-Werror=format=] drivers/scsi/lpfc/lpfc_logmsg.h:52:52: error: format '%llu' expects argument of type 'long long unsigned int', but argument 12 has type 'dma_addr_t {aka unsigned int}' [-Werror=format=] drivers/scsi/lpfc/lpfc_nvme.c: In function 'lpfc_nvme_ls_abort': drivers/scsi/lpfc/lpfc_logmsg.h:52:52: error: format '%llu' expects argument of type 'long long unsigned int', but argument 11 has type 'dma_addr_t {aka unsigned int}' [-Werror=format=] drivers/scsi/lpfc/lpfc_logmsg.h:52:52: error: format '%llu' expects argument of type 'long long unsigned int', but argument 12 has type 'dma_addr_t {aka unsigned int}' [-Werror=format=] printk has a special "%pad" format string that passes the dma address by reference to solve this problem. Fixes: 01649561a8b4 ("scsi: lpfc: NVME Initiator: bind to nvme_fc api") Signed-off-by: Arnd Bergmann Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_nvme.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 90ec7c9dff07d676c0b9b499286b931005c6b051 Author: Arnd Bergmann Date: Mon Feb 27 21:31:43 2017 +0100 scsi: lpfc: use div_u64 for 64-bit division The new debugfs output causes a link error on 32-bit architectures: ERROR: "__aeabi_uldivmod" [drivers/scsi/lpfc/lpfc.ko] undefined! This code is not performance critical, so we can simply use div_u64(). [mkp: fixed up whitespace] Fixes: bd2cdd5e400f ("scsi: lpfc: NVME Initiator: Add debugfs support") Fixes: 2b65e18202fd ("scsi: lpfc: NVME Target: Add debugfs support") Signed-off-by: Arnd Bergmann Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_debugfs.c | 64 ++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 32 deletions(-) commit 3e761a42e19c63b624ebac94d918d8a15e07e2a7 Author: Dave Jiang Date: Mon Feb 27 14:30:25 2017 -0800 mm, x86: fix HIGHMEM64 && PARAVIRT build config for native_pud_clear() Looks like I also missed the build config that includes CONFIG_HIGHMEM64G && CONFIG_PARAVIRT to export the native_pud_clear() dummy function. Fixes: a00cc7d9dd93d ("mm, x86: add support for PUD-sized transparent hugepages") Link: http://lkml.kernel.org/r/148823188084.56076.17451228917824355200.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Dave Jiang Reported-by: Laura Abbott Reported-by: Boris Ostrovsky Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/include/asm/pgtable-3level.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2959a5f726f6510d6dd7c958f8877e08d0cf589c Author: Jinbum Park Date: Mon Feb 27 14:30:22 2017 -0800 mm: add arch-independent testcases for RODATA This patch makes arch-independent testcases for RODATA. Both x86 and x86_64 already have testcases for RODATA, But they are arch-specific because using inline assembly directly. And cacheflush.h is not a suitable location for rodata-test related things. Since they were in cacheflush.h, If someone change the state of CONFIG_DEBUG_RODATA_TEST, It cause overhead of kernel build. To solve the above issues, write arch-independent testcases and move it to shared location. [jinb.park7@gmail.com: fix config dependency] Link: http://lkml.kernel.org/r/20170209131625.GA16954@pjb1027-Latitude-E5410 Link: http://lkml.kernel.org/r/20170129105436.GA9303@pjb1027-Latitude-E5410 Signed-off-by: Jinbum Park Acked-by: Kees Cook Cc: Ingo Molnar Cc: H. Peter Anvin Cc: Arjan van de Ven Cc: Laura Abbott Cc: Russell King Cc: Valentin Rothberg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/Kconfig.debug | 8 ----- arch/x86/include/asm/cacheflush.h | 10 ------ arch/x86/kernel/Makefile | 1 - arch/x86/kernel/test_rodata.c | 75 --------------------------------------- arch/x86/mm/init_32.c | 4 --- arch/x86/mm/init_64.c | 5 --- include/linux/rodata_test.h | 23 ++++++++++++ init/main.c | 6 ++-- mm/Kconfig.debug | 6 ++++ mm/Makefile | 1 + mm/rodata_test.c | 56 +++++++++++++++++++++++++++++ 11 files changed, 90 insertions(+), 105 deletions(-) commit 8d85063adbb1eb3d168e226fef96995391462c20 Author: Fabian Frederick Date: Mon Feb 27 14:30:19 2017 -0800 hfs: atomically read inode size See i_size_read() comments in include/linux/fs.h Link: http://lkml.kernel.org/r/20170123175245.3272-1-fabf@skynet.be Signed-off-by: Fabian Frederick Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/hfs/mdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b279ddc3382426f8e05068de3488a2993f68dc26 Author: Vegard Nossum Date: Mon Feb 27 14:30:16 2017 -0800 mm: clarify mm_struct.mm_{users,count} documentation Clarify documentation relating to mm_users and mm_count, and switch to kernel-doc syntax. Link: http://lkml.kernel.org/r/20161218123229.22952-4-vegard.nossum@oracle.com Signed-off-by: Vegard Nossum Acked-by: Michal Hocko Acked-by: Peter Zijlstra (Intel) Acked-by: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm_types.h | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) commit 388f79345502232d335467e8fa6f8e55a18844e1 Author: Vegard Nossum Date: Mon Feb 27 14:30:13 2017 -0800 mm: use mmget_not_zero() helper We already have the helper, we can convert the rest of the kernel mechanically using: git grep -l 'atomic_inc_not_zero.*mm_users' | xargs sed -i 's/atomic_inc_not_zero(&\(.*\)->mm_users)/mmget_not_zero\(\1\)/' This is needed for a later patch that hooks into the helper, but might be a worthwhile cleanup on its own. Link: http://lkml.kernel.org/r/20161218123229.22952-3-vegard.nossum@oracle.com Signed-off-by: Vegard Nossum Acked-by: Michal Hocko Acked-by: Peter Zijlstra (Intel) Acked-by: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/gpu/drm/i915/i915_gem_userptr.c | 2 +- drivers/iommu/intel-svm.c | 2 +- fs/proc/base.c | 4 ++-- fs/proc/task_mmu.c | 4 ++-- fs/proc/task_nommu.c | 2 +- kernel/events/uprobes.c | 2 +- mm/swapfile.c | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) commit 3fce371bfac2be0396ffc1e763600e6c6b1bb52a Author: Vegard Nossum Date: Mon Feb 27 14:30:10 2017 -0800 mm: add new mmget() helper Apart from adding the helper function itself, the rest of the kernel is converted mechanically using: git grep -l 'atomic_inc.*mm_users' | xargs sed -i 's/atomic_inc(&\(.*\)->mm_users);/mmget\(\1\);/' git grep -l 'atomic_inc.*mm_users' | xargs sed -i 's/atomic_inc(&\(.*\)\.mm_users);/mmget\(\&\1\);/' This is needed for a later patch that hooks into the helper, but might be a worthwhile cleanup on its own. (Michal Hocko provided most of the kerneldoc comment.) Link: http://lkml.kernel.org/r/20161218123229.22952-2-vegard.nossum@oracle.com Signed-off-by: Vegard Nossum Acked-by: Michal Hocko Acked-by: Peter Zijlstra (Intel) Acked-by: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arc/kernel/smp.c | 2 +- arch/blackfin/mach-common/smp.c | 2 +- arch/frv/mm/mmu-context.c | 2 +- arch/metag/kernel/smp.c | 2 +- arch/sh/kernel/smp.c | 2 +- arch/xtensa/kernel/smp.c | 2 +- include/linux/sched.h | 21 +++++++++++++++++++++ kernel/fork.c | 4 ++-- mm/swapfile.c | 10 +++++----- virt/kvm/async_pf.c | 2 +- 10 files changed, 35 insertions(+), 14 deletions(-) commit f1f1007644ffc8051a4c11427d58b1967ae7b75a Author: Vegard Nossum Date: Mon Feb 27 14:30:07 2017 -0800 mm: add new mmgrab() helper Apart from adding the helper function itself, the rest of the kernel is converted mechanically using: git grep -l 'atomic_inc.*mm_count' | xargs sed -i 's/atomic_inc(&\(.*\)->mm_count);/mmgrab\(\1\);/' git grep -l 'atomic_inc.*mm_count' | xargs sed -i 's/atomic_inc(&\(.*\)\.mm_count);/mmgrab\(\&\1\);/' This is needed for a later patch that hooks into the helper, but might be a worthwhile cleanup on its own. (Michal Hocko provided most of the kerneldoc comment.) Link: http://lkml.kernel.org/r/20161218123229.22952-1-vegard.nossum@oracle.com Signed-off-by: Vegard Nossum Acked-by: Michal Hocko Acked-by: Peter Zijlstra (Intel) Acked-by: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/alpha/kernel/smp.c | 2 +- arch/arc/kernel/smp.c | 2 +- arch/arm/kernel/smp.c | 2 +- arch/arm64/kernel/smp.c | 2 +- arch/blackfin/mach-common/smp.c | 2 +- arch/hexagon/kernel/smp.c | 2 +- arch/ia64/kernel/setup.c | 2 +- arch/m32r/kernel/setup.c | 2 +- arch/metag/kernel/smp.c | 2 +- arch/mips/kernel/traps.c | 2 +- arch/mn10300/kernel/smp.c | 2 +- arch/parisc/kernel/smp.c | 2 +- arch/powerpc/kernel/smp.c | 2 +- arch/s390/kernel/processor.c | 2 +- arch/score/kernel/traps.c | 2 +- arch/sh/kernel/smp.c | 2 +- arch/sparc/kernel/leon_smp.c | 2 +- arch/sparc/kernel/smp_64.c | 2 +- arch/sparc/kernel/sun4d_smp.c | 2 +- arch/sparc/kernel/sun4m_smp.c | 2 +- arch/sparc/kernel/traps_32.c | 2 +- arch/sparc/kernel/traps_64.c | 2 +- arch/tile/kernel/smpboot.c | 2 +- arch/x86/kernel/cpu/common.c | 4 ++-- arch/xtensa/kernel/smp.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 2 +- drivers/gpu/drm/i915/i915_gem_userptr.c | 2 +- drivers/infiniband/hw/hfi1/file_ops.c | 2 +- fs/proc/base.c | 4 ++-- fs/userfaultfd.c | 2 +- include/linux/sched.h | 22 ++++++++++++++++++++++ kernel/exit.c | 2 +- kernel/futex.c | 2 +- kernel/sched/core.c | 4 ++-- mm/khugepaged.c | 2 +- mm/ksm.c | 2 +- mm/mmu_context.c | 2 +- mm/mmu_notifier.c | 2 +- mm/oom_kill.c | 4 ++-- virt/kvm/kvm_main.c | 2 +- 40 files changed, 65 insertions(+), 43 deletions(-) commit 522b837c672eba9e9fb69f9f52bced0256dc6697 Author: Alexey Dobriyan Date: Mon Feb 27 14:30:05 2017 -0800 checkpatch: warn when formats use %Z and suggest %z vsnprintf extension %Z is non-standard C. Suggest the use of %z instead. Miscellanea: - Correct the misuse of type string PRINTF_0xDECIMAL type strings are supposed to be uppercase only. Fix this and add tr/[a-z]/[A-Z] to the type check in case I forget this again sometime in the future. - Improve the mechanism to find these defects so all 3 current checks are done on the format string [joe@perches.com: correct the misuse of type string PRINTF_0xDECIMAL, improve the mechanism to find these defects] Link: http://lkml.kernel.org/r/4e3ad74b0c9dc229b06018a2d79655308ddbbebd.1484014173.git.joe@perches.com Link: http://lkml.kernel.org/r/20170109235955.GA6787@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) commit 5b5e0928f742cfa853b2411400a1b19fa379d758 Author: Alexey Dobriyan Date: Mon Feb 27 14:30:02 2017 -0800 lib/vsprintf.c: remove %Z support Now that %z is standartised in C99 there is no reason to support %Z. Unlike %L it doesn't even make format strings smaller. Use BUILD_BUG_ON in a couple ATM drivers. In case anyone didn't notice lib/vsprintf.o is about half of SLUB which is in my opinion is quite an achievement. Hopefully this patch inspires someone else to trim vsprintf.c more. Link: http://lkml.kernel.org/r/20170103230126.GA30170@avx2 Signed-off-by: Alexey Dobriyan Cc: Andy Shevchenko Cc: Rasmus Villemoes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds block/bsg.c | 6 +-- drivers/atm/ambassador.c | 7 +-- drivers/atm/eni.c | 6 +-- drivers/atm/firestream.c | 12 ++--- drivers/atm/horizon.c | 7 +-- drivers/atm/lanai.c | 16 +++--- drivers/char/pcmcia/cm4000_cs.c | 2 +- drivers/char/pcmcia/cm4040_cs.c | 2 +- drivers/gpu/drm/mga/mga_drv.h | 4 +- drivers/ide/ide-acpi.c | 2 +- drivers/ide/ide-tape.c | 4 +- drivers/input/touchscreen/cyttsp4_core.c | 62 +++++++++++----------- drivers/media/dvb-frontends/helene.c | 2 +- drivers/media/dvb-frontends/or51132.c | 2 +- drivers/media/dvb-frontends/tda10048.c | 2 +- drivers/media/pci/saa7164/saa7164-fw.c | 2 +- drivers/media/tuners/xc5000.c | 2 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 4 +- drivers/misc/vmw_vmci/vmci_context.c | 2 +- drivers/net/arcnet/arcnet.c | 2 +- drivers/net/ethernet/cadence/macb.c | 2 +- drivers/net/gtp.c | 2 +- drivers/net/usb/rndis_host.c | 2 +- drivers/net/usb/sierra_net.c | 2 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 2 +- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 30 +++++------ drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 16 +++--- drivers/parport/ieee1284_ops.c | 2 +- drivers/scsi/osd/osd_initiator.c | 2 +- drivers/scsi/osst.c | 6 +-- drivers/scsi/qla2xxx/qla_init.c | 10 ++-- drivers/tty/n_hdlc.c | 2 +- drivers/usb/gadget/legacy/inode.c | 2 +- drivers/usb/host/ehci-hcd.c | 2 +- drivers/usb/host/fotg210-hcd.c | 2 +- drivers/usb/host/ohci-hcd.c | 2 +- drivers/usb/misc/adutux.c | 6 +-- drivers/usb/misc/legousbtower.c | 2 +- drivers/usb/misc/uss720.c | 8 +-- drivers/video/fbdev/metronomefb.c | 2 +- fs/afs/dir.c | 14 ++--- fs/ncpfs/sock.c | 4 +- fs/nfs/blocklayout/blocklayout.c | 2 +- fs/nfs/filelayout/filelayout.c | 4 +- fs/nfs/flexfilelayout/flexfilelayout.c | 4 +- fs/nfs/objlayout/objlayout.c | 2 +- fs/nfsd/nfscache.c | 2 +- kernel/relay.c | 2 +- lib/vsprintf.c | 8 +-- mm/dmapool.c | 2 +- net/appletalk/ddp.c | 4 +- net/atm/mpc.c | 2 +- net/bridge/netfilter/ebt_among.c | 2 +- net/ieee802154/socket.c | 4 +- net/ipv4/fib_trie.c | 2 +- net/ipv4/ipmr.c | 2 +- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 2 +- net/ipv4/netfilter/nf_log_arp.c | 2 +- net/ipv6/netfilter/nf_log_ipv6.c | 2 +- net/irda/irnet/irnet_ppp.c | 12 ++--- net/l2tp/l2tp_core.c | 4 +- net/netfilter/ipvs/ip_vs_conn.c | 2 +- net/netfilter/ipvs/ip_vs_dh.c | 4 +- net/netfilter/ipvs/ip_vs_lblc.c | 4 +- net/netfilter/ipvs/ip_vs_lblcr.c | 4 +- net/netfilter/ipvs/ip_vs_sh.c | 4 +- net/netfilter/ipvs/ip_vs_sync.c | 2 +- net/netfilter/nf_conntrack_ftp.c | 2 +- net/sctp/output.c | 2 +- net/sunrpc/auth_gss/auth_gss.c | 2 +- net/sunrpc/svc.c | 2 +- net/sunrpc/svcsock.c | 4 +- net/sunrpc/xprtsock.c | 8 +-- security/selinux/ss/ebitmap.c | 2 +- security/selinux/ss/policydb.c | 2 +- sound/pci/korg1212/korg1212.c | 4 +- sound/pci/pcxhr/pcxhr_hwdep.c | 2 +- sound/pcmcia/vx/vxp_ops.c | 2 +- sound/soc/soc-core.c | 2 +- 79 files changed, 187 insertions(+), 201 deletions(-) commit d7f6724366c5ccb52b9b2e403b0a9383803bd47a Author: Jinbum Park Date: Mon Feb 27 14:29:59 2017 -0800 scripts/spelling.txt: add some typo-words I wrote a simple script to find new typo not in spelling.txt. (https://github.com/jinb-park/find-linux-kernel-typo) and get following result: [ rank ] 63 paramaters 18 alignement 9 strucuture .... The number means how many files include the typo. This patch adds these common typo. Link: http://lkml.kernel.org/r/20170112113452.GA7042@pjb1027-Latitude-E5410 Signed-off-by: Jinbum Park Acked-by: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/spelling.txt | 3 +++ 1 file changed, 3 insertions(+) commit 4091fb95b5f8dea37568d1a94c8227244bade891 Author: Masahiro Yamada Date: Mon Feb 27 14:29:56 2017 -0800 scripts/spelling.txt: add "followings" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: followings||following While we are here, add a missing colon in the boilerplate in DT binding documents. The "you SoC" in allwinner,sunxi-pinctrl.txt was fixed as well. I reworded "as the followings:" to "as follows:" for drivers/usb/gadget/udc/renesas_usb3.c. Link: http://lkml.kernel.org/r/1481573103-11329-32-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/DocBook/libata.tmpl | 2 +- Documentation/acpi/method-tracing.txt | 2 +- Documentation/blockdev/mflash.txt | 2 +- Documentation/devicetree/bindings/net/marvell-armada-370-neta.txt | 2 +- Documentation/devicetree/bindings/pinctrl/allwinner,sunxi-pinctrl.txt | 2 +- Documentation/devicetree/bindings/soc/rockchip/grf.txt | 4 ++-- Documentation/devicetree/bindings/sound/rockchip-i2s.txt | 4 ++-- Documentation/devicetree/bindings/sound/sun4i-codec.txt | 2 +- Documentation/devicetree/bindings/sound/sun4i-i2s.txt | 4 ++-- Documentation/memory-hotplug.txt | 4 ++-- Documentation/sound/hd-audio/notes.rst | 2 +- drivers/ata/libata-eh.c | 2 +- drivers/atm/iphase.c | 2 +- drivers/atm/iphase.h | 2 +- drivers/devfreq/devfreq.c | 2 +- drivers/hwmon/g762.c | 2 +- drivers/isdn/hardware/eicon/debug.c | 2 +- drivers/pci/quirks.c | 2 +- drivers/staging/gs_fpgaboot/gs_fpgaboot.h | 2 +- drivers/usb/gadget/udc/renesas_usb3.c | 4 ++-- include/linux/kconfig.h | 2 +- mm/percpu.c | 2 +- scripts/spelling.txt | 1 + sound/pci/hda/patch_ca0132.c | 2 +- sound/ppc/snd_ps3.c | 2 +- sound/soc/fsl/fsl_asrc.c | 2 +- 26 files changed, 31 insertions(+), 30 deletions(-) commit 608595ed9b33ff8dd77ba12b96023212846e39ff Author: Masahiro Yamada Date: Mon Feb 27 14:29:53 2017 -0800 scripts/spelling.txt: add "therfore" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: therfore||therefore Besides, tidy up comment blocks for 80-col wrapping. Link: http://lkml.kernel.org/r/1481573103-11329-31-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/infiniband/sw/rdmavt/mad.c | 6 +++--- drivers/scsi/aacraid/linit.c | 2 +- drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 4 ++-- scripts/spelling.txt | 1 + 4 files changed, 7 insertions(+), 6 deletions(-) commit b8a14f3379a637f61deed4ce3e5180f1f34d40d1 Author: Masahiro Yamada Date: Mon Feb 27 14:29:50 2017 -0800 scripts/spelling.txt: add "overwriten" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: overwrien||overwritten Link: http://lkml.kernel.org/r/1481573103-11329-30-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/infiniband/hw/qib/qib_iba6120.c | 2 +- drivers/infiniband/hw/qib/qib_iba7220.c | 2 +- drivers/infiniband/hw/qib/qib_iba7322.c | 2 +- drivers/isdn/hardware/mISDN/mISDNipac.c | 2 +- drivers/parport/parport_pc.c | 2 +- scripts/spelling.txt | 1 + sound/pci/cs46xx/cs46xx_dsp_task_types.h | 2 +- 7 files changed, 7 insertions(+), 6 deletions(-) commit 9a284e5c9e04a3533f72eda8956162dfc77684a9 Author: Masahiro Yamada Date: Mon Feb 27 14:29:48 2017 -0800 scripts/spelling.txt: add "overwritting" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: overwritting||overwriting Link: http://lkml.kernel.org/r/1481573103-11329-29-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm64/lib/copy_template.S | 2 +- drivers/net/ethernet/adi/bfin_mac.c | 2 +- drivers/net/ethernet/intel/igb/e1000_phy.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 2 +- drivers/scsi/mpt3sas/mpt3sas_ctl.h | 2 +- drivers/usb/usbip/usbip_common.c | 2 +- scripts/spelling.txt | 1 + 7 files changed, 7 insertions(+), 6 deletions(-) commit 1cce200081d182e0ae6b40bcb1cfdecfdfc09fe4 Author: Masahiro Yamada Date: Mon Feb 27 14:29:45 2017 -0800 scripts/spelling.txt: add "deintialize(d)" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: deintializing||deinitializing deintialize||deinitialize deintialized||deinitialized Link: http://lkml.kernel.org/r/1481573103-11329-28-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/crypto/caam/ctrl.c | 2 +- drivers/net/wireless/rsi/rsi_91x_usb.c | 2 +- drivers/staging/wilc1000/linux_wlan.c | 2 +- drivers/staging/wilc1000/wilc_wfi_cfgoperations.c | 2 +- scripts/spelling.txt | 3 +++ sound/soc/amd/acp-pcm-dma.c | 2 +- 6 files changed, 8 insertions(+), 5 deletions(-) commit 66f00449086f76a6d859dfcbe7a2a151240b233c Author: Masahiro Yamada Date: Mon Feb 27 14:29:42 2017 -0800 scripts/spelling.txt: add "disassocation" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: disassocation||disassociation Link: http://lkml.kernel.org/r/1481573103-11329-27-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/net/wireless/intel/ipw2x00/ipw2100.c | 2 +- drivers/net/wireless/intel/ipw2x00/ipw2200.c | 2 +- include/net/cfg80211.h | 2 +- scripts/spelling.txt | 1 + 4 files changed, 4 insertions(+), 3 deletions(-) commit 0cf2a848efc657554cf0a9b3d8fa0039002026a9 Author: Masahiro Yamada Date: Mon Feb 27 14:29:39 2017 -0800 scripts/spelling.txt: add "omited" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: omited||omitted omiting||omitting Link: http://lkml.kernel.org/r/1481573103-11329-26-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c | 2 +- drivers/nfc/pn533/pn533.c | 2 +- drivers/scsi/fcoe/fcoe_ctlr.c | 2 +- scripts/spelling.txt | 2 ++ 4 files changed, 5 insertions(+), 3 deletions(-) commit 34dcaf40c1e0316038ffdad621fc7603373c89f1 Author: Masahiro Yamada Date: Mon Feb 27 14:29:36 2017 -0800 scripts/spelling.txt: add "explictely" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: explictely||explicitly Link: http://lkml.kernel.org/r/1481573103-11329-25-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/device-mapper/dm-raid.txt | 2 +- drivers/char/pcmcia/cm4000_cs.c | 2 +- scripts/spelling.txt | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) commit a6ab4eff19ff52d5f1891ef919f7125bbd22b6b3 Author: Masahiro Yamada Date: Mon Feb 27 14:29:34 2017 -0800 scripts/spelling.txt: add "applys" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: applys||applies The "applyes" in drivers/video/fbdev/aty/radeon_monitor.c is a different pattern but it was fixed in this commit. The "This functions" in the same line was fixed as well. Link: http://lkml.kernel.org/r/1481573103-11329-24-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/media/v4l2-core/tuner-core.c | 4 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 2 +- drivers/video/fbdev/aty/radeon_monitor.c | 2 +- scripts/spelling.txt | 1 + 4 files changed, 5 insertions(+), 4 deletions(-) commit 2c149601001ba25b5b4e5aa9dd481d677cae15ae Author: Masahiro Yamada Date: Mon Feb 27 14:29:31 2017 -0800 scripts/spelling.txt: add "configuartion" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: configuartion||configuration While we are here, fix the "ouput" as well in the touched hunk in drivers/media/dvb-frontends/drx39xyj/drx_driver.h. Link: http://lkml.kernel.org/r/1481573103-11329-23-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/media/dvb-frontends/drx39xyj/drx_driver.h | 4 ++-- drivers/media/dvb-frontends/drx39xyj/drxj.c | 16 ++++++++-------- drivers/media/dvb-frontends/drx39xyj/drxj.h | 4 ++-- drivers/media/dvb-frontends/drxk_hard.c | 2 +- drivers/net/wireless/ti/wl18xx/main.c | 2 +- scripts/spelling.txt | 1 + 6 files changed, 15 insertions(+), 14 deletions(-) commit 03671057c3b769c0adbf9212bf695481d3f59279 Author: Masahiro Yamada Date: Mon Feb 27 14:29:28 2017 -0800 scripts/spelling.txt: add "overrided" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: overrided||overridden Link: http://lkml.kernel.org/r/1481573103-11329-22-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/acpi/method-customizing.txt | 2 +- arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- drivers/acpi/resource.c | 2 +- drivers/gpu/drm/amd/powerplay/inc/hardwaremanager.h | 2 +- drivers/net/ethernet/broadcom/bcm63xx_enet.c | 2 +- drivers/net/ethernet/micrel/ksz884x.c | 8 ++++---- drivers/pinctrl/bcm/Kconfig | 2 +- scripts/spelling.txt | 1 + tools/lib/bpf/bpf.c | 2 +- 9 files changed, 12 insertions(+), 11 deletions(-) commit 3f8b6fb7f279c769c0973431be1cd7f15e8b2755 Author: Masahiro Yamada Date: Mon Feb 27 14:29:25 2017 -0800 scripts/spelling.txt: add "comsume(r)" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: comsume||consume comsumer||consumer comsuming||consuming I see some variable names with this pattern, but this commit is only touching comment blocks to avoid unexpected impact. Link: http://lkml.kernel.org/r/1481573103-11329-19-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/hid/hid-kye.c | 2 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 2 +- drivers/net/ethernet/sis/sis900.c | 2 +- drivers/scsi/lpfc/lpfc_sli.c | 4 ++-- drivers/tty/serial/ioc4_serial.c | 2 +- fs/ext4/extents_status.c | 2 +- mm/page-writeback.c | 2 +- scripts/spelling.txt | 3 +++ 8 files changed, 11 insertions(+), 8 deletions(-) commit d7f3153e228c7eee657e9286d6209b2d403ab73b Author: Masahiro Yamada Date: Mon Feb 27 14:29:23 2017 -0800 scripts/spelling.txt: add "initialiazation" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: initialiazation||initialization While we are here, fix the "overriden" in the touched line in drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c. Link: http://lkml.kernel.org/r/1481573103-11329-17-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/char/sonypi.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 +- scripts/spelling.txt | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) commit 183b8021fc0a5fadecdf9c0ccac1f48b5c326278 Author: Masahiro Yamada Date: Mon Feb 27 14:29:20 2017 -0800 scripts/spelling.txt: add "intialization" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: intialization||initialization The "inintialization" in drivers/acpi/spcr.c is a different pattern but I fixed it as well in this commit. Link: http://lkml.kernel.org/r/1481573103-11329-16-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/mach-omap2/omap_twl.c | 2 +- drivers/acpi/spcr.c | 2 +- drivers/firewire/core-device.c | 4 ++-- drivers/mmc/host/mmci_qcom_dml.c | 2 +- drivers/net/wireless/intel/ipw2x00/ipw2100.c | 4 ++-- drivers/net/wireless/intel/ipw2x00/ipw2200.c | 2 +- drivers/net/wireless/ti/wlcore/init.c | 2 +- drivers/power/avs/smartreflex.c | 6 +++--- drivers/scsi/ipr.c | 2 +- drivers/scsi/lpfc/lpfc_sli.c | 14 +++++++------- drivers/scsi/scsi_transport_sas.c | 2 +- drivers/scsi/storvsc_drv.c | 2 +- drivers/usb/gadget/udc/fsl_udc_core.c | 4 ++-- scripts/spelling.txt | 1 + sound/soc/qcom/lpass.h | 2 +- sound/soc/soc-topology.c | 4 ++-- 16 files changed, 28 insertions(+), 27 deletions(-) commit 4d39f0ac8e5aeaa5e56c2d2a0f737ac8bb826bca Author: Masahiro Yamada Date: Mon Feb 27 14:29:17 2017 -0800 scripts/spelling.txt: add "unneded" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: unneded||unneeded Link: http://lkml.kernel.org/r/1481573103-11329-15-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dlm/dlmmaster.c | 2 +- scripts/spelling.txt | 1 + sound/soc/codecs/wm_hubs.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) commit 176180c2b4ae673394b4b37474cfd3e3fd9d0c5e Author: Masahiro Yamada Date: Mon Feb 27 14:29:14 2017 -0800 scripts/spelling.txt: add "neded" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: neded||needed While we are here, fix the "overriden", "wont", and "etc" in the same hunk in drivers/media/usb/tm6000/tm6000-input.c. Link: http://lkml.kernel.org/r/1481573103-11329-14-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/media/usb/gspca/t613.c | 6 +++--- drivers/media/usb/tm6000/tm6000-input.c | 2 +- scripts/spelling.txt | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) commit 57366a8d0bf24181fea3e9d5b772175059914a3c Author: Masahiro Yamada Date: Mon Feb 27 14:29:12 2017 -0800 scripts/spelling.txt: add "againt" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: againt||against While we are here, fix the "capabilites" as well in the touched hunk in drivers/gpu/drm/drm_probe_helper.c. Link: http://lkml.kernel.org/r/1481573103-11329-13-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/gpu/drm/drm_probe_helper.c | 4 ++-- fs/ecryptfs/kthread.c | 2 +- scripts/spelling.txt | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) commit b43daedc0e786e17943680dde410b553a33cd174 Author: Masahiro Yamada Date: Mon Feb 27 14:29:09 2017 -0800 scripts/spelling.txt: add "embeded" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: embeded||embedded Link: http://lkml.kernel.org/r/1481573103-11329-12-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds block/blk-throttle.c | 2 +- drivers/nvme/host/rdma.c | 2 +- drivers/scsi/osd/osd_initiator.c | 2 +- scripts/spelling.txt | 1 + 4 files changed, 4 insertions(+), 3 deletions(-) commit b564d62e67560423965c43d60249a09d8e70a27a Author: Masahiro Yamada Date: Mon Feb 27 14:29:06 2017 -0800 scripts/spelling.txt: add "varible" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: varible||variable While we are here, tidy up the comment blocks that fit in a single line for drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c and net/sctp/transport.c. Link: http://lkml.kernel.org/r/1481573103-11329-11-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/scsi/ChangeLog.megaraid_sas | 2 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +--- drivers/net/wimax/i2400m/usb-fw.c | 2 +- kernel/torture.c | 2 +- net/sctp/transport.c | 4 +--- scripts/spelling.txt | 1 + 6 files changed, 6 insertions(+), 9 deletions(-) commit 4e0385dd7469d933c4adf84a617f872ca547aa07 Author: Masahiro Yamada Date: Mon Feb 27 14:29:03 2017 -0800 scripts/spelling.txt: add "efective" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: efective||effective While we are here, fix the "addres" as well in the touched line in arch/openrisc/kernel/entry.S. Link: http://lkml.kernel.org/r/1481573103-11329-10-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Acked-by: Geert Uytterhoeven Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/m68k/ifpsp060/src/isp.S | 2 +- arch/openrisc/kernel/entry.S | 2 +- scripts/spelling.txt | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) commit 89d790ab31d033d67635f6362d57ea64e47708fa Author: Masahiro Yamada Date: Mon Feb 27 14:29:01 2017 -0800 scripts/spelling.txt: add "algined" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: algined||aligned While we are here, fix the "appplication" in the touched line in drivers/block/loop.c. Also, fix the "may not naturally ..." to "may not be naturally ..." in the touched line in mm/page_alloc. Link: http://lkml.kernel.org/r/1481573103-11329-9-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/block/loop.c | 2 +- mm/page_alloc.c | 2 +- scripts/spelling.txt | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) commit 550116d21a656e8b5670073e586315e5a6d12f01 Author: Masahiro Yamada Date: Mon Feb 27 14:28:58 2017 -0800 scripts/spelling.txt: add "aligment" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: aligment||alignment I did not touch the "N_BYTE_ALIGMENT" macro in drivers/net/wireless/realtek/rtlwifi/wifi.h to avoid unpredictable impact. I fixed "_aligment_handler" in arch/openrisc/kernel/entry.S because it is surrounded by #if 0 ... #endif. It is surely safe and I confirmed "_alignment_handler" is correct. I also fixed the "controler" I found in the same hunk in arch/openrisc/kernel/head.S. Link: http://lkml.kernel.org/r/1481573103-11329-8-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arc/kernel/unwind.c | 4 ++-- arch/openrisc/kernel/entry.S | 4 ++-- arch/openrisc/kernel/head.S | 6 +++--- arch/openrisc/kernel/vmlinux.lds.S | 4 ++-- drivers/gpu/drm/amd/include/atombios.h | 6 +++--- drivers/gpu/drm/i915/i915_gem_render_state.c | 2 +- drivers/gpu/drm/radeon/atombios.h | 4 ++-- drivers/media/platform/exynos4-is/fimc-core.h | 2 +- drivers/net/wireless/ath/ath9k/ani.c | 4 ++-- drivers/net/wireless/realtek/rtlwifi/rtl8192se/fw.c | 4 ++-- drivers/scsi/bfa/bfi_ms.h | 2 +- net/netfilter/x_tables.c | 2 +- scripts/spelling.txt | 1 + 13 files changed, 23 insertions(+), 22 deletions(-) commit 8ab102d60a0c19df602f3758848d55f0703bf9bb Author: Masahiro Yamada Date: Mon Feb 27 14:28:55 2017 -0800 scripts/spelling.txt: add "partiton" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: partiton||partition Link: http://lkml.kernel.org/r/1481573103-11329-7-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/include/asm/mach/flash.h | 2 +- arch/ia64/sn/kernel/sn2/sn_hwperf.c | 2 +- arch/powerpc/boot/dts/fsl/mpc8569mds.dts | 2 +- arch/powerpc/include/asm/book3s/64/mmu.h | 2 +- arch/powerpc/include/asm/fsl_hcalls.h | 2 +- arch/powerpc/platforms/pseries/iommu.c | 2 +- arch/sparc/kernel/visemul.c | 2 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 2 +- drivers/watchdog/bcm2835_wdt.c | 6 +++--- include/linux/mtd/qinfo.h | 2 +- include/linux/spi/flash.h | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) commit 0f5e1558306076adec7255b317b89480d8aaa304 Author: Masahiro Yamada Date: Mon Feb 27 14:28:52 2017 -0800 scripts/spelling.txt: add "an one" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: an one||a one I dropped the "an" before "one or more" in drivers/net/ethernet/sfc/mcdi_pcol.h. Link: http://lkml.kernel.org/r/1481573103-11329-6-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/s390/kernel/vtime.c | 2 +- drivers/net/ethernet/sfc/mcdi_pcol.h | 2 +- drivers/usb/core/devio.c | 2 +- scripts/spelling.txt | 1 + tools/perf/util/dso.c | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) commit 03440c4e5e2f167764997a7e0f2dbb279d8078e6 Author: Masahiro Yamada Date: Mon Feb 27 14:28:49 2017 -0800 scripts/spelling.txt: add "an union" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: an union||a union Link: http://lkml.kernel.org/r/1481573103-11329-5-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/media/uapi/dvb/dvb-frontend-parameters.rst | 4 ++-- arch/x86/include/asm/desc_defs.h | 2 +- drivers/acpi/acpica/dbconvert.c | 2 +- drivers/acpi/acpica/nspredef.c | 2 +- drivers/acpi/acpica/nsxfeval.c | 4 ++-- drivers/staging/lustre/lustre/include/lustre/lustre_idl.h | 2 +- include/linux/dcache.h | 4 ++-- include/media/v4l2-ctrls.h | 4 ++-- include/xen/interface/grant_table.h | 2 +- scripts/spelling.txt | 1 + sound/pci/ice1712/wm8766.c | 2 +- sound/pci/ice1712/wm8776.c | 2 +- tools/perf/util/probe-finder.c | 4 ++-- tools/perf/util/sort.h | 2 +- 14 files changed, 19 insertions(+), 18 deletions(-) commit 9332ef9dbd172d4ab0a0141df7cb21c696a5ce96 Author: Masahiro Yamada Date: Mon Feb 27 14:28:47 2017 -0800 scripts/spelling.txt: add "an user" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: an user||a user an userspace||a userspace I also added "userspace" to the list since it is a common word in Linux. I found some instances for "an userfaultfd", but I did not add it to the list. I felt it is endless to find words that start with "user" such as "userland" etc., so must draw a line somewhere. Link: http://lkml.kernel.org/r/1481573103-11329-4-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/admin-guide/ras.rst | 2 +- Documentation/devicetree/bindings/opp/opp.txt | 2 +- Documentation/filesystems/quota.txt | 2 +- Documentation/kselftest.txt | 4 ++-- Documentation/media/dvb-drivers/ci.rst | 2 +- Documentation/networking/cdc_mbim.txt | 4 ++-- Documentation/vm/userfaultfd.txt | 2 +- arch/Kconfig | 2 +- arch/powerpc/xmon/ppc-opc.c | 2 +- arch/x86/kvm/mmu.c | 2 +- drivers/media/dvb-core/dvb_ringbuffer.h | 4 ++-- drivers/scsi/lpfc/lpfc_attr.c | 2 +- fs/userfaultfd.c | 6 +++--- include/net/mac80211.h | 2 +- kernel/irq/manage.c | 2 +- net/bluetooth/hci_sock.c | 6 +++--- net/netfilter/nfnetlink_cthelper.c | 2 +- scripts/spelling.txt | 2 ++ tools/perf/Documentation/tips.txt | 2 +- 19 files changed, 27 insertions(+), 25 deletions(-) commit c6efb58db4e76ab1322b5e869d4f9eb9ce30bd40 Author: Masahiro Yamada Date: Mon Feb 27 14:28:44 2017 -0800 scripts/spelling.txt: add "swithc" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: swithc||switch swithced||switched swithcing||switching Link: http://lkml.kernel.org/r/1481573103-11329-3-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/extcon/extcon-rt8973a.c | 2 +- drivers/media/i2c/adv7183_regs.h | 2 +- drivers/staging/rtl8192u/ieee80211/ieee80211.h | 4 ++-- drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c | 2 +- scripts/spelling.txt | 3 +++ 5 files changed, 8 insertions(+), 5 deletions(-) commit 08a7e621ff81dec64ddf1eab16353c0c217fdd89 Author: Masahiro Yamada Date: Mon Feb 27 14:28:41 2017 -0800 scripts/spelling.txt: add "swith" pattern and fix typo instances Fix typos and add the following to the scripts/spelling.txt: swith||switch swithable||switchable swithed||switched swithing||switching While we are here, fix the "update" to "updates" in the touched hunk in drivers/net/wireless/marvell/mwifiex/wmm.c. Link: http://lkml.kernel.org/r/1481573103-11329-2-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/devicetree/bindings/mfd/qcom-rpm.txt | 2 +- Documentation/devicetree/bindings/power/pd-samsung.txt | 2 +- arch/arm/boot/compressed/head.S | 2 +- arch/arm/mm/cache-v7.S | 2 +- arch/arm/mm/cache-v7m.S | 2 +- arch/sh/kernel/irq.c | 2 +- arch/sparc/include/asm/switch_to_32.h | 2 +- drivers/gpu/drm/amd/include/atombios.h | 2 +- drivers/gpu/drm/radeon/atombios.h | 2 +- drivers/isdn/mISDN/dsp_core.c | 2 +- drivers/net/usb/kalmia.c | 2 +- drivers/net/wireless/marvell/mwifiex/wmm.c | 4 ++-- net/mac80211/mesh.c | 2 +- scripts/recordmcount.pl | 2 +- scripts/spelling.txt | 4 ++++ sound/pci/ac97/ac97_patch.c | 2 +- 16 files changed, 20 insertions(+), 16 deletions(-) commit f3048d17d1127f003db10fb8ac9a68610923f783 Author: Geliang Tang Date: Mon Feb 27 14:28:38 2017 -0800 nilfs2: use i_blocksize() Since i_blocksize() helper has been defined in fs.h, use it instead of open-coding. Link: http://lkml.kernel.org/r/1485184655-3895-3-git-send-email-konishi.ryusuke@lab.ntt.co.jp Signed-off-by: Geliang Tang Signed-off-by: Ryusuke Konishi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/nilfs2/alloc.c | 2 +- fs/nilfs2/btree.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 1508ddc39ab421c0d0569017b9ca3a5b99b0815b Author: Geliang Tang Date: Mon Feb 27 14:28:35 2017 -0800 nilfs2: use nilfs_btree_node_size() Use nilfs_btree_node_size() instead of open-coding. Link: http://lkml.kernel.org/r/1485184655-3895-2-git-send-email-konishi.ryusuke@lab.ntt.co.jp Signed-off-by: Geliang Tang Signed-off-by: Ryusuke Konishi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/nilfs2/btree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 93407472a21b82f39c955ea7787e5bc7da100642 Author: Fabian Frederick Date: Mon Feb 27 14:28:32 2017 -0800 fs: add i_blocksize() Replace all 1 << inode->i_blkbits and (1 << inode->i_blkbits) in fs branch. This patch also fixes multiple checkpatch warnings: WARNING: Prefer 'unsigned int' to bare use of 'unsigned' Thanks to Andrew Morton for suggesting more appropriate function instead of macro. [geliangtang@gmail.com: truncate: use i_blocksize()] Link: http://lkml.kernel.org/r/9c8b2cd83c8f5653805d43debde9fa8817e02fc4.1484895804.git.geliangtang@gmail.com Link: http://lkml.kernel.org/r/1481319905-10126-1-git-send-email-fabf@skynet.be Signed-off-by: Fabian Frederick Signed-off-by: Geliang Tang Cc: Alexander Viro Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/block_dev.c | 2 +- fs/btrfs/file.c | 2 +- fs/buffer.c | 12 ++++++------ fs/ceph/addr.c | 2 +- fs/direct-io.c | 2 +- fs/ext4/inode.c | 6 +++--- fs/ext4/mballoc.c | 2 +- fs/ext4/move_extent.c | 2 +- fs/iomap.c | 10 +++++----- fs/jfs/super.c | 4 ++-- fs/mpage.c | 2 +- fs/nfsd/blocklayout.c | 6 +++--- fs/nilfs2/btnode.c | 2 +- fs/nilfs2/inode.c | 4 ++-- fs/nilfs2/mdt.c | 4 ++-- fs/nilfs2/segment.c | 2 +- fs/ocfs2/aops.c | 2 +- fs/ocfs2/file.c | 2 +- fs/orangefs/orangefs-utils.c | 4 ++-- fs/reiserfs/file.c | 2 +- fs/reiserfs/inode.c | 2 +- fs/stat.c | 2 +- fs/udf/inode.c | 2 +- fs/xfs/xfs_aops.c | 16 ++++++++-------- fs/xfs/xfs_file.c | 4 ++-- include/linux/fs.h | 5 +++++ mm/truncate.c | 2 +- 27 files changed, 56 insertions(+), 51 deletions(-) commit d31712009709774506e536a3cc1f7c512f550a0c Author: Gilad Ben-Yossef Date: Mon Feb 27 14:28:29 2017 -0800 scatterlist: do not disable IRQs in sg_copy_buffer Commit 50bed2e2862a ("sg: disable interrupts inside sg_copy_buffer") introduced disabling interrupts in sg_copy_buffer() since atomic uses of miter required it due to use of kmap_atomic(). However, as commit 8290e2d2dcbf ("scatterlist: atomic sg_mapping_iter() no longer needs disabled IRQs") acknowledges disabling interrupts is no longer needed for calls to kmap_atomic() and therefore unneeded for miter ops either, so remove it from sg_copy_buffer(). Link: http://lkml.kernel.org/r/1486040150-14109-3-git-send-email-gilad@benyossef.com Signed-off-by: Gilad Ben-Yossef Cc: Jens Axboe Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/scatterlist.c | 4 ---- 1 file changed, 4 deletions(-) commit 1d5210ef706523529d3cc16fd70be0a466253466 Author: Gilad Ben-Yossef Date: Mon Feb 27 14:28:27 2017 -0800 scatterlist: reorder compound boolean expression Test the cheaper boolean expression with no side effects first. Link: http://lkml.kernel.org/r/1486040150-14109-2-git-send-email-gilad@benyossef.com Signed-off-by: Gilad Ben-Yossef Cc: Jens Axboe Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/scatterlist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 95e91b831f87ac8e1f8ed50c14d709089b4e01b8 Author: Davidlohr Bueso Date: Mon Feb 27 14:28:24 2017 -0800 ipc/shm: Fix shmat mmap nil-page protection The issue is described here, with a nice testcase: https://bugzilla.kernel.org/show_bug.cgi?id=192931 The problem is that shmat() calls do_mmap_pgoff() with MAP_FIXED, and the address rounded down to 0. For the regular mmap case, the protection mentioned above is that the kernel gets to generate the address -- arch_get_unmapped_area() will always check for MAP_FIXED and return that address. So by the time we do security_mmap_addr(0) things get funky for shmat(). The testcase itself shows that while a regular user crashes, root will not have a problem attaching a nil-page. There are two possible fixes to this. The first, and which this patch does, is to simply allow root to crash as well -- this is also regular mmap behavior, ie when hacking up the testcase and adding mmap(... |MAP_FIXED). While this approach is the safer option, the second alternative is to ignore SHM_RND if the rounded address is 0, thus only having MAP_SHARED flags. This makes the behavior of shmat() identical to the mmap() case. The downside of this is obviously user visible, but does make sense in that it maintains semantics after the round-down wrt 0 address and mmap. Passes shm related ltp tests. Link: http://lkml.kernel.org/r/1486050195-18629-1-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Reported-by: Gareth Evans Cc: Manfred Spraul Cc: Michael Kerrisk Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/shm.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit eac0b1c3681676f83d154915723f2853c38d5d1b Author: Luc Van Oostenryck Date: Mon Feb 27 14:28:21 2017 -0800 ipc/mqueue: add missing sparse annotation Link: http://lkml.kernel.org/r/20170128235704.45302-1-luc.vanoostenryck@gmail.com Signed-off-by: Luc Van Oostenryck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/mqueue.c | 1 + 1 file changed, 1 insertion(+) commit 9de5ab8a2eeea9ae4b63b6f6353b415b93e020c0 Author: Manfred Spraul Date: Mon Feb 27 14:28:18 2017 -0800 ipc/sem: add hysteresis sysv sem has two lock modes: One with per-semaphore locks, one lock mode with a single global lock for the whole array. When switching from the per-semaphore locks to the global lock, all per-semaphore locks must be scanned for ongoing operations. The patch adds a hysteresis for switching from the global lock to the per semaphore locks. This reduces how often the per-semaphore locks must be scanned. Compared to the initial patch, this is a simplified solution: Setting USE_GLOBAL_LOCK_HYSTERESIS to 1 restores the current behavior. In theory, a workload with exactly 10 simple sops and then one complex op now scales a bit worse, but this is pure theory: If there is concurrency, the it won't be exactly 10:1:10:1:10:1:... If there is no concurrency, then there is no need for scalability. Link: http://lkml.kernel.org/r/1476851896-3590-3-git-send-email-manfred@colorfullife.com Signed-off-by: Manfred Spraul Cc: Peter Zijlstra Cc: Davidlohr Bueso Cc: Thomas Gleixner Cc: Ingo Molnar Cc: H. Peter Anvin Cc: <1vier1@web.de> Cc: kernel test robot Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/sem.h | 2 +- ipc/sem.c | 86 +++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 62 insertions(+), 26 deletions(-) commit 27d7be1801a4824ecccbc735593101d72c038f13 Author: Manfred Spraul Date: Mon Feb 27 14:28:15 2017 -0800 ipc/sem.c: avoid using spin_unlock_wait() a) The ACQUIRE in spin_lock() applies to the read, not to the store, at least for powerpc. This forces to add a smp_mb() into the fast path. b) The memory barrier provided by spin_unlock_wait() is right now arch dependent. Therefore: Use spin_lock()/spin_unlock() instead of spin_unlock_wait(). Advantage: faster single op semop calls(), observed +8.9% on x86. (the other solution would be arch dependencies in ipc/sem). Disadvantage: slower complex op semop calls, if (and only if) there are no sleeping operations. The next patch adds hysteresis, this further reduces the probability that the slow path is used. Link: http://lkml.kernel.org/r/1476851896-3590-2-git-send-email-manfred@colorfullife.com Signed-off-by: Manfred Spraul Cc: Peter Zijlstra Cc: Davidlohr Bueso Cc: Thomas Gleixner Cc: Ingo Molnar Cc: H. Peter Anvin Cc: <1vier1@web.de> Cc: kernel test robot Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) commit 08865514805d2de8e7002fa8149c5de3e391f412 Author: Lokesh Vutla Date: Mon Feb 27 14:28:12 2017 -0800 initramfs: finish fput() before accessing any binary from initramfs Commit 4a9d4b024a31 ("switch fput to task_work_add") implements a schedule_work() for completing fput(), but did not guarantee calling __fput() after unpacking initramfs. Because of this, there is a possibility that during boot a driver can see ETXTBSY when it tries to load a binary from initramfs as fput() is still pending on that binary. This patch makes sure that fput() is completed after unpacking initramfs and removes the call to flush_delayed_fput() in kernel_init() which happens very late after unpacking initramfs. Link: http://lkml.kernel.org/r/20170201140540.22051-1-lokeshvutla@ti.com Signed-off-by: Lokesh Vutla Reported-by: Murali Karicheri Cc: Al Viro Cc: Tero Kristo Cc: Sekhar Nori Cc: Nishanth Menon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds init/initramfs.c | 2 ++ init/main.c | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) commit 7bcae82621df080a35cb5e708ef333a821effd96 Author: Randy Dunlap Date: Mon Feb 27 14:28:09 2017 -0800 lib/fonts/Kconfig: keep non-Sparc fonts listed together Keep fonts together and indented (in menu) as much as possible. This moves the Sparc font choices to the end of the menu since they have different dependencies. Link: http://lkml.kernel.org/r/de6d8977-c6d6-a82d-c953-f2a2fefdb8a5@infradead.org Signed-off-by: Randy Dunlap Cc: Geert Uytterhoeven Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/fonts/Kconfig | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 0d31a194d517ce77a1c3a06cd8708184bb6e7862 Author: Amit Pundir Date: Mon Feb 27 14:28:06 2017 -0800 config: android-base: enable hardened usercopy and kernel ASLR Enable CONFIG_HARDENED_USERCOPY and CONFIG_RANDOMIZE_BASE in Android base config fragment. Reviewed at https://android-review.googlesource.com/#/c/283659/ Reviewed at https://android-review.googlesource.com/#/c/278133/ Link: http://lkml.kernel.org/r/1481113148-29204-2-git-send-email-amit.pundir@linaro.org Signed-off-by: Amit Pundir Cc: Rob Herring Cc: John Stultz Cc: Daniel Micay Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/configs/android-base.config | 2 ++ 1 file changed, 2 insertions(+) commit 2d75cb59a5c6ade417d3c8b7f3654408ca6a71d5 Author: Daniel Micay Date: Mon Feb 27 14:28:03 2017 -0800 config: android-recommended: disable aio support The aio interface adds substantial attack surface for a feature that's not being exposed by Android at all. It's unlikely that anyone is using the kernel feature directly either. This feature is rarely used even on servers. The glibc POSIX aio calls really use thread pools. The lack of widespread usage also means this is relatively poorly audited/tested. The kernel's aio rarely provides performance benefits over using a thread pool and is quite incomplete in terms of system call coverage along with having edge cases where blocking can occur. Part of the performance issue is the fact that it only supports direct io, not buffered io. The existing API is considered fundamentally flawed and it's unlikely it will be expanded, but rather replaced: https://marc.info/?l=linux-aio&m=145255815216051&w=2 Since ext4 encryption means no direct io support, kernel aio isn't even going to work properly on Android devices using file-based encryption. Reviewed-at: https://android-review.googlesource.com/#/c/292158/ Link: http://lkml.kernel.org/r/1481113148-29204-1-git-send-email-amit.pundir@linaro.org Signed-off-by: Daniel Micay Signed-off-by: Amit Pundir Cc: Rob Herring Cc: John Stultz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/configs/android-recommended.config | 1 + 1 file changed, 1 insertion(+) commit b3b42c0deaa1a2fb84508b808385b8a78819f4df Author: Fabian Frederick Date: Mon Feb 27 14:28:00 2017 -0800 fs/affs: make export work with cold dcache This adds get_parent function so that nfs client can still work after cache drop (Tested on NFS v4 with echo 3 > /proc/sys/vm/drop_caches) [weiyongjun1@huawei.com: fix return value check in affs_get_parent()] Link: http://lkml.kernel.org/r/20170123141018.2331-1-weiyj.lk@gmail.com Link: http://lkml.kernel.org/r/20170109191208.6085-8-fabf@skynet.be Signed-off-by: Fabian Frederick Signed-off-by: Wei Yongjun Suggested-by: Alexander Viro Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/affs/namei.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit f567accb3ff4a6ac9a2a50d33e29a076afc7dd2e Author: Fabian Frederick Date: Mon Feb 27 14:27:57 2017 -0800 fs/affs/namei.c: forward declarations clean-up Move dentry_operations structures and remove forward declarations. Link: http://lkml.kernel.org/r/20170109191208.6085-7-fabf@skynet.be Signed-off-by: Fabian Frederick Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/affs/namei.c | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) commit c1618208511f070883a3d079ef7f78024e7faf90 Author: Fabian Frederick Date: Mon Feb 27 14:27:54 2017 -0800 fs/affs: add prefix to some functions secs_to_datestamp(time64_t secs, struct affs_date *ds); prot_to_mode(u32 prot); mode_to_prot(struct inode *inode); were declared without affs_ prefix Link: http://lkml.kernel.org/r/20170109191208.6085-6-fabf@skynet.be Signed-off-by: Fabian Frederick Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/affs/affs.h | 6 +++--- fs/affs/amigaffs.c | 6 +++--- fs/affs/inode.c | 9 +++++---- fs/affs/namei.c | 6 +++--- fs/affs/super.c | 2 +- 5 files changed, 15 insertions(+), 14 deletions(-) commit 1bafd6f164d9ec9bf2fa9829051fbeb36342be0b Author: Fabian Frederick Date: Mon Feb 27 14:27:52 2017 -0800 fs/affs: use octal for permissions According to commit f90774e1fd27 ("checkpatch: look for symbolic permissions and suggest octal instead") Link: http://lkml.kernel.org/r/20170109191208.6085-5-fabf@skynet.be Signed-off-by: Fabian Frederick Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/affs/amigaffs.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) commit ed4433d72394131244276d6e7590a7b24a2c9f64 Author: Fabian Frederick Date: Mon Feb 27 14:27:49 2017 -0800 fs/affs: make affs exportable Add standard functions making AFFS work with NFS. Functions based on ext4 implementation. Tested on loop device. Link: http://lkml.kernel.org/r/20170109191208.6085-4-fabf@skynet.be Signed-off-by: Fabian Frederick Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/affs/affs.h | 1 + fs/affs/namei.c | 40 ++++++++++++++++++++++++++++++++++++++++ fs/affs/super.c | 1 + 3 files changed, 42 insertions(+) commit d5de9fd594eba1b94f0ef701c044f567f605bc9e Author: Fabian Frederick Date: Mon Feb 27 14:27:46 2017 -0800 fs/affs: add validation block function Avoid repeating 4 times the same calculation. Link: http://lkml.kernel.org/r/20170109191208.6085-3-fabf@skynet.be Signed-off-by: Fabian Frederick Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/affs/affs.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit 7981a05a0edecab540611785063a8facafd2b46d Author: Fabian Frederick Date: Mon Feb 27 14:27:43 2017 -0800 fs/affs: remove reference to affs_parent_ino() Patch series "make FS exportable plus some clean-up", v7. This small patchset makes AFFS work with NFS for standard operations. THis patch (of 7): affs_parent_ino() was removed a long time ago. Link: http://lkml.kernel.org/r/20170109191208.6085-2-fabf@skynet.be Signed-off-by: Fabian Frederick Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/affs/affs.h | 1 - 1 file changed, 1 deletion(-) commit c857ab640c0cddf451cf743f1b70f9ad7f103090 Author: Cyrill Gorcunov Date: Mon Feb 27 14:27:40 2017 -0800 fs,eventpoll: don't test for bitfield with stack value In case if epoll_ctl is called with operation EPOLL_CTL_DEL then @epds.events variable allocated on stack may contain random bits which we test then for EPOLLEXCLUSIVE. Since currently the test look like if (epds.events & EPOLLEXCLUSIVE) { if (op == EPOLL_CTL_MOD) goto error_tgt_fput; if (op == EPOLL_CTL_ADD && (is_file_epoll(tf.file) || (epds.events & ~EPOLLEXCLUSIVE_OK_BITS))) goto error_tgt_fput; } Nothing serious will happen even if epds.events has this bit set, still better to be on safe side and make sure that we're to test this bit at all. Link: http://lkml.kernel.org/r/20170214154935.GG1850@uranus.lan Signed-off-by: Cyrill Gorcunov Cc: Al Viro Cc: Andrey Vagin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/eventpoll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e3b5a342ab9643b4079c8d417d90519388469341 Author: Tetsuo Handa Date: Mon Feb 27 14:27:37 2017 -0800 include/linux/pid.h: use for_each_thread() in do_each_pid_thread() while_each_pid_thread() is using while_each_thread(), which is unsafe under RCU lock according to commit 0c740d0afc3b ("introduce for_each_thread() to replace the buggy while_each_thread()"). Use for_each_thread() in do_each_pid_thread() which is safe under RCU lock. Link: http://lkml.kernel.org/r/201702011947.DBD56740.OMVHOLOtSJFFFQ@I-love.SAKURA.ne.jp Link: http://lkml.kernel.org/r/1486041779-4401-2-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa Cc: Oleg Nesterov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/pid.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 369f2679f7e73996bf29ecd3ec79df3cce1be27d Author: Lorenzo Stoakes Date: Mon Feb 27 14:27:34 2017 -0800 rapidio: use get_user_pages_unlocked() Moving from get_user_pages() to get_user_pages_unlocked() simplifies the code and takes advantage of VM_FAULT_RETRY functionality when faulting in pages. Link: http://lkml.kernel.org/r/20170103205024.6704-1-lstoakes@gmail.com Signed-off-by: Lorenzo Stoakes Acked-by: Alexandre Bounine Cc: Matt Porter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/rapidio/devices/rio_mport_cdev.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 464920104bf7adac12722035bfefb3d772eb04d8 Author: Pratyush Anand Date: Mon Feb 27 14:27:31 2017 -0800 /proc/kcore: update physical address for kcore ram and text Currently all the p_paddr of PT_LOAD headers are assigned to 0, which is not true and could be misleading, since 0 is a valid physical address. User space tools like makedumpfile needs to know physical address for PT_LOAD segments of direct mapped regions. Therefore this patch updates paddr for such regions. It also sets an invalid paddr (-1) for other regions, so that user space tool can know whether a physical address provided in PT_LOAD is correct or not. I do not know why it was 0, which is a valid physical address. But certainly, it might break some user space tools, and those need to be fixed. For example, see following code from kexec-tools kexec/kexec-elf.c:build_mem_phdrs() if ((phdr->p_paddr + phdr->p_memsz) < phdr->p_paddr) { /* The memory address wraps */ if (probe_debug) { fprintf(stderr, "ELF address wrap around\n"); } return -1; } We do not need to perform above check for an invalid physical address. I think, kexec-tools and makedumpfile will need fixup. I already have those fixup which will be sent upstream once this patch makes through. Pro with this approach is that, it will help to calculate variable like page_offset, phys_base from PT_LOAD even when they are randomized and therefore will reduce many variable and version specific values in user space tools. Having an ASLR offset information can help to translate an identity mapped virtual address to a physical address. But that would be an additional field in PT_LOAD header structure and an arch dependent value. Moreover, sending a valid physical address like 0 does not seem right. So, IMHO it is better to fix that and send valid physical address when available (identity mapped). Link: http://lkml.kernel.org/r/f951340d2917cdd2a329fae9837a83f2059dc3b2.1485318868.git.panand@redhat.com Signed-off-by: Pratyush Anand Cc: Baoquan He Cc: Dave Young Cc: Dave Anderson Cc: Atsushi Kumagai Cc: Simon Horman Cc: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/kcore.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 0c49ad4155122ae7684cc744bc5a181ba28518b5 Author: Stas Sergeev Date: Mon Feb 27 14:27:28 2017 -0800 tools/testing/selftests/sigaltstack/sas.c: improve output of sigaltstack testcase Currently it uses %i for bitmasks, which makes it difficult to properly decode the values. Use %x instead. Link: http://lkml.kernel.org/r/b7b4c45d-2f21-de6c-d1c8-16c8386da27c@list.ru Signed-off-by: Stas Sergeev Cc: Shuah Khan Cc: Ingo Molnar Cc: Andy Lutomirski Cc: Oleg Nesterov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/sigaltstack/sas.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 441398d378f29a5ad6d0fcda07918e54e4961800 Author: Stas Sergeev Date: Mon Feb 27 14:27:25 2017 -0800 sigaltstack: support SS_AUTODISARM for CONFIG_COMPAT Currently SS_AUTODISARM is not supported in compatibility mode, but does not return -EINVAL either. This makes dosemu built with -m32 on x86_64 to crash. Also the kernel's sigaltstack selftest fails if compiled with -m32. This patch adds the needed support. Link: http://lkml.kernel.org/r/20170205101213.8163-2-stsp@list.ru Signed-off-by: Stas Sergeev Cc: Milosz Tanski Cc: Andy Lutomirski Cc: Al Viro Cc: Arnd Bergmann Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Oleg Nesterov Cc: Nicolas Pitre Cc: Waiman Long Cc: Dave Hansen Cc: Dmitry Safonov Cc: Wang Xiaoqiang Cc: Oleg Nesterov Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/compat.h | 4 +++- kernel/signal.c | 11 +++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) commit b899ba7d8c71e2e1c2be281222877c7a1c2ba60d Author: Fabian Frederick Date: Mon Feb 27 14:27:22 2017 -0800 fs/reiserfs: atomically read inode size See i_size_read() comments in include/linux/fs.h Link: http://lkml.kernel.org/r/20170123174701.30394-1-fabf@skynet.be Signed-off-by: Fabian Frederick Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/reiserfs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a3f2235012cbafdfc0863367c88e29ed789a24f6 Author: Fabian Frederick Date: Mon Feb 27 14:27:19 2017 -0800 hfsplus: atomically read inode size See i_size_read() comments in include/linux/fs.h Link: http://lkml.kernel.org/r/20170123175338.3840-1-fabf@skynet.be Signed-off-by: Fabian Frederick Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/hfsplus/wrapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 092a53452bb7a6ca436b2d3859e7b1f1ec45479f Author: Ian Kent Date: Mon Feb 27 14:27:16 2017 -0800 autofs: take more care to not update last_used on path walk GUI environments seem to be becoming more agressive at scanning filesystems, to the point where autofs cannot expire mounts at all. This is one key reason the update of the autofs dentry info last_used field is done in the expire system when the dentry is seen to be in use. But somewhere along the way instances of the update has crept back into the autofs path walk functions which, with the more aggressive file access patterns, is preventing expiration. Changing the update in the path walk functions allows autofs to at least make progress in spite of frequent immediate re-mounts from file accesses. Link: http://lkml.kernel.org/r/148577167169.9801.1377050092212016834.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Tomohiro Kusumi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/root.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 3bb2fbdaba16386f520b5750d649a30643a4ab9e Author: Tomohiro Kusumi Date: Mon Feb 27 14:27:14 2017 -0800 autofs: remove duplicated AUTOFS_DEV_IOCTL_SIZE definition This macro is already defined in uapi header. Also use this macro where possible. Link: http://lkml.kernel.org/r/148577166656.9801.10322423666945951186.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/autofs4/dev-ioctl.c | 2 -- include/uapi/linux/auto_dev-ioctl.h | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) commit 0fae77feca339699dbd6c079ded37bbd72432eb3 Author: Tomohiro Kusumi Date: Mon Feb 27 14:27:11 2017 -0800 autofs: add command enum/macros for root-dir ioctls Sync root-dir ioctl with misc-char-dev ioctl's enum/macro format since these two types of ioctls aren't completely independent of each other in terms of command nr. No functional changes. Link: http://lkml.kernel.org/r/148577166143.9801.15511796506678428145.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/uapi/linux/auto_dev-ioctl.h | 2 -- include/uapi/linux/auto_fs.h | 25 ++++++++++++++++++------- include/uapi/linux/auto_fs4.h | 16 +++++++++++----- 3 files changed, 29 insertions(+), 14 deletions(-) commit 88488080946c2da0d998a3ac0a0a5aebf8dc62c8 Author: Tomohiro Kusumi Date: Mon Feb 27 14:27:08 2017 -0800 autofs: update ioctl documentation regarding struct autofs_dev_ioctl This is the same as bf72eda5 except that it's a different file. Sync documentation with changes made by 730c9eec in 2009. Link: http://lkml.kernel.org/r/148577165630.9801.6081791213151121657.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds .../filesystems/autofs4-mount-control.txt | 1 + Documentation/filesystems/autofs4.txt | 32 ++++++++++++++-------- 2 files changed, 22 insertions(+), 11 deletions(-) commit c5dd2ea06475850c8eeea574020dc9b29dc883eb Author: Tomohiro Kusumi Date: Mon Feb 27 14:27:05 2017 -0800 autofs: fix wrong ioctl documentation regarding devid This is the same as d8732841 except that it's a different file. A caller has no devid input, and devid is obtained via superblock. Link: http://lkml.kernel.org/r/148577165119.9801.16967562019122274820.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/filesystems/autofs4.txt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit d0846dd5af4a92d8a97b7689a870d2098dc6aba5 Author: Tomohiro Kusumi Date: Mon Feb 27 14:27:02 2017 -0800 autofs: fix typo in Documentation Link: http://lkml.kernel.org/r/148577164606.9801.12571810310561599401.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/filesystems/autofs4.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 8723890d1d5d9216634ed662e55ee5bdacbe1ac7 Author: Tomohiro Kusumi Date: Mon Feb 27 14:26:59 2017 -0800 autofs: remove wrong comment This format seems to have been taken from device mapper header, but autofs has no such file:function in both kernel and userspace. Link: http://lkml.kernel.org/r/148577164094.9801.4775075118014742496.stgit@pluto.themaw.net Signed-off-by: Tomohiro Kusumi Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/uapi/linux/auto_dev-ioctl.h | 4 ---- 1 file changed, 4 deletions(-) commit 7d134b2ce639448199052fd573a324f7e7cd5ed8 Author: Luis R. Rodriguez Date: Mon Feb 27 14:26:56 2017 -0800 kprobes: move kprobe declarations to asm-generic/kprobes.h Often all is needed is these small helpers, instead of compiler.h or a full kprobes.h. This is important for asm helpers, in fact even some asm/kprobes.h make use of these helpers... instead just keep a generic asm file with helpers useful for asm code with the least amount of clutter as possible. Likewise we need now to also address what to do about this file for both when architectures have CONFIG_HAVE_KPROBES, and when they do not. Then for when architectures have CONFIG_HAVE_KPROBES but have disabled CONFIG_KPROBES. Right now most asm/kprobes.h do not have guards against CONFIG_KPROBES, this means most architecture code cannot include asm/kprobes.h safely. Correct this and add guards for architectures missing them. Additionally provide architectures that not have kprobes support with the default asm-generic solution. This lets us force asm/kprobes.h on the header include/linux/kprobes.h always, but most importantly we can now safely include just asm/kprobes.h on architecture code without bringing the full kitchen sink of header files. Two architectures already provided a guard against CONFIG_KPROBES on its kprobes.h: sh, arch. The rest of the architectures needed gaurds added. We avoid including any not-needed headers on asm/kprobes.h unless kprobes have been enabled. In a subsequent atomic change we can try now to remove compiler.h from include/linux/kprobes.h. During this sweep I've also identified a few architectures defining a common macro needed for both kprobes and ftrace, that of the definition of the breakput instruction up. Some refer to this as BREAKPOINT_INSTRUCTION. This must be kept outside of the #ifdef CONFIG_KPROBES guard. [mcgrof@kernel.org: fix arm64 build] Link: http://lkml.kernel.org/r/CAB=NE6X1WMByuARS4mZ1g9+W=LuVBnMDnh_5zyN0CLADaVh=Jw@mail.gmail.com [sfr@canb.auug.org.au: fixup for kprobes declarations moving] Link: http://lkml.kernel.org/r/20170214165933.13ebd4f4@canb.auug.org.au Link: http://lkml.kernel.org/r/20170203233139.32682-1-mcgrof@kernel.org Signed-off-by: Luis R. Rodriguez Signed-off-by: Stephen Rothwell Acked-by: Masami Hiramatsu Cc: Arnd Bergmann Cc: Masami Hiramatsu Cc: Ananth N Mavinakayanahalli Cc: Anil S Keshavamurthy Cc: David S. Miller Cc: Ingo Molnar Cc: Thomas Gleixner Cc: H. Peter Anvin Cc: Andy Lutomirski Cc: Steven Rostedt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds MAINTAINERS | 1 + arch/alpha/include/asm/Kbuild | 1 + arch/arc/include/asm/kprobes.h | 6 ++++-- arch/arm/include/asm/kprobes.h | 4 ++++ arch/arm/probes/decode.h | 1 + arch/arm64/include/asm/kprobes.h | 4 ++++ arch/arm64/kernel/armv8_deprecated.c | 1 + arch/arm64/kernel/insn.c | 1 + arch/arm64/kernel/probes/decode-insn.h | 2 ++ arch/avr32/include/asm/kprobes.h | 7 ++++++- arch/blackfin/include/asm/Kbuild | 1 + arch/c6x/include/asm/Kbuild | 1 + arch/cris/include/asm/Kbuild | 1 + arch/frv/include/asm/Kbuild | 1 + arch/h8300/include/asm/Kbuild | 1 + arch/hexagon/include/asm/Kbuild | 1 + arch/ia64/include/asm/kprobes.h | 12 +++++++++--- arch/m32r/include/asm/Kbuild | 1 + arch/m68k/include/asm/Kbuild | 1 + arch/metag/include/asm/Kbuild | 1 + arch/microblaze/include/asm/Kbuild | 1 + arch/mips/include/asm/kprobes.h | 6 +++++- arch/mn10300/include/asm/kprobes.h | 7 ++++++- arch/nios2/include/asm/Kbuild | 1 + arch/openrisc/include/asm/Kbuild | 1 + arch/parisc/include/asm/Kbuild | 1 + arch/powerpc/include/asm/kprobes.h | 3 +++ arch/powerpc/lib/code-patching.c | 1 + arch/s390/include/asm/kprobes.h | 7 ++++++- arch/score/include/asm/Kbuild | 1 + arch/sh/include/asm/kprobes.h | 5 ++++- arch/sparc/include/asm/kprobes.h | 10 ++++++++-- arch/tile/include/asm/kprobes.h | 6 +++++- arch/um/include/asm/Kbuild | 1 + arch/unicore32/include/asm/Kbuild | 1 + arch/x86/include/asm/kprobes.h | 9 ++++++++- arch/xtensa/include/asm/Kbuild | 1 + include/asm-generic/kprobes.h | 25 +++++++++++++++++++++++++ include/linux/compiler.h | 8 -------- include/linux/kprobes.h | 19 +++---------------- 40 files changed, 125 insertions(+), 38 deletions(-) commit fd5bb66cd934987e49557455b6497fc006521940 Author: Dan Streetman Date: Mon Feb 27 14:26:53 2017 -0800 zswap: don't param_set_charp while holding spinlock Change the zpool/compressor param callback function to release the zswap_pools_lock spinlock before calling param_set_charp, since that function may sleep when it calls kmalloc with GFP_KERNEL. While this problem has existed for a while, I wasn't able to trigger it using a tight loop changing either/both the zpool and compressor params; I think it's very unlikely to be an issue on the stable kernels, especially since most zswap users will change the compressor and/or zpool from sysfs only one time each boot - or zero times, if they add the params to the kernel boot. Fixes: c99b42c3529e ("zswap: use charp for zswap param strings") Link: http://lkml.kernel.org/r/20170126155821.4545-1-ddstreet@ieee.org Signed-off-by: Dan Streetman Reported-by: Sergey Senozhatsky Cc: Michal Hocko Cc: Minchan Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/zswap.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit bae21db88b7075662f28a0aa57e97016a2fdabfd Author: Dan Streetman Date: Mon Feb 27 14:26:50 2017 -0800 zswap: clear compressor or zpool param if invalid at init If either the compressor and/or zpool param are invalid at boot, and their default value is also invalid, set the param to the empty string to indicate there is no compressor and/or zpool configured. This allows users to check the sysfs interface to see which param needs changing. Link: http://lkml.kernel.org/r/20170124200259.16191-4-ddstreet@ieee.org Signed-off-by: Dan Streetman Cc: Seth Jennings Cc: Michal Hocko Cc: Sergey Senozhatsky Cc: Minchan Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/zswap.c | 49 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 12 deletions(-) commit ae3d89a7e0871bc7b57ef8d3c4dd7fdda43c285c Author: Dan Streetman Date: Mon Feb 27 14:26:47 2017 -0800 zswap: allow initialization at boot without pool Allow zswap to initialize at boot even if it can't create its pool due to a failure to create a zpool and/or compressor. Allow those to be created later, from the sysfs module param interface. Link: http://lkml.kernel.org/r/20170124200259.16191-3-ddstreet@ieee.org Signed-off-by: Dan Streetman Cc: Seth Jennings Cc: Michal Hocko Cc: Sergey Senozhatsky Cc: Minchan Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/zswap.c | 46 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) commit 01cddfe99008da87dd4f6b8fbfa31e09257b9133 Author: Arnd Bergmann Date: Mon Feb 27 14:26:44 2017 -0800 mm,fs,dax: mark dax_iomap_pmd_fault as const The two alternative implementations of dax_iomap_fault have different prototypes, and one of them is obviously wrong as seen from this build warning: fs/dax.c: In function 'dax_iomap_fault': fs/dax.c:1462:35: error: passing argument 2 of 'dax_iomap_pmd_fault' discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers] This marks the argument 'const' as in all the related functions. Fixes: a2d581675d48 ("mm,fs,dax: change ->pmd_fault to ->huge_fault") Link: http://lkml.kernel.org/r/20170227203349.3318733-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a44ddbcbbd72ba8569df1ecbb4b1372506454dff Merge: 45554b2 888022c Author: Dave Airlie Date: Tue Feb 28 12:28:00 2017 +1000 Merge tag 'drm-misc-next-fixes-2017-02-27' of git://anongit.freedesktop.org/git/drm-misc into drm-next Misc fixes for the 4.11 merge window. - vmwgfx drm_control node compat patch - rockchip&zte fix - compat32 support for dma-buf ioctl (cc: stable ofc, since this is a massive fumble. oops) * tag 'drm-misc-next-fixes-2017-02-27' of git://anongit.freedesktop.org/git/drm-misc: dma-buf: add support for compat ioctl drm/vmwgfx: Work around drm removal of control nodes drm/rockchip: cdn-dp: Fix error handling drm/rockchip: add extcon dependency for DP drm: zte: fix static checker warning on variable 'fmt' commit 96297aee8bce237961b0e1b99e22913c5726af12 Author: Bhumika Goyal Date: Fri Dec 30 14:50:02 2016 +0530 ide: palm_bk3710: add __initdata to palm_bk3710_port_info The object palm_bk3710_port_info of type ide_port_info is never referenced anywhere after initialization by palm_bk3710_probe. It is also passed as a parameter to ide_host_add which is called from the init function but this call doesn't store the object reference anywhere, and it only dereferences the values of the fields. Therefore add __initdata to its declaration. Signed-off-by: Bhumika Goyal Signed-off-by: David S. Miller drivers/ide/palm_bk3710.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ff7d11797e728efbd1da8cfaa6f7c37585784ca5 Author: Trond Myklebust Date: Wed Feb 22 18:35:33 2017 -0500 nfsd: Fix display of the version string The current display code assumes that v4 minor version 0 is tracked by the call to nfsd_vers(). Now it is tracked by nfsd_minorversion(), and so we need to adjust the display code. Signed-off-by: Trond Myklebust Signed-off-by: J. Bruce Fields fs/nfsd/nfsctl.c | 56 ++++++++++++++++++++++++++------------------------------ 1 file changed, 26 insertions(+), 30 deletions(-) commit d3635ff07e8ca598d44f72bbf5d6c65b8ebeeb46 Author: Trond Myklebust Date: Wed Feb 22 18:35:32 2017 -0500 nfsd: fix configuration of supported minor versions When the user turns off all minor versions of NFSv4, that should be equivalent to turning off NFSv4 support, so a mount attempt using NFSv4 should get RPC_PROG_MISMATCH, not NFSERR_MINOR_VERS_MISMATCH. Allow the user to use either '4.0' or '4' to enable or disable minor version 0. Other minor versions are still enabled or disabled using the '4.x' format. Signed-off-by: Trond Myklebust Signed-off-by: J. Bruce Fields fs/nfsd/nfsctl.c | 16 ++++++++-------- fs/nfsd/nfssvc.c | 14 ++++++++++++++ 2 files changed, 22 insertions(+), 8 deletions(-) commit dcc235279a52d49023d4f1af7c3ed468a97015ae Author: Arnd Bergmann Date: Mon Feb 27 21:29:03 2017 +0100 gcc-plugins: fix sancov_plugin for gcc-5 The name of the local variable was inadvertantly changed from sancov_plugin_pass_info to sancov_pass_info: scripts/gcc-plugins/sancov_plugin.c: In function ‘int plugin_init(plugin_name_args*, plugin_gcc_version*)’: scripts/gcc-plugins/sancov_plugin.c:136:67: error: ‘sancov_plugin_pass_info’ was not declared in this scope This changes the conditional reference to this variable as well. Fixes: 5a45a4c5c3f5 ("gcc-plugins: consolidate on PASS_INFO macro") Signed-off-by: Arnd Bergmann Signed-off-by: Kees Cook scripts/gcc-plugins/sancov_plugin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 41139ac3cd76c6dff8286102a8ac62933c680463 Author: Huang Ying Date: Mon Feb 20 09:12:58 2017 +0800 ACPI: APEI: Fix BERT resources conflict with ACPI NVS area It was reported that on some machines, there is overlap between ACPI NVS area and BERT address range. This appears reasonable because BERT contents need to be non-volatile across reboot. But this will cause resources conflict in current Linux kernel implementation because the ACPI NVS area is marked as busy. The resource conflict is fixed via excluding the ACPI NVS area when requesting IO resources for BERT. When accessing the BERT contents, the whole BERT address range will be ioremapped and accessed. Reported-and-tested-by: Hans Kristian Rosbach Signed-off-by: Ying Huang Acked-by: Borislav Petkov Signed-off-by: Rafael J. Wysocki drivers/acpi/apei/bert.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) commit 8b107f5b97772c7c0c218302e9a4d15b4edf50b4 Author: Jaegeuk Kim Date: Mon Feb 27 11:57:11 2017 -0800 f2fs: avoid to issue redundant discard commands If segs_per_sec is over 1 like under SMR, previously f2fs issues discard commands redundantly on the same section, since we didn't move end position for the previous discard command. E.g., start end | | prefree_bitmap = [01111100111100] And, after issue discard for this section, end start | | prefree_bitmap = [01111100111100] Select this section again by searching from (end + 1), start end | | prefree_bitmap = [01111100111100] Fixes: 36abef4e796d38 ("f2fs: introduce mode=lfs mount option") Cc: Cc: Damien Le Moal Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 2 ++ 1 file changed, 2 insertions(+) commit 45554b2357d5782497e59f09146cc3636d6ad551 Merge: 79b17ea f447c19 Author: Linus Torvalds Date: Mon Feb 27 13:36:19 2017 -0800 Merge tag 'trace-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull another tracing update from Steven Rostedt: "Commit 79c6f448c8b79c ("tracing: Fix hwlat kthread migration") fixed a bug that was caused by a race condition in initializing the hwlat thread. When fixing this code, I realized that it should have been done differently. Instead of doing the rewrite and sending that to stable, I just sent the above commit to fix the bug that should be back ported. This commit is on top of the quick fix commit to rewrite the code the way it should have been written in the first place" * tag 'trace-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Clean up the hwlat binding code commit 79b17ea740d9fab178d6a1aa15d848b5e6c01b82 Merge: e5d56ef 67d04bb Author: Linus Torvalds Date: Mon Feb 27 13:26:17 2017 -0800 Merge tag 'trace-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing updates from Steven Rostedt: "This release has no new tracing features, just clean ups, minor fixes and small optimizations" * tag 'trace-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: (25 commits) tracing: Remove outdated ring buffer comment tracing/probes: Fix a warning message to show correct maximum length tracing: Fix return value check in trace_benchmark_reg() tracing: Use modern function declaration jump_label: Reduce the size of struct static_key tracing/probe: Show subsystem name in messages tracing/hwlat: Update old comment about migration timers: Make flags output in the timer_start tracepoint useful tracing: Have traceprobe_probes_write() not access userspace unnecessarily tracing: Have COMM event filter key be treated as a string ftrace: Have set_graph_function handle multiple functions in one write ftrace: Do not hold references of ftrace_graph_{notrace_}hash out of graph_lock tracing: Reset parser->buffer to allow multiple "puts" ftrace: Have set_graph_functions handle write with RDWR ftrace: Reset fgd->hash in ftrace_graph_write() ftrace: Replace (void *)1 with a meaningful macro name FTRACE_GRAPH_EMPTY ftrace: Create a slight optimization on searching the ftrace_hash tracing: Add ftrace_hash_key() helper function ftrace: Convert graph filter to use hash tables ftrace: Expose ftrace_hash_empty and ftrace_lookup_ip ... commit ef6ebf324216eaea95ff30da5a8e78e2a4311eba Merge: 6288d6e 263d399 Author: Chris Mason Date: Mon Feb 27 13:11:53 2017 -0800 Merge branch 'for-chris-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/fdmanana/linux into for-linus-4.11 commit 0d9f0a52c8b9f7a003fe1650b7d5fb8518efabe0 Author: Christoph Hellwig Date: Sun Feb 5 18:15:26 2017 +0100 virtio_scsi: use virtio IRQ affinity Use automatic IRQ affinity assignment in the virtio layer if available, and build the blk-mq queues based on it. Signed-off-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin drivers/scsi/virtio_scsi.c | 126 +++++---------------------------------------- include/linux/cpuhotplug.h | 1 - 2 files changed, 12 insertions(+), 115 deletions(-) commit ad71473d9c43725c917fc5a86d54ceb7001ee28c Author: Christoph Hellwig Date: Sun Feb 5 18:15:25 2017 +0100 virtio_blk: use virtio IRQ affinity Use automatic IRQ affinity assignment in the virtio layer if available, and build the blk-mq queues based on it. Signed-off-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin drivers/block/virtio_blk.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 73473427bb551686e4b68ecd99bfd27e6635286a Author: Christoph Hellwig Date: Sun Feb 5 18:15:24 2017 +0100 blk-mq: provide a default queue mapping for virtio device Similar to the PCI version, just calling into virtio instead. Signed-off-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin block/Kconfig | 5 ++++ block/Makefile | 1 + block/blk-mq-virtio.c | 54 +++++++++++++++++++++++++++++++++++++++++++ include/linux/blk-mq-virtio.h | 10 ++++++++ 4 files changed, 70 insertions(+) commit bbaba479563910aaa51e59bb9027a09e396d3a3c Author: Christoph Hellwig Date: Sun Feb 5 18:15:23 2017 +0100 virtio: provide a method to get the IRQ affinity mask for a virtqueue This basically passed up the pci_irq_get_affinity information through virtio through an optional get_vq_affinity method. It is only implemented by the PCI backend for now, and only when we use per-virtqueue IRQs. Signed-off-by: Christoph Hellwig Reviewed-by: Jason Wang Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 11 +++++++++++ drivers/virtio/virtio_pci_common.h | 2 ++ drivers/virtio/virtio_pci_legacy.c | 1 + drivers/virtio/virtio_pci_modern.c | 2 ++ include/linux/virtio_config.h | 3 +++ 5 files changed, 19 insertions(+) commit fb5e31d970ce8b4941f03ed765d7dbefc39f22d9 Author: Christoph Hellwig Date: Sun Feb 5 18:15:22 2017 +0100 virtio: allow drivers to request IRQ affinity when creating VQs Add a struct irq_affinity pointer to the find_vqs methods, which if set is used to tell the PCI layer to create the MSI-X vectors for our I/O virtqueues with the proper affinity from the start. Compared to after the fact affinity hints this gives us an instantly working setup and allows to allocate the irq descritors node-local and avoid interconnect traffic. Last but not least this will allow blk-mq queues are created based on the interrupt affinity for storage drivers. Signed-off-by: Christoph Hellwig Reviewed-by: Jason Wang Signed-off-by: Michael S. Tsirkin drivers/block/virtio_blk.c | 3 ++- drivers/char/virtio_console.c | 2 +- drivers/crypto/virtio/virtio_crypto_core.c | 2 +- drivers/gpu/drm/virtio/virtgpu_kms.c | 2 +- drivers/misc/mic/vop/vop_main.c | 2 +- drivers/net/caif/caif_virtio.c | 3 ++- drivers/net/virtio_net.c | 2 +- drivers/remoteproc/remoteproc_virtio.c | 3 ++- drivers/rpmsg/virtio_rpmsg_bus.c | 2 +- drivers/s390/virtio/kvm_virtio.c | 3 ++- drivers/s390/virtio/virtio_ccw.c | 3 ++- drivers/scsi/virtio_scsi.c | 3 ++- drivers/virtio/virtio_balloon.c | 3 ++- drivers/virtio/virtio_input.c | 3 ++- drivers/virtio/virtio_mmio.c | 3 ++- drivers/virtio/virtio_pci_common.c | 19 ++++++++++++------- drivers/virtio/virtio_pci_common.h | 5 ++--- drivers/virtio/virtio_pci_modern.c | 7 +++---- include/linux/virtio_config.h | 9 +++++---- net/vmw_vsock/virtio_transport.c | 3 ++- 20 files changed, 48 insertions(+), 34 deletions(-) commit 52a61516125fa9a21b3bdf4f90928308e2e5573f Author: Christoph Hellwig Date: Sun Feb 5 18:15:21 2017 +0100 virtio_pci: simplify MSI-X setup Try to grab the MSI-X vectors early and fall back to the shared one before doing lots of allocations. Signed-off-by: Christoph Hellwig Reviewed-by: Jason Wang Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) commit 53a020c661741f3b87ad3ac6fa545088aaebac9b Author: Christoph Hellwig Date: Sun Feb 5 18:15:20 2017 +0100 virtio_pci: don't duplicate the msix_enable flag in struct pci_dev Signed-off-by: Christoph Hellwig Reviewed-by: Jason Wang Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 5 ++--- drivers/virtio/virtio_pci_common.h | 2 -- drivers/virtio/virtio_pci_legacy.c | 2 +- drivers/virtio/virtio_pci_modern.c | 2 +- include/uapi/linux/virtio_pci.h | 2 +- 5 files changed, 5 insertions(+), 8 deletions(-) commit 07ec51480b5eb1233f8c1b0f5d7a7c8d1247c507 Author: Christoph Hellwig Date: Sun Feb 5 18:15:19 2017 +0100 virtio_pci: use shared interrupts for virtqueues This lets IRQ layer handle dispatching IRQs to separate handlers for the case where we don't have per-VQ MSI-X vectors, and allows us to greatly simplify the code based on the assumption that we always have interrupt vector 0 (legacy INTx or config interrupt for MSI-X) available, and any other interrupt is request/freed throught the VQ, even if the actual interrupt line might be shared in some cases. This allows removing a great deal of variables keeping track of the interrupt state in struct virtio_pci_device, as we can now simply walk the list of VQs and deal with per-VQ interrupt handlers there, and only treat vector 0 special. Additionally clean up the VQ allocation code to properly unwind on error instead of having a single global cleanup label, which is error prone, and in this case also leads to more code. Signed-off-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 235 ++++++++++++++++--------------------- drivers/virtio/virtio_pci_common.h | 16 +-- 2 files changed, 106 insertions(+), 145 deletions(-) commit 5c34d002dcc7a6dd665a19d098b4f4cd5501ba1a Author: Christoph Hellwig Date: Sun Feb 5 18:15:18 2017 +0100 virtio_pci: remove struct virtio_pci_vq_info We don't really need struct virtio_pci_vq_info, as most field in there are redundant: - the vq backpointer is not strictly neede to start with - the entry in the vqs list is not needed - the generic virtqueue already has list, we only need to check if it has a callback to get the same semantics - we can use a simple array to look up the MSI-X vec if needed. - That simple array now also duoble serves to replace the per_vq_vectors flag Signed-off-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 117 +++++++++++-------------------------- drivers/virtio/virtio_pci_common.h | 25 +------- drivers/virtio/virtio_pci_legacy.c | 6 +- drivers/virtio/virtio_pci_modern.c | 6 +- 4 files changed, 39 insertions(+), 115 deletions(-) commit 37e79cd31c2c4dcd7e149958ca3cae9d180c63c7 Author: Hou Pengyang Date: Mon Feb 27 13:02:59 2017 +0000 f2fs: fix a plint compile warning fix such pclint warning: ... Loss of precision (arg. no. 2) (unsigned long long to unsigned int)) Signed-off-by: Hou Pengyang Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b8d96a30b6f1c29e1ab716b3727a63fe7268f661 Author: Hou Pengyang Date: Mon Feb 27 13:02:58 2017 +0000 f2fs: add f2fs_drop_inode tracepoint Signed-off-by: Hou Pengyang Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 7 +++++-- include/trace/events/f2fs.h | 7 +++++++ 2 files changed, 12 insertions(+), 2 deletions(-) commit 7bb3a371d199156cb6a863feab377146b80942c5 Author: Masato Suzuki Date: Mon Feb 27 20:52:49 2017 +0900 f2fs: Fix zoned block device support The introduction of the multi-device feature partially broke the support for zoned block devices. In the function f2fs_scan_devices, sbi->devs allocation and initialization is skipped in the case of a single device mount. This result in no device information structure being allocated for the device. This is fine if the device is a regular device, but in the case of a zoned block device, the device zone type array is not initialized, which causes the function __f2fs_issue_discard_zone to fail as get_blkz_type is unable to determine the zone type of a section. Fix this by always allocating and initializing the sbi->devs device information array even in the case of a single device if that device is zoned. For this particular case, make sure to obtain a reference on the single device so that the call to blkdev_put() in destroy_device_list operates as expected. Fixes: 3c62be17d4f562f4 ("f2fs: support multiple devices") Cc: # v4.10 Signed-off-by: Masato Suzuki Acked-by: Damien Le Moal Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 67 +++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 44 insertions(+), 23 deletions(-) commit 4fcf589ad44e50cbe60dea19320d9e71d1a10f22 Author: Yunlei He Date: Mon Feb 27 18:59:53 2017 +0800 f2fs: remove redundant set_page_dirty() This patch remove redundant set_page_dirty in truncate_blocks Signed-off-by: Yunlei He Signed-off-by: Jaegeuk Kim fs/f2fs/file.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit a3ebfe4fd89794df8b2f357ac5f665052e74b4f9 Author: Chao Yu Date: Mon Feb 27 18:43:13 2017 +0800 f2fs: fix to enlarge size of write_io_dummy mempool It needs to double cache size of write_io_dummy mempool, otherwise we may run out of cache in scenraio of Data/Node IOs were issued concurrently. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b6895e8f99cd8e98056346c42732236b958aab83 Author: Chao Yu Date: Mon Feb 27 18:43:12 2017 +0800 f2fs: fix memory leak of write_io_dummy mempool during umount Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 540faedb0036aca14ff90a7f679b008442bc9dd7 Author: Chao Yu Date: Mon Feb 27 17:10:45 2017 +0800 f2fs: fix to update F2FS_{CP_}WB_DATA count correctly We should only account F2FS_{CP_}WB_DATA IOs for write path, fix it. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e3b56cdd4351f0e227d4d847eeadff4c82aef1b9 Author: Jason Wang Date: Tue Feb 7 15:49:50 2017 +0800 vhost: try avoiding avail index access when getting descriptor If last avail idx is not equal to cached avail idx, we're sure there's still available buffers in the virtqueue so there's no need to re-read avail idx. So let's skip this to avoid unnecessary userspace memory access and memory barrier. Pktgen test show about 3% improvement on rx pps. Signed-off-by: Jason Wang Signed-off-by: Michael S. Tsirkin drivers/vhost/vhost.c | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) commit f0cdbfe6ef0b2f3d42e1cf87bf962e730c2420cb Author: Kinglong Mee Date: Sun Feb 26 20:47:16 2017 +0800 f2fs: use MAX_FREE_NIDS for the free nids target F2FS has define MAX_FREE_NIDS for maximum of cached free nids target. Signed-off-by: Kinglong Mee Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/node.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 4ac912427c4214d8031d9ad6fbc3bc75e71512df Author: Chao Yu Date: Thu Feb 23 10:53:49 2017 +0800 f2fs: introduce free nid bitmap In scenario of intensively node allocation, free nids will be ran out soon, then it needs to stop to load free nids by traversing NAT blocks, in worse case, if NAT blocks does not be cached in memory, it generates IOs which slows down our foreground operations. In order to speed up node allocation, in this patch we introduce a new free_nid_bitmap array, so there is an bitmap table for each NAT block, Once the NAT block is loaded, related bitmap cache will be switched on, and bitmap will be set during traversing nat entries in NAT block, later we can query and update nid usage status in memory completely. With such implementation, I expect performance of node allocation can be improved in the long-term after filesystem image is mounted. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/debug.c | 2 + fs/f2fs/f2fs.h | 2 + fs/f2fs/node.c | 125 ++++++++++++++++++++++++++++++++++++++++++++---- include/linux/f2fs_fs.h | 1 + 4 files changed, 120 insertions(+), 10 deletions(-) commit ced2c7ea8e99b46755a270872cd5ba61c27cffad Author: Kinglong Mee Date: Sat Feb 25 19:53:39 2017 +0800 f2fs: new helper cur_cp_crc() getting crc in f2fs_checkpoint There are four places that getting the crc value in f2fs_checkpoint, just add a new helper cur_cp_crc for them. Signed-off-by: Kinglong Mee Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 3 +-- fs/f2fs/f2fs.h | 6 ++++++ fs/f2fs/node.c | 5 +---- fs/f2fs/node.h | 20 +++++++------------- 4 files changed, 15 insertions(+), 19 deletions(-) commit 727ebb091e1778cc3a4842ae04f8f54da111eee0 Author: Kinglong Mee Date: Sat Feb 25 19:32:21 2017 +0800 f2fs: update the comment of default nr_pages to skipping Fixes: 2c237ebaa4 ("f2fs: avoid writing node/metapages during writes") Signed-off-by: Kinglong Mee Signed-off-by: Jaegeuk Kim fs/f2fs/segment.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0ec4a5b647fca5a5649573c23d31230b25fdc827 Author: Kinglong Mee Date: Sat Feb 25 19:23:40 2017 +0800 f2fs: drop the duplicate pval in f2fs_getxattr Fixes: ba38c27eb9 ("f2fs: enhance lookup xattr") Signed-off-by: Kinglong Mee Signed-off-by: Jaegeuk Kim fs/f2fs/xattr.c | 3 --- 1 file changed, 3 deletions(-) commit 5f35a2cd5b503e59ac949283a423f868e94fb36b Author: Kinglong Mee Date: Sat Feb 25 19:23:27 2017 +0800 f2fs: Don't update the xattr data that same as the exist f2fs removes the old xattr data and appends the new data although the new data is same as the exist. Signed-off-by: Kinglong Mee Signed-off-by: Jaegeuk Kim fs/f2fs/xattr.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) commit 317e13009682d4614ec9ac7c2762eaee26f93ed3 Author: Chao Yu Date: Sat Feb 25 17:29:54 2017 +0800 f2fs: kill __is_extent_same Since commit ee6d182f2a19 ("f2fs: remove syncing inode page in all the cases") delayed inode element updating from inode cache to node page cache, so once largest cached extent is updated, we can make inode dirty immediately instead of checking and updating it in the end of extent cache update. The above commit didn't clean up unneeded codes in extent_cache.c, let's finish the job in this patch. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/extent_cache.c | 8 +++----- fs/f2fs/f2fs.h | 7 ------- 2 files changed, 3 insertions(+), 12 deletions(-) commit 19f4e688f89a9ce07b86d06d3df23c1cd877ab4e Author: Hou Pengyang Date: Sat Feb 25 03:57:38 2017 +0000 f2fs: avoid bggc->fggc when enough free segments are avaliable after cp We use has_not_enough_free_secs to check if there are enough free segments, (free_sections(sbi) + freed) <= (node_secs + 2 * dent_secs + imeta_secs + reserved_sections(sbi) + needed); Under scenario with large number of dirty nodes, these nodes would be flushed during cp, as a result, right side of the inequality would be decreased, while left side stays unchanged if these nodes are flushed in SSR way, which means there are enough free segments after this cp. For this case, we just do a bggc instead of fggc. Signed-off-by: Hou Pengyang Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit d27c3d89db9986b6f48576169031247e4c893729 Author: Chao Yu Date: Fri Feb 24 18:46:00 2017 +0800 f2fs: select target segment with closer temperature in SSR mode In SSR mode, we can allocate target segment which has different temperature type from the type of current block, in order to avoid mixing coldest and hottest data/node as much as possible, change SSR allocation policy to select closer temperature for current block prior. Signed-off-by: Yunlong Song Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) commit 55523519bc7227e651fd4febeb3aafdd22b8af1c Author: Chao Yu Date: Sat Feb 25 11:08:28 2017 +0800 f2fs: show simple call stack in fault injection message Previously kernel message can show that in which function we do the injection, but unfortunately, most of the caller are the same, for tracking more information of injection path, it needs to show upper caller's name. This patch supports that ability. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 1 + fs/f2fs/data.c | 4 +++- fs/f2fs/dir.c | 4 +++- fs/f2fs/f2fs.h | 20 +++++++++++++------- fs/f2fs/gc.c | 4 +++- fs/f2fs/inode.c | 4 +++- fs/f2fs/node.c | 4 +++- fs/f2fs/segment.c | 4 +++- 8 files changed, 32 insertions(+), 13 deletions(-) commit dd7b2333e6cd31584682382fcf0a1c1e5140b936 Author: Yunlei He Date: Thu Feb 23 20:31:20 2017 +0800 f2fs: no need lock_op in f2fs_write_inline_data Similar as f2fs_write_inode, f2fs_write_inline_data just mark inode page dirty, so it's no need to write inline data under read lock of cp_rwsem. Signed-off-by: Yunlei He Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 22ad0b6ab46683975c6da032f1c2593066c7b3bd Author: Jaegeuk Kim Date: Thu Feb 9 10:38:09 2017 -0800 f2fs: add bitmaps for empty or full NAT blocks This patches adds bitmaps to represent empty or full NAT blocks containing free nid entries. If we can find valid crc|cp_ver in the last block of checkpoint pack, we'll use these bitmaps when building free nids. In order to avoid checkpointing burden, up-to-date bitmaps will be flushed only during umount time. So, normally we can get this gain, but when power-cut happens, we rely on fsck.f2fs which recovers this bitmap again. After this patch, we build free nids from nid #0 at mount time to make more full NAT blocks, but in runtime, we check empty NAT blocks to load free nids without loading any NAT pages from disk. Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 28 +++++++- fs/f2fs/debug.c | 1 + fs/f2fs/f2fs.h | 31 +++++++- fs/f2fs/node.c | 188 +++++++++++++++++++++++++++++++++++++++++++----- fs/f2fs/segment.c | 2 +- include/linux/f2fs_fs.h | 1 + 6 files changed, 231 insertions(+), 20 deletions(-) commit 5e8256ac2e378089a1bf3fae87370811b1d31625 Author: Yunlei He Date: Thu Feb 23 19:39:59 2017 +0800 f2fs: replace rw semaphore extent_tree_lock with mutex lock This patch replace rw semaphore extent_tree_lock with mutex lock for no read cases with this lock. Signed-off-by: Yunlei He Signed-off-by: Jaegeuk Kim fs/f2fs/extent_cache.c | 22 +++++++++++----------- fs/f2fs/f2fs.h | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) commit 3f2be04304cf10f2ef074399f8dd565bd00ddcae Author: Kinglong Mee Date: Thu Feb 23 19:55:05 2017 +0800 f2fs: avoid m_flags overlay when allocating more data blocks When more than one data blocks are allocated, the F2FS_MAP_UNWRITTEN/MAPPED flags will be overlapped by F2FS_MAP_NEW at the later times. Signed-off-by: Kinglong Mee Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6bfaf7b150f7dba04024b7b6420773c09606538c Author: Hou Pengyang Date: Thu Feb 23 09:18:06 2017 +0000 f2fs: remove unsafe bitmap checking proc A: proc B: - writeback_sb_inodes - __writeback_single_inode - do_writepages - f2fs_write_node_pages - f2fs_balance_fs_bg - write_checkpoint - build_free_nids - flush_nat_entries - __build_free_nids - __flush_nat_entry_set - ra_meta_pages - get_next_nat_page - current_nat_addr - set_to_next_nat [do nat_bitmap checking] - f2fs_change_bit For proc A, nat_bitmap and nat_bitmap_mir would be compared without lock_op and nm_i->nat_tree_lock, while proc B is changing nat_bitmap/nat_bitmap_ver in cp. So it is normal for nat_bitmap/nat_bitmap diffrence under such scenario. This patch fix this by removing the monitoring point. [Fix: 599a09b f2fs: check in-memory nat version bitmap] Signed-off-by: Hou Pengyang Signed-off-by: Jaegeuk Kim fs/f2fs/node.h | 6 ------ 1 file changed, 6 deletions(-) commit e15882b6c6caff427fe387e878e2f23de58c053b Author: Hou Pengyang Date: Thu Feb 23 09:18:05 2017 +0000 f2fs: init local extent_info to avoid stale stack info in tp To avoid such stale(fops, blk, len) info in f2fs_lookup_extent_tree_end tp dio-23095 [005] ...1 17878.856859: f2fs_lookup_extent_tree_end: dev = (259,30), ino = 856, pgofs = 0, ext_info(fofs: 3441207040, blk: 4294967232, len: 3481143808) Signed-off-by: Hou Pengyang Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 8 ++++---- fs/f2fs/file.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) commit 77190e1f313f5ef18a3742aa4c5b790456a5825b Author: Yunlong Song Date: Tue Feb 21 20:43:48 2017 +0800 f2fs: remove unnecessary condition check for write_checkpoint in f2fs_gc Since has_not_enough_free_secs(sbi, 0, 0) must be true if has_not_enough_ free_secs(sbi, sec_freed, 0) is true, write_checkpoint is sure to execute in both conditions. Signed-off-by: Yunlong Song Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit 92592285710aebe2de9afa38315b5c3914556905 Author: Jaegeuk Kim Date: Wed Feb 22 20:18:35 2017 -0800 f2fs: check discard alignment only for SEQWRITE zones For converntional zones, we don't need to align discard commands to exact zone size. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 40465257ac4159e9ebfba10ee502e795b917da76 Author: Jaegeuk Kim Date: Wed Feb 22 19:58:23 2017 -0800 f2fs: wait for discard completion after submission We don't need to wait for each discard commands when unmounting the image. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) commit 47b898081605684aa1bacd1d14443a50c660c1fe Author: Jaegeuk Kim Date: Wed Feb 22 19:53:07 2017 -0800 f2fs: much larger batched trim_fs job We have a kernel thread to issue discard commands, so we can increase the number of batched discard sections. By default, now it becomes 4GB range. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ad4d307fce0909a5f70635826f779321ab95b469 Author: Jaegeuk Kim Date: Wed Feb 22 19:10:35 2017 -0800 f2fs: avoid very large discard command This patch adds MAX_DISCARD_BLOCKS() to avoid issuing too much large single discard command. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 3 ++- fs/f2fs/segment.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) commit ff4dd73dd2b4806419f8ff65cbce11d5019548d0 Author: Johannes Berg Date: Mon Feb 27 17:15:28 2017 +0100 mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length Unfortunately, the nla policy was defined to have HWSIM_ATTR_RADIO_NAME as an NLA_STRING, rather than NLA_NUL_STRING, so we can't use it as a NUL-terminated string in the kernel. Rather than break the API, kasprintf() the string to a new buffer to guarantee NUL termination. Reported-by: Andrew Zaborowski Signed-off-by: Johannes Berg drivers/net/wireless/mac80211_hwsim.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) commit 3a150df945b7408c27cad2c01a1638e8b14ac562 Author: Chunyu Hu Date: Wed Feb 22 08:29:26 2017 +0800 tracing: Fix code comment for ftrace_ops_get_func() There is no function 'ftrace_ops_recurs_func' existing in the current code, it was renamed to ftrace_ops_assist_func() in commit c68c0fa29341 ("ftrace: Have ftrace_ops_get_func() handle RCU and PER_CPU flags too"). Update the comment to the correct function name. Link: http://lkml.kernel.org/r/1487723366-14463-1-git-send-email-chuhu@redhat.com Signed-off-by: Chunyu Hu Signed-off-by: Steven Rostedt (VMware) kernel/trace/ftrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 126cfa2f5e15ae2ca7f70be71b07e6cd8d2b44d1 Author: Vinod Koul Date: Mon Feb 27 21:19:44 2017 +0530 ALSA: hda: Add Geminilake HDMI codec ID Geminilake HDMI codec 0x280d is similar to previous platforms, so add it with similar ops as previous. Signed-off-by: Senthilnathan Veppur Signed-off-by: Vinod Koul Signed-off-by: Takashi Iwai sound/pci/hda/patch_hdmi.c | 1 + 1 file changed, 1 insertion(+) commit 51be7a9a261ce18c520fb3928b168feb77522745 Author: Michael S. Tsirkin Date: Thu Jan 12 23:36:32 2017 +0200 virtio_mmio: expose header to userspace It's handy for userspace emulators like QEMU. Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_mmio.c | 2 +- include/linux/virtio_mmio.h | 141 --------------------------------------- include/uapi/linux/Kbuild | 1 + include/uapi/linux/virtio_mmio.h | 141 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 143 insertions(+), 142 deletions(-) commit 2f44f75257d57f0d5668dba3a6ada0f4872132c9 Merge: 4ca257e 6f437d4 Author: David S. Miller Date: Mon Feb 27 09:22:10 2017 -0500 Merge branch 'qed-fixes' Yuval Mintz says: ==================== qed: Bug fixes Patch #1 addresses a day-one race which is dependent on the number of Vfs [I.e., more child VFs from a single PF make it more probable]. Patch #2 corrects a race that got introduced in the last set of fixes for qed, one that would happen each time PF transitions to UP state. I've built & tested those against current net-next. Please consider applying the series there. ==================== Signed-off-by: David S. Miller commit 6f437d431930ff86e4a971d29321951faadb97c7 Author: Mintz, Yuval Date: Mon Feb 27 11:06:33 2017 +0200 qed: Don't use attention PTT for configuring BW Commit 653d2ffd6405 ("qed*: Fix link indication race") introduced another race - one of the inner functions called from the link-change flow is explicitly using the slowpath context dedicated PTT instead of gaining that PTT from the caller. Since this flow can now be called from a different context as well, we're in risk of the PTT breaking. Fixes: 653d2ffd6405 ("qed*: Fix link indication race") Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed.h | 4 +++- drivers/net/ethernet/qlogic/qed/qed_dev.c | 6 +++--- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 3 ++- 3 files changed, 8 insertions(+), 5 deletions(-) commit fd3c615ae13a853ab26211e14f70b416cc8f8134 Author: Mintz, Yuval Date: Mon Feb 27 11:06:32 2017 +0200 qed: Fix race with multiple VFs A PF syncronizes all IOV activity relating to its VFs by using a single workqueue handling the work. The workqueue would reach a bitmask of pending VF events and act upon each in turn. Problem is that the indication of a VF message [which sets the 'vf event' bit for that VF] arrives and is set in the slowpath attention context, which isn't syncronized with the processing of the events. When multiple VFs are present, it's possible that PF would lose the indication of one of the VF's pending evens, leading that VF to later timeout. Instead of adding locks/barriers, simply move from a bitmask into a per-VF indication inside that VF entry in the PF database. Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_sriov.c | 39 +++++++++++++++++------------ drivers/net/ethernet/qlogic/qed/qed_sriov.h | 4 ++- 2 files changed, 26 insertions(+), 17 deletions(-) commit 4ca257eed6adf58d325c39c320a06dbcd34c43db Merge: 51fb60e 13aa5a8 Author: David S. Miller Date: Mon Feb 27 09:17:43 2017 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains netfilter fixes for you net tree, they are: 1) Missing ct zone size in the nft_ct initialization path, patch from Florian Westphal. 2) Two patches for netfilter uapi headers, one to remove unnecessary sysctl.h inclusion and another to fix compilation of xt_hashlimit.h in userspace, from Dmitry V. Levin. 3) Patch to fix a sloppy change in nf_ct_expect that incorrectly simplified nf_ct_expect_related_report() in the previous nf-next batch. This also includes another patch for __nf_ct_expect_check() to report success by returning 0 to keep it consistent with other existing functions. From Jarno Rajahalme. 4) The ->walk() iterator of the new bitmap set type goes over the real bitmap size, this results in incorrect dumps when NFTA_SET_USERDATA is used. ==================== Signed-off-by: David S. Miller commit 2872de1382a7c888fa69532eda25aa7342dfe748 Author: Rafael J. Wysocki Date: Fri Feb 24 00:26:15 2017 +0100 PM / hibernate: Define pr_fmt() and use pr_*() instead of printk() Define a pr_fmt() for hibernate.c and convert all of the explicit printk() calls into corresponding pr_*() so that they use the pr_fmt() format. Signed-off-by: Rafael J. Wysocki kernel/power/hibernate.c | 60 +++++++++++++++++++++++------------------------- 1 file changed, 29 insertions(+), 31 deletions(-) commit 81d45bdf89135cd26dc7535c14a45db6cdd647fa Author: Rafael J. Wysocki Date: Fri Feb 24 00:25:28 2017 +0100 PM / hibernate: Untangle power_down() The power_down() routine in the core hibernation code is not exactly straightforward (to put it lightly), so clean it up to make it avoid invoking itself recursively, among other things. Signed-off-by: Rafael J. Wysocki kernel/power/hibernate.c | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) commit 6dbf5cea05a7098a69f294c96b6d76f08562cae5 Author: Rafael J. Wysocki Date: Fri Feb 24 13:25:14 2017 +0100 cpuidle: menu: Avoid taking spinlock for accessing QoS values After commit 9908859acaa9 (cpuidle/menu: add per CPU PM QoS resume latency consideration) the cpuidle menu governor calls dev_pm_qos_read_value() on CPU devices to read the current resume latency QoS constraint values for them. That function takes a spinlock to prevent the device's power.qos pointer from becoming NULL during the access which is a problem for the RT patchset where spinlocks are converted into mutexes and the idle loop stops working. However, it is not even necessary for the menu governor to take that spinlock, because the power.qos pointer accessed under it cannot be modified during the access anyway. For this reason, introduce a "raw" routine for accessing device QoS resume latency constraints without locking and use it in the menu governor. Fixes: 9908859acaa9 (cpuidle/menu: add per CPU PM QoS resume latency consideration) Acked-by: Alex Shi Signed-off-by: Rafael J. Wysocki drivers/base/power/qos.c | 3 +-- drivers/cpuidle/governors/menu.c | 2 +- include/linux/pm_qos.h | 7 +++++++ 3 files changed, 9 insertions(+), 3 deletions(-) commit d825adb48cf9bf9e3f5cb1d927e2827f8c2abee4 Author: Masanari Iida Date: Sun Feb 26 16:15:21 2017 +0900 xenbus: Remove duplicate inclusion of linux/init.h This patch remove duplicate inclusion of linux/init.h in xenbus_dev_frontend.c. Confirm successfully compile after remove the line. Signed-off-by: Masanari Iida Reviewed-by: Juergen Gross drivers/xen/xenbus/xenbus_dev_frontend.c | 1 - 1 file changed, 1 deletion(-) commit 09e0a2fe102208cbaf39510b8b04dd524d7d2935 Author: Sara Sharon Date: Mon Feb 20 14:24:38 2017 +0100 mac80211: fix typo in debug print Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg net/mac80211/agg-rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2595d259b667114431501bae51b45d6656b987d1 Author: Sara Sharon Date: Mon Feb 20 14:24:39 2017 +0100 mac80211: shorten debug message Tracing is limited to 100 characters and this message passes the limit when there are a few buffered frames. Shorten it. Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg net/mac80211/sta_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d98937f4ea713d21e0fcc345919f86c877dd8d6f Author: Emmanuel Grumbach Date: Mon Feb 20 14:24:36 2017 +0100 mac80211: fix power saving clients handling in iwlwifi iwlwifi now supports RSS and can't let mac80211 track the PS state based on the Rx frames since they can come out of order. iwlwifi is now advertising AP_LINK_PS, and uses explicit notifications to teach mac80211 about the PS state of the stations and the PS poll / uAPSD trigger frames coming our way from the peers. Because of that, the TIM stopped being maintained in mac80211. I tried to fix this in commit c68df2e7be0c ("mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE") but that was later reverted by Felix in commit 6c18a6b4e799 ("Revert "mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE") since it broke drivers that do not implement set_tim. Since none of the drivers that set AP_LINK_PS have the set_tim() handler set besides iwlwifi, I can bail out in __sta_info_recalc_tim if AP_LINK_PS AND .set_tim is not implemented. Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg net/mac80211/sta_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 890030d3c425f49abaa4acf60e20f288b599f980 Author: Felix Fietkau Date: Wed Feb 22 16:16:07 2017 +0100 mac80211: don't handle filtered frames within a BA session When running a BA session, the driver (or the hardware) already takes care of retransmitting failed frames, since it has to keep the receiver reorder window in sync. Adding another layer of retransmit around that does not improve anything. In fact, it can only lead to some strong reordering with huge latency. Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau Signed-off-by: Johannes Berg net/mac80211/status.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8fbcfeb8a9cc803464d6c166e7991913711c612c Author: Thomas Gleixner Date: Sat Feb 25 10:27:37 2017 +0000 mac80211_hwsim: Replace bogus hrtimer clockid mac80211_hwsim initializes a hrtimer with clockid CLOCK_MONOTONIC_RAW. That's not supported. Use CLOCK_MONOTONIC instead. Signed-off-by: Thomas Gleixner Signed-off-by: Johannes Berg drivers/net/wireless/mac80211_hwsim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b7540d8f25c8034de7e4163fc23ac457bf057731 Author: Sara Sharon Date: Mon Feb 6 15:28:42 2017 +0200 mac80211: don't reorder frames with SN smaller than SSN When RX aggregation starts, transmitter may continue send frames with SN smaller than SSN until the AddBA response is received. However, the reorder buffer is already initialized at this point, which will cause the drop of such frames as duplicates since the head SN of the reorder buffer is set to the SSN, which is bigger. Cc: stable@vger.kernel.org Signed-off-by: Sara Sharon Signed-off-by: Johannes Berg net/mac80211/agg-rx.c | 1 + net/mac80211/rx.c | 14 +++++++++++++- net/mac80211/sta_info.h | 6 ++++-- 3 files changed, 18 insertions(+), 3 deletions(-) commit a9e9200d8661c1a0be8c39f93deb383dc940de35 Author: Matt Chen Date: Sun Jan 22 02:16:58 2017 +0800 mac80211: flush delayed work when entering suspend The issue was found when entering suspend and resume. It triggers a warning in: mac80211/key.c: ieee80211_enable_keys() ... WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt || sdata->crypto_tx_tailroom_pending_dec); ... It points out sdata->crypto_tx_tailroom_pending_dec isn't cleaned up successfully in a delayed_work during suspend. Add a flush_delayed_work to fix it. Cc: stable@vger.kernel.org Signed-off-by: Matt Chen Signed-off-by: Johannes Berg net/mac80211/pm.c | 1 + 1 file changed, 1 insertion(+) commit 0328edc77d4f35014b35f32b46be0a7e16aae74f Author: Johannes Berg Date: Mon Feb 20 08:59:16 2017 +0100 mac80211: fix packet statistics for fast-RX When adding per-CPU statistics, which added statistics back to mac80211 for the fast-RX path, I evidently forgot to add the "stats->packets++" line. The reason for that is likely that I didn't see it since it's done in defragmentation for the regular RX path. Add the missing line to properly count received packets in the fast-RX case. Fixes: c9c5962b56c1 ("mac80211: enable collecting station statistics per-CPU") Reported-by: Oren Givon Signed-off-by: Johannes Berg net/mac80211/rx.c | 1 + 1 file changed, 1 insertion(+) commit 888022c0473d079bff9b47fb50434b1f20f8f37f Author: Marek Szyprowski Date: Tue Feb 21 14:21:01 2017 +0100 dma-buf: add support for compat ioctl Add compat ioctl support to dma-buf. This lets one to use DMA_BUF_IOCTL_SYNC ioctl from 32bit application on 64bit kernel. Data structures for both 32 and 64bit modes are same, so there is no need for additional translation layer. Signed-off-by: Marek Szyprowski Reviewed-by: Christian König Acked-by: Daniel Vetter Signed-off-by: Sumit Semwal Link: http://patchwork.freedesktop.org/patch/msgid/1487683261-2655-1-git-send-email-m.szyprowski@samsung.com drivers/dma-buf/dma-buf.c | 3 +++ 1 file changed, 3 insertions(+) commit 29693efcea0f38cf40d0055d2401490a4f9bf8be Author: Hui Wang Date: Mon Feb 27 10:11:47 2017 +0800 ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine On this machine, the micmute button is connected to Line2 of the codec and the micmute led is connected to GPIO2 of the codec. After applying this quirk, both hotkey and led work well. Cc: Signed-off-by: Hui Wang Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) commit 89027579bc6c2febbcc9c2f9d5069adf71539e4b Author: Herbert Xu Date: Sun Feb 26 12:24:10 2017 +0800 crypto: xts - Propagate NEED_FALLBACK bit When we're used as a fallback algorithm, we should propagate the NEED_FALLBACK bit when searching for the underlying ECB mode. This just happens to fix a hang too because otherwise the search may end up loading the same module that triggered this XTS creation. Cc: stable@vger.kernel.org #4.10 Fixes: f1c131b45410 ("crypto: xts - Convert to skcipher") Reported-by: Harald Freudenberger Signed-off-by: Herbert Xu crypto/xts.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 016df0abc56ec06d0c63c5318ef53e40738dea8b Author: Herbert Xu Date: Sun Feb 26 12:22:35 2017 +0800 crypto: api - Add crypto_requires_off helper This patch adds crypto_requires_off which is an extension of crypto_requires_sync for similar bits such as NEED_FALLBACK. Cc: stable@vger.kernel.org #4.10 Suggested-by: Marcelo Cerri Signed-off-by: Herbert Xu include/crypto/algapi.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit c884b36816c131906038cdac4773f6c84a5bf3ee Author: Geert Uytterhoeven Date: Fri Feb 24 11:27:39 2017 +0100 crypto: atmel - CRYPTO_DEV_MEDIATEK should depend on HAS_DMA If NO_DMA=y: ERROR: "bad_dma_ops" [drivers/crypto/mediatek/mtk-crypto.ko] undefined! Add a dependency on HAS_DMA to fix this. Fixes: 7dee9f618790d0b7 ("crypto: mediatek - remove ARM dependencies") Signed-off-by: Geert Uytterhoeven Signed-off-by: Herbert Xu drivers/crypto/Kconfig | 1 + 1 file changed, 1 insertion(+) commit f7f9482e370981ebeeeac30bbdb9960807e332ee Author: Geert Uytterhoeven Date: Fri Feb 24 11:27:38 2017 +0100 crypto: atmel - CRYPTO_DEV_ATMEL_TDES and CRYPTO_DEV_ATMEL_SHA should depend on HAS_DMA If NO_DMA=y: ERROR: "bad_dma_ops" [drivers/crypto/atmel-tdes.ko] undefined! ERROR: "bad_dma_ops" [drivers/crypto/atmel-sha.ko] undefined! Add dependencies on HAS_DMA to fix this. Fixes: ceb4afb3086ab08f ("crypto: atmel - refine Kconfig dependencies") Signed-off-by: Geert Uytterhoeven Signed-off-by: Herbert Xu drivers/crypto/Kconfig | 2 ++ 1 file changed, 2 insertions(+) commit d80388eca1b476125755a811676f76f138bbbe28 Author: Colin Ian King Date: Fri Feb 17 15:57:43 2017 +0000 crypto: cavium - fix leak on curr if curr->head fails to be allocated The exit path when curr->head cannot be allocated fails to kfree the earlier allocated curr. Fix this by kfree'ing it. Signed-off-by: Colin Ian King Signed-off-by: Herbert Xu drivers/crypto/cavium/cpt/cptvf_main.c | 1 + 1 file changed, 1 insertion(+) commit 9bd829041b704e5e501ad5f5a9374a63426763fd Author: George Cherian Date: Wed Feb 15 12:42:19 2017 +0000 crypto: cavium - Fix couple of static checker errors Fix the following smatch errors cptvf_reqmanager.c:333 do_post_process() warn: variable dereferenced before check 'cptvf' cptvf_main.c:825 cptvf_remove() error: we previously assumed 'cptvf' could be null Reported-by: Dan Carpenter Signed-off-by: George Cherian Signed-off-by: Herbert Xu drivers/crypto/cavium/cpt/cptvf_main.c | 4 +++- drivers/crypto/cavium/cpt/cptvf_reqmanager.c | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) commit 51fb60eb162ab84c5edf2ae9c63cf0b878e5547e Author: Paul Hüber Date: Sun Feb 26 17:58:19 2017 +0100 l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv l2tp_ip_backlog_recv may not return -1 if the packet gets dropped. The return value is passed up to ip_local_deliver_finish, which treats negative values as an IP protocol number for resubmission. Signed-off-by: Paul Hüber Signed-off-by: David S. Miller net/l2tp/l2tp_ip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1ecc9ad02c3d4cf44bc94bffcb3b12e7861b00a7 Author: Julian Anastasov Date: Sat Feb 25 17:57:43 2017 +0200 xfrm: provide correct dst in xfrm_neigh_lookup Fix xfrm_neigh_lookup to provide dst->path to the neigh_lookup dst_ops method. When skb is provided, the IP address in packet should already match the dst->path address family. But for the non-skb case, we should consider the last tunnel address as nexthop address. Fixes: f894cbf847c9 ("net: Add optional SKB arg to dst_ops->neigh_lookup().") Signed-off-by: Julian Anastasov Signed-off-by: David S. Miller net/xfrm/xfrm_policy.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) commit c4d2603dac3a555e4bb324daf5cb5cdb5694eedd Author: Herbert Xu Date: Sat Feb 25 22:39:50 2017 +0800 rhashtable: Fix RCU dereference annotation in rht_bucket_nested The current annotation is wrong as it says that we're only called under spinlock. In fact it should be marked as under either spinlock or RCU read lock. Fixes: da20420f83ea ("rhashtable: Add nested tables") Reported-by: Fengguang Wu Signed-off-by: Herbert Xu Signed-off-by: David S. Miller lib/rhashtable.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit ca435407ba6655a0d63230818ffe7006d967dfe5 Author: Herbert Xu Date: Sat Feb 25 22:38:11 2017 +0800 rhashtable: Fix use before NULL check in bucket_table_free Dan Carpenter reported a use before NULL check bug in the function bucket_table_free. In fact we don't need the NULL check at all as no caller can provide a NULL argument. So this patch fixes this by simply removing it. Reported-by: Dan Carpenter Signed-off-by: Herbert Xu Signed-off-by: David S. Miller lib/rhashtable.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 37f1c63e3e29181ad412485eec2200cffc1dc70f Author: Roman Mashak Date: Fri Feb 24 17:36:58 2017 -0500 net sched actions: do not overwrite status of action creation. nla_memdup_cookie was overwriting err value, declared at function scope and earlier initialized with result of ->init(). At success nla_memdup_cookie() returns 0, and thus module refcnt decremented, although the action was installed. $ sudo tc actions add action pass index 1 cookie 1234 $ sudo tc actions ls action gact action order 0: gact action pass random type none pass val 0 index 1 ref 1 bind 0 $ $ lsmod Module Size Used by act_gact 16384 0 ... $ $ sudo rmmod act_gact [ 52.310283] ------------[ cut here ]------------ [ 52.312551] WARNING: CPU: 1 PID: 455 at kernel/module.c:1113 module_put+0x99/0xa0 [ 52.316278] Modules linked in: act_gact(-) crct10dif_pclmul crc32_pclmul ghash_clmulni_intel psmouse pcbc evbug aesni_intel aes_x86_64 crypto_simd serio_raw glue_helper pcspkr cryptd [ 52.322285] CPU: 1 PID: 455 Comm: rmmod Not tainted 4.10.0+ #11 [ 52.324261] Call Trace: [ 52.325132] dump_stack+0x63/0x87 [ 52.326236] __warn+0xd1/0xf0 [ 52.326260] warn_slowpath_null+0x1d/0x20 [ 52.326260] module_put+0x99/0xa0 [ 52.326260] tcf_hashinfo_destroy+0x7f/0x90 [ 52.326260] gact_exit_net+0x27/0x40 [act_gact] [ 52.326260] ops_exit_list.isra.6+0x38/0x60 [ 52.326260] unregister_pernet_operations+0x90/0xe0 [ 52.326260] unregister_pernet_subsys+0x21/0x30 [ 52.326260] tcf_unregister_action+0x68/0xa0 [ 52.326260] gact_cleanup_module+0x17/0xa0f [act_gact] [ 52.326260] SyS_delete_module+0x1ba/0x220 [ 52.326260] entry_SYSCALL_64_fastpath+0x1e/0xad [ 52.326260] RIP: 0033:0x7f527ffae367 [ 52.326260] RSP: 002b:00007ffeb402a598 EFLAGS: 00000202 ORIG_RAX: 00000000000000b0 [ 52.326260] RAX: ffffffffffffffda RBX: 0000559b069912a0 RCX: 00007f527ffae367 [ 52.326260] RDX: 000000000000000a RSI: 0000000000000800 RDI: 0000559b06991308 [ 52.326260] RBP: 0000000000000003 R08: 00007f5280264420 R09: 00007ffeb4029511 [ 52.326260] R10: 000000000000087b R11: 0000000000000202 R12: 00007ffeb4029580 [ 52.326260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000559b069912a0 [ 52.354856] ---[ end trace 90d89401542b0db6 ]--- $ With the fix: $ sudo modprobe act_gact $ lsmod Module Size Used by act_gact 16384 0 ... $ sudo tc actions add action pass index 1 cookie 1234 $ sudo tc actions ls action gact action order 0: gact action pass random type none pass val 0 index 1 ref 1 bind 0 $ $ lsmod Module Size Used by act_gact 16384 1 ... $ sudo rmmod act_gact rmmod: ERROR: Module act_gact is in use $ $ sudo /home/mrv/bin/tc actions del action gact index 1 $ sudo rmmod act_gact $ lsmod Module Size Used by $ Fixes: 1045ba77a ("net sched actions: Add support for user cookies") Signed-off-by: Roman Mashak Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller net/sched/act_api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d7e15835ab278443da5c0cfe6573f8f793ed40a3 Author: David Howells Date: Fri Feb 24 21:57:13 2017 +0000 rxrpc: Kernel calls get stuck in recvmsg Calls made through the in-kernel interface can end up getting stuck because of a missed variable update in a loop in rxrpc_recvmsg_data(). The problem is like this: (1) A new packet comes in and doesn't cause a notification to be given to the client as there's still another packet in the ring - the assumption being that if the client will keep drawing off data until the ring is empty. (2) The client is in rxrpc_recvmsg_data(), inside the big while loop that iterates through the packets. This copies the window pointers into variables rather than using the information in the call struct because: (a) MSG_PEEK might be in effect; (b) we need a barrier after reading call->rx_top to pair with the barrier in the softirq routine that loads the buffer. (3) The reading of call->rx_top is done outside of the loop, and top is never updated whilst we're in the loop. This means that even through there's a new packet available, we don't see it and may return -EFAULT to the caller - who will happily return to the scheduler and await the next notification. (4) No further notifications are forthcoming until there's an abort as the ring isn't empty. The fix is to move the read of call->rx_top inside the loop - but it needs to be done before the condition is checked. Reported-by: Marc Dionne Signed-off-by: David Howells Tested-by: Marc Dionne Signed-off-by: David S. Miller net/rxrpc/recvmsg.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit edb9d1bff4bbe19b8ae0e71b1f38732591a9eeb2 Author: Roman Mashak Date: Fri Feb 24 11:00:32 2017 -0500 net sched actions: decrement module reference count after table flush. When tc actions are loaded as a module and no actions have been installed, flushing them would result in actions removed from the memory, but modules reference count not being decremented, so that the modules would not be unloaded. Following is example with GACT action: % sudo modprobe act_gact % lsmod Module Size Used by act_gact 16384 0 % % sudo tc actions ls action gact % % sudo tc actions flush action gact % lsmod Module Size Used by act_gact 16384 1 % sudo tc actions flush action gact % lsmod Module Size Used by act_gact 16384 2 % sudo rmmod act_gact rmmod: ERROR: Module act_gact is in use .... After the fix: % lsmod Module Size Used by act_gact 16384 0 % % sudo tc actions add action pass index 1 % sudo tc actions add action pass index 2 % sudo tc actions add action pass index 3 % lsmod Module Size Used by act_gact 16384 3 % % sudo tc actions flush action gact % lsmod Module Size Used by act_gact 16384 0 % % sudo tc actions flush action gact % lsmod Module Size Used by act_gact 16384 0 % sudo rmmod act_gact % lsmod Module Size Used by % Fixes: f97017cdefef ("net-sched: Fix actions flushing") Signed-off-by: Roman Mashak Signed-off-by: Jamal Hadi Salim Acked-by: Cong Wang Signed-off-by: David S. Miller net/sched/act_api.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 9d25af69b3cfa2f88559efa0c1a4b4f18724694b Author: Geert Uytterhoeven Date: Fri Feb 24 11:25:55 2017 +0100 lib: Allow compile-testing of parman This allows to enable and run the accompanying test (test_parman) without dependencies on other users of parman. Signed-off-by: Geert Uytterhoeven Signed-off-by: David S. Miller lib/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 99253eb750fda6a644d5188fb26c43bad8d5a745 Author: Xin Long Date: Fri Feb 24 16:29:06 2017 +0800 ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt Commit 5e1859fbcc3c ("ipv4: ipmr: various fixes and cleanups") fixed the issue for ipv4 ipmr: ip_mroute_setsockopt() & ip_mroute_getsockopt() should not access/set raw_sk(sk)->ipmr_table before making sure the socket is a raw socket, and protocol is IGMP The same fix should be done for ipv6 ipmr as well. This patch can fix the panic caused by overwriting the same offset as ipmr_table as in raw_sk(sk) when accessing other type's socket by ip_mroute_setsockopt(). Signed-off-by: Xin Long Signed-off-by: David S. Miller net/ipv6/ip6mr.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 2e3ce5bc2aa938653c3866aa7f4901a1f199b1c8 Author: Xin Long Date: Fri Feb 24 15:18:46 2017 +0800 sctp: set sin_port for addr param when checking duplicate address Commit b8607805dd15 ("sctp: not copying duplicate addrs to the assoc's bind address list") tried to check for duplicate address before copying to asoc's bind_addr list from global addr list. But all the addrs' sin_ports in global addr list are 0 while the addrs' sin_ports are bp->port in asoc's bind_addr list. It means even if it's a duplicate address, af->cmp_addr will still return 0 as the their sin_ports are different. This patch is to fix it by setting the sin_port for addr param with bp->port before comparing the addrs. Fixes: b8607805dd15 ("sctp: not copying duplicate addrs to the assoc's bind address list") Reported-by: Wei Chen Signed-off-by: Xin Long Signed-off-by: David S. Miller net/sctp/protocol.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit c87ba9c49c1fa86261448b09c5f1b2223bf7efd9 Author: Nicholas Bellinger Date: Thu Jan 19 15:45:57 2017 -0800 target: Add counters for ABORT_TASK success + failure This patch introduces two counters for ABORT_TASK success + failure under: /sys/kernel/config/target/core/$HBA/$DEV/statistics/scsi_tgt_dev/ that are useful for diagnosing various backend device latency and front fabric issues. Normally when folks see alot of aborts_complete happening, it means the backend device I/O completion latency is high, and not returning completions fast enough before host side timeouts trigger. And normally when folks see alot of aborts_no_task, it means completions are being posted by target-core into fabric driver code, but the responses aren't making it back to the host. Signed-off-by: Nicholas Bellinger drivers/target/target_core_stat.c | 18 ++++++++++++++++++ drivers/target/target_core_tmr.c | 2 ++ include/target/target_core_base.h | 2 ++ 3 files changed, 22 insertions(+) commit 17c61ad66f2e09a9014ab2d4e1f04c8294427db1 Author: Nicholas Bellinger Date: Thu Feb 23 21:26:31 2017 -0800 iscsi-target: Fix early login failure statistics misses Due to the long standing checks in iscsit_snmp_get_tiqn() that assume conn->sess->tpg dereference of tpg->tpg_tiqn for iscsit_collect_login_stats() usage, some of the early login failure cases like ISCSI_LOGIN_STATUS_TGT_FORBIDDEN where not getting incremented, due to sess->tpg assignment happening later in iscsi_login_zero_tsih_s2(). Instead, use the earlier conn->tpg assignment done by iscsi_target_locate_portal() -> iscsit_get_tpg_from_np() so the existing counters are incremented correctly for the various early login failure cases. Also, go ahead and drop the old rate limiting check in iscsit_collect_login_stats(), so we get the true number of failed login attempts in the existing statistics. Reported-by: Ryan Stiles Cc: Ryan Stiles Signed-off-by: Nicholas Bellinger drivers/target/iscsi/iscsi_target_util.c | 38 ++------------------------------ 1 file changed, 2 insertions(+), 36 deletions(-) commit bd4e2d2907fa23a11d46217064ecf80470ddae10 Author: Nicholas Bellinger Date: Wed Feb 22 22:06:32 2017 -0800 target: Fix NULL dereference during LUN lookup + active I/O shutdown When transport_clear_lun_ref() is shutting down a se_lun via configfs with new I/O in-flight, it's possible to trigger a NULL pointer dereference in transport_lookup_cmd_lun() due to the fact percpu_ref_get() doesn't do any __PERCPU_REF_DEAD checking before incrementing lun->lun_ref.count after lun->lun_ref has switched to atomic_t mode. This results in a NULL pointer dereference as LUN shutdown code in core_tpg_remove_lun() continues running after the existing ->release() -> core_tpg_lun_ref_release() callback completes, and clears the RCU protected se_lun->lun_se_dev pointer. During the OOPs, the state of lun->lun_ref in the process which triggered the NULL pointer dereference looks like the following on v4.1.y stable code: struct se_lun { lun_link_magic = 4294932337, lun_status = TRANSPORT_LUN_STATUS_FREE, ..... lun_se_dev = 0x0, lun_sep = 0x0, ..... lun_ref = { count = { counter = 1 }, percpu_count_ptr = 3, release = 0xffffffffa02fa1e0 , confirm_switch = 0x0, force_atomic = false, rcu = { next = 0xffff88154fa1a5d0, func = 0xffffffff8137c4c0 } } } To address this bug, use percpu_ref_tryget_live() to ensure once __PERCPU_REF_DEAD is visable on all CPUs and ->lun_ref has switched to atomic_t, all new I/Os will fail to obtain a new lun->lun_ref reference. Also use an explicit percpu_ref_kill_and_confirm() callback to block on ->lun_ref_comp to allow the first stage and associated RCU grace period to complete, and then block on ->lun_ref_shutdown waiting for the final percpu_ref_put() to drop the last reference via transport_lun_remove_cmd() before continuing with core_tpg_remove_lun() shutdown. Reported-by: Rob Millner Tested-by: Rob Millner Cc: Rob Millner Tested-by: Vaibhav Tandon Cc: Vaibhav Tandon Tested-by: Bryant G. Ly Cc: # v3.14+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_device.c | 10 ++++++++-- drivers/target/target_core_tpg.c | 3 ++- drivers/target/target_core_transport.c | 31 ++++++++++++++++++++++++++++++- include/target/target_core_base.h | 1 + 4 files changed, 41 insertions(+), 4 deletions(-) commit 31788ca803a0c89078f9e604e64286fbd9077926 Author: Thomas Hellstrom Date: Tue Feb 21 17:42:27 2017 +0700 drm/vmwgfx: Work around drm removal of control nodes vmware tools has a daemon that gets layout information from the GUI and forwards it to DRM so that the modesetting code can set preferred connector locations and modes. This daemon was using control nodes but since control nodes were just removed, make it possible for the daemon to use render- or primary nodes instead. This is a bit ugly but will allow drm to proceed with removal of the mostly unused control-node code and allow vmware to proceed with fixing up automatic layout settings for gnome-shell/wayland. We bump minor to inform user-space about the api change. Cc: Signed-off-by: Thomas Hellstrom Reviewed-by: Sinclair Yeh Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20170221104227.2854-1-thellstrom@vmware.com drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 ++++++++++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 4 ++-- 2 files changed, 12 insertions(+), 3 deletions(-) commit e5d56efc97f8240d0b5d66c03949382b6d7e5570 Merge: c4f3f22 e3a60ea Author: Linus Torvalds Date: Sun Feb 26 13:19:17 2017 -0800 Merge tag 'watchdog-for-linus-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull watchdog updates from Guenter Roeck: "Wim asked me to handle the watchdog pull request this time around. Key changes: - New drivers: Cortina Gemini, ZTE's zx2967 family, NIC7018 - Convert to use device managed functions: ebc-c384_wdt, tegra_wdt, da9063_wdt, da9062_wdt, da9055_wdt, da9052_wdt, bcm2835_wdt, mena21_wdt, wm831x_wdt, digicolor_wdt, intel-mid_wdt, meson_wdt, sunxi_wdt, aspeed_wdt, coh901327_wdt, iTCO_wdt - Use watchdog core to install restart handler: tangox, dw_wdt, bcm2835_wdt, asm9260_wdt, bcm47xx_wdt - Convert ts72xx_wdt driver to watchdog core - Let core handle heartbeat in ep93xx_wdt driver - Enable COMPILE_TEST where possible - Various other improvements" * tag 'watchdog-for-linus-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: (54 commits) watchdog: s3c2410: Add prefix to local function watchdog: s3c2410: Select MFD_SYSCON on all Exynos platforms watchdog: s3c2410: Use dev_dbg instead of pr_info watchdog: s3c2410: Fix infinite interrupt in soft mode watchdog: s3c2410: Remove confusing CONFIG prefix from local defines watchdog: softdog: make pretimeout support a compile option watchdog: zx2967: add watchdog controller driver for ZTE's zx2967 family dt: bindings: add documentation for zx2967 family watchdog controller watchdog: sama5d4: Implement resume hook watchdog: sama5d4: Cache MR instead of a partial config watchdog: ts72xx_wdt: convert driver to watchdog core watchdog: ep93xx_wdt: cleanup and let the core handle the heartbeat watchdog: RDC321X_WDT always depends on PCI watchdog: add driver for Cortina Gemini watchdog watchdog: add DT bindings for Cortina Gemini watchdog: constify watchdog_ops structures watchdog: Introduce watchdog_stop_on_unregister helper watchdog: ebc-c384_wdt: Utilize devm_ functions in driver probe callback watchdog: tegra_wdt: Convert to use device managed functions watchdog: da9063_wdt: Convert to use device managed functions ... commit 47d3a07528ecbbccf53bc4390d70b4e3d1c04fcf Author: Eric Dumazet Date: Thu Feb 23 15:22:43 2017 -0800 net/mlx4_en: fix overflow in mlx4_en_init_timestamp() The cited commit makes a great job of finding optimal shift/multiplier values assuming a 10 seconds wrap around, but forgot to change the overflow_period computation. It overflows in cyclecounter_cyc2ns(), and the final result is 804 ms, which is silly. Lets simply use 5 seconds, no need to recompute this, given how it is supposed to work. Later, we will use a timer instead of a work queue, since the new RX allocation schem will no longer need mlx4_en_recover_from_oom() and the service_task firing every 250 ms. Fixes: 31c128b66e5b ("net/mlx4_en: Choose time-stamping shift value according to HW frequency") Signed-off-by: Eric Dumazet Cc: Tariq Toukan Cc: Eugenia Emantayev Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_clock.c | 18 ++++++++---------- drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 - 2 files changed, 8 insertions(+), 11 deletions(-) commit 13aa5a8f498dacd5f1a8e35be72af47e630fb8c6 Author: Pablo Neira Ayuso Date: Sun Feb 26 17:12:11 2017 +0100 netfilter: nft_set_bitmap: incorrect bitmap size priv->bitmap_size stores the real bitmap size, instead of the full struct nft_bitmap object. Fixes: 665153ff5752 ("netfilter: nf_tables: add bitmap set type") Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_set_bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8b1bb92bb6f6f5b05379c39f0e3bbf4f359e9298 Author: LABBE Corentin Date: Sat Feb 25 21:12:41 2017 +0100 net: s2io: fix typo argumnet argument This commit fix the typo argumnet/argument Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller drivers/net/ethernet/neterion/s2io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a573ba43d1f1fd8db81b1d8ff45a6771123fa6c1 Author: LABBE Corentin Date: Sat Feb 25 21:08:57 2017 +0100 net: vxge: fix typo argumnet argument This commit fix the typo argumnet/argument Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller drivers/net/ethernet/neterion/vxge/vxge-ethtool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4b86c459c7bee3acaf92f0e2b4c6ac803eaa1a58 Author: Jarno Rajahalme Date: Thu Feb 23 17:08:54 2017 -0800 netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value. Commit 4dee62b1b9b4 ("netfilter: nf_ct_expect: nf_ct_expect_insert() returns void") inadvertently changed the successful return value of nf_ct_expect_related_report() from 0 to 1 due to __nf_ct_expect_check() returning 1 on success. Prevent this regression in the future by changing the return value of __nf_ct_expect_check() to 0 on success. Signed-off-by: Jarno Rajahalme Acked-by: Joe Stringer Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_expect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6cf1bf636a067eb308cb3a8322b9d6b1844a075d Author: Michael Zoran Date: Sat Feb 18 03:22:01 2017 -0800 staging: vchiq_2835_arm: Make cache-line-size a required DT property The original github source allowed for the cache-line-size property to be missing. Since recent firmwares also require this property, it makes sense to always require it in the driver as well. If the cache-line-size property is missing, then the driver probe should fail as no dev since the kernel and dt may be out of sync. The fix is to add a check for the return value of of_property_read_u32. Changes V2: 1. Add error message if cache-line-size is missing. 2. Simple check for non-zero return value from of_property_read_u32. Signed-off-by: Michael Zoran Acked-by: Stefan Wahren Signed-off-by: Greg Kroah-Hartman .../staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit f4082c6f28a8e77dcb694c6f23de9e533251051d Author: Dan Carpenter Date: Sat Feb 18 02:20:36 2017 +0300 staging: bcm2835/mmal-vchiq: unlock on error in buffer_from_host() We should unlock before returning on this error path. Fixes: 7b3ad5abf027 ("staging: Import the BCM2835 MMAL-based V4L2 camera driver.") Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman drivers/staging/media/platform/bcm2835/mmal-vchiq.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit dc7ffefdcc28a45214aa707fdc3df6a5e611ba09 Author: Oleg Drokin Date: Sun Feb 19 16:35:59 2017 -0500 staging/lustre/lnet: Fix allocation size for sv_cpt_data This is unbreaking another of those "stealth" janitor patches that got in and subtly broke some things. sv_cpt_data is a pointer to pointer, so need to dereference it twice to allocate the correct structure size. Fixes: 9899cb68c6c2 ("Staging: lustre: rpc: Use sizeof type *pointer instead of sizeof type.") CC: Sandhya Bankar Cc: stable # 4.7+ Signed-off-by: Oleg Drokin Reviewed-by: James Simmons Reviewed-by: Doug Oucharek Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lnet/selftest/rpc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6e28099d38c0e50d62c1afc054e37e573adf3d21 Author: Julian Anastasov Date: Sun Feb 26 17:14:35 2017 +0200 ipv4: mask tos for input route Restore the lost masking of TOS in input route code to allow ip rules to match it properly. Problem [1] noticed by Shmulik Ladkani [1] http://marc.info/?t=137331755300040&r=1&w=2 Fixes: 89aef8921bfb ("ipv4: Delete routing cache.") Signed-off-by: Julian Anastasov Signed-off-by: David S. Miller net/ipv4/route.c | 1 + 1 file changed, 1 insertion(+) commit 8bcfd0925ef15f072ba1e7bee2c25e9e1b5fd6ca Author: Julian Anastasov Date: Sun Feb 26 15:50:52 2017 +0200 ipv4: add missing initialization for flowi4_uid Avoid matching of random stack value for uid when rules are looked up on input route or when RP filter is used. Problem should affect only setups that use ip rules with uid range. Fixes: 622ec2c9d524 ("net: core: add UID to flows, rules, and routes") Signed-off-by: Julian Anastasov Signed-off-by: David S. Miller net/ipv4/fib_frontend.c | 6 +++--- net/ipv4/route.c | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) commit 8118b7b76c8c087055054884a39db6a7d138e1c5 Author: Colin Ian King Date: Sun Feb 26 12:10:12 2017 +0000 lib: fix spelling mistake: "actualy" -> "actually" trivial fix to spelling mistake in pr_err message Signed-off-by: Colin Ian King Acked-by: Jiri Pirko Signed-off-by: David S. Miller lib/test_parman.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7aa2a92c491ecdd98b60845548a7041b159b3de3 Merge: bc49a78 ca1c39e Author: Greg Kroah-Hartman Date: Sun Feb 26 16:59:15 2017 +0100 Merge tag 'iio-fixes-for-4.11b' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus Jonathan writes: Second set of IIO fixes for IIO in the 4.11 cycle. This series consists of fixes that either came in after the merge window had opened or are fixes for work that merged during the merge window so had to wait for that to hit mainline. * 104-quad-8 - Fix an off by one error in the register address for the flag register. * rcar-gyroadc - protect against possible issues in future by dealing with childmode not being in a valid state. This also deals with some build warnings. * xilinx - fix some error handling paths to ensure resources are released in reverse order of being acquired. commit 71050ae7bf83e4d71a859257d11adc5de517073e Author: João Paulo Rechi Vita Date: Mon Feb 20 14:50:22 2017 -0500 platform/x86: asus-wmi: Detect quirk_no_rfkill from the DSDT Some Asus laptops that have an airplane-mode indicator LED, also have the WMI WLAN user bit set, and the following bits in their DSDT: Scope (_SB) { (...) Device (ATKD) { (...) Method (WMNB, 3, Serialized) { (...) If (LEqual (IIA0, 0x00010002)) { OWGD (IIA1) Return (One) } } } } So when asus-wmi uses ASUS_WMI_DEVID_WLAN_LED (0x00010002) to store the wlan state, it drives the airplane-mode indicator LED (through the call to OWGD) in an inverted fashion: the LED is ON when airplane mode is OFF (since wlan is ON), and vice-versa. This commit skips registering RFKill switches at all for these laptops, to allow the asus-wireless driver to drive the airplane mode LED correctly through the ASHS ACPI device. Relying on the presence of ASHS and ASUS_WMI_DSTS_USER_BIT avoids adding DMI-based quirks for at least 21 different laptops. Signed-off-by: João Paulo Rechi Vita Signed-off-by: Andy Shevchenko drivers/platform/x86/asus-wmi.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) commit 5802d0bc3fe9f598f0ff3f5fd7fd8c5c935a1b5d Author: Alan Jenkins Date: Wed Feb 8 14:46:33 2017 +0100 platform/x86: fujitsu-laptop: remove redundant MODULE_ALIAS entries MODULE_DEVICE_TABLE is all that is needed for fujitsu-laptop to be properly autoloaded based on presence of its associated ACPI devices, so remove redundant MODULE_ALIAS entries. Signed-off-by: Alan Jenkins [kempniu: rebase patch, rewrite commit message] Signed-off-by: Michał Kępień Signed-off-by: Andy Shevchenko Reviewed-by: Jonathan Woithe drivers/platform/x86/fujitsu-laptop.c | 4 ---- 1 file changed, 4 deletions(-) commit 5296a73613814a15e54ebddc2843ec0f84951d60 Author: Alan Jenkins Date: Wed Feb 8 14:46:32 2017 +0100 platform/x86: fujitsu-laptop: autodetect LCD interface on all models Presence of ACPI method SBL2 should be checked on all models rather than just the ones with predefined hotkey keycode overrides. Move most of dmi_check_cb_common() to acpi_fujitsu_bl_add(). Adjust indentation to make checkpatch happy. Signed-off-by: Alan Jenkins [kempniu: rebase patch, rewrite commit message] Signed-off-by: Michał Kępień Signed-off-by: Andy Shevchenko Reviewed-by: Jonathan Woithe drivers/platform/x86/fujitsu-laptop.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit c1d1e8a051761fb808308dab32b9351e1d1fbb9b Author: Alan Jenkins Date: Wed Feb 8 14:46:30 2017 +0100 platform/x86: fujitsu-laptop: simplify acpi_bus_register_driver() error handling A separate variable is not needed to handle error codes returned by acpi_bus_register_driver(). If the latter fails, just use the value it returned as the value returned by fujitsu_init(). Signed-off-by: Alan Jenkins [kempniu: rebase patch, rewrite commit message] Signed-off-by: Michał Kępień Signed-off-by: Andy Shevchenko Reviewed-by: Jonathan Woithe drivers/platform/x86/fujitsu-laptop.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) commit 8c590e339f37022dff209ef16cf699531df1a0ca Author: Alan Jenkins Date: Wed Feb 8 14:46:29 2017 +0100 platform/x86: fujitsu-laptop: remove redundant forward declarations Both acpi_fujitsu_bl_notify() and acpi_fujitsu_laptop_notify() are defined before they are first used, so remove their forward declarations as they are redundant. Signed-off-by: Alan Jenkins [kempniu: rebase patch, rewrite commit message] Signed-off-by: Michał Kępień Signed-off-by: Andy Shevchenko Reviewed-by: Jonathan Woithe drivers/platform/x86/fujitsu-laptop.c | 4 ---- 1 file changed, 4 deletions(-) commit d3dd4480f8a911198d85b3cdb97f22db6539d2d1 Author: Alan Jenkins Date: Wed Feb 8 14:46:28 2017 +0100 platform/x86: fujitsu-laptop: replace numeric values with constants Replace three repeating numeric values with constants to improve code clarity. Signed-off-by: Alan Jenkins [kempniu: rebase patch, rewrite commit message] Signed-off-by: Michał Kępień Signed-off-by: Andy Shevchenko Reviewed-by: Jonathan Woithe drivers/platform/x86/fujitsu-laptop.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 8ef27bd3410c4e5856bac2315ef51224926020e0 Author: Alan Jenkins Date: Wed Feb 8 14:46:27 2017 +0100 platform/x86: fujitsu-laptop: rename FUNC_RFKILL to FUNC_FLAGS FUNC subfunction 0x1000 is currently referred to as FUNC_RFKILL, which is misleading, because it handles more than just radio devices (also lid, dock, LEDs). Rename the FUNC_RFKILL constant to FUNC_FLAGS. Replace "rfkill" with "flags" in the names of its associated fields inside struct fujitsu_laptop. Signed-off-by: Alan Jenkins [kempniu: rebase patch, rewrite commit message] Signed-off-by: Michał Kępień Signed-off-by: Andy Shevchenko Reviewed-by: Jonathan Woithe drivers/platform/x86/fujitsu-laptop.c | 50 +++++++++++++++++------------------ 1 file changed, 25 insertions(+), 25 deletions(-) commit 1650602691f4e8ea8f6e306452a72ac9a611932a Author: Alan Jenkins Date: Wed Feb 8 14:46:26 2017 +0100 platform/x86: fujitsu-laptop: make platform-related variables match naming convention Replace "fujitsupf" with "fujitsu_pf" in all platform-related variable names to match the module-wide naming convention. Signed-off-by: Alan Jenkins [kempniu: rebase patch, rewrite commit message] Signed-off-by: Michał Kępień Signed-off-by: Andy Shevchenko Reviewed-by: Jonathan Woithe drivers/platform/x86/fujitsu-laptop.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit 6942eabc140eac54d5c0db2695eed63768209c34 Author: Alan Jenkins Date: Wed Feb 8 14:46:25 2017 +0100 platform/x86: fujitsu-laptop: replace "hotkey" with "laptop" in symbol names Functions, structures, variables and constants whose names currently contain the "hotkey" keyword are not only responsible for handling hotkeys, but also other laptop-related features (rfkill, lid, dock, LEDs). Fix their naming by using a consistent "_laptop"/"_LAPTOP" suffix/infix. Update comments so that they reflect this change. Signed-off-by: Alan Jenkins [kempniu: rebase patch, rewrite commit message] Signed-off-by: Michał Kępień Signed-off-by: Andy Shevchenko Reviewed-by: Jonathan Woithe drivers/platform/x86/fujitsu-laptop.c | 158 +++++++++++++++++----------------- 1 file changed, 79 insertions(+), 79 deletions(-) commit 9fc5cf6e14fc1db40ea8a1c10061bb9586e78585 Author: Alan Jenkins Date: Wed Feb 8 14:46:24 2017 +0100 platform/x86: fujitsu-laptop: clearly denote backlight-related symbols Unify naming for all backlight-related functions, structures, variables and constants by using a consistent "_bl"/"_BL" suffix/infix. Adjust indentation to make checkpatch happy. Signed-off-by: Alan Jenkins [kempniu: rebase patch, rewrite commit message] Signed-off-by: Michał Kępień Signed-off-by: Andy Shevchenko Reviewed-by: Jonathan Woithe drivers/platform/x86/fujitsu-laptop.c | 214 +++++++++++++++++----------------- 1 file changed, 107 insertions(+), 107 deletions(-) commit c4f3f22eddc982d247ffe2a6690c3e4a5c46dd09 Merge: cb41955 68bd42d9 Author: Linus Torvalds Date: Sat Feb 25 15:32:53 2017 -0800 Merge tag 'linux-kselftest-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull Kselftest update from Shuah Khan: "This update consists of: - fixes to several existing tests from Stafford Horne - cpufreq tests from Viresh Kumar - Selftest build and install fixes from Bamvor Jian Zhang and Michael Ellerman - Fixes to protection-keys tests from Dave Hansen - Warning fixes from Shuah Khan" * tag 'linux-kselftest-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: (28 commits) selftests/powerpc: Fix remaining fallout from recent changes selftests/powerpc: Fix the clean rule since recent changes selftests: Fix the .S and .S -> .o rules selftests: Fix the .c linking rule selftests: Fix selftests build to just build, not run tests selftests, x86, protection_keys: fix wrong offset in siginfo selftests, x86, protection_keys: fix uninitialized variable warning selftest: cpufreq: Update MAINTAINERS file selftest: cpufreq: Add special tests selftest: cpufreq: Add support to test cpufreq modules selftest: cpufreq: Add suspend/resume/hibernate support selftest: cpufreq: Add support for cpufreq tests selftests: Add intel_pstate to TARGETS selftests/intel_pstate: Update makefile to match new style selftests/intel_pstate: Fix warning on loop index overflow cpupower: Restore format of frequency-info limit selftests/futex: Add headers to makefile dependencies selftests/futex: Add stdio used for logging selftests: x86 protection_keys remove dead code selftests: x86 protection_keys fix unused variable compile warnings ... commit cb4195535f22162295eeb4a7909056843e65d367 Merge: 9003ed1 e98bdb3 Author: Linus Torvalds Date: Sat Feb 25 15:02:10 2017 -0800 Merge tag 'for-linus-4.11-ofs2' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux Pull orangefs updates from Mike Marshall: "Orangefs: cleanups, a protocol fix and an added configuration button. Cleanups: - silence harmless integer overflow warning (from dan.carpenter@oracle.com) - Dan Carpenter influenced debugfs cleanups. - remove orangefs_backing_dev_info (from jack@suse.cz) Protocol fix: - fix buffer size mis-match between kernel space and user space New configuration button: - support readahead_readcnt parameter" * tag 'for-linus-4.11-ofs2' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux: orangefs: fix buffer size mis-match between kernel space and user space. orangefs: Dan Carpenter influenced cleanups... orangefs: Remove orangefs_backing_dev_info orangefs: Support readahead_readcnt parameter. orangefs: silence harmless integer overflow warning commit 9003ed1fed2a3fe2774a6b67dcbe1ab31d7f8ec3 Merge: 94eae80 6288d6e Author: Linus Torvalds Date: Sat Feb 25 14:53:58 2017 -0800 Merge branch 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs updates from Chris Mason: "This has a series of fixes and cleanups that Dave Sterba has been collecting. There is a pretty big variety here, cleaning up internal APIs and fixing corner cases" * 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: (124 commits) Btrfs: use the correct type when creating cow dio extent Btrfs: fix deadlock between dedup on same file and starting writeback btrfs: use btrfs_debug instead of pr_debug in transaction abort btrfs: btrfs_truncate_free_space_cache always allocates path btrfs: free-space-cache, clean up unnecessary root arguments btrfs: convert btrfs_inc_block_group_ro to accept fs_info btrfs: flush_space always takes fs_info->fs_root btrfs: pass fs_info to (more) routines that are only called with extent_root btrfs: qgroup: Move half of the qgroup accounting time out of commit trans btrfs: remove unused parameter from adjust_slots_upwards btrfs: remove unused parameters from __btrfs_write_out_cache btrfs: remove unused parameter from cleanup_write_cache_enospc btrfs: remove unused parameter from __add_inode_ref btrfs: remove unused parameter from clone_copy_inline_extent btrfs: remove unused parameters from btrfs_cmp_data btrfs: remove unused parameter from __add_inline_refs btrfs: remove unused parameters from scrub_setup_wr_ctx btrfs: remove unused parameter from create_snapshot btrfs: remove unused parameter from init_first_rw_device btrfs: remove unused parameter from __btrfs_alloc_chunk ... commit 94eae8034002401d71ae950106659e16add36e77 Merge: 5d8a00e af050ab Author: Linus Torvalds Date: Sat Feb 25 14:35:37 2017 -0800 Merge tag 'platform-drivers-x86-v4.11-1' of git://git.infradead.org/linux-platform-drivers-x86 Pull x86 platform driver updates from Darren Hart: "Big picture: - New intel_turbo_max_3 driver, providing max core frequency information to the scheduler. Intel PMC APL support, s0ix read API, and fixes. - New Silead touchscreen platform touchscreen descriptions. Additional hotkey support for the intel-hid driver. - New model support for dell-laptop and hp_accel. - Several cleanups, especially to the fujitsu-laptop and intel_mid_powerbtn drivers. Detail summary: platorm/x86: - silead depends on I2C being built-in - add support for devices with Silead touchscreens - Support Turbo Boost Max 3.0 for non HWP systems intel_turbo_max_3: - make it explicitly non-modular dell-laptop: - Add Latitude 7480 and others to the DMI whitelist intel-hid: - Support 5 button array thinkpad_acpi: - Call led_classdev_notify_brightness_hw_changed on kbd brightness change - Use brightness_set_blocking callback for LEDs - Stop setting led_classdev brightness directly acer-wmi: - add another KEY_WLAN keycode - Inform firmware that RF Button Driver is active - setup accelerometer when machine has appropriate notify event asus-wireless: - Fix indentation - Use per-HID HSWC parameters intel_pmc_ipc: - Add APL PMC PCI Id - read s0ix residency API - Remove unused iTCO_version variable alienware-wmi: - Remove header duplicate intel_pmc_core: - fix out-of-bounds accesses on stack intel_mid_powerbtn: - Use SCU IPC directly - Unify IRQ acknowledgment - Move comment to where it belongs - Unify PBSTATUS access - Remove snail address - Sort headers alphabetically - Join string literals - Enable driver for Merrifield - Acknowledge interrupts - Factor out mfld_ack() - Introduce driver data - Substitute mfld by mid - Convert to use devm_*() fujitsu-laptop: - make hotkey handling functions more similar - break up complex loop condition - move keycode processing to separate functions - decrease indentation in acpi_fujitsu_hotkey_notify() - simplify logolamp_get() - rework logolamp_set() to properly handle errors - set default trigger for radio LED to rfkill-any dell-smbios: - Auto-select as needed intel_mid_thermal: - Fix module autoload - Remove duplicated platform device ID mlx-platform: - mlxcpld-hotplug driver style fixes hp_accel: - Add support for HP ZBook 17" * tag 'platform-drivers-x86-v4.11-1' of git://git.infradead.org/linux-platform-drivers-x86: (45 commits) platform/x86: intel_turbo_max_3: make it explicitly non-modular platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI whitelist platform/x86: intel-hid: Support 5 button array platform/x86: thinkpad_acpi: Call led_classdev_notify_brightness_hw_changed on kbd brightness change platform/x86: thinkpad_acpi: Use brightness_set_blocking callback for LEDs platform/x86: thinkpad_acpi: Stop setting led_classdev brightness directly leds: class: Add new optional brightness_hw_changed attribute platform/x86: acer-wmi: add another KEY_WLAN keycode platform/x86: acer-wmi: Inform firmware that RF Button Driver is active platform/x86: asus-wireless: Fix indentation platform/x86: asus-wireless: Use per-HID HSWC parameters platform/x86: intel_pmc_ipc: Add APL PMC PCI Id platform/x86: intel_pmc_ipc: read s0ix residency API platform/x86: alienware-wmi: Remove header duplicate platform/x86: intel_mid_powerbtn: Use SCU IPC directly platform/x86: intel_mid_powerbtn: Unify IRQ acknowledgment platform/x86: intel_mid_powerbtn: Move comment to where it belongs platform/x86: intel_mid_powerbtn: Unify PBSTATUS access platform/x86: intel_pmc_core: fix out-of-bounds accesses on stack platform/x86: silead depends on I2C being built-in ... commit 5d8a00eee2ed2e548a5d21b0edf495f3f7bf8bb4 Merge: 7067739 f59de56 Author: Linus Torvalds Date: Sat Feb 25 14:28:06 2017 -0800 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk updates from Stephen Boyd: "The usual collection of new drivers, non-critical fixes, and updates to existing clk drivers. The bulk of the work is on Allwinner and Rockchip SoCs, but there's also an Intel Atom driver in here too. New Drivers: - Tegra BPMP firmware - Hisilicon hi3660 SoCs - Rockchip rk3328 SoCs - Intel Atom PMC - STM32F746 - IDT VersaClock 5P49V5923 and 5P49V5933 - Marvell mv98dx3236 SoCs - Allwinner V3s SoCs Removed Drivers: - Samsung Exynos4415 SoCs Updates: - Migrate ABx500 to OF - Qualcomm IPQ4019 CPU clks and general PLL support - Qualcomm MSM8974 RPM - Rockchip non-critical fixes and clk id additions - Samsung Exynos4412 CPUs - Socionext UniPhier NAND and eMMC support - ZTE zx296718 i2s and other audio clks - Renesas CAN and MSIOF clks for R-Car M3-W - Renesas resets for R-Car Gen2 and Gen3 and RZ/G1 - TI CDCE913, CDCE937, and CDCE949 clk generators - Marvell Armada ap806 CPU frequencies - STM32F4* I2S/SAI support - Broadcom BCM2835 DSI support - Allwinner sun5i and A80 conversion to new style clk bindings" * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (130 commits) clk: renesas: mstp: ensure register writes complete clk: qcom: Do not drop device node twice clk: mvebu: adjust clock handling for the CP110 system controller clk: mvebu: Expand mv98dx3236-core-clock support clk: zte: add i2s clocks for zx296718 clk: sunxi-ng: sun9i-a80: Fix wrong pointer passed to PTR_ERR() clk: sunxi-ng: select SUNXI_CCU_MULT for sun5i clk: sunxi-ng: Check kzalloc() for errors and cleanup error path clk: tegra: Add BPMP clock driver clk: uniphier: add eMMC clock for LD11 and LD20 SoCs clk: uniphier: add NAND clock for all UniPhier SoCs ARM: dts: sun9i: Switch to new clock bindings clk: sunxi-ng: Add A80 Display Engine CCU clk: sunxi-ng: Add A80 USB CCU clk: sunxi-ng: Add A80 CCU clk: sunxi-ng: Support separately grouped PLL lock status register clk: sunxi-ng: mux: Get closest parent rate possible with CLK_SET_RATE_PARENT clk: sunxi-ng: mux: honor CLK_SET_RATE_NO_REPARENT flag clk: sunxi-ng: mux: Fix determine_rate for mux clocks with pre-dividers clk: qcom: SDHCI enablement on Nexus 5X / 6P ... commit 7067739df23ffd641ca99c967830e0ed2ba39eab Merge: ac1820f 4c21541 Author: Linus Torvalds Date: Sat Feb 25 14:21:18 2017 -0800 Merge branch 'i2c/for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c updates from Wolfram Sang: "I2C has for you two new drivers (Tegra BPMP and STM32F4), interrupt support for pca954x muxes, and a bunch of driver bugfixes and improvements. Nothing really special this cycle. A few commits have been added to my tree just recently. Those are the Tegra BPMP driver and a few straightforward bugfixes or cleanups which I prefer to have upstream rather soonish. The rest had proper linux-next exposure" * 'i2c/for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (25 commits) i2c: thunderx: Replace pci_enable_msix() i2c: exynos5: fix arbitration lost handling i2c: exynos5: disable fifo-almost-empty irq signal when necessary i2c: at91: ensure state is restored after suspending i2c: bcm2835: Avoid possible NULL ptr dereference i2c: Add Tegra BPMP I2C proxy driver dt-bindings: Add Tegra186 BPMP I2C binding misc: eeprom: at24: use device_property_*() functions instead of of_get_property() i2c: mux: pca954x: Add interrupt controller support dt: bindings: i2c-mux-pca954x: Add documentation for interrupt controller i2c: mux: pca954x: Add missing pca9542 definition to chip_desc i2c: riic: correctly finish transfers i2c: i801: Add support for Intel Gemini Lake i2c: mux: pca9541: Export OF device ID table as module aliases i2c: mux: pca954x: Export OF device ID table as module aliases i2c: mux: mlxcpld: remove unused including i2c: busses: constify i2c_algorithm structures i2c: i2c-mux-gpio: rename i2c-gpio-mux to i2c-mux-gpio i2c: sh_mobile: document support for r8a7796 (R-Car M3-W) i2c: i2c-cros-ec-tunnel: Reduce logging noise ... commit f2642888476d7faefa9695bbebb2abbaeb3685d8 Author: Len Brown Date: Sat Jan 7 23:13:15 2017 -0500 tools/power turbostat: update MSR_PKG_CST_CONFIG_CONTROL decoding AMT value 0 is unlimited, not PC0 Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8f6196c192f6393823e632bfb927ff1572369875 Author: Len Brown Date: Sat Jan 7 22:40:23 2017 -0500 tools/power turbostat: Baytrail: remove debug line in quiet mode Without --debug, a debug line was printed on Baytrail: SLM BCLK: 83.3 Mhz Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 71616c8e936a6dd541f0627d7bf4ff09971d8ccb Author: Len Brown Date: Sat Jan 7 22:37:48 2017 -0500 tools/power turbostat: decode Baytrail CC6 and MC6 demotion configuration with --debug, see: cpu0: MSR_CC6_DEMOTION_POLICY_CONFIG: 0x00000000 (DISable-CC6-Demotion) cpu0: MSR_MC6_DEMOTION_POLICY_CONFIG: 0x00000000 (DISable-MC6-Demotion) Note that the hardware default is to enable demotion, and Linux started clearing these registers in 3.17. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 42 +++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) commit cf4cbe5314884c3123fe4ca137e9d750b6e2b8c9 Author: Len Brown Date: Sun Jan 1 13:08:33 2017 -0500 tools/power turbostat: BYT does not have MSR_MISC_PWR_MGMT and so --debug fails with: turbostat: msr 1 offset 0x1aa read failed: Input/output error It seems that baytrail, and airmont do not have this MSR. It is included in subsequent Goldmont Atom. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 812db3f77b9a3f6ed59baf7a0d5c3fd8ec8ef86a Author: Len Brown Date: Fri Feb 10 00:25:41 2017 -0500 tools/power turbostat: Add --show and --hide parameters Add the "--show" and "--hide" cmdline parameters. By default, turbostat shows all columns. turbostat --hide counter_list will continue showing all columns, except for those listed. turbostat --show counter_list will show _only_ the listed columns These features work for built-in counters, and have no effect on columns added with the --add parameter. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 4 + tools/power/x86/turbostat/turbostat.c | 463 +++++++++++++++++++++++++--------- 2 files changed, 347 insertions(+), 120 deletions(-) commit 678a3bd1b3de6d2ebf604e7d708bc8150bb667e9 Author: Len Brown Date: Thu Feb 9 22:22:13 2017 -0500 tools/power turbostat: fix bugs in --add option When --add was used more than once, overflowed buffers caused some counters to be stored on top of others, corrupting the results. Simplify the code by simply reserving space for up to 16 added counters per each cpu, core, package. Per-cpu added counters were being printed only per-core. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 88 +++++++++++++++++++++-------------- 1 file changed, 52 insertions(+), 36 deletions(-) commit ac1820fb286b552b6885d40ab34f1e59b815f1f1 Merge: edccb59 0bbb3b7 Author: Linus Torvalds Date: Sat Feb 25 13:45:43 2017 -0800 Merge tag 'for-next-dma_ops' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rdma DMA mapping updates from Doug Ledford: "Drop IB DMA mapping code and use core DMA code instead. Bart Van Assche noted that the ib DMA mapping code was significantly similar enough to the core DMA mapping code that with a few changes it was possible to remove the IB DMA mapping code entirely and switch the RDMA stack to use the core DMA mapping code. This resulted in a nice set of cleanups, but touched the entire tree and has been kept separate for that reason." * tag 'for-next-dma_ops' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (37 commits) IB/rxe, IB/rdmavt: Use dma_virt_ops instead of duplicating it IB/core: Remove ib_device.dma_device nvme-rdma: Switch from dma_device to dev.parent RDS: net: Switch from dma_device to dev.parent IB/srpt: Modify a debug statement IB/srp: Switch from dma_device to dev.parent IB/iser: Switch from dma_device to dev.parent IB/IPoIB: Switch from dma_device to dev.parent IB/rxe: Switch from dma_device to dev.parent IB/vmw_pvrdma: Switch from dma_device to dev.parent IB/usnic: Switch from dma_device to dev.parent IB/qib: Switch from dma_device to dev.parent IB/qedr: Switch from dma_device to dev.parent IB/ocrdma: Switch from dma_device to dev.parent IB/nes: Remove a superfluous assignment statement IB/mthca: Switch from dma_device to dev.parent IB/mlx5: Switch from dma_device to dev.parent IB/mlx4: Switch from dma_device to dev.parent IB/i40iw: Remove a superfluous assignment statement IB/hns: Switch from dma_device to dev.parent ... commit ef470a60e10eb12635d7b84c9502cea3028d44e8 Author: John David Anglin Date: Mon Feb 20 14:02:46 2017 -0500 parisc: Remove flush_user_dcache_range and flush_user_icache_range The functions flush_user_dcache_range() and flush_user_icache_range() are only used by the parisc signal handling code. This code only needs to flush a couple of lines, so the threshold check is unnecessary overhead. Signed-off-by: John David Anglin Signed-off-by: Helge Deller arch/parisc/include/asm/cacheflush.h | 2 -- arch/parisc/kernel/cache.c | 18 ------------------ arch/parisc/kernel/signal.c | 13 +++++++------ 3 files changed, 7 insertions(+), 26 deletions(-) commit 8351badf349b22b47c9696f54656db65d7834e42 Author: Dan Carpenter Date: Wed Feb 8 10:20:35 2017 +0300 parisc: fix a printk We want to do a pr_cont() here and not a pr_warn(). Fixes: b391667eb45a ("parisc: Report trap type as human readable string") Signed-off-by: Dan Carpenter Signed-off-by: Helge Deller arch/parisc/mm/fault.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e28f701b21ee4b4eb716e4717fa2aa78c28a8523 Author: Arvind Yadav Date: Thu Feb 2 18:52:34 2017 +0530 parisc: ccio-dma: Handle return NULL error from ioremap_nocache Fix error paths and return -ENOMEM instead of '1'. Signed-off-by: Arvind Yadav Signed-off-by: Helge Deller drivers/parisc/ccio-dma.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 09b871ffd4d8ddc005a9480fb69ff1897caaeb1f Author: Helge Deller Date: Sun Jan 29 18:19:33 2017 +0100 parisc: Define access_ok() as macro Define access_ok() as macro instead of static function. This fixes build warnings in code where the second parameter is given as unsigned long. Signed-off-by: Helge Deller arch/parisc/include/asm/uaccess.h | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit af640d17ecee1f82a949b580cc4a3e8f29c377b9 Author: Arvind Yadav Date: Wed Jan 18 13:41:31 2017 +0530 parisc: eisa: Fix resource leaks in error paths Signed-off-by: Arvind Yadav Signed-off-by: Helge Deller drivers/parisc/eisa.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit 99cde44edfa06b5f910c1704cb15d36310a56545 Author: Arvind Yadav Date: Tue Jan 17 13:35:03 2017 +0530 parisc: eisa: Remove coding style errors This patch removes coding style errors in the eisa driver. Signed-off-by: Arvind Yadav Signed-off-by: Helge Deller drivers/parisc/eisa.c | 104 +++++++++++++++++++++++++------------------------- 1 file changed, 52 insertions(+), 52 deletions(-) commit edccb59429657b09806146339e2b27594c1d1da0 Merge: 6e5c838 42f8236 Author: Linus Torvalds Date: Sat Feb 25 13:20:22 2017 -0800 Merge tag 'fbdev-v4.11' of git://github.com/bzolnier/linux Pull fbdev updates from Bartlomiej Zolnierkiewicz: - fix for font color when console is switched to another fb driver - deferred probing fixes for simplefb driver - preparations to add support of an optional GPIO to enable panel for ARM CLCD driver - some improvements for ssd1307fb driver - cleanups for OMAP fbdev LCD drivers - misc fixes/cleanups for various fb drivers * tag 'fbdev-v4.11' of git://github.com/bzolnier/linux: (30 commits) video: fbdev: fsl-diu-fb: fix spelling mistake "palette" fbdev: ssd1307fb: include linux/gpio/consumer.h video: fbdev: fsl-diu-fb: remove impossible condition video: fbdev: amifb: remove impossible condition fbdev/ssd1307fb: clear screen in probe fbdev/ssd1307fb: add support to enable VBAT fbdev: ssd1307fb: Make reset gpio devicetree property optional fbdev: ssd1307fb: Remove reset-active-low from the DT binding document fbdev: ssd1307fb: Start to use gpiod API for reset gpio video: fbdev: sh_mobile_lcdcfb: fix error return code in sh_mobile_lcdc_probe() video: fbdev: offb: switch to using for_each_node_by_type video/console: use setup_timer and mod_timer instead of init_timer fbdev: omap/lcd: Make callbacks optional fbdev: omap/lcd: Staticize non-exported lcd_panel structs fbdev: omap/lcd: Remove no-op driver callbacks video/mbx: use simple_open() video: fbdev: stifb: handle NULL return value from ioremap_nocache video: fbdev: pmagb-b-fb: Remove bad `__init' annotation video: fbdev: pmag-ba-fb: Remove bad `__init' annotation video: ARM CLCD: use panel device node for getting backlight and mode ... commit 6e5c8381d1db4c1cdd4b4e49d5f0d1255c2246fd Author: Joe Perches Date: Thu Feb 23 22:29:40 2017 -0800 treewide: Remove remaining executable attributes from source files These are the current source files that should not have executable attributes set. [ Normally this would be sent through Andrew Morton's tree but his quilt tools don't like permission only patches. ] Signed-off-by: Joe Perches Signed-off-by: Linus Torvalds Documentation/devicetree/bindings/sound/rt5665.txt | 0 arch/nios2/boot/dts/10m50_devboard.dts | 0 arch/nios2/configs/10m50_defconfig | 0 arch/sh/boot/dts/j2_mimas_v2.dts | 0 drivers/crypto/chelsio/chcr_algo.c | 0 include/sound/rt5665.h | 0 6 files changed, 0 insertions(+), 0 deletions(-) commit 7b46588f364f4f40c25f43ceabb6f705d20793e2 Merge: 915f3e3 9533047 Author: Linus Torvalds Date: Sat Feb 25 10:29:09 2017 -0800 Merge branch 'akpm' (patches from Andrew) Merge more updates from Andrew Morton: - almost all of the rest of MM - misc bits - KASAN updates - procfs - lib/ updates - checkpatch updates * emailed patches from Andrew Morton : (124 commits) checkpatch: remove false unbalanced braces warning checkpatch: notice unbalanced else braces in a patch checkpatch: add another old address for the FSF checkpatch: update $logFunctions checkpatch: warn on logging continuations checkpatch: warn on embedded function names lib/lz4: remove back-compat wrappers fs/pstore: fs/squashfs: change usage of LZ4 to work with new LZ4 version crypto: change LZ4 modules to work with new LZ4 module version lib/decompress_unlz4: change module to work with new LZ4 module version lib: update LZ4 compressor module lib/test_sort.c: make it explicitly non-modular lib: add CONFIG_TEST_SORT to enable self-test of sort() rbtree: use designated initializers linux/kernel.h: fix DIV_ROUND_CLOSEST to support negative divisors lib/find_bit.c: micro-optimise find_next_*_bit lib: add module support to atomic64 tests lib: add module support to glob tests lib: add module support to crc32 tests kernel/ksysfs.c: add __ro_after_init to bin_attribute structure ... commit 915f3e3f76c05b2da93c4cc278eebc2d9219d9f4 Author: Thomas Gleixner Date: Sat Feb 25 11:27:37 2017 +0100 mac80211_hwsim: Replace bogus hrtimer clockid mac80211_hwsim initializes a hrtimer with clockid CLOCK_MONOTONIC_RAW. That's not supported. Use CLOCK_MONOTNIC instead. Signed-off-by: Thomas Gleixner Signed-off-by: Linus Torvalds drivers/net/wireless/mac80211_hwsim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ca1c39ef76376b67303d01f94fe98bb68bb3861a Author: Christophe JAILLET Date: Tue Feb 21 07:34:00 2017 +0100 iio: adc: xilinx: Fix error handling Reorder error handling labels in order to match the way resources have been allocated. Signed-off-by: Christophe JAILLET Acked-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron drivers/iio/adc/xilinx-xadc-core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e98bdb3059cbf2b1cd4261e126b08429f64466c3 Merge: eb68d03 c470abd Author: Mike Marshall Date: Sat Feb 25 11:12:48 2017 -0500 Merge tag 'v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into for-next Linux 4.10 commit c0464062bfea9cd2ef6643d93429eafe8f6c2a4a Author: Guenter Roeck Date: Sat Feb 25 02:08:12 2017 -0800 PCI: dwc: Fix crashes seen due to missing assignments Fix the following crash, seen in dwc/pci-imx6. Unable to handle kernel NULL pointer dereference at virtual address 00000070 pgd = c0004000 [00000070] *pgd=00000000 Internal error: Oops: 805 [#1] SMP ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.10.0-09686-g9e31489 #1 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) task: cb850000 task.stack: cb84e000 PC is at imx6_pcie_probe+0x2f4/0x414 ... While at it, fix the same problem in various drivers instead of waiting for individual crash reports. The change in the imx6 driver was tested with qemu. The changes in other drivers are based on code inspection and have been compile tested only. Fixes: 442ec4c04d12 ("PCI: dwc: all: Split struct pcie_port into host-only and core structures") Signed-off-by: Guenter Roeck Signed-off-by: Vivek Gautam # designware-plat Signed-off-by: Bjorn Helgaas Acked-by: Kishon Vijay Abraham I drivers/pci/dwc/pci-exynos.c | 1 + drivers/pci/dwc/pci-imx6.c | 1 + drivers/pci/dwc/pci-keystone.c | 2 ++ drivers/pci/dwc/pci-layerscape.c | 2 ++ drivers/pci/dwc/pcie-armada8k.c | 2 ++ drivers/pci/dwc/pcie-artpec6.c | 2 ++ drivers/pci/dwc/pcie-designware-plat.c | 2 ++ drivers/pci/dwc/pcie-hisi.c | 2 ++ drivers/pci/dwc/pcie-qcom.c | 2 ++ drivers/pci/dwc/pcie-spear13xx.c | 2 ++ 10 files changed, 18 insertions(+) commit 7fb668ac7b498f7e8ba2de373fe8a8648bd39a4c Author: Jarno Rajahalme Date: Thu Feb 23 17:08:53 2017 -0800 netfilter: nf_ct_expect: nf_ct_expect_related_report(): Return zero on success. Commit 4dee62b1b9b4 ("netfilter: nf_ct_expect: nf_ct_expect_insert() returns void") inadvertently changed the successful return value of nf_ct_expect_related_report() from 0 to 1, which caused openvswitch conntrack integration fail in FTP test cases. Fix this by always returning zero on the success code path. Fixes: 4dee62b1b9b4 ("netfilter: nf_ct_expect: nf_ct_expect_insert() returns void") Signed-off-by: Jarno Rajahalme Acked-by: Joe Stringer Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_expect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f2168273427c9358a21d1c77c629353c00d46c34 Author: Dmitry V. Levin Date: Fri Feb 24 03:23:20 2017 +0300 uapi: fix linux/netfilter/xt_hashlimit.h userspace compilation error Include like some of uapi/linux/netfilter/xt_*.h headers do to fix the following linux/netfilter/xt_hashlimit.h userspace compilation error: /usr/include/linux/netfilter/xt_hashlimit.h:90:12: error: 'NAME_MAX' undeclared here (not in a function) char name[NAME_MAX]; Signed-off-by: Dmitry V. Levin Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/xt_hashlimit.h | 1 + 1 file changed, 1 insertion(+) commit 3d1e236022cc1426b0834565995ddee2ca231cee Author: Josh Poimboeuf Date: Fri Feb 24 22:31:02 2017 -0600 objtool: Prevent GCC from merging annotate_unreachable() 0-day bot reported some new objtool warnings which were caused by the new annotate_unreachable() macro: fs/afs/flock.o: warning: objtool: afs_do_unlk()+0x0: duplicate frame pointer save fs/afs/flock.o: warning: objtool: afs_do_unlk()+0x0: frame pointer state mismatch fs/btrfs/delayed-inode.o: warning: objtool: btrfs_delete_delayed_dir_index()+0x0: duplicate frame pointer save fs/btrfs/delayed-inode.o: warning: objtool: btrfs_delete_delayed_dir_index()+0x0: frame pointer state mismatch fs/dlm/lock.o: warning: objtool: _grant_lock()+0x0: duplicate frame pointer save fs/dlm/lock.o: warning: objtool: _grant_lock()+0x0: frame pointer state mismatch fs/ocfs2/alloc.o: warning: objtool: ocfs2_mv_path()+0x0: duplicate frame pointer save fs/ocfs2/alloc.o: warning: objtool: ocfs2_mv_path()+0x0: frame pointer state mismatch It turns out that, for older versions of GCC, if a function has multiple BUG() incantations, GCC will sometimes merge the corresponding annotate_unreachable() inline asm statements into a single block. That has the undesirable effect of removing one of the entries in the __unreachable section, confusing objtool greatly. A workaround for this issue is to ensure that each instance of the inline asm statement uses a different label, so that GCC sees the statements are unique and leaves them alone. The inline asm ‘%=’ token could be used for that, but unfortunately older versions of GCC don't support it. So I implemented a poor man's version of it with the __LINE__ macro. Reported-by: kbuild test robot Signed-off-by: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: d1091c7fa3d5 ("objtool: Improve detection of BUG() and other dead ends") Link: http://lkml.kernel.org/r/0c14b00baf9f68d1b0221ddb6c88b925181c8be8.1487997036.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar include/linux/compiler-gcc.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit af050abb5c2e5e7d3e1368475d63cbac597dc34f Author: Paul Gortmaker Date: Mon Feb 13 19:37:00 2017 -0500 platform/x86: intel_turbo_max_3: make it explicitly non-modular The Kconfig currently controlling compilation of this code is: drivers/platform/x86/Kconfig:config INTEL_TURBO_MAX_3 drivers/platform/x86/Kconfig: bool "Intel Turbo Boost Max Technology 3.0 enumeration driver" ...meaning that it currently is not being built as a module by anyone. Lets remove the couple traces of modular infrastructure use, so that when reading the driver there is no doubt it is builtin-only. Also note that MODULE_DEVICE_TABLE is a no-op for non-modular code. We also delete the MODULE_LICENSE tag etc. since all that information was (or is now) contained at the top of the file in the comments. We do uncover some implicit includes during build coverage that were hidden behind the module.h which pulls in a lot of dependants. Cc: Andy Shevchenko Cc: Srinivas Pandruvada Cc: platform-driver-x86@vger.kernel.org Signed-off-by: Paul Gortmaker Signed-off-by: Darren Hart drivers/platform/x86/intel_turbo_max_3.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 8d2c4538dbc7154c4aed1364db127a0e51dbd459 Author: Alex Hung Date: Thu Feb 16 20:58:03 2017 +0800 platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI whitelist This is to support Latitude 7480 and many other newer Dell laptops. Signed-off-by: Alex Hung Reviewed-by: Pali Rohár Signed-off-by: Darren Hart drivers/platform/x86/dell-laptop.c | 6 ++++++ 1 file changed, 6 insertions(+) commit bd5762a0c1c9ae66bd0ece6959bbc5013ab95dcd Author: Alex Hung Date: Tue Feb 14 15:20:34 2017 +0800 platform/x86: intel-hid: Support 5 button array New firmwares include a feature called 5 button array that supports super key, volume up/down, rotation lock and power button. Support for this feature is required to fix power button on some recent systems. This patch was tested on a Dell Latitude 7480. Signed-off-by: Alex Hung Reviewed-by: Michał Kępień Signed-off-by: Darren Hart drivers/platform/x86/intel-hid.c | 96 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 91 insertions(+), 5 deletions(-) commit c685e20df5cfa11cee0954be70456872c4f670f0 Author: Hans de Goede Date: Thu Feb 9 16:44:13 2017 +0100 platform/x86: thinkpad_acpi: Call led_classdev_notify_brightness_hw_changed on kbd brightness change Make thinkpad_acpi call led_classdev_notify_brightness_hw_changed on the kbd_led led_classdev registered by thinkpad_acpi when the kbd backlight brightness is changed through the hotkey. This will allow userspace to monitor (poll) for brightness changes on these LEDs caused by the hotkey. Signed-off-by: Hans de Goede Acked-by: Henrique de Moraes Holschuh Signed-off-by: Andy Shevchenko Acked-by: Pavel Machek drivers/platform/x86/thinkpad_acpi.c | 42 ++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) commit 86ec0c2c0b527dc1574e5e95436bec5499102a3d Author: Hans de Goede Date: Thu Feb 9 16:44:12 2017 +0100 platform/x86: thinkpad_acpi: Use brightness_set_blocking callback for LEDs Now a days the LED core can take care of executing brightness_set from a workqueue if it needs to sleep, make use of this and remove a bunch of DIY code for this. Since this commit removes the workqueue usage for LEDs, the led_sysfs_blink_set callback may now also sleep, this is fine. Signed-off-by: Hans de Goede Acked-by: Henrique de Moraes Holschuh Signed-off-by: Andy Shevchenko Acked-by: Pavel Machek drivers/platform/x86/thinkpad_acpi.c | 80 ++++++++---------------------------- 1 file changed, 16 insertions(+), 64 deletions(-) commit 06da5325d02ed3e9be9fbc7d0d621a04efc96961 Author: Hans de Goede Date: Thu Feb 9 16:44:11 2017 +0100 platform/x86: thinkpad_acpi: Stop setting led_classdev brightness directly There is no need to set the led_classdev's brightness value from its set_brightness callback, this is taken care of by the led-core and thinkpad_acpi really should not be mucking with it. Note that kbdlight_set_level_and_update() is still used by the old thinpad_acpi specific sysfs interface for the led, so we cannot remove it. Signed-off-by: Hans de Goede Acked-by: Henrique de Moraes Holschuh Signed-off-by: Andy Shevchenko Acked-by: Pavel Machek drivers/platform/x86/thinkpad_acpi.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit b8c5099b0027f013dad115b8d00f36f12cb13bb4 Author: Hans de Goede Date: Sun Jan 29 14:42:52 2017 +0100 leds: class: Add new optional brightness_hw_changed attribute Some LEDs may have their brightness level changed autonomously (outside of kernel control) by hardware / firmware. This commit adds support for an optional brightness_hw_changed attribute to signal such changes to userspace (if a driver can detect them): What: /sys/class/leds//brightness_hw_changed Date: January 2017 KernelVersion: 4.11 Description: Last hardware set brightness level for this LED. Some LEDs may be changed autonomously by hardware/firmware. Only LEDs where this happens and the driver can detect this, will have this file. This file supports poll() to detect when the hardware changes the brightness. Reading this file will return the last brightness level set by the hardware, this may be different from the current brightness. Drivers which want to support this, simply add LED_BRIGHT_HW_CHANGED to their flags field and call led_classdev_notify_brightness_hw_changed() with the hardware set brightness when they detect a hardware / firmware triggered brightness change. Signed-off-by: Hans de Goede Acked-by: Pavel Machek Signed-off-by: Jacek Anaszewski Documentation/ABI/testing/sysfs-class-led | 17 +++++++ Documentation/leds/leds-class.txt | 15 ++++++ drivers/leds/Kconfig | 9 ++++ drivers/leds/led-class.c | 76 +++++++++++++++++++++++++++++++ include/linux/leds.h | 15 ++++++ 5 files changed, 132 insertions(+) commit 5ffa572a431ff3fd6175419656603519fa471c27 Author: Chris Chiu Date: Wed Feb 8 07:51:41 2017 -0600 platform/x86: acer-wmi: add another KEY_WLAN keycode Now that we have informed the firmware that the RF Button driver is active, laptops such as the Acer TravelMate P238-M will generate a WMI key event with code 0x86 when the Fn+F3 airplane mode key is pressed. Add this keycode to the table so that it is converted to an appropriate input event. Signed-off-by: Chris Chiu Signed-off-by: Daniel Drake Signed-off-by: Andy Shevchenko drivers/platform/x86/acer-wmi.c | 1 + 1 file changed, 1 insertion(+) commit 280642c3c8dda79da39e056fd5480d1c3942524e Author: Chris Chiu Date: Wed Feb 8 07:51:40 2017 -0600 platform/x86: acer-wmi: Inform firmware that RF Button Driver is active The same method to activate LM(Launch Manager) can also be used to activate the RF Button driver with different bit toggled in the same lm_status. To express that many functions this byte field can achieve, rename the lm_status to app_status. And also the app_mask is the bit mask which specifically indicate which bits are going to be changed. This solves a problem where the AR9565 wifi included in the Acer Aspire ES1-421 is permanently hard blocked according to the rfkill GPIO read by ath9k. Signed-off-by: Chris Chiu Signed-off-by: Daniel Drake Reviewed-by: Lee, Chun-Yi Signed-off-by: Andy Shevchenko drivers/platform/x86/acer-wmi.c | 74 ++++++++++++++++++++++++++++++++--------- 1 file changed, 58 insertions(+), 16 deletions(-) commit 4ac20e62efc6b8a63a1a534ddf236af7fe8849b5 Author: João Paulo Rechi Vita Date: Mon Feb 6 10:20:21 2017 -0500 platform/x86: asus-wireless: Fix indentation Fix indentation problem introduced when this driver was first merged into the kernel. Signed-off-by: João Paulo Rechi Vita Signed-off-by: Andy Shevchenko drivers/platform/x86/asus-wireless.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 4b7fb9fcf917f7eda8da8f2bf335539067772c4d Author: João Paulo Rechi Vita Date: Tue Feb 7 16:45:10 2017 -0500 platform/x86: asus-wireless: Use per-HID HSWC parameters Some Asus machines use 0x4/0x5 as their LED on/off values, while others use 0x0/0x1, as shown in the DSDT excerpts below. Luckily it seems this behavior is tied to different HIDs, after looking at 44 DSDTs from different Asus models. Another small difference is that a few of them call GWBL instead of OWGS, and SWBL instead of OWGD. That does not seem to make a difference for asus-wireless, and is additional reasoning to not try to call these methods directly. Device (ASHS) | Device (ASHS) { | { Name (_HID, "ATK4002") | Name (_HID, "ATK4001") Method (HSWC, 1, Serialized) | Method (HSWC, 1, Serialized) { | { If ((Arg0 < 0x02)) | If ((Arg0 < 0x02)) { | { OWGD (Arg0) | OWGD (Arg0) Return (One) | Return (One) } | } If ((Arg0 == 0x02)) | { | If ((Arg0 == 0x02)) Local0 = OWGS () | { If (Local0) | Return (OWGS ()) { | } Return (0x05) | } | If ((Arg0 == 0x03)) Else | { { | Return (0xFF) Return (0x04) | } } | } | If ((Arg0 == 0x80)) If ((Arg0 == 0x03)) | { { | Return (One) Return (0xFF) | } } | } If ((Arg0 == 0x04)) | Method (_STA, 0, NotSerialized) { | { OWGD (Zero) | If ((MSOS () >= OSW8)) Return (One) | { } | Return (0x0F) If ((Arg0 == 0x05)) | } { | Else OWGD (One) | { Return (One) | Return (Zero) } | } If ((Arg0 == 0x80)) | } { | } Return (One) | } | } | Method (_STA, 0, NotSerialized) | { | If ((MSOS () >= OSW8)) | { | Return (0x0F) | } | Else | { | Return (Zero) | } | } | } | Signed-off-by: João Paulo Rechi Vita Signed-off-by: Andy Shevchenko drivers/platform/x86/asus-wireless.c | 57 ++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 15 deletions(-) commit 23e775db8cb90a3bde18d7c5e3bcc90a59395978 Author: Rajneesh Bhardwaj Date: Mon Feb 13 16:11:47 2017 +0530 platform/x86: intel_pmc_ipc: Add APL PMC PCI Id This patch adds the PCI Device id for Power Management Controller on Intel Apollo Lake platforms. Intel PMC IPC Driver loads as a platform driver on Apollo Lake platforms since Intel BIOS hides the PCI Configuration space for 0:13:1 and re-enumerates it as ACPI device (INT34D2). The correct PCI Device ID should be added if some platform firmware choses to enumerate the device via PCI space. Signed-off-by: Rajneesh Bhardwaj Signed-off-by: Andy Shevchenko drivers/platform/x86/intel_pmc_ipc.c | 1 + 1 file changed, 1 insertion(+) commit 76062b4ae2ea54fcfb8fce6940921a90f33f38da Author: Shanth Murthy Date: Mon Feb 13 04:02:52 2017 -0800 platform/x86: intel_pmc_ipc: read s0ix residency API This patch adds a new API to indicate S0ix residency in usec. It utilizes the PMC Global Control Registers (GCR) to read deep and shallow S0ix residency. PMC MMIO resources: o Lower 4kB: IPC1 (PMC inter-processor communication) interface o Upper 4kB: GCR (Global Control Registers) This enables the power management framework to take corrective actions when the platform fails to enter S0ix after kernel freeze as part of the suspend to idle flow. (echo freeze > /sys/power/state). This is expected to be used with a S0ix failsafe framework such as: [rajneesh: folded in "fix division in 32-bit case" from Andy Shevchenko] Signed-off-by: Rajneesh Bhardwaj Signed-off-by: Shanth Murthy [andy: fixed kbuild error, removed "total" from variables, fixed macro] Signed-off-by: Andy Shevchenko arch/x86/include/asm/intel_pmc_ipc.h | 6 ++++ drivers/platform/x86/intel_pmc_ipc.c | 64 ++++++++++++++++++++++++++++++++---- 2 files changed, 64 insertions(+), 6 deletions(-) commit 8e4b8c7d7df78a2c8fe4ba0daf12fc877f353f5c Author: Andy Shevchenko Date: Wed Feb 8 17:33:01 2017 +0200 platform/x86: alienware-wmi: Remove header duplicate No need to #include twice. Remove second occurrence. Signed-off-by: Andy Shevchenko drivers/platform/x86/alienware-wmi.c | 1 - 1 file changed, 1 deletion(-) commit 25b4a38fcf1be7f425b3a9eb94998c35f5b763ee Author: Andy Shevchenko Date: Wed Feb 8 19:03:19 2017 +0200 platform/x86: intel_mid_powerbtn: Use SCU IPC directly On older Intel MID platforms is using SCU IPC library beneath MSIC calls. To make access unified between old and new platforms use SCU IPC library directly. It's safe since serialization is done in the library. Signed-off-by: Andy Shevchenko drivers/platform/x86/intel_mid_powerbtn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ca45ba06885f9f3fa9a7e70296f99d9a4899dbf4 Author: Andy Shevchenko Date: Thu Feb 2 19:54:28 2017 +0200 platform/x86: intel_mid_powerbtn: Unify IRQ acknowledgment The IRQ on Intel Merrifield can be acknowledged in the similar way it's done for previous MID platforms. Unify acknowledgment via SCU IPC. Signed-off-by: Andy Shevchenko drivers/platform/x86/intel_mid_powerbtn.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) commit 44b46d739d3546188eb59f11e6888d77ebfcc3c1 Author: Vinod Koul Date: Sat Feb 25 04:12:40 2017 +0530 ALSA: hda - Add Geminilake PCI ID Geminilake is another Intel part, so need to add PCI ID for it. Signed-off-by: Vinod Koul Signed-off-by: Takashi Iwai sound/pci/hda/hda_intel.c | 3 +++ 1 file changed, 3 insertions(+) commit 9e314890292c0dd357eadef6a043704fa0b4c157 Merge: f8e6859 a4d4426 Author: Linus Torvalds Date: Fri Feb 24 18:37:03 2017 -0800 Merge tag 'openrisc-for-linus' of git://github.com/openrisc/linux Pull OpenRISC updates from Stafford Horne: "Highlights include: - optimized memset and memcpy routines, ~20% boot time saving - support for cpu idling - adding support for l.swa and l.lwa atomic operations (in spec from 2014) - use atomics to implement: bitops, cmpxchg, futex - the atomics are in preparation for SMP support" * tag 'openrisc-for-linus' of git://github.com/openrisc/linux: (25 commits) openrisc: head: Init r0 to 0 on start openrisc: Export ioremap symbols used by modules arch/openrisc/lib/memcpy.c: use correct OR1200 option openrisc: head: Remove unused strings openrisc: head: Move init strings to rodata section openrisc: entry: Fix delay slot detection openrisc: entry: Whitespace and comment cleanups scripts/checkstack.pl: Add openrisc support MAINTAINERS: Add the openrisc official repository openrisc: Add .gitignore openrisc: Add optimized memcpy routine openrisc: Add optimized memset openrisc: Initial support for the idle state openrisc: Fix the bitmask for the unit present register openrisc: remove unnecessary stddef.h include openrisc: add futex_atomic_* implementations openrisc: add optimized atomic operations openrisc: add cmpxchg and xchg implementations openrisc: add atomic bitops openrisc: add l.lwa/l.swa emulation ... commit 95330473636e5e4546f94874c957c3be66bb2140 Author: Sven Eckelmann Date: Fri Feb 24 15:01:43 2017 -0800 checkpatch: remove false unbalanced braces warning Lines containing "} else {" should not be detected as unbalanced braces. But the second check can be reduced to ".+else\s*{" and it therefore never checked if the beginning of a line contains any other character (like the relevant "}"). This check would also return true for "} else {" and create warnings like CHECK: Unbalanced braces around else statement #391: FILE: ./net/batman-adv/tvlv.c:391: + } else { The check can be changed to check the whole line for the missing "}" to avoid this false positive. Fixes: 0d1532456c26 ("checkpatch: notice unbalanced else braces in a patch") Link: http://lkml.kernel.org/r/20170220121644.12209-1-sven@narfation.org Signed-off-by: Sven Eckelmann Acked-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e4c5babd32f974cf3db4b5bdb02f23132cc81afb Author: Joe Perches Date: Fri Feb 24 15:01:41 2017 -0800 checkpatch: notice unbalanced else braces in a patch Patches that add or modify code like } else or else { where one branch appears to have a brace and the other branch does not have a brace should emit a --strict style message. Link: http://lkml.kernel.org/r/c6be32747fc725cbc235802991746700a0f54fdc.1486754390.git.joe@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 6 ++++++ 1 file changed, 6 insertions(+) commit 1bde561e471c964b57512008351ed75ead754b4b Author: Matthew Wilcox Date: Fri Feb 24 15:01:38 2017 -0800 checkpatch: add another old address for the FSF We still have a lot of old addresses for the FSF in the kernel. willy@harry:~/kernel/idr$ git grep '675 Mass' |wc -l 1502 willy@harry:~/kernel/idr$ git grep '59 Temple' |wc -l 2825 willy@harry:~/kernel/idr$ git grep '51 Franklin' |wc -l 2020 Let's discourage adding the oldest one too. Link: http://lkml.kernel.org/r/20170128173052.GA23532@bombadil.infradead.org Signed-off-by: Matthew Wilcox Acked-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 1 + 1 file changed, 1 insertion(+) commit 758d7aada73e6d6b609a0e2ec9f627a64a968ef5 Author: Miles Chen Date: Fri Feb 24 15:01:34 2017 -0800 checkpatch: update $logFunctions Currently checkpatch.pl does not recognize printk_deferred* functions as log functions and complains about the line length of printk_deferred* functions. Add printk_deferred* to logFunctions to fix it. Link: http://lkml.kernel.org/r/1484537124-18083-1-git-send-email-miles.chen@mediatek.com Signed-off-by: Miles Chen Acked-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 45c55e92fcee992c05737e65ce0b1d7a36edde69 Author: Joe Perches Date: Fri Feb 24 15:01:31 2017 -0800 checkpatch: warn on logging continuations pr_cont(...) and printk(KERN_CONT ...) uses should be discouraged as their output can be interleaved by multiple logging processes. Link: http://lkml.kernel.org/r/7100ba00098694ec81471a299583ed068975fd05.1483465888.git.joe@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 6 ++++++ 1 file changed, 6 insertions(+) commit 77cb8546bcd733c95bafe6b47481e5788e0e44d0 Author: Joe Perches Date: Fri Feb 24 15:01:28 2017 -0800 checkpatch: warn on embedded function names Embedded function names are less appropriate to use when refactoring can cause function renaming. Prefer the use of "%s", __func__ to embedded function names. Link: http://lkml.kernel.org/r/ac9631fdbac5af3507c5bfe88ad9064f0ed764ec.1483510416.git.joe@perches.com Signed-off-by: Joe Perches Acked-by: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) commit 69c78423b8f439b077929410bdf8f88e7031b891 Author: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Date: Fri Feb 24 15:01:25 2017 -0800 lib/lz4: remove back-compat wrappers Remove the functions introduced as wrappers for providing backwards compatibility to the prior LZ4 version. They're not needed anymore since there's no callers left. Link: http://lkml.kernel.org/r/1486321748-19085-6-git-send-email-4sschmid@informatik.uni-hamburg.de Signed-off-by: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Cc: Bongkyu Kim Cc: Rui Salvaterra Cc: Sergey Senozhatsky Cc: Greg Kroah-Hartman Cc: Herbert Xu Cc: David S. Miller Cc: Anton Vorontsov Cc: Colin Cross Cc: Kees Cook Cc: Tony Luck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/lz4.h | 69 ------------------------------------------------ lib/lz4/lz4_compress.c | 22 --------------- lib/lz4/lz4_decompress.c | 42 ----------------------------- lib/lz4/lz4hc_compress.c | 23 ---------------- 4 files changed, 156 deletions(-) commit d21b5ff12df45a65bb220c7e8103a5f0f5609377 Author: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Date: Fri Feb 24 15:01:22 2017 -0800 fs/pstore: fs/squashfs: change usage of LZ4 to work with new LZ4 version Update fs/pstore and fs/squashfs to use the updated functions from the new LZ4 module. Link: http://lkml.kernel.org/r/1486321748-19085-5-git-send-email-4sschmid@informatik.uni-hamburg.de Signed-off-by: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Cc: Bongkyu Kim Cc: Rui Salvaterra Cc: Sergey Senozhatsky Cc: Greg Kroah-Hartman Cc: Herbert Xu Cc: David S. Miller Cc: Anton Vorontsov Cc: Colin Cross Cc: Kees Cook Cc: Tony Luck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/pstore/platform.c | 22 +++++++++++++--------- fs/squashfs/lz4_wrapper.c | 12 ++++++------ 2 files changed, 19 insertions(+), 15 deletions(-) commit 73a15ac6d5413caaee95979e318df58d4ee6d9a3 Author: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Date: Fri Feb 24 15:01:19 2017 -0800 crypto: change LZ4 modules to work with new LZ4 module version Update the crypto modules using LZ4 compression as well as the test cases in testmgr.h to work with the new LZ4 module version. Link: http://lkml.kernel.org/r/1486321748-19085-4-git-send-email-4sschmid@informatik.uni-hamburg.de Signed-off-by: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Cc: Bongkyu Kim Cc: Rui Salvaterra Cc: Sergey Senozhatsky Cc: Greg Kroah-Hartman Cc: Herbert Xu Cc: David S. Miller Cc: Anton Vorontsov Cc: Colin Cross Cc: Kees Cook Cc: Tony Luck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds crypto/lz4.c | 23 ++++----- crypto/lz4hc.c | 23 ++++----- crypto/testmgr.h | 142 +++++++++++++++++++++++++++++++++++++++---------------- 3 files changed, 120 insertions(+), 68 deletions(-) commit e23d54e48346e775be53b3cc25a95d65da960393 Author: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Date: Fri Feb 24 15:01:16 2017 -0800 lib/decompress_unlz4: change module to work with new LZ4 module version Update the unlz4 wrapper to work with the updated LZ4 kernel module version. Link: http://lkml.kernel.org/r/1486321748-19085-3-git-send-email-4sschmid@informatik.uni-hamburg.de Signed-off-by: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Cc: Bongkyu Kim Cc: Rui Salvaterra Cc: Sergey Senozhatsky Cc: Greg Kroah-Hartman Cc: Herbert Xu Cc: David S. Miller Cc: Anton Vorontsov Cc: Colin Cross Cc: Kees Cook Cc: Tony Luck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/decompress_unlz4.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 4e1a33b105ddf201f66dcc44490c6086a25eca0b Author: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Date: Fri Feb 24 15:01:12 2017 -0800 lib: update LZ4 compressor module Patch series "Update LZ4 compressor module", v7. This patchset updates the LZ4 compression module to a version based on LZ4 v1.7.3 allowing to use the fast compression algorithm aka LZ4 fast which provides an "acceleration" parameter as a tradeoff between high compression ratio and high compression speed. We want to use LZ4 fast in order to support compression in lustre and (mostly, based on that) investigate data reduction techniques in behalf of storage systems. Also, it will be useful for other users of LZ4 compression, as with LZ4 fast it is possible to enable applications to use fast and/or high compression depending on the usecase. For instance, ZRAM is offering a LZ4 backend and could benefit from an updated LZ4 in the kernel. LZ4 homepage: http://www.lz4.org/ LZ4 source repository: https://github.com/lz4/lz4 Source version: 1.7.3 Benchmark (taken from [1], Core i5-4300U @1.9GHz): ----------------|--------------|----------------|---------- Compressor | Compression | Decompression | Ratio ----------------|--------------|----------------|---------- memcpy | 4200 MB/s | 4200 MB/s | 1.000 LZ4 fast 50 | 1080 MB/s | 2650 MB/s | 1.375 LZ4 fast 17 | 680 MB/s | 2220 MB/s | 1.607 LZ4 fast 5 | 475 MB/s | 1920 MB/s | 1.886 LZ4 default | 385 MB/s | 1850 MB/s | 2.101 [1] http://fastcompression.blogspot.de/2015/04/sampling-or-faster-lz4.html [PATCH 1/5] lib: Update LZ4 compressor module [PATCH 2/5] lib/decompress_unlz4: Change module to work with new LZ4 module version [PATCH 3/5] crypto: Change LZ4 modules to work with new LZ4 module version [PATCH 4/5] fs/pstore: fs/squashfs: Change usage of LZ4 to work with new LZ4 version [PATCH 5/5] lib/lz4: Remove back-compat wrappers This patch (of 5): Update the LZ4 kernel module to LZ4 v1.7.3 by Yann Collet. The kernel module is inspired by the previous work by Chanho Min. The updated LZ4 module will not break existing code since the patchset contains appropriate changes. API changes: New method LZ4_compress_fast which differs from the variant available in kernel by the new acceleration parameter, allowing to trade compression ratio for more compression speed and vice versa. LZ4_decompress_fast is the respective decompression method, featuring a very fast decoder (multiple GB/s per core), able to reach RAM speed in multi-core systems. The decompressor allows to decompress data compressed with LZ4 fast as well as the LZ4 HC (high compression) algorithm. Also the useful functions LZ4_decompress_safe_partial and LZ4_compress_destsize were added. The latter reverses the logic by trying to compress as much data as possible from source to dest while the former aims to decompress partial blocks of data. A bunch of streaming functions were also added which allow compressig/decompressing data in multiple steps (so called "streaming mode"). The methods lz4_compress and lz4_decompress_unknownoutputsize are now known as LZ4_compress_default respectivley LZ4_decompress_safe. The old methods will be removed since there's no callers left in the code. [arnd@arndb.de: fix KERNEL_LZ4 support] Link: http://lkml.kernel.org/r/20170208211946.2839649-1-arnd@arndb.de [akpm@linux-foundation.org: simplify] [akpm@linux-foundation.org: fix the simplification] [4sschmid@informatik.uni-hamburg.de: fix performance regressions] Link: http://lkml.kernel.org/r/1486898178-17125-2-git-send-email-4sschmid@informatik.uni-hamburg.de [4sschmid@informatik.uni-hamburg.de: v8] Link: http://lkml.kernel.org/r/1487182598-15351-2-git-send-email-4sschmid@informatik.uni-hamburg.de Link: http://lkml.kernel.org/r/1486321748-19085-2-git-send-email-4sschmid@informatik.uni-hamburg.de Signed-off-by: Sven Schmidt <4sschmid@informatik.uni-hamburg.de> Signed-off-by: Arnd Bergmann Cc: Bongkyu Kim Cc: Rui Salvaterra Cc: Sergey Senozhatsky Cc: Greg Kroah-Hartman Cc: Herbert Xu Cc: David S. Miller Cc: Anton Vorontsov Cc: Colin Cross Cc: Kees Cook Cc: Tony Luck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/lz4.h | 762 +++++++++++++++++++++++++++--- lib/lz4/Makefile | 2 + lib/lz4/lz4_compress.c | 1161 +++++++++++++++++++++++++++++++++------------- lib/lz4/lz4_decompress.c | 705 ++++++++++++++++++---------- lib/lz4/lz4defs.h | 338 ++++++++------ lib/lz4/lz4hc_compress.c | 867 ++++++++++++++++++++++------------ 6 files changed, 2758 insertions(+), 1077 deletions(-) commit 8893f519330bb073a49c5b4676fce4be6f1be15d Author: Paul Gortmaker Date: Fri Feb 24 15:01:09 2017 -0800 lib/test_sort.c: make it explicitly non-modular The Kconfig currently controlling compilation of this code is: lib/Kconfig.debug:config TEST_SORT lib/Kconfig.debug: bool "Array-based sort test" ...meaning that it currently is not being built as a module by anyone. Lets remove the couple traces of modular infrastructure use, so that when reading the code there is no doubt it is builtin-only. Since module_init translates to device_initcall in the non-modular case, the init ordering becomes slightly earlier when we change it to use subsys_initcall as done here. However, since it is a self contained test, this shouldn't be an issue and subsys_initcall seems like a better fit for this particular case. We also delete the MODULE_LICENSE tag since that information is now contained at the top of the file in the comments. Link: http://lkml.kernel.org/r/20170124225608.7319-1-paul.gortmaker@windriver.com Signed-off-by: Paul Gortmaker Cc: Kostenzer Felix Cc: Arnd Bergmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/test_sort.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit c5adae9583ef6985875532904160c6bf9f07b453 Author: Kostenzer Felix Date: Fri Feb 24 15:01:07 2017 -0800 lib: add CONFIG_TEST_SORT to enable self-test of sort() Along with the addition made to Kconfig.debug, the prior existing but permanently disabled test function has been slightly refactored. Patch has been tested using QEMU 2.1.2 with a .config obtained through 'make defconfig' (x86_64) and manually enabling the option. [arnd@arndb.de: move sort self-test into a separate file] Link: http://lkml.kernel.org/r/20170112110657.3123790-1-arnd@arndb.de Link: http://lkml.kernel.org/r/HE1PR09MB0394B0418D504DCD27167D4FD49B0@HE1PR09MB0394.eurprd09.prod.outlook.com Signed-off-by: Kostenzer Felix Signed-off-by: Arnd Bergmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig.debug | 8 ++++++++ lib/Makefile | 1 + lib/sort.c | 41 ++--------------------------------------- lib/test_sort.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 54 insertions(+), 39 deletions(-) commit f231aebfc4cae2f6ed27a46a31e2630909513d77 Author: Kees Cook Date: Fri Feb 24 15:01:04 2017 -0800 rbtree: use designated initializers Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Link: http://lkml.kernel.org/r/20161217010253.GA140470@beast Signed-off-by: Kees Cook Acked-by: Peter Zijlstra (Intel) Cc: David Howells Cc: Jie Chen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/rbtree_augmented.h | 4 +++- lib/rbtree.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) commit 4f5901f5a6724f4ed1641e4a94978c5039a1f8c4 Author: Niklas Söderlund Date: Fri Feb 24 15:01:01 2017 -0800 linux/kernel.h: fix DIV_ROUND_CLOSEST to support negative divisors While working on a thermal driver I encounter a scenario where the divisor could be negative, instead of adding local code to handle this I though I first try to add support for this in DIV_ROUND_CLOSEST. Add support to DIV_ROUND_CLOSEST for negative divisors if both dividend and divisor variable types are signed. This should not alter current behavior for users of the macro as previously negative divisors where not supported. Before: DIV_ROUND_CLOSEST( 59, 4) = 15 DIV_ROUND_CLOSEST( 59, -4) = -14 DIV_ROUND_CLOSEST( -59, 4) = -15 DIV_ROUND_CLOSEST( -59, -4) = 14 After: DIV_ROUND_CLOSEST( 59, 4) = 15 DIV_ROUND_CLOSEST( 59, -4) = -15 DIV_ROUND_CLOSEST( -59, 4) = -15 DIV_ROUND_CLOSEST( -59, -4) = 15 [akpm@linux-foundation.org: fix comment, per Guenter] Link: http://lkml.kernel.org/r/20161222102217.29011-1-niklas.soderlund+renesas@ragnatech.se Signed-off-by: Niklas Söderlund Reviewed-by: Guenter Roeck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kernel.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit e4afd2e5567fc5d59988025f7528f9b4794d86a5 Author: Matthew Wilcox Date: Fri Feb 24 15:00:58 2017 -0800 lib/find_bit.c: micro-optimise find_next_*_bit This saves 32 bytes on my x86-64 build, mostly due to alignment considerations and sharing more code between find_next_bit and find_next_zero_bit, but it does save a couple of instructions. There's really two parts to this commit: - First, the first half of the test: (!nbits || start >= nbits) is trivially a subset of the second half, since nbits and start are both unsigned - Second, while looking at the disassembly, I noticed that GCC was predicting the branch taken. Since this is a failure case, it's clearly the less likely of the two branches, so add an unlikely() to override GCC's heuristics. [mawilcox@microsoft.com: v2] Link: http://lkml.kernel.org/r/1483709016-1834-1-git-send-email-mawilcox@linuxonhyperv.com Link: http://lkml.kernel.org/r/1483709016-1834-1-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Acked-by: Yury Norov Acked-by: Rasmus Villemoes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/find_bit.c | 4 ++-- tools/lib/find_bit.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 55ded9551f9a64f2872df77a954d4c30f8958e82 Author: Geert Uytterhoeven Date: Fri Feb 24 15:00:55 2017 -0800 lib: add module support to atomic64 tests Allow to compile the atomic64 test code either to a loadable module, or builtin into the kernel. Link: http://lkml.kernel.org/r/1483470276-10517-3-git-send-email-geert@linux-m68k.org Signed-off-by: Geert Uytterhoeven Reviewed-by: Andy Shevchenko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig.debug | 5 +++-- lib/atomic64_test.c | 10 ++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) commit ba95b045e94fe15cace3a7d3a20fbedb2c6a817e Author: Geert Uytterhoeven Date: Fri Feb 24 15:00:52 2017 -0800 lib: add module support to glob tests Extract the glob test code into its own source file, to allow to compile it either to a loadable module, or builtin into the kernel. Link: http://lkml.kernel.org/r/1483470276-10517-2-git-send-email-geert@linux-m68k.org Signed-off-by: Geert Uytterhoeven Reviewed-by: Andy Shevchenko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig | 3 +- lib/Makefile | 1 + lib/glob.c | 164 ------------------------------------------------------- lib/globtest.c | 167 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 169 insertions(+), 166 deletions(-) commit 5fb7f87408f1534f2c3fadb876dc429cca601104 Author: Geert Uytterhoeven Date: Fri Feb 24 15:00:49 2017 -0800 lib: add module support to crc32 tests Extract the crc32 test code into its own source file, to allow to compile it either to a loadable module, or builtin into the kernel. Link: http://lkml.kernel.org/r/1483470276-10517-1-git-send-email-geert@linux-m68k.org Signed-off-by: Geert Uytterhoeven Reviewed-by: Andy Shevchenko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig | 3 +- lib/Makefile | 1 + lib/crc32.c | 824 ----------------------------------------------------- lib/crc32test.c | 856 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 858 insertions(+), 826 deletions(-) commit 738bc38d49e017fe7acb3596712518e22c225816 Author: Bhumika Goyal Date: Fri Feb 24 15:00:46 2017 -0800 kernel/ksysfs.c: add __ro_after_init to bin_attribute structure The object notes_attr of type bin_attribute is not modified after getting initailized by ksysfs_init. Apart from initialization in ksysfs_init it is also passed as an argument to the function sysfs_create_bin_file but this argument is of type const. Therefore, add __ro_after_init to its declaration. Link: http://lkml.kernel.org/r/1486839969-16891-1-git-send-email-bhumirks@gmail.com Signed-off-by: Bhumika Goyal Acked-by: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/ksysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3e6daded1f51b79ff851b6c1e4b192f47ea3d063 Author: Viresh Kumar Date: Fri Feb 24 15:00:44 2017 -0800 kernel/notifier.c: simplify expression NOTIFY_STOP_MASK (0x8000) has only one bit set and there is no need to compare output of "ret & NOTIFY_STOP_MASK" to NOTIFY_STOP_MASK. We just need to make sure the output is non-zero, that's it. Link: http://lkml.kernel.org/r/88ee58264a2bfab1c97ffc8ac753e25f55f57c10.1483593065.git.viresh.kumar@linaro.org Signed-off-by: Viresh Kumar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/notifier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9c57b5808c625f4fc93da330b932647eaff321f7 Author: Yisheng Xie Date: Fri Feb 24 15:00:40 2017 -0800 mm balloon: umount balloon_mnt when removing vb device With CONFIG_BALLOON_COMPACTION=y the kernel will mount balloon_mnt for balloon page migration when we probe a virtio_balloon device. However we do not unmount it when removing the device. Fix this. Fixes: b1123ea6d3b3 ("mm: balloon: use general non-lru movable page feature") Link: http://lkml.kernel.org/r/1486531318-35189-1-git-send-email-xieyisheng1@huawei.com Signed-off-by: Yisheng Xie Acked-by: Minchan Kim Cc: Rafael Aquini Cc: Konstantin Khlebnikov Cc: Gioh Kim Cc: Vlastimil Babka Cc: Michal Hocko Cc: Michael S. Tsirkin Cc: Jason Wang Cc: Hanjun Guo Cc: Xishi Qiu Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/virtio/virtio_balloon.c | 4 ++++ 1 file changed, 4 insertions(+) commit 85caa95b9f19bb3a26d7e025d1134760b69e0c40 Author: Kees Cook Date: Fri Feb 24 15:00:38 2017 -0800 bug: switch data corruption check to __must_check The CHECK_DATA_CORRUPTION() macro was designed to have callers do something meaningful/protective on failure. However, using "return false" in the macro too strictly limits the design patterns of callers. Instead, let callers handle the logic test directly, but make sure that the result IS checked by forcing __must_check (which appears to not be able to be used directly on macro expressions). Link: http://lkml.kernel.org/r/20170206204547.GA125312@beast Signed-off-by: Kees Cook Suggested-by: Arnd Bergmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/bug.h | 12 +++++++----- lib/list_debug.c | 45 ++++++++++++++++++++++++--------------------- 2 files changed, 31 insertions(+), 26 deletions(-) commit 849de0cd2c873c878fc2605156f10a8ade9bde28 Author: Gideon Israel Dsouza Date: Fri Feb 24 15:00:35 2017 -0800 m68k: replace gcc specific macros with ones from compiler.h There is which provides macros for various gcc specific constructs. Eg: __weak for __attribute__((weak)). I've cleaned all instances of gcc specific attributes with the right macros for all files under /arch/m68k Link: http://lkml.kernel.org/r/1485540901-1988-3-git-send-email-gidisrael@gmail.com Signed-off-by: Gideon Israel Dsouza Cc: Greg Ungerer Cc: Geert Uytterhoeven Cc: Paul Gortmaker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/m68k/68000/bootlogo-vz.h | 4 +++- arch/m68k/68000/bootlogo.h | 4 +++- arch/m68k/include/asm/MC68328.h | 3 ++- arch/m68k/include/asm/MC68EZ328.h | 3 ++- arch/m68k/include/asm/MC68VZ328.h | 2 +- arch/m68k/include/asm/natfeat.h | 3 ++- arch/m68k/lib/ashldi3.c | 8 ++++---- arch/m68k/lib/ashrdi3.c | 8 ++++---- arch/m68k/lib/lshrdi3.c | 8 ++++---- arch/m68k/lib/muldi3.c | 8 ++++---- 10 files changed, 29 insertions(+), 22 deletions(-) commit a3f0825e7e37d99a02a8a1b1599687667ee50d04 Author: Gideon Israel Dsouza Date: Fri Feb 24 15:00:32 2017 -0800 compiler-gcc.h: add a new macro to wrap gcc attribute Add __mode(x) into compiler-gcc.h as part of a cleanup task I've taken up, to replace gcc specific attributes with macros. The next patch is a cleanup of the m68k subsystem and it requires a new macro to wrap __attribute__ ((mode (...))) Link: http://lkml.kernel.org/r/1485540901-1988-2-git-send-email-gidisrael@gmail.com Signed-off-by: Gideon Israel Dsouza Cc: Greg Ungerer Cc: Geert Uytterhoeven Cc: Paul Gortmaker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/compiler-gcc.h | 1 + 1 file changed, 1 insertion(+) commit 16f4e3195156f2f06e90d00a36bc48d7a513f253 Author: Masahiro Yamada Date: Fri Feb 24 15:00:29 2017 -0800 include/linux/iopoll.h: include instead of The timer APIs this header needs are ktime_get(), ktime_add_us(), and ktime_compare(). So, including seems enough. This commit will cut unnecessary header file parsing. Link: http://lkml.kernel.org/r/1481679225-10885-1-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/iopoll.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1ca5eebb894a3625b2a543c7b550aa4ae33ba3cc Author: Mike Frysinger Date: Fri Feb 24 15:00:26 2017 -0800 uapi: mqueue.h: add missing linux/types.h include Commit 63159f5dcccb ("uapi: Use __kernel_long_t in struct mq_attr") changed the types from long to __kernel_long_t, but didn't add a linux/types.h include. Code that tries to include this header directly breaks: /usr/include/linux/mqueue.h:26:2: error: unknown type name '__kernel_long_t' __kernel_long_t mq_flags; /* message queue flags */ This also upsets configure tests for this header: checking linux/mqueue.h usability... no checking linux/mqueue.h presence... yes configure: WARNING: linux/mqueue.h: present but cannot be compiled configure: WARNING: linux/mqueue.h: check for missing prerequisite headers? configure: WARNING: linux/mqueue.h: see the Autoconf documentation configure: WARNING: linux/mqueue.h: section "Present But Cannot Be Compiled" configure: WARNING: linux/mqueue.h: proceeding with the compiler's result checking for linux/mqueue.h... no Link: http://lkml.kernel.org/r/20170119194644.4403-1-vapier@gentoo.org Signed-off-by: Mike Frysinger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/uapi/linux/mqueue.h | 2 ++ 1 file changed, 2 insertions(+) commit 796f571b0c5cf3efd2f652779770fa7bbbc2bb03 Author: Lafcadio Wluiki Date: Fri Feb 24 15:00:23 2017 -0800 procfs: use an enum for possible hidepid values Previously, the hidepid parameter was checked by comparing literal integers 0, 1, 2. Let's add a proper enum for this, to make the checking more expressive: 0 → HIDEPID_OFF 1 → HIDEPID_NO_ACCESS 2 → HIDEPID_INVISIBLE This changes the internal labelling only, the userspace-facing interface remains unmodified, and still works with literal integers 0, 1, 2. No functional changes. Link: http://lkml.kernel.org/r/1484572984-13388-2-git-send-email-djalal@gmail.com Signed-off-by: Lafcadio Wluiki Signed-off-by: Djalal Harouni Acked-by: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 8 ++++---- fs/proc/inode.c | 2 +- fs/proc/root.c | 3 ++- include/linux/pid_namespace.h | 6 ++++++ 4 files changed, 13 insertions(+), 6 deletions(-) commit a0a07b87f3942fdee7692914b36576e009e2d434 Author: Alexey Dobriyan Date: Fri Feb 24 15:00:20 2017 -0800 proc: less code duplication in /proc/*/cmdline After staring at this code for a while I've figured using small 2-entry array describing ARGV and ENVP is the way to address code duplication critique. Link: http://lkml.kernel.org/r/20170105185724.GA12027@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 144 ++++++++++++++++++++++----------------------------------- 1 file changed, 56 insertions(+), 88 deletions(-) commit 4e4a7fb7b4574b4074e4097561c2e34a7333306f Author: Geliang Tang Date: Fri Feb 24 15:00:17 2017 -0800 proc: use rb_entry() To make the code clearer, use rb_entry() instead of container_of() to deal with rbtree. Link: http://lkml.kernel.org/r/4fd1f82818665705ce75c5156a060ae7caa8e0a9.1482160150.git.geliangtang@gmail.com Signed-off-by: Geliang Tang Cc: Jan Kara Cc: Al Viro Cc: "David S. Miller" Cc: Juergen Gross Cc: Dmitry Torokhov Cc: Seth Forshee Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/generic.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 35ca6953cac4a6d92c2d54e946a4e153d944b027 Author: Davidlohr Bueso Date: Fri Feb 24 15:00:14 2017 -0800 alpha: use generic current.h Given that the arch does not add its own implementations, simply use the asm-generic/current.h (generic-y) header instead of duplicating code. Link: http://lkml.kernel.org/r/1485992878-4780-2-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Richard Henderson Cc: Ivan Kokshaysky Cc: Matt Turner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/alpha/include/asm/Kbuild | 1 + arch/alpha/include/asm/current.h | 9 --------- 2 files changed, 1 insertion(+), 9 deletions(-) commit 9ef5ea20134e72689b9877e787fa84ab67d77cc5 Author: Sudip Mukherjee Date: Fri Feb 24 15:00:11 2017 -0800 arch/frv/mb93090-mb00/pci-frv.c: fix build warning The build of frv defconfig gives warning: arch/frv/mb93090-mb00/pci-frv.c:176:5: warning: ignoring return value of 'pci_assign_resource', declared with attribute warn_unused_result Just print an error message to silence the warning. We can not do much here on error. Link: http://lkml.kernel.org/r/1484256471-5379-1-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Sudip Mukherjee Cc: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/frv/mb93090-mb00/pci-frv.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 0386bf385d9dbb277ff565765ac9d13fe36232d6 Author: Greg Thelen Date: Fri Feb 24 15:00:08 2017 -0800 kasan: add memcg kmem_cache test Make a kasan test which uses a SLAB_ACCOUNT slab cache. If the test is run within a non default memcg, then it uncovers the bug fixed by "kasan: drain quarantine of memcg slab objects"[1]. If run without fix [1] it shows "Slab cache still has objects", and the kmem_cache structure is leaked. Here's an unpatched kernel test: $ dmesg -c > /dev/null $ mkdir /sys/fs/cgroup/memory/test $ echo $$ > /sys/fs/cgroup/memory/test/tasks $ modprobe test_kasan 2> /dev/null $ dmesg | grep -B1 still [ 123.456789] kasan test: memcg_accounted_kmem_cache allocate memcg accounted object [ 124.456789] kmem_cache_destroy test_cache: Slab cache still has objects Kernels with fix [1] don't have the "Slab cache still has objects" warning or the underlying leak. The new test runs and passes in the default (root) memcg, though in the root memcg it won't uncover the problem fixed by [1]. Link: http://lkml.kernel.org/r/1482257462-36948-2-git-send-email-gthelen@google.com Signed-off-by: Greg Thelen Reviewed-by: Vladimir Davydov Cc: Andrey Ryabinin Cc: Alexander Potapenko Cc: Dmitry Vyukov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/test_kasan.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) commit f9fa1d919c696e90c887d8742198023e7639d139 Author: Greg Thelen Date: Fri Feb 24 15:00:05 2017 -0800 kasan: drain quarantine of memcg slab objects Per memcg slab accounting and kasan have a problem with kmem_cache destruction. - kmem_cache_create() allocates a kmem_cache, which is used for allocations from processes running in root (top) memcg. - Processes running in non root memcg and allocating with either __GFP_ACCOUNT or from a SLAB_ACCOUNT cache use a per memcg kmem_cache. - Kasan catches use-after-free by having kfree() and kmem_cache_free() defer freeing of objects. Objects are placed in a quarantine. - kmem_cache_destroy() destroys root and non root kmem_caches. It takes care to drain the quarantine of objects from the root memcg's kmem_cache, but ignores objects associated with non root memcg. This causes leaks because quarantined per memcg objects refer to per memcg kmem cache being destroyed. To see the problem: 1) create a slab cache with kmem_cache_create(,,,SLAB_ACCOUNT,) 2) from non root memcg, allocate and free a few objects from cache 3) dispose of the cache with kmem_cache_destroy() kmem_cache_destroy() will trigger a "Slab cache still has objects" warning indicating that the per memcg kmem_cache structure was leaked. Fix the leak by draining kasan quarantined objects allocated from non root memcg. Racing memcg deletion is tricky, but handled. kmem_cache_destroy() => shutdown_memcg_caches() => __shutdown_memcg_cache() => shutdown_cache() flushes per memcg quarantined objects, even if that memcg has been rmdir'd and gone through memcg_deactivate_kmem_caches(). This leak only affects destroyed SLAB_ACCOUNT kmem caches when kasan is enabled. So I don't think it's worth patching stable kernels. Link: http://lkml.kernel.org/r/1482257462-36948-1-git-send-email-gthelen@google.com Signed-off-by: Greg Thelen Reviewed-by: Vladimir Davydov Acked-by: Andrey Ryabinin Cc: Alexander Potapenko Cc: Dmitry Vyukov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kasan.h | 4 ++-- mm/kasan/kasan.c | 2 +- mm/kasan/quarantine.c | 1 + mm/slab_common.c | 4 +++- 4 files changed, 7 insertions(+), 4 deletions(-) commit dc18d706a4367454ad1fc51e06148d54e8ecfaa0 Author: Nathan Fontenot Date: Fri Feb 24 15:00:02 2017 -0800 memory-hotplug: use dev_online for memhp_auto_online Commit 31bc3858ea3e ("add automatic onlining policy for the newly added memory") provides the capability to have added memory automatically onlined during add, but this appears to be slightly broken. The current implementation uses walk_memory_range() to call online_memory_block, which uses memory_block_change_state() to online the memory. Instead, we should be calling device_online() for the memory block in online_memory_block(). This would online the memory (the memory bus online routine memory_subsys_online() called from device_online calls memory_block_change_state()) and properly update the device struct offline flag. As a result of the current implementation, attempting to remove a memory block after adding it using auto online fails. This is because doing a remove, for instance echo offline > /sys/devices/system/memory/memoryXXX/state uses device_offline() which checks the dev->offline flag. Link: http://lkml.kernel.org/r/20170222220744.8119.19687.stgit@ltcalpine2-lp14.aus.stglabs.ibm.com Signed-off-by: Nathan Fontenot Cc: Michael Ellerman Cc: Michael Roth Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/base/memory.c | 2 +- include/linux/memory.h | 3 --- mm/memory_hotplug.c | 2 +- 3 files changed, 2 insertions(+), 5 deletions(-) commit dd8416c47715cf324c9a16f13273f9fda87acfed Author: Minchan Kim Date: Fri Feb 24 14:59:59 2017 -0800 mm: do not access page->mapping directly on page_endio With rw_page, page_endio is used for completing IO on a page and it propagates write error to the address space if the IO fails. The problem is it accesses page->mapping directly which might be okay for file-backed pages but it shouldn't for anonymous page. Otherwise, it can corrupt one of field from anon_vma under us and system goes panic randomly. swap_writepage bdev_writepage ops->rw_page I encountered the BUG during developing new zram feature and it was really hard to figure it out because it made random crash, somtime mmap_sem lockdep, sometime other places where places never related to zram/zsmalloc, and not reproducible with some configuration. When I consider how that bug is subtle and people do fast-swap test with brd, it's worth to add stable mark, I think. Fixes: dd6bd0d9c7db ("swap: use bdev_read_page() / bdev_write_page()") Signed-off-by: Minchan Kim Acked-by: Michal Hocko Cc: Matthew Wilcox Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/filemap.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 9a8b300f2f7812ebf4630b8b40499da38b38e882 Author: Aneesh Kumar K.V Date: Fri Feb 24 14:59:56 2017 -0800 mm/thp/autonuma: use TNF flag instead of vm fault We are using the wrong flag value in task_numa_falt function. This can result in us doing wrong numa fault statistics update, because we update num_pages_migrate and numa_fault_locality etc based on the flag argument passed. Fixes: bae473a423 ("mm: introduce fault_env") Link: http://lkml.kernel.org/r/1487498395-9544-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Acked-by: Hillf Danton Acked-by: Kirill A. Shutemov Cc: Rik van Riel Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit db08f2030a173fdb95b2e8e28d82c4e8c04df2ac Author: Aneesh Kumar K.V Date: Fri Feb 24 14:59:53 2017 -0800 mm/gup: check for protnone only if it is a PTE entry Do the prot_none/FOLL_NUMA check after we are sure this is a THP pte. Archs can implement prot_none such that it can return true for regular pmd entries. Link: http://lkml.kernel.org/r/1487498326-8734-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Cc: Rik van Riel Cc: Mel Gorman Cc: Hillf Danton Cc: Kirill A. Shutemov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/gup.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 199eaa05adc53825503a5303db624dd57397b93a Author: Miles Chen Date: Fri Feb 24 14:59:51 2017 -0800 mm: cleanups for printing phys_addr_t and dma_addr_t cleanup rest of dma_addr_t and phys_addr_t type casting in mm use %pad for dma_addr_t use %pa for phys_addr_t Link: http://lkml.kernel.org/r/1486618489-13912-1-git-send-email-miles.chen@mediatek.com Signed-off-by: Miles Chen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/dmapool.c | 16 ++++++++-------- mm/vmalloc.c | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) commit b538e422e41fd5ec8c059bde03d5504bb62bf0d1 Author: Yisheng Xie Date: Fri Feb 24 14:59:48 2017 -0800 mm/zsmalloc: fix comment in zsmalloc The class index and fullness group are not encoded in (first)page->mapping any more, after commit 3783689a1aa8 ("zsmalloc: introduce zspage structure"). Instead, they are store in struct zspage. Just delete this unneeded comment. Link: http://lkml.kernel.org/r/1486620822-36826-1-git-send-email-xieyisheng1@huawei.com Signed-off-by: Yisheng Xie Suggested-by: Sergey Senozhatsky Reviewed-by: Sergey Senozhatsky Acked-by: Minchan Kim Cc: Nitin Gupta Cc: Hanjun Guo Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/zsmalloc.c | 4 ---- 1 file changed, 4 deletions(-) commit ad69444e75d77981291ccf807f48d81e8fca010f Author: Wei Yang Date: Fri Feb 24 14:59:45 2017 -0800 mm/page_alloc.c: remove redundant init code for ZONE_MOVABLE arch_zone_lowest/highest_possible_pfn[] is set to 0 and [ZONE_MOVABLE] is skipped in the loop. No need to reset them to 0 again. This patch just removes the redundant code. Link: http://lkml.kernel.org/r/20170209141731.60208-1-richard.weiyang@gmail.com Signed-off-by: Wei Yang Cc: Anshuman Khandual Cc: Mel Gorman Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 2 -- 1 file changed, 2 deletions(-) commit 22c5cef16278bf83aa54ac96a7735ce82f93524e Author: Yisheng Xie Date: Fri Feb 24 14:59:42 2017 -0800 mm/zsmalloc: remove redundant SetPagePrivate2 in create_page_chain We had used page->lru to link the component pages (except the first page) of a zspage, and used INIT_LIST_HEAD(&page->lru) to init it. Therefore, to get the last page's next page, which is NULL, we had to use page flag PG_Private_2 to identify it. But now, we use page->freelist to link all of the pages in zspage and init the page->freelist as NULL for last page, so no need to use PG_Private_2 anymore. This remove redundant SetPagePrivate2 in create_page_chain and ClearPagePrivate2 in reset_page(). Save a few cycles for migration of zsmalloc page :) Link: http://lkml.kernel.org/r/1487076509-49270-1-git-send-email-xieyisheng1@huawei.com Signed-off-by: Yisheng Xie Reviewed-by: Sergey Senozhatsky Acked-by: Minchan Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/zsmalloc.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit e1587a4945408faa58d0485002c110eb2454740c Author: Vinayak Menon Date: Fri Feb 24 14:59:39 2017 -0800 mm: vmpressure: fix sending wrong events on underflow At the end of a window period, if the reclaimed pages is greater than scanned, an unsigned underflow can result in a huge pressure value and thus a critical event. Reclaimed pages is found to go higher than scanned because of the addition of reclaimed slab pages to reclaimed in shrink_node without a corresponding increment to scanned pages. Minchan Kim mentioned that this can also happen in the case of a THP page where the scanned is 1 and reclaimed could be 512. Link: http://lkml.kernel.org/r/1486641577-11685-1-git-send-email-vinmenon@codeaurora.org Signed-off-by: Vinayak Menon Acked-by: Minchan Kim Acked-by: Michal Hocko Cc: Johannes Weiner Cc: Mel Gorman Cc: Vlastimil Babka Cc: Rik van Riel Cc: Vladimir Davydov Cc: Anton Vorontsov Cc: Shiraz Hashim Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmpressure.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 3a4f8a0b3ffa733ffbb327685e83b63383127cf6 Author: Hugh Dickins Date: Fri Feb 24 14:59:36 2017 -0800 mm: remove shmem_mapping() shmem_zero_setup() duplicates Remove the prototypes for shmem_mapping() and shmem_zero_setup() from linux/mm.h, since they are already provided in linux/shmem_fs.h. But shmem_fs.h must then provide the inline stub for shmem_mapping() when CONFIG_SHMEM is not set, and a few more cfiles now need to #include it. Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1702081658250.1549@eggly.anvils Signed-off-by: Hugh Dickins Cc: Johannes Weiner Cc: Michal Simek Cc: Michael Ellerman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/microblaze/pci/pci-common.c | 1 + arch/powerpc/kernel/pci-common.c | 1 + include/linux/mm.h | 10 ---------- include/linux/shmem_fs.h | 7 +++++++ mm/madvise.c | 1 + mm/memcontrol.c | 1 + mm/mincore.c | 1 + mm/truncate.c | 1 + mm/workingset.c | 1 + 9 files changed, 14 insertions(+), 10 deletions(-) commit e02dc017c3032dcdce1b993af0db135462e1b4b7 Author: Gavin Shan Date: Fri Feb 24 14:59:33 2017 -0800 mm/page_alloc: fix nodes for reclaim in fast path When @node_reclaim_node isn't 0, the page allocator tries to reclaim pages if the amount of free memory in the zones are below the low watermark. On Power platform, none of NUMA nodes are scanned for page reclaim because no nodes match the condition in zone_allows_reclaim(). On Power platform, RECLAIM_DISTANCE is set to 10 which is the distance of Node-A to Node-A. So the preferred node even won't be scanned for page reclaim. __alloc_pages_nodemask() get_page_from_freelist() zone_allows_reclaim() Anton proposed the test code as below: # cat alloc.c : int main(int argc, char *argv[]) { void *p; unsigned long size; unsigned long start, end; start = time(NULL); size = strtoul(argv[1], NULL, 0); printf("To allocate %ldGB memory\n", size); size <<= 30; p = malloc(size); assert(p); memset(p, 0, size); end = time(NULL); printf("Used time: %ld seconds\n", end - start); sleep(3600); return 0; } The system I use for testing has two NUMA nodes. Both have 128GB memory. In below scnario, the page caches on node#0 should be reclaimed when it encounters pressure to accommodate request of allocation. # echo 2 > /proc/sys/vm/zone_reclaim_mode; \ sync; \ echo 3 > /proc/sys/vm/drop_caches; \ # taskset -c 0 cat file.32G > /dev/null; \ grep FilePages /sys/devices/system/node/node0/meminfo Node 0 FilePages: 33619712 kB # taskset -c 0 ./alloc 128 # grep FilePages /sys/devices/system/node/node0/meminfo Node 0 FilePages: 33619840 kB # grep MemFree /sys/devices/system/node/node0/meminfo Node 0 MemFree: 186816 kB With the patch applied, the pagecache on node-0 is reclaimed when its free memory is running out. It's the expected behaviour. # echo 2 > /proc/sys/vm/zone_reclaim_mode; \ sync; \ echo 3 > /proc/sys/vm/drop_caches # taskset -c 0 cat file.32G > /dev/null; \ grep FilePages /sys/devices/system/node/node0/meminfo Node 0 FilePages: 33605568 kB # taskset -c 0 ./alloc 128 # grep FilePages /sys/devices/system/node/node0/meminfo Node 0 FilePages: 1379520 kB # grep MemFree /sys/devices/system/node/node0/meminfo Node 0 MemFree: 317120 kB Fixes: 5f7a75acdb24 ("mm: page_alloc: do not cache reclaim distances") Link: http://lkml.kernel.org/r/1486532455-29613-1-git-send-email-gwshan@linux.vnet.ibm.com Signed-off-by: Gavin Shan Acked-by: Mel Gorman Acked-by: Michal Hocko Cc: Anton Blanchard Cc: Michael Ellerman Cc: [3.16+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d6d8c8a48291b929b2e039f220f0b62958cccfea Author: zhong jiang Date: Fri Feb 24 14:59:30 2017 -0800 mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone() When mainline introduced commit a96dfddbcc04 ("base/memory, hotplug: fix a kernel oops in show_valid_zones()"), it obtained the valid start and end pfn from the given pfn range. The valid start pfn can fix the actual issue, but it introduced another issue. The valid end pfn will may exceed the given end_pfn. Although the incorrect overflow will not result in actual problem at present, but I think it need to be fixed. [toshi.kani@hpe.com: remove assumption that end_pfn is aligned by MAX_ORDER_NR_PAGES] Fixes: a96dfddbcc04 ("base/memory, hotplug: fix a kernel oops in show_valid_zones()") Link: http://lkml.kernel.org/r/1486467299-22648-1-git-send-email-zhongjiang@huawei.com Signed-off-by: zhong jiang Signed-off-by: Toshi Kani Cc: Vlastimil Babka Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory_hotplug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8e19d540d107ee897eb9a874844060c94e2376c0 Author: zhouxianrong Date: Fri Feb 24 14:59:27 2017 -0800 zram: extend zero pages to same element pages The idea is that without doing more calculations we extend zero pages to same element pages for zram. zero page is special case of same element page with zero element. 1. the test is done under android 7.0 2. startup too many applications circularly 3. sample the zero pages, same pages (none-zero element) and total pages in function page_zero_filled the result is listed as below: ZERO SAME TOTAL 36214 17842 598196 ZERO/TOTAL SAME/TOTAL (ZERO+SAME)/TOTAL ZERO/SAME AVERAGE 0.060631909 0.024990816 0.085622726 2.663825038 STDEV 0.00674612 0.005887625 0.009707034 2.115881328 MAX 0.069698422 0.030046087 0.094975336 7.56043956 MIN 0.03959586 0.007332205 0.056055193 1.928985507 from the above data, the benefit is about 2.5% and up to 3% of total swapout pages. The defect of the patch is that when we recovery a page from non-zero element the operations are low efficient for partial read. This patch extends zero_page to same_page so if there is any user to have monitored zero_pages, he will be surprised if the number is increased but it's not harmful, I believe. [minchan@kernel.org: do not free same element pages in zram_meta_free] Link: http://lkml.kernel.org/r/20170207065741.GA2567@bbox Link: http://lkml.kernel.org/r/1483692145-75357-1-git-send-email-zhouxianrong@huawei.com Link: http://lkml.kernel.org/r/1486307804-27903-1-git-send-email-minchan@kernel.org Signed-off-by: zhouxianrong Signed-off-by: Minchan Kim Cc: Sergey Senozhatsky Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/blockdev/zram.txt | 6 +-- drivers/block/zram/zram_drv.c | 87 ++++++++++++++++++++++++++++------------- drivers/block/zram/zram_drv.h | 9 +++-- 3 files changed, 69 insertions(+), 33 deletions(-) commit 517663edd6b5d2a822469885994f34e092e2cf9f Author: Steven Rostedt (VMware) Date: Fri Feb 24 14:59:24 2017 -0800 mm/page-writeback.c: place "not" inside of unlikely() statement in wb_domain_writeout_inc() The likely/unlikely profiler noticed that the unlikely statement in wb_domain_writeout_inc() is constantly wrong. This is due to the "not" (!) being outside the unlikely statement. It is likely that dom->period_time will be set, but unlikely that it wont be. Move the not into the unlikely statement. Link: http://lkml.kernel.org/r/20170206120035.3c2e2b91@gandalf.local.home Signed-off-by: Steven Rostedt (VMware) Reviewed-by: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page-writeback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c137a2757b88658ce61c74b25ff650ecda7f09d8 Author: Aneesh Kumar K.V Date: Fri Feb 24 14:59:21 2017 -0800 powerpc/mm/autonuma: switch ppc64 to its own implementation of saved write With this our protnone becomes a present pte with READ/WRITE/EXEC bit cleared. By default we also set _PAGE_PRIVILEGED on such pte. This is now used to help us identify a protnone pte that as saved write bit. For such pte, we will clear the _PAGE_PRIVILEGED bit. The pte still remain non-accessible from both user and kernel. [aneesh.kumar@linux.vnet.ibm.com: v3] Link: http://lkml.kernel.org/r/1487498625-10891-4-git-send-email-aneesh.kumar@linux.vnet.ibm.com Link: http://lkml.kernel.org/r/1487050314-3892-3-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Acked-by: Michael Neuling Cc: Rik van Riel Cc: Mel Gorman Cc: Paul Mackerras Cc: Benjamin Herrenschmidt Cc: Michael Ellerman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/include/asm/book3s/64/pgtable.h | 52 ++++++++++++++++++++++++---- 1 file changed, 45 insertions(+), 7 deletions(-) commit 595cd8f256d24face93b2722927ec9c980419c26 Author: Aneesh Kumar K.V Date: Fri Feb 24 14:59:19 2017 -0800 mm/ksm: handle protnone saved writes when making page write protect Without this KSM will consider the page write protected, but a numa fault can later mark the page writable. This can result in memory corruption. Link: http://lkml.kernel.org/r/1487498625-10891-3-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/asm-generic/pgtable.h | 8 ++++++++ mm/ksm.c | 9 +++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) commit 288bc54949fc2625a4fd811a188fb200cc498946 Author: Aneesh Kumar K.V Date: Fri Feb 24 14:59:16 2017 -0800 mm/autonuma: let architecture override how the write bit should be stashed in a protnone pte. Patch series "Numabalancing preserve write fix", v2. This patch series address an issue w.r.t THP migration and autonuma preserve write feature. migrate_misplaced_transhuge_page() cannot deal with concurrent modification of the page. It does a page copy without following the migration pte sequence. IIUC, this was done to keep the migration simpler and at the time of implemenation we didn't had THP page cache which would have required a more elaborate migration scheme. That means thp autonuma migration expect the protnone with saved write to be done such that both kernel and user cannot update the page content. This patch series enables archs like ppc64 to do that. We are good with the hash translation mode with the current code, because we never create a hardware page table entry for a protnone pte. This patch (of 2): Autonuma preserves the write permission across numa fault to avoid taking a writefault after a numa fault (Commit: b191f9b106ea " mm: numa: preserve PTE write permissions across a NUMA hinting fault"). Architecture can implement protnone in different ways and some may choose to implement that by clearing Read/ Write/Exec bit of pte. Setting the write bit on such pte can result in wrong behaviour. Fix this up by allowing arch to override how to save the write bit on a protnone pte. [aneesh.kumar@linux.vnet.ibm.com: don't mark pte saved write in case of dirty_accountable] Link: http://lkml.kernel.org/r/1487942884-16517-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com [aneesh.kumar@linux.vnet.ibm.com: v3] Link: http://lkml.kernel.org/r/1487498625-10891-2-git-send-email-aneesh.kumar@linux.vnet.ibm.com Link: http://lkml.kernel.org/r/1487050314-3892-2-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Acked-by: Michael Neuling Cc: Rik van Riel Cc: Mel Gorman Cc: Paul Mackerras Cc: Benjamin Herrenschmidt Cc: Michael Ellerman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/asm-generic/pgtable.h | 16 ++++++++++++++++ mm/huge_memory.c | 6 +++--- mm/memory.c | 2 +- mm/mprotect.c | 2 +- 4 files changed, 21 insertions(+), 5 deletions(-) commit cee216a696b2004017a5ecb583366093d90b1568 Author: Aneesh Kumar K.V Date: Fri Feb 24 14:59:13 2017 -0800 mm/autonuma: don't use set_pte_at when updating protnone ptes Architectures like ppc64, use privilege access bit to mark pte non accessible. This implies that kernel can do a copy_to_user to an address marked for numa fault. This also implies that there can be a parallel hardware update for the pte. set_pte_at cannot be used in such scenarios. Hence switch the pte update to use ptep_get_and_clear and set_pte_at combination. [akpm@linux-foundation.org: remove unwanted ppc change, per Aneesh] Link: http://lkml.kernel.org/r/1486400776-28114-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Acked-by: Rik van Riel Acked-by: Mel Gorman Cc: Benjamin Herrenschmidt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 3f472cc978ea019c7b09cc03f90b8ed6034efdf8 Author: Steven Rostedt (VMware) Date: Fri Feb 24 14:59:10 2017 -0800 mm/shmem.c: fix unlikely() test of info->seals to test only for WRITE and GROW Running my likely/unlikely profiler, I discovered that the test in shmem_write_begin() that tests for info->seals as unlikely, is always incorrect. This is because shmem_get_inode() sets info->seals to have F_SEAL_SEAL set by default, and it is unlikely to be cleared when shmem_write_begin() is called. Thus, the if statement is very likely. But as the if statement block only cares about F_SEAL_WRITE and F_SEAL_GROW, change the test to only test those two bits. Link: http://lkml.kernel.org/r/20170203105656.7aec6237@gandalf.local.home Signed-off-by: Steven Rostedt (VMware) Acked-by: Hugh Dickins Cc: David Herrmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c2f83143f1c67d186520b72b6cefbf0aa07a34ee Author: Mel Gorman Date: Fri Feb 24 14:59:07 2017 -0800 mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced Hillf Danton pointed out that since commit 1d82de618dd ("mm, vmscan: make kswapd reclaim in terms of nodes") that PGDAT_WRITEBACK is no longer cleared. It was not noticed as triggering it requires pages under writeback to cycle twice through the LRU and before kswapd gets stalled. Historically, such issues tended to occur on small machines writing heavily to slow storage such as a USB stick. Once kswapd stalls, direct reclaim stalls may be higher but due to the fact that memory pressure is required, it would not be very noticable. Michal Hocko suggested removing the flag entirely but the conservative fix is to restore the intended PGDAT_WRITEBACK behaviour and clear the flag when a suitable zone is balanced. Fixes: 1d82de618ddd ("mm, vmscan: make kswapd reclaim in terms of nodes") Link: http://lkml.kernel.org/r/20170203203222.gq7hk66yc36lpgtb@suse.de Signed-off-by: Mel Gorman Acked-by: Johannes Weiner Acked-by: Michal Hocko Acked-by: Hillf Danton Cc: Minchan Kim Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 1 + 1 file changed, 1 insertion(+) commit 8f526e12426e284b7d5d659b6b2e8920fa7c9ed9 Author: Ross Zwisler Date: Fri Feb 24 14:59:04 2017 -0800 drm: remove unnecessary fault wrappers The fault wrappers drm_vm_fault(), drm_vm_shm_fault(), drm_vm_dma_fault() and drm_vm_sg_fault() used to provide extra logic beyond what was in the "drm_do_*" versions of these functions, but as of commit ca0b07d9a969 ("drm: convert drm from nopage to fault") they are just unnecessary wrappers that do nothing. Remove them, and rename the the drm_do_* fault handlers to remove the "do_" since they no longer have corresponding wrappers. Link: http://lkml.kernel.org/r/1486155698-25717-1-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Reviewed-by: Sean Paul Acked-by: Daniel Vetter Cc: Dave Jiang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/gpu/drm/drm_vm.c | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) commit 166f61b9435a1b64bd46a08ec6cf1d6fc579a772 Author: Tobin C Harding Date: Fri Feb 24 14:59:01 2017 -0800 mm: codgin-style fixes Fix whitespace issues, extraneous braces. Link: http://lkml.kernel.org/r/1485992240-10986-5-git-send-email-me@tobin.cc Signed-off-by: Tobin C Harding Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 60 +++++++++++++++++++++++++++++------------------------------- 1 file changed, 29 insertions(+), 31 deletions(-) commit 7f2b6ce8e31ef843f5ece7fd302119d659b015f7 Author: Tobin C Harding Date: Fri Feb 24 14:58:59 2017 -0800 mm/memory.c: use NULL instead of literal 0 Patch fixes sparse warning: Using plain integer as NULL pointer. Replaces assignment of 0 to pointer with NULL assignment. Link: http://lkml.kernel.org/r/1485992240-10986-2-git-send-email-me@tobin.cc Signed-off-by: Tobin C Harding Acked-by: Kirill A. Shutemov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f2bf14d14dbc50dc56be3ebd18652ea2738ef6f8 Author: Masanari Iida Date: Fri Feb 24 14:58:56 2017 -0800 mm/page_alloc.c: remove duplicate inclusion of page_ext.h Link: http://lkml.kernel.org/r/20170202011942.1609-1-standby24x7@gmail.com Signed-off-by: Masanari Iida Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 1 - 1 file changed, 1 deletion(-) commit 5d17a73a2ebeb8d1c6924b91e53ab2650fe86ffb Author: Michal Hocko Date: Fri Feb 24 14:58:53 2017 -0800 vmalloc: back off when the current task is killed __vmalloc_area_node() allocates pages to cover the requested vmalloc size. This can be a lot of memory. If the current task is killed by the OOM killer, and thus has an unlimited access to memory reserves, it can consume all the memory theoretically. Fix this by checking for fatal_signal_pending and back off early. Link: http://lkml.kernel.org/r/20170201092706.9966-4-mhocko@kernel.org Signed-off-by: Michal Hocko Reviewed-by: Christoph Hellwig Cc: Tetsuo Handa Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 5 +++++ 1 file changed, 5 insertions(+) commit dbe43d4d2837da3d11fd7f4e2ed1a395012fe6f5 Author: Jaewon Kim Date: Fri Feb 24 14:58:50 2017 -0800 mm: cma: print allocation failure reason and bitmap status There are many reasons of CMA allocation failure such as EBUSY, ENOMEM, EINTR. But we did not know error reason so far. This patch prints the error value. Additionally if CONFIG_CMA_DEBUG is enabled, this patch shows bitmap status to know available pages. Actually CMA internally tries on all available regions because some regions can be failed because of EBUSY. Bitmap status is useful to know in detail on both ENONEM and EBUSY; ENOMEM: not tried at all because of no available region it could be too small total region or could be fragmentation issue EBUSY: tried some region but all failed This is an ENOMEM example with this patch. [2: Binder:714_1: 744] cma: cma_alloc: alloc failed, req-size: 256 pages, ret: -12 If CONFIG_CMA_DEBUG is enabled, avabile pages also will be shown as concatenated size@position format. So 4@572 means that there are 4 available pages at 572 position starting from 0 position. [2: Binder:714_1: 744] cma: number of available pages: 4@572+7@585+7@601+8@632+38@730+166@1114+127@1921=> 357 free of 2048 total pages Link: http://lkml.kernel.org/r/1485909785-3952-1-git-send-email-jaewon31.kim@samsung.com Signed-off-by: Jaewon Kim Acked-by: Michal Nazarewicz Cc: Laura Abbott Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/cma.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) commit def5efe0376501ef7bd6b53ed061512c142e59aa Author: David Rientjes Date: Fri Feb 24 14:58:47 2017 -0800 mm, madvise: fail with ENOMEM when splitting vma will hit max_map_count If madvise(2) advice will result in the underlying vma being split and the number of areas mapped by the process will exceed /proc/sys/vm/max_map_count as a result, return ENOMEM instead of EAGAIN. EAGAIN is returned by madvise(2) when a kernel resource, such as slab, is temporarily unavailable. It indicates that userspace should retry the advice in the near future. This is important for advice such as MADV_DONTNEED which is often used by malloc implementations to free memory back to the system: we really do want to free memory back when madvise(2) returns EAGAIN because slab allocations (for vmas, anon_vmas, or mempolicies) cannot be allocated. Encountering /proc/sys/vm/max_map_count is not a temporary failure, however, so return ENOMEM to indicate this is a more serious issue. A followup patch to the man page will specify this behavior. Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1701241431120.42507@chino.kir.corp.google.com Signed-off-by: David Rientjes Cc: Jonathan Corbet Cc: Johannes Weiner Cc: Jerome Marchand Cc: "Kirill A. Shutemov" Cc: Michael Kerrisk Cc: Anshuman Khandual Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/sysctl/vm.txt | 4 ++-- Documentation/vm/ksm.txt | 4 ++++ include/linux/mm.h | 6 ++++-- mm/madvise.c | 51 +++++++++++++++++++++++++++++++++++++-------- mm/mmap.c | 8 +++---- 5 files changed, 56 insertions(+), 17 deletions(-) commit 712c604dcdf8186295e2af694adf52c6842ad100 Author: Lucas Stach Date: Fri Feb 24 14:58:44 2017 -0800 mm: wire up GFP flag passing in dma_alloc_from_contiguous The callers of the DMA alloc functions already provide the proper context GFP flags. Make sure to pass them through to the CMA allocator, to make the CMA compaction context aware. Link: http://lkml.kernel.org/r/20170127172328.18574-3-l.stach@pengutronix.de Signed-off-by: Lucas Stach Acked-by: Vlastimil Babka Acked-by: Michal Hocko Cc: Radim Krcmar Cc: Catalin Marinas Cc: Will Deacon Cc: Chris Zankel Cc: Ralf Baechle Cc: Paolo Bonzini Cc: Alexander Graf Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/mm/dma-mapping.c | 16 +++++++++------- arch/arm64/mm/dma-mapping.c | 4 ++-- arch/mips/mm/dma-default.c | 4 ++-- arch/x86/kernel/pci-dma.c | 3 ++- arch/xtensa/kernel/pci-dma.c | 3 ++- drivers/base/dma-contiguous.c | 5 +++-- drivers/iommu/amd_iommu.c | 2 +- drivers/iommu/intel-iommu.c | 2 +- include/linux/dma-contiguous.h | 4 ++-- 9 files changed, 24 insertions(+), 19 deletions(-) commit e2f466e32f56c8b3ee0d1a40cc39e1c779dfd598 Author: Lucas Stach Date: Fri Feb 24 14:58:41 2017 -0800 mm: cma_alloc: allow to specify GFP mask Most users of this interface just want to use it with the default GFP_KERNEL flags, but for cases where DMA memory is allocated it may be called from a different context. No functional change yet, just passing through the flag to the underlying alloc_contig_range function. Link: http://lkml.kernel.org/r/20170127172328.18574-2-l.stach@pengutronix.de Signed-off-by: Lucas Stach Acked-by: Vlastimil Babka Acked-by: Michal Hocko Cc: Radim Krcmar Cc: Catalin Marinas Cc: Will Deacon Cc: Chris Zankel Cc: Ralf Baechle Cc: Paolo Bonzini Cc: Alexander Graf Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/kvm/book3s_hv_builtin.c | 3 ++- drivers/base/dma-contiguous.c | 2 +- include/linux/cma.h | 3 ++- mm/cma.c | 5 +++-- mm/cma_debug.c | 2 +- 5 files changed, 9 insertions(+), 6 deletions(-) commit ca96b625341027f611c3e61351a70311077ebcf5 Author: Lucas Stach Date: Fri Feb 24 14:58:37 2017 -0800 mm: alloc_contig_range: allow to specify GFP mask Currently alloc_contig_range assumes that the compaction should be done with the default GFP_KERNEL flags. This is probably right for all current uses of this interface, but may change as CMA is used in more use-cases (including being the default DMA memory allocator on some platforms). Change the function prototype, to allow for passing through the GFP mask set by upper layers. Also respect global restrictions by applying memalloc_noio_flags to the passed in flags. Link: http://lkml.kernel.org/r/20170127172328.18574-1-l.stach@pengutronix.de Signed-off-by: Lucas Stach Acked-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Radim Krcmar Cc: Catalin Marinas Cc: Will Deacon Cc: Chris Zankel Cc: Ralf Baechle Cc: Paolo Bonzini Cc: Alexander Graf Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/gfp.h | 2 +- mm/cma.c | 3 ++- mm/hugetlb.c | 3 ++- mm/page_alloc.c | 5 +++-- 4 files changed, 8 insertions(+), 5 deletions(-) commit 5a02026d390ea1bb0c16a0e214e45613a3e3d885 Author: Mike Rapoport Date: Fri Feb 24 14:58:34 2017 -0800 userfaultfd: documentation update Add documentation about new userfaultfd features and events Link: http://lkml.kernel.org/r/1487716431-5551-1-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/vm/userfaultfd.txt | 89 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) commit 96333187ab16215888f2bce01985ca5a823da8ba Author: Mike Rapoport Date: Fri Feb 24 14:58:31 2017 -0800 userfaultfd_copy: return -ENOSPC in case mm has gone In the non-cooperative userfaultfd case, the process exit may race with outstanding mcopy_atomic called by the uffd monitor. Returning -ENOSPC instead of -EINVAL when mm is already gone will allow uffd monitor to distinguish this case from other error conditions. Link: http://lkml.kernel.org/r/1485542673-24387-6-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Acked-by: Hillf Danton Cc: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 2 ++ 1 file changed, 2 insertions(+) commit 27d02568f529e908399514dfbee8ee43bdfd5299 Author: Mike Rapoport Date: Fri Feb 24 14:58:28 2017 -0800 userfaultfd: mcopy_atomic: return -ENOENT when no compatible VMA found The memory mapping of a process may change between #PF event and the call to mcopy_atomic that comes to resolve the page fault. In such case, there will be no VMA covering the range passed to mcopy_atomic or the VMA will not have userfaultfd context. To allow uffd monitor to distinguish those case from other errors, let's return -ENOENT instead of -EINVAL. Note, that despite availability of UFFD_EVENT_UNMAP there still might be race between the processing of UFFD_EVENT_UNMAP and outstanding mcopy_atomic in case of non-cooperative uffd usage. [rppt@linux.vnet.ibm.com: update cases returning -ENOENT] Link: http://lkml.kernel.org/r/20170207150249.GA6709@rapoport-lnx [aarcange@redhat.com: merge fix] [akpm@linux-foundation.org: fix the merge fix] Link: http://lkml.kernel.org/r/1485542673-24387-5-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Acked-by: Hillf Danton Cc: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/userfaultfd.c | 58 +++++++++++++++++++++++++++----------------------------- 1 file changed, 28 insertions(+), 30 deletions(-) commit ca49ca7114553587736fe78319e22f073b631380 Author: Mike Rapoport Date: Fri Feb 24 14:58:25 2017 -0800 userfaultfd: non-cooperative: add event for exit() notification Allow userfaultfd monitor track termination of the processes that have memory backed by the uffd. [rppt@linux.vnet.ibm.com: add comment] Link: http://lkml.kernel.org/r/20170202135448.GB19804@rapoport-lnxLink: http://lkml.kernel.org/r/1485542673-24387-4-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Acked-by: Hillf Danton Cc: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 28 ++++++++++++++++++++++++++++ include/linux/userfaultfd_k.h | 7 +++++++ include/uapi/linux/userfaultfd.h | 5 ++++- kernel/exit.c | 2 ++ 4 files changed, 41 insertions(+), 1 deletion(-) commit 897ab3e0c49e24b62e2d54d165c7afec6bbca65b Author: Mike Rapoport Date: Fri Feb 24 14:58:22 2017 -0800 userfaultfd: non-cooperative: add event for memory unmaps When a non-cooperative userfaultfd monitor copies pages in the background, it may encounter regions that were already unmapped. Addition of UFFD_EVENT_UNMAP allows the uffd monitor to track precisely changes in the virtual memory layout. Since there might be different uffd contexts for the affected VMAs, we first should create a temporary representation for the unmap event for each uffd context and then notify them one by one to the appropriate userfault file descriptors. The event notification occurs after the mmap_sem has been released. [arnd@arndb.de: fix nommu build] Link: http://lkml.kernel.org/r/20170203165141.3665284-1-arnd@arndb.de [mhocko@suse.com: fix nommu build] Link: http://lkml.kernel.org/r/20170202091503.GA22823@dhcp22.suse.cz Link: http://lkml.kernel.org/r/1485542673-24387-3-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Signed-off-by: Michal Hocko Signed-off-by: Arnd Bergmann Acked-by: Hillf Danton Cc: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/mips/kernel/vdso.c | 2 +- arch/tile/mm/elf.c | 2 +- arch/x86/entry/vdso/vma.c | 2 +- arch/x86/mm/mpx.c | 4 +-- fs/aio.c | 2 +- fs/proc/vmcore.c | 4 +-- fs/userfaultfd.c | 65 ++++++++++++++++++++++++++++++++++++++++ include/linux/mm.h | 14 +++++---- include/linux/userfaultfd_k.h | 18 +++++++++++ include/uapi/linux/userfaultfd.h | 3 ++ ipc/shm.c | 8 ++--- mm/mmap.c | 46 ++++++++++++++++++---------- mm/mremap.c | 23 ++++++++------ mm/nommu.c | 7 +++-- mm/util.c | 5 +++- 15 files changed, 160 insertions(+), 45 deletions(-) commit 846b1a0f1db065a8479159dd8fecddb1ebf30547 Author: Mike Rapoport Date: Fri Feb 24 14:58:19 2017 -0800 mm: call vm_munmap in munmap syscall instead of using open coded version Patch series "userfaultfd: non-cooperative: better tracking for mapping changes", v2. These patches try to address issues I've encountered during integration of userfaultfd with CRIU. Previously added userfaultfd events for fork(), madvise() and mremap() unfortunately do not cover all possible changes to a process virtual memory layout required for uffd monitor. When one or more VMAs is removed from the process mm, the external uffd monitor has no way to detect those changes and will attempt to fill the removed regions with userfaultfd_copy. Another problematic event is the exit() of the process. Here again, the external uffd monitor will try to use userfaultfd_copy, although mm owning the memory has already gone. The first patch in the series is a minor cleanup and it's not strictly related to the rest of the series. The patches 2 and 3 below add UFFD_EVENT_UNMAP and UFFD_EVENT_EXIT to allow the uffd monitor track changes in the memory layout of a process. The patches 4 and 5 amend error codes returned by userfaultfd_copy to make the uffd monitor able to cope with races that might occur between delivery of unmap and exit events and outstanding userfaultfd_copy's. This patch (of 5): Commit dc0ef0df7b6a ("mm: make mmap_sem for write waits killable for mm syscalls") replaced call to vm_munmap in munmap syscall with open coded version to allow different waits on mmap_sem in munmap syscall and vm_munmap. Now both functions use down_write_killable, so we can restore the call to vm_munmap from the munmap system call. Link: http://lkml.kernel.org/r/1485542673-24387-2-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Acked-by: Hillf Danton Cc: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mmap.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit 3fe87967c536e828bf1ea14b3ec3827d1101152e Author: Kirill A. Shutemov Date: Fri Feb 24 14:58:16 2017 -0800 mm: convert remove_migration_pte() to use page_vma_mapped_walk() remove_migration_pte() also can easily be converted to page_vma_mapped_walk(). [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20170129173858.45174-13-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/migrate.c | 102 ++++++++++++++++++++++++----------------------------------- 1 file changed, 41 insertions(+), 61 deletions(-) commit d53a8b49a626fdfce4390710da6d04b4314db25f Author: Kirill A. Shutemov Date: Fri Feb 24 14:58:13 2017 -0800 mm: drop page_check_address{,_transhuge} All users are gone. Let's drop them. Link: http://lkml.kernel.org/r/20170129173858.45174-12-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/rmap.h | 36 -------------- mm/rmap.c | 138 --------------------------------------------------- 2 files changed, 174 deletions(-) commit 6a328a626f98bb856551e506cabc7c8b969aafa3 Author: Kirill A. Shutemov Date: Fri Feb 24 14:58:10 2017 -0800 mm: convert page_mapped_in_vma() to use page_vma_mapped_walk() For consistency, it worth converting all page_check_address() to page_vma_mapped_walk(), so we could drop the former. Link: http://lkml.kernel.org/r/20170129173858.45174-11-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Hillf Danton Cc: Andrea Arcangeli Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_vma_mapped.c | 30 ++++++++++++++++++++++++++++++ mm/rmap.c | 26 -------------------------- 2 files changed, 30 insertions(+), 26 deletions(-) commit 14fa2daa15887f9246cfedc345e83e8d24cb9058 Author: Kirill A. Shutemov Date: Fri Feb 24 14:58:07 2017 -0800 mm, uprobes: convert __replace_page() to use page_vma_mapped_walk() For consistency, it worth converting all page_check_address() to page_vma_mapped_walk(), so we could drop the former. Link: http://lkml.kernel.org/r/20170129173858.45174-10-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Reviewed-by: Srikar Dronamraju Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/events/uprobes.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) commit 36eaff3364e8cd35552a77ee426a8170f4f5fde9 Author: Kirill A. Shutemov Date: Fri Feb 24 14:58:04 2017 -0800 mm, ksm: convert write_protect_page() to use page_vma_mapped_walk() For consistency, it worth converting all page_check_address() to page_vma_mapped_walk(), so we could drop the former. Link: http://lkml.kernel.org/r/20170129173858.45174-9-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/ksm.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) commit c7ab0d2fdc840266b39db94538f74207ec2afbf6 Author: Kirill A. Shutemov Date: Fri Feb 24 14:58:01 2017 -0800 mm: convert try_to_unmap_one() to use page_vma_mapped_walk() For consistency, it worth converting all page_check_address() to page_vma_mapped_walk(), so we could drop the former. It also makes freeze_page() as we walk though rmap only once. Link: http://lkml.kernel.org/r/20170129173858.45174-8-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 16 +--- mm/rmap.c | 260 ++++++++++++++++++++++++++++--------------------------- 2 files changed, 137 insertions(+), 139 deletions(-) commit f27176cfc363d395eea8dc5c4a26e5d6d7d65eaf Author: Kirill A. Shutemov Date: Fri Feb 24 14:57:57 2017 -0800 mm: convert page_mkclean_one() to use page_vma_mapped_walk() For consistency, it worth converting all page_check_address() to page_vma_mapped_walk(), so we could drop the former. PMD handling here is future-proofing, we don't have users yet. ext4 with huge pages will be the first. Link: http://lkml.kernel.org/r/20170129173858.45174-7-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/rmap.c | 68 ++++++++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 23 deletions(-) commit a8fa41ad2f6f7ca08edd1afcf8149ae5a4dcf654 Author: Kirill A. Shutemov Date: Fri Feb 24 14:57:54 2017 -0800 mm, rmap: check all VMAs that PTE-mapped THP can be part of Current rmap code can miss a VMA that maps PTE-mapped THP if the first suppage of the THP was unmapped from the VMA. We need to walk rmap for the whole range of offsets that THP covers, not only the first one. vma_address() also need to be corrected to check the range instead of the first subpage. Link: http://lkml.kernel.org/r/20170129173858.45174-6-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Hillf Danton Cc: Andrea Arcangeli Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/internal.h | 9 ++++++--- mm/rmap.c | 16 ++++++++++------ 2 files changed, 16 insertions(+), 9 deletions(-) commit 699fa216808fff47efc9743f92f1b8a9f9bf5321 Author: Kirill A. Shutemov Date: Fri Feb 24 14:57:51 2017 -0800 mm: fix handling PTE-mapped THPs in page_idle_clear_pte_refs() For PTE-mapped THP page_check_address_transhuge() is not adequate: it cannot find all relevant PTEs, only the first one.i Let's switch it to page_vma_mapped_walk(). I don't think it's subject for stable@: it's not fatal. Link: http://lkml.kernel.org/r/20170129173858.45174-5-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Vladimir Davydov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_idle.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) commit 8eaedede825a02dbe2420b9c9be9b5b2d7515496 Author: Kirill A. Shutemov Date: Fri Feb 24 14:57:48 2017 -0800 mm: fix handling PTE-mapped THPs in page_referenced() For PTE-mapped THP page_check_address_transhuge() is not adequate: it cannot find all relevant PTEs, only the first one. It means we can miss some references of the page and it can result in suboptimal decisions by vmscan. Let's switch it to page_vma_mapped_walk(). I don't think it's subject for stable@: it's not fatal. The only side effect is that THP can be swapped out when it shouldn't. Link: http://lkml.kernel.org/r/20170129173858.45174-4-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/rmap.c | 66 ++++++++++++++++++++++++++++++++------------------------------- 1 file changed, 34 insertions(+), 32 deletions(-) commit ace71a19cec5eb430207c3269d8a2683f0574306 Author: Kirill A. Shutemov Date: Fri Feb 24 14:57:45 2017 -0800 mm: introduce page_vma_mapped_walk() Introduce a new interface to check if a page is mapped into a vma. It aims to address shortcomings of page_check_address{,_transhuge}. Existing interface is not able to handle PTE-mapped THPs: it only finds the first PTE. The rest lefted unnoticed. page_vma_mapped_walk() iterates over all possible mapping of the page in the vma. Link: http://lkml.kernel.org/r/20170129173858.45174-3-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Cc: Andrea Arcangeli Cc: Hillf Danton Cc: Hugh Dickins Cc: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Rik van Riel Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/rmap.h | 26 +++++++ mm/Makefile | 6 +- mm/huge_memory.c | 9 ++- mm/page_vma_mapped.c | 188 +++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 224 insertions(+), 5 deletions(-) commit c8394812e56fbc334d815226268cea69b447d461 Author: Kirill A. Shutemov Date: Fri Feb 24 14:57:42 2017 -0800 uprobes: split THPs before trying to replace them Patch series "Fix few rmap-related THP bugs", v3. The patchset fixes handing PTE-mapped THPs in page_referenced() and page_idle_clear_pte_refs(). To achieve that I've intrdocued new helper -- page_vma_mapped_walk() -- which replaces all page_check_address{,_transhuge}() and covers all THP cases. Patchset overview: - First patch fixes one uprobe bug (unrelated to the rest of the patchset, just spotted it at the same time); - Patches 2-5 fix handling PTE-mapped THPs in page_referenced(), page_idle_clear_pte_refs() and rmap core; - Patches 6-12 convert all page_check_address{,_transhuge}() users (plus remove_migration_pte()) to page_vma_mapped_walk() and drop unused helpers. I think the fixes are not critical enough for stable@ as they don't lead to crashes or hangs, only suboptimal behaviour. This patch (of 12): For THPs page_check_address() always fails. It leads to endless loop in uprobe_write_opcode(). Testcase with huge-tmpfs (uprobes cannot probe anonymous memory). mount -t debugfs none /sys/kernel/debug mount -t tmpfs -o huge=always none /mnt gcc -Wall -O2 -o /mnt/test -x c - < /sys/kernel/debug/tracing/uprobe_events echo 1 > /sys/kernel/debug/tracing/events/uprobes/enable /mnt/test Let's split THPs before trying to replace. Link: http://lkml.kernel.org/r/20170129173858.45174-2-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Rik van Riel Acked-by: Johannes Weiner Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Andrea Arcangeli Cc: Hugh Dickins Cc: Hillf Danton Cc: Srikar Dronamraju Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/events/uprobes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0efadf48bca01f17cb64ebceaf528590b2bc7665 Author: Yisheng Xie Date: Fri Feb 24 14:57:39 2017 -0800 mm/hotplug: enable memory hotplug for non-lru movable pages We had considered all of the non-lru pages as unmovable before commit bda807d44454 ("mm: migrate: support non-lru movable page migration"). But now some of non-lru pages like zsmalloc, virtio-balloon pages also become movable. So we can offline such blocks by using non-lru page migration. This patch straightforwardly adds non-lru migration code, which means adding non-lru related code to the functions which scan over pfn and collect pages to be migrated and isolate them before migration. Signed-off-by: Yisheng Xie Cc: Michal Hocko Cc: Minchan Kim Cc: Naoya Horiguchi Cc: Vlastimil Babka Cc: Andi Kleen Cc: Hanjun Guo Cc: Johannes Weiner Cc: Joonsoo Kim Cc: Mel Gorman Cc: Reza Arbab Cc: Taku Izumi Cc: Vitaly Kuznetsov Cc: Xishi Qiu Cc: Yisheng Xie Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory_hotplug.c | 28 +++++++++++++++++----------- mm/page_alloc.c | 8 ++++++-- 2 files changed, 23 insertions(+), 13 deletions(-) commit 85fbe5d1b50cf6f83b4123ca28d6fab84275824c Author: Yisheng Xie Date: Fri Feb 24 14:57:35 2017 -0800 HWPOISON: soft offlining for non-lru movable page Extend soft offlining framework to support non-lru page, which already support migration after commit bda807d44454 ("mm: migrate: support non-lru movable page migration") When memory corrected errors occur on a non-lru movable page, we can choose to stop using it by migrating data onto another page and disable the original (maybe half-broken) one. Link: http://lkml.kernel.org/r/1485867981-16037-4-git-send-email-ysxie@foxmail.com Signed-off-by: Yisheng Xie Suggested-by: Michal Hocko Suggested-by: Minchan Kim Reviewed-by: Minchan Kim Acked-by: Naoya Horiguchi Cc: Vlastimil Babka Cc: Andi Kleen Cc: Hanjun Guo Cc: Johannes Weiner Cc: Joonsoo Kim Cc: Mel Gorman Cc: Reza Arbab Cc: Taku Izumi Cc: Vitaly Kuznetsov Cc: Xishi Qiu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory-failure.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) commit cbae0170e5329c79c0a36a81fedd2800146aca12 Author: Yisheng Xie Date: Fri Feb 24 14:57:32 2017 -0800 mm/migration: make isolate_movable_page always defined Define isolate_movable_page as a static inline function when CONFIG_MIGRATION is not enable. It should return -EBUSY here which means failed to isolate movable pages. This patch do not have any functional change but prepare for later patch. Link: http://lkml.kernel.org/r/1485867981-16037-3-git-send-email-ysxie@foxmail.com Signed-off-by: Yisheng Xie Acked-by: Minchan Kim Suggested-by: Michal Hocko Cc: Naoya Horiguchi Cc: Vlastimil Babka Cc: Andi Kleen Cc: Hanjun Guo Cc: Johannes Weiner Cc: Joonsoo Kim Cc: Mel Gorman Cc: Reza Arbab Cc: Taku Izumi Cc: Vitaly Kuznetsov Cc: Xishi Qiu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/migrate.h | 2 ++ 1 file changed, 2 insertions(+) commit 9e5bcd610ffcedf5e485e78a72762810b25c7f25 Author: Yisheng Xie Date: Fri Feb 24 14:57:29 2017 -0800 mm/migration: make isolate_movable_page() return int type Patch series "HWPOISON: soft offlining for non-lru movable page", v6. After Minchan's commit bda807d44454 ("mm: migrate: support non-lru movable page migration"), some type of non-lru page like zsmalloc and virtio-balloon page also support migration. Therefore, we can: 1) soft offlining no-lru movable pages, which means when memory corrected errors occur on a non-lru movable page, we can stop to use it by migrating data onto another page and disable the original (maybe half-broken) one. 2) enable memory hotplug for non-lru movable pages, i.e. we may offline blocks, which include such pages, by using non-lru page migration. This patchset is heavily dependent on non-lru movable page migration. This patch (of 4): Change the return type of isolate_movable_page() from bool to int. It will return 0 when isolate movable page successfully, and return -EBUSY when it isolates failed. There is no functional change within this patch but prepare for later patch. [xieyisheng1@huawei.com: v6] Link: http://lkml.kernel.org/r/1486108770-630-2-git-send-email-xieyisheng1@huawei.com Link: http://lkml.kernel.org/r/1485867981-16037-2-git-send-email-ysxie@foxmail.com Signed-off-by: Yisheng Xie Suggested-by: Michal Hocko Acked-by: Minchan Kim Cc: Andi Kleen Cc: Hanjun Guo Cc: Johannes Weiner Cc: Joonsoo Kim Cc: Mel Gorman Cc: Naoya Horiguchi Cc: Reza Arbab Cc: Taku Izumi Cc: Vitaly Kuznetsov Cc: Vlastimil Babka Cc: Xishi Qiu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/migrate.h | 2 +- mm/compaction.c | 2 +- mm/migrate.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) commit 5a27aa8220290b64cd5da066a1e29375aa867e69 Author: Vitaly Wool Date: Fri Feb 24 14:57:26 2017 -0800 z3fold: add kref refcounting With both coming and already present locking optimizations, introducing kref to reference-count z3fold objects is the right thing to do. Moreover, it makes buddied list no longer necessary, and allows for a simpler handling of headless pages. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20170131214650.8ea78033d91ded233f552bc0@gmail.com Signed-off-by: Vitaly Wool Reviewed-by: Dan Streetman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/z3fold.c | 155 +++++++++++++++++++++++++++--------------------------------- 1 file changed, 69 insertions(+), 86 deletions(-) commit 2f1e5e4d8430f365f979a818f515123a71b640ec Author: Vitaly Wool Date: Fri Feb 24 14:57:23 2017 -0800 z3fold: use per-page spinlock Most of z3fold operations are in-page, such as modifying z3fold page header or moving z3fold objects within a page. Taking per-pool spinlock to protect per-page objects is therefore suboptimal, and the idea of having a per-page spinlock (or rwlock) has been around for some time. This patch implements spinlock-based per-page locking mechanism which is lightweight enough to normally fit ok into the z3fold header. Link: http://lkml.kernel.org/r/20170131214438.433e0a5fda908337b63206d3@gmail.com Signed-off-by: Vitaly Wool Reviewed-by: Dan Streetman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/z3fold.c | 148 +++++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 106 insertions(+), 42 deletions(-) commit 1b096e5ae9f7181c770d59c6895f23a76c63adee Author: Vitaly Wool Date: Fri Feb 24 14:57:20 2017 -0800 z3fold: extend compaction function z3fold_compact_page() currently only handles the situation when there's a single middle chunk within the z3fold page. However it may be worth it to move middle chunk closer to either first or last chunk, whichever is there, if the gap between them is big enough. This patch adds the relevant code, using BIG_CHUNK_GAP define as a threshold for middle chunk to be worth moving. Link: http://lkml.kernel.org/r/20170131214334.c4f3eac9a477af0fa9a22c46@gmail.com Signed-off-by: Vitaly Wool Reviewed-by: Dan Streetman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/z3fold.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) commit ede93213aab623b3343f1d7dcb03aebac0489357 Author: Vitaly Wool Date: Fri Feb 24 14:57:17 2017 -0800 z3fold: fix header size related issues Currently the whole kernel build will be stopped if the size of struct z3fold_header is greater than the size of one chunk, which is 64 bytes by default. This patch instead defines the offset for z3fold objects as the size of the z3fold header in chunks. Fixed also are the calculation of num_free_chunks() and the address to move the middle chunk to in case of in-page compaction in z3fold_compact_page(). Link: http://lkml.kernel.org/r/20170131214057.d98677032bc7b1c6c59a80c9@gmail.com Signed-off-by: Vitaly Wool Reviewed-by: Dan Streetman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/z3fold.c | 114 ++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 64 insertions(+), 50 deletions(-) commit 12d59ae678242b383671abb7ffa3c94bb2d6c4de Author: Vitaly Wool Date: Fri Feb 24 14:57:15 2017 -0800 z3fold: make pages_nr atomic Convert pages_nr per-pool counter to atomic64_t. Link: http://lkml.kernel.org/r/20170131213946.b828676ab17bbea42022c213@gmail.com Signed-off-by: Vitaly Wool Reviewed-by: Dan Streetman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/z3fold.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) commit 220ced1676c490c3192dd9bc1a06be86dee88a56 Author: Dan Williams Date: Fri Feb 24 14:57:12 2017 -0800 mm: fix get_user_pages() vs device-dax pud mappings A new unit test for the device-dax 1GB enabling currently fails with this warning before hanging the test thread: WARNING: CPU: 0 PID: 21 at lib/percpu-refcount.c:155 percpu_ref_switch_to_atomic_rcu+0x1e3/0x1f0 percpu ref (dax_pmem_percpu_release [dax_pmem]) <= 0 (0) after switching to atomic [..] CPU: 0 PID: 21 Comm: rcuos/1 Tainted: G O 4.10.0-rc7-next-20170207+ #944 [..] Call Trace: dump_stack+0x86/0xc3 __warn+0xcb/0xf0 warn_slowpath_fmt+0x5f/0x80 ? rcu_nocb_kthread+0x27a/0x510 ? dax_pmem_percpu_exit+0x50/0x50 [dax_pmem] percpu_ref_switch_to_atomic_rcu+0x1e3/0x1f0 ? percpu_ref_exit+0x60/0x60 rcu_nocb_kthread+0x339/0x510 ? rcu_nocb_kthread+0x27a/0x510 kthread+0x101/0x140 The get_user_pages() path needs to arrange for references to be taken against the dev_pagemap instance backing the pud mapping. Refactor the existing __gup_device_huge_pmd() to also account for the pud case. Link: http://lkml.kernel.org/r/148653181153.38226.9605457830505509385.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams Cc: Dave Jiang Cc: Matthew Wilcox Cc: Ross Zwisler Cc: Kirill A. Shutemov Cc: Nilesh Choudhury Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/mm/gup.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) commit c791ace1e747371658237f0d30234fef56c39669 Author: Dave Jiang Date: Fri Feb 24 14:57:08 2017 -0800 mm: replace FAULT_FLAG_SIZE with parameter to huge_fault Since the introduction of FAULT_FLAG_SIZE to the vm_fault flag, it has been somewhat painful with getting the flags set and removed at the correct locations. More than one kernel oops was introduced due to difficulties of getting the placement correctly. Remove the flag values and introduce an input parameter to huge_fault that indicates the size of the page entry. This makes the code easier to trace and should avoid the issues we see with the fault flags where removal of the flag was necessary in the fallback paths. Link: http://lkml.kernel.org/r/148615748258.43180.1690152053774975329.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Dave Jiang Tested-by: Dan Williams Reviewed-by: Jan Kara Cc: Matthew Wilcox Cc: Dave Hansen Cc: Vlastimil Babka Cc: Ross Zwisler Cc: Kirill A. Shutemov Cc: Nilesh Choudhury Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/dax/dax.c | 18 ++++++++++++------ fs/dax.c | 9 +++++---- fs/ext2/file.c | 2 +- fs/ext4/file.c | 12 +++++++++--- fs/xfs/xfs_file.c | 9 +++++---- include/linux/dax.h | 3 ++- include/linux/mm.h | 14 ++++++++------ mm/memory.c | 17 ++++------------- 8 files changed, 46 insertions(+), 38 deletions(-) commit 9557feee39b75ceb502b4777e08706df1ddf10ed Author: Dave Jiang Date: Fri Feb 24 14:57:05 2017 -0800 dax: support for transparent PUD pages for device DAX Add transparent huge PUD pages support for device DAX by adding a pud_fault handler. Link: http://lkml.kernel.org/r/148545060002.17912.6765687780007547551.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Dave Jiang Cc: Matthew Wilcox Cc: Dave Hansen Cc: Vlastimil Babka Cc: Jan Kara Cc: Dan Williams Cc: Ross Zwisler Cc: Kirill A. Shutemov Cc: Nilesh Choudhury Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/dax/dax.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) commit a00cc7d9dd93d66a3fb83fc52aa57a4bec51c517 Author: Matthew Wilcox Date: Fri Feb 24 14:57:02 2017 -0800 mm, x86: add support for PUD-sized transparent hugepages The current transparent hugepage code only supports PMDs. This patch adds support for transparent use of PUDs with DAX. It does not include support for anonymous pages. x86 support code also added. Most of this patch simply parallels the work that was done for huge PMDs. The only major difference is how the new ->pud_entry method in mm_walk works. The ->pmd_entry method replaces the ->pte_entry method, whereas the ->pud_entry method works along with either ->pmd_entry or ->pte_entry. The pagewalk code takes care of locking the PUD before calling ->pud_walk, so handlers do not need to worry whether the PUD is stable. [dave.jiang@intel.com: fix SMP x86 32bit build for native_pud_clear()] Link: http://lkml.kernel.org/r/148719066814.31111.3239231168815337012.stgit@djiang5-desk3.ch.intel.com [dave.jiang@intel.com: native_pud_clear missing on i386 build] Link: http://lkml.kernel.org/r/148640375195.69754.3315433724330910314.stgit@djiang5-desk3.ch.intel.com Link: http://lkml.kernel.org/r/148545059381.17912.8602162635537598445.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Matthew Wilcox Signed-off-by: Dave Jiang Tested-by: Alexander Kapshuk Cc: Dave Hansen Cc: Vlastimil Babka Cc: Jan Kara Cc: Dan Williams Cc: Ross Zwisler Cc: Kirill A. Shutemov Cc: Nilesh Choudhury Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/Kconfig | 3 + arch/x86/Kconfig | 1 + arch/x86/include/asm/paravirt.h | 11 ++ arch/x86/include/asm/paravirt_types.h | 2 + arch/x86/include/asm/pgtable-2level.h | 17 +++ arch/x86/include/asm/pgtable-3level.h | 30 ++++ arch/x86/include/asm/pgtable.h | 140 +++++++++++++++++++ arch/x86/include/asm/pgtable_64.h | 15 ++ arch/x86/kernel/paravirt.c | 1 + arch/x86/mm/pgtable.c | 31 +++++ include/asm-generic/pgtable.h | 80 ++++++++++- include/asm-generic/tlb.h | 14 ++ include/linux/huge_mm.h | 83 +++++++++++- include/linux/mm.h | 30 +++- include/linux/mmu_notifier.h | 14 ++ include/linux/pfn_t.h | 12 ++ mm/gup.c | 7 + mm/huge_memory.c | 249 ++++++++++++++++++++++++++++++++++ mm/memory.c | 88 +++++++++++- mm/pagewalk.c | 20 ++- mm/pgtable-generic.c | 14 ++ 21 files changed, 844 insertions(+), 18 deletions(-) commit a2d581675d485eb7188f521f36efc114639a3096 Author: Dave Jiang Date: Fri Feb 24 14:56:59 2017 -0800 mm,fs,dax: change ->pmd_fault to ->huge_fault Patch series "1G transparent hugepage support for device dax", v2. The following series implements support for 1G trasparent hugepage on x86 for device dax. The bulk of the code was written by Mathew Wilcox a while back supporting transparent 1G hugepage for fs DAX. I have forward ported the relevant bits to 4.10-rc. The current submission has only the necessary code to support device DAX. Comments from Dan Williams: So the motivation and intended user of this functionality mirrors the motivation and users of 1GB page support in hugetlbfs. Given expected capacities of persistent memory devices an in-memory database may want to reduce tlb pressure beyond what they can already achieve with 2MB mappings of a device-dax file. We have customer feedback to that effect as Willy mentioned in his previous version of these patches [1]. [1]: https://lkml.org/lkml/2016/1/31/52 Comments from Nilesh @ Oracle: There are applications which have a process model; and if you assume 10,000 processes attempting to mmap all the 6TB memory available on a server; we are looking at the following: processes : 10,000 memory : 6TB pte @ 4k page size: 8 bytes / 4K of memory * #processes = 6TB / 4k * 8 * 10000 = 1.5GB * 80000 = 120,000GB pmd @ 2M page size: 120,000 / 512 = ~240GB pud @ 1G page size: 240GB / 512 = ~480MB As you can see with 2M pages, this system will use up an exorbitant amount of DRAM to hold the page tables; but the 1G pages finally brings it down to a reasonable level. Memory sizes will keep increasing; so this number will keep increasing. An argument can be made to convert the applications from process model to thread model, but in the real world that may not be always practical. Hopefully this helps explain the use case where this is valuable. This patch (of 3): In preparation for adding the ability to handle PUD pages, convert vm_operations_struct.pmd_fault to vm_operations_struct.huge_fault. The vm_fault structure is extended to include a union of the different page table pointers that may be needed, and three flag bits are reserved to indicate which type of pointer is in the union. [ross.zwisler@linux.intel.com: remove unused function ext4_dax_huge_fault()] Link: http://lkml.kernel.org/r/1485813172-7284-1-git-send-email-ross.zwisler@linux.intel.com [dave.jiang@intel.com: clear PMD or PUD size flags when in fall through path] Link: http://lkml.kernel.org/r/148589842696.5820.16078080610311444794.stgit@djiang5-desk3.ch.intel.com Link: http://lkml.kernel.org/r/148545058784.17912.6353162518188733642.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Matthew Wilcox Signed-off-by: Dave Jiang Signed-off-by: Ross Zwisler Cc: Dave Hansen Cc: Vlastimil Babka Cc: Jan Kara Cc: Dan Williams Cc: Kirill A. Shutemov Cc: Nilesh Choudhury Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Cc: Dave Jiang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/dax/dax.c | 34 +++++++++++++--------------------- fs/dax.c | 45 ++++++++++++++++++++++++++++++++------------- fs/ext2/file.c | 2 +- fs/ext4/file.c | 23 +---------------------- fs/xfs/xfs_file.c | 10 +++++----- fs/xfs/xfs_trace.h | 2 +- include/linux/dax.h | 6 ------ include/linux/mm.h | 10 +++++++++- mm/memory.c | 18 ++++++++++++------ 9 files changed, 74 insertions(+), 76 deletions(-) commit bd233f538d51c2cae6f0bfc2cf7f0960e1683b8a Author: Mel Gorman Date: Fri Feb 24 14:56:56 2017 -0800 mm, page_alloc: use static global work_struct for draining per-cpu pages As suggested by Vlastimil Babka and Tejun Heo, this patch uses a static work_struct to co-ordinate the draining of per-cpu pages on the workqueue. Only one task can drain at a time but this is better than the previous scheme that allowed multiple tasks to send IPIs at a time. One consideration is whether parallel requests should synchronise against each other. This patch does not synchronise for a global drain as the common case for such callers is expected to be multiple parallel direct reclaimers competing for pages when the watermark is close to min. Draining the per-cpu list is unlikely to make much progress and serialising the drain is of dubious merit. Drains are synchonrised for callers such as memory hotplug and CMA that care about the drain being complete when the function returns. Link: http://lkml.kernel.org/r/20170125083038.rzb5f43nptmk7aed@techsingularity.net Signed-off-by: Mel Gorman Suggested-by: Tejun Heo Suggested-by: Vlastimil Babka Acked-by: Vlastimil Babka Acked-by: Hillf Danton Cc: Jesper Dangaard Brouer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) commit 5104782011a12b04fe9cfaa6f1085bdcdedd79c4 Author: Vlastimil Babka Date: Fri Feb 24 14:56:53 2017 -0800 mm, page_alloc: don't check cpuset allowed twice in fast-path Since commit 682a3385e773 ("mm, page_alloc: inline the fast path of the zonelist iterator") we replace a NULL nodemask with cpuset_current_mems_allowed in the fast path, so that get_page_from_freelist() filters nodes allowed by the cpuset via for_next_zone_zonelist_nodemask(). In that case it's pointless to additionaly check __cpuset_zone_allowed() in each iteration, which we can avoid by not adding ALLOC_CPUSET to alloc_flags in that scenario. This saves some cycles in the allocator fast path on systems with one or more non-root cpuset configured. In the slow path, ALLOC_CPUSET is reset according to __alloc_pages_slowpath(). Without configured cpusets, this code is disabled by a static key. Link: http://lkml.kernel.org/r/20170124150511.5710-2-vbabka@suse.cz Signed-off-by: Vlastimil Babka Reviewed-by: Anshuman Khandual Acked-by: Michal Hocko Cc: Anshuman Khandual Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit df76cee6bbeb2ed036f1622f63a99c28cecf6b30 Author: Vlastimil Babka Date: Fri Feb 24 14:56:50 2017 -0800 mm, page_alloc: remove redundant checks from alloc fastpath The allocation fast path contains two similar checks for zoneref->zone being NULL, where zoneref points either to the first zone in the zonelist, or to the preferred zone. These can be NULL either due to empty zonelist, or no zone being compatible with given nodemask or task's cpuset. These checks are unnecessary, because the zonelist walks in first_zones_zonelist() and get_page_from_freelist() handle a NULL starting zoneref->zone or preferred_zoneref->zone safely. It's safe to fallback to __alloc_pages_slowpath() where we also have the check early enough. Link: http://lkml.kernel.org/r/20170124150511.5710-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka Cc: Michal Hocko Cc: Anshuman Khandual Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 18 ------------------ 1 file changed, 18 deletions(-) commit a09759acaacf6cf738e1bc6c66d41485c87fd371 Author: Minchan Kim Date: Fri Feb 24 14:56:47 2017 -0800 zram: remove waitqueue for IO done zram_reset_device() waits for ongoing writepage pages to be completed by zram->refcount logic. However, it's pointless because before the reset, we prevent further opening of zram by zram->claim and flush all of pending IO by fsync_bdev so there should be no pending IO at the zram_reset_device(). So let's remove that code which is even broken due to the lack of wake_up elsewhere. Link: http://lkml.kernel.org/r/1485145031-11661-1-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Reviewed-by: Sergey Senozhatsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/block/zram/zram_drv.c | 40 +++------------------------------------- drivers/block/zram/zram_drv.h | 3 --- 2 files changed, 3 insertions(+), 40 deletions(-) commit 3edf41d84587701db4650276262d1b71fdf20d9f Author: seokhoon.yoon Date: Fri Feb 24 14:56:44 2017 -0800 mm: fix comments for mmap_init() mmap_init() is no longer associated with VMA slab. So fix it. Link: http://lkml.kernel.org/r/1485182601-9294-1-git-send-email-iamyooon@gmail.com Signed-off-by: seokhoon.yoon Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mmap.c | 2 +- mm/nommu.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 11bac80004499ea59f361ef2a5516c84b6eab675 Author: Dave Jiang Date: Fri Feb 24 14:56:41 2017 -0800 mm, fs: reduce fault, page_mkwrite, and pfn_mkwrite to take only vmf ->fault(), ->page_mkwrite(), and ->pfn_mkwrite() calls do not need to take a vma and vmf parameter when the vma already resides in vmf. Remove the vma parameter to simplify things. [arnd@arndb.de: fix ARM build] Link: http://lkml.kernel.org/r/20170125223558.1451224-1-arnd@arndb.de Link: http://lkml.kernel.org/r/148521301778.19116.10840599906674778980.stgit@djiang5-desk3.ch.intel.com Signed-off-by: Dave Jiang Signed-off-by: Arnd Bergmann Reviewed-by: Ross Zwisler Cc: Theodore Ts'o Cc: Darrick J. Wong Cc: Matthew Wilcox Cc: Dave Hansen Cc: Christoph Hellwig Cc: Jan Kara Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/kvm/book3s_64_vio.c | 4 +-- arch/powerpc/platforms/cell/spufs/file.c | 39 ++++++++++++------------ drivers/android/binder.c | 2 +- drivers/char/agp/alpha-agp.c | 5 ++- drivers/char/mspec.c | 6 ++-- drivers/dax/dax.c | 12 ++++---- drivers/gpu/drm/armada/armada_gem.c | 9 +++--- drivers/gpu/drm/drm_vm.c | 32 ++++++++++--------- drivers/gpu/drm/etnaviv/etnaviv_drv.h | 2 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 3 +- drivers/gpu/drm/exynos/exynos_drm_gem.c | 3 +- drivers/gpu/drm/exynos/exynos_drm_gem.h | 2 +- drivers/gpu/drm/gma500/framebuffer.c | 3 +- drivers/gpu/drm/gma500/gem.c | 3 +- drivers/gpu/drm/gma500/psb_drv.h | 2 +- drivers/gpu/drm/i915/i915_drv.h | 2 +- drivers/gpu/drm/i915/i915_gem.c | 4 +-- drivers/gpu/drm/msm/msm_drv.h | 2 +- drivers/gpu/drm/msm/msm_gem.c | 3 +- drivers/gpu/drm/omapdrm/omap_drv.h | 2 +- drivers/gpu/drm/omapdrm/omap_gem.c | 4 +-- drivers/gpu/drm/qxl/qxl_ttm.c | 6 ++-- drivers/gpu/drm/radeon/radeon_ttm.c | 6 ++-- drivers/gpu/drm/tegra/gem.c | 3 +- drivers/gpu/drm/ttm/ttm_bo_vm.c | 10 +++--- drivers/gpu/drm/udl/udl_drv.h | 2 +- drivers/gpu/drm/udl/udl_gem.c | 3 +- drivers/gpu/drm/vgem/vgem_drv.c | 3 +- drivers/gpu/drm/virtio/virtgpu_ttm.c | 7 ++--- drivers/hsi/clients/cmt_speech.c | 4 +-- drivers/hwtracing/intel_th/msu.c | 6 ++-- drivers/infiniband/hw/hfi1/file_ops.c | 4 +-- drivers/infiniband/hw/qib/qib_file_ops.c | 2 +- drivers/media/v4l2-core/videobuf-dma-sg.c | 3 +- drivers/misc/cxl/context.c | 3 +- drivers/misc/sgi-gru/grumain.c | 3 +- drivers/misc/sgi-gru/grutables.h | 2 +- drivers/scsi/cxlflash/superpipe.c | 6 ++-- drivers/scsi/sg.c | 3 +- drivers/staging/android/ion/ion.c | 6 ++-- drivers/staging/lustre/lustre/llite/llite_mmap.c | 7 +++-- drivers/staging/lustre/lustre/llite/vvp_io.c | 2 +- drivers/target/target_core_user.c | 6 ++-- drivers/uio/uio.c | 6 ++-- drivers/usb/mon/mon_bin.c | 4 +-- drivers/video/fbdev/core/fb_defio.c | 16 +++++----- drivers/xen/privcmd.c | 4 +-- fs/9p/vfs_file.c | 4 +-- fs/btrfs/ctree.h | 2 +- fs/btrfs/inode.c | 6 ++-- fs/ceph/addr.c | 8 +++-- fs/cifs/file.c | 2 +- fs/dax.c | 15 ++++----- fs/ext2/file.c | 17 +++++------ fs/ext4/ext4.h | 4 +-- fs/ext4/file.c | 17 +++++------ fs/ext4/inode.c | 9 +++--- fs/f2fs/file.c | 7 ++--- fs/fuse/file.c | 6 ++-- fs/gfs2/file.c | 8 ++--- fs/iomap.c | 5 ++- fs/kernfs/file.c | 13 ++++---- fs/ncpfs/mmap.c | 7 ++--- fs/nfs/file.c | 4 +-- fs/nilfs2/file.c | 3 +- fs/ocfs2/mmap.c | 15 ++++----- fs/proc/vmcore.c | 4 +-- fs/ubifs/file.c | 5 ++- fs/xfs/xfs_file.c | 25 +++++++-------- include/linux/dax.h | 5 ++- include/linux/iomap.h | 3 +- include/linux/mm.h | 10 +++--- ipc/shm.c | 6 ++-- kernel/events/core.c | 6 ++-- kernel/relay.c | 4 +-- mm/filemap.c | 19 ++++++------ mm/hugetlb.c | 2 +- mm/memory.c | 6 ++-- mm/mmap.c | 9 +++--- mm/nommu.c | 2 +- mm/shmem.c | 3 +- security/selinux/selinuxfs.c | 5 ++- sound/core/pcm_native.c | 15 ++++----- sound/usb/usx2y/us122l.c | 5 ++- sound/usb/usx2y/usX2Yhwdep.c | 7 ++--- sound/usb/usx2y/usx2yhwdeppcm.c | 5 ++- virt/kvm/kvm_main.c | 4 +-- 87 files changed, 283 insertions(+), 290 deletions(-) commit 374ad05ab64d696303cec5cc8ec3a65d457b7b1c Author: Mel Gorman Date: Fri Feb 24 14:56:38 2017 -0800 mm, page_alloc: only use per-cpu allocator for irq-safe requests Many workloads that allocate pages are not handling an interrupt at a time. As allocation requests may be from IRQ context, it's necessary to disable/enable IRQs for every page allocation. This cost is the bulk of the free path but also a significant percentage of the allocation path. This patch alters the locking and checks such that only irq-safe allocation requests use the per-cpu allocator. All others acquire the irq-safe zone->lock and allocate from the buddy allocator. It relies on disabling preemption to safely access the per-cpu structures. It could be slightly modified to avoid soft IRQs using it but it's not clear it's worthwhile. This modification may slow allocations from IRQ context slightly but the main gain from the per-cpu allocator is that it scales better for allocations from multiple contexts. There is an implicit assumption that intensive allocations from IRQ contexts on multiple CPUs from a single NUMA node are rare and that the fast majority of scaling issues are encountered in !IRQ contexts such as page faulting. It's worth noting that this patch is not required for a bulk page allocator but it significantly reduces the overhead. The following is results from a page allocator micro-benchmark. Only order-0 is interesting as higher orders do not use the per-cpu allocator 4.10.0-rc2 4.10.0-rc2 vanilla irqsafe-v1r5 Amean alloc-odr0-1 287.15 ( 0.00%) 219.00 ( 23.73%) Amean alloc-odr0-2 221.23 ( 0.00%) 183.23 ( 17.18%) Amean alloc-odr0-4 187.00 ( 0.00%) 151.38 ( 19.05%) Amean alloc-odr0-8 167.54 ( 0.00%) 132.77 ( 20.75%) Amean alloc-odr0-16 156.00 ( 0.00%) 123.00 ( 21.15%) Amean alloc-odr0-32 149.00 ( 0.00%) 118.31 ( 20.60%) Amean alloc-odr0-64 138.77 ( 0.00%) 116.00 ( 16.41%) Amean alloc-odr0-128 145.00 ( 0.00%) 118.00 ( 18.62%) Amean alloc-odr0-256 136.15 ( 0.00%) 125.00 ( 8.19%) Amean alloc-odr0-512 147.92 ( 0.00%) 121.77 ( 17.68%) Amean alloc-odr0-1024 147.23 ( 0.00%) 126.15 ( 14.32%) Amean alloc-odr0-2048 155.15 ( 0.00%) 129.92 ( 16.26%) Amean alloc-odr0-4096 164.00 ( 0.00%) 136.77 ( 16.60%) Amean alloc-odr0-8192 166.92 ( 0.00%) 138.08 ( 17.28%) Amean alloc-odr0-16384 159.00 ( 0.00%) 138.00 ( 13.21%) Amean free-odr0-1 165.00 ( 0.00%) 89.00 ( 46.06%) Amean free-odr0-2 113.00 ( 0.00%) 63.00 ( 44.25%) Amean free-odr0-4 99.00 ( 0.00%) 54.00 ( 45.45%) Amean free-odr0-8 88.00 ( 0.00%) 47.38 ( 46.15%) Amean free-odr0-16 83.00 ( 0.00%) 46.00 ( 44.58%) Amean free-odr0-32 80.00 ( 0.00%) 44.38 ( 44.52%) Amean free-odr0-64 72.62 ( 0.00%) 43.00 ( 40.78%) Amean free-odr0-128 78.00 ( 0.00%) 42.00 ( 46.15%) Amean free-odr0-256 80.46 ( 0.00%) 57.00 ( 29.16%) Amean free-odr0-512 96.38 ( 0.00%) 64.69 ( 32.88%) Amean free-odr0-1024 107.31 ( 0.00%) 72.54 ( 32.40%) Amean free-odr0-2048 108.92 ( 0.00%) 78.08 ( 28.32%) Amean free-odr0-4096 113.38 ( 0.00%) 82.23 ( 27.48%) Amean free-odr0-8192 112.08 ( 0.00%) 82.85 ( 26.08%) Amean free-odr0-16384 110.38 ( 0.00%) 81.92 ( 25.78%) Amean total-odr0-1 452.15 ( 0.00%) 308.00 ( 31.88%) Amean total-odr0-2 334.23 ( 0.00%) 246.23 ( 26.33%) Amean total-odr0-4 286.00 ( 0.00%) 205.38 ( 28.19%) Amean total-odr0-8 255.54 ( 0.00%) 180.15 ( 29.50%) Amean total-odr0-16 239.00 ( 0.00%) 169.00 ( 29.29%) Amean total-odr0-32 229.00 ( 0.00%) 162.69 ( 28.96%) Amean total-odr0-64 211.38 ( 0.00%) 159.00 ( 24.78%) Amean total-odr0-128 223.00 ( 0.00%) 160.00 ( 28.25%) Amean total-odr0-256 216.62 ( 0.00%) 182.00 ( 15.98%) Amean total-odr0-512 244.31 ( 0.00%) 186.46 ( 23.68%) Amean total-odr0-1024 254.54 ( 0.00%) 198.69 ( 21.94%) Amean total-odr0-2048 264.08 ( 0.00%) 208.00 ( 21.24%) Amean total-odr0-4096 277.38 ( 0.00%) 219.00 ( 21.05%) Amean total-odr0-8192 279.00 ( 0.00%) 220.92 ( 20.82%) Amean total-odr0-16384 269.38 ( 0.00%) 219.92 ( 18.36%) This is the alloc, free and total overhead of allocating order-0 pages in batches of 1 page up to 16384 pages. Avoiding disabling/enabling overhead massively reduces overhead. Alloc overhead is roughly reduced by 14-20% in most cases. The free path is reduced by 26-46% and the total reduction is significant. Many users require zeroing of pages from the page allocator which is the vast cost of allocation. Hence, the impact on a basic page faulting benchmark is not that significant 4.10.0-rc2 4.10.0-rc2 vanilla irqsafe-v1r5 Hmean page_test 656632.98 ( 0.00%) 675536.13 ( 2.88%) Hmean brk_test 3845502.67 ( 0.00%) 3867186.94 ( 0.56%) Stddev page_test 10543.29 ( 0.00%) 4104.07 ( 61.07%) Stddev brk_test 33472.36 ( 0.00%) 15538.39 ( 53.58%) CoeffVar page_test 1.61 ( 0.00%) 0.61 ( 62.15%) CoeffVar brk_test 0.87 ( 0.00%) 0.40 ( 53.84%) Max page_test 666513.33 ( 0.00%) 678640.00 ( 1.82%) Max brk_test 3882800.00 ( 0.00%) 3887008.66 ( 0.11%) This is from aim9 and the most notable outcome is that fault variability is reduced by the patch. The headline improvement is small as the overall fault cost, zeroing, page table insertion etc dominate relative to disabling/enabling IRQs in the per-cpu allocator. Similarly, little benefit was seen on networking benchmarks both localhost and between physical server/clients where other costs dominate. It's possible that this will only be noticable on very high speed networks. Jesper Dangaard Brouer independently tested this with a separate microbenchmark from https://github.com/netoptimizer/prototype-kernel/tree/master/kernel/mm/bench Micro-benchmarked with [1] page_bench02: modprobe page_bench02 page_order=0 run_flags=$((2#010)) loops=$((10**8)); \ rmmod page_bench02 ; dmesg --notime | tail -n 4 Compared to baseline: 213 cycles(tsc) 53.417 ns - against this : 184 cycles(tsc) 46.056 ns - Saving : -29 cycles - Very close to expected 27 cycles saving [see below [2]] Micro benchmarking via time_bench_sample[3], we get the cost of these operations: time_bench: Type:for_loop Per elem: 0 cycles(tsc) 0.232 ns (step:0) time_bench: Type:spin_lock_unlock Per elem: 33 cycles(tsc) 8.334 ns (step:0) time_bench: Type:spin_lock_unlock_irqsave Per elem: 62 cycles(tsc) 15.607 ns (step:0) time_bench: Type:irqsave_before_lock Per elem: 57 cycles(tsc) 14.344 ns (step:0) time_bench: Type:spin_lock_unlock_irq Per elem: 34 cycles(tsc) 8.560 ns (step:0) time_bench: Type:simple_irq_disable_before_lock Per elem: 37 cycles(tsc) 9.289 ns (step:0) time_bench: Type:local_BH_disable_enable Per elem: 19 cycles(tsc) 4.920 ns (step:0) time_bench: Type:local_IRQ_disable_enable Per elem: 7 cycles(tsc) 1.864 ns (step:0) time_bench: Type:local_irq_save_restore Per elem: 38 cycles(tsc) 9.665 ns (step:0) [Mel's patch removes a ^^^^^^^^^^^^^^^^] ^^^^^^^^^ expected saving - preempt cost time_bench: Type:preempt_disable_enable Per elem: 11 cycles(tsc) 2.794 ns (step:0) [adds a preempt ^^^^^^^^^^^^^^^^^^^^^^] ^^^^^^^^^ adds this cost time_bench: Type:funcion_call_cost Per elem: 6 cycles(tsc) 1.689 ns (step:0) time_bench: Type:func_ptr_call_cost Per elem: 11 cycles(tsc) 2.767 ns (step:0) time_bench: Type:page_alloc_put Per elem: 211 cycles(tsc) 52.803 ns (step:0) Thus, expected improvement is: 38-11 = 27 cycles. [mgorman@techsingularity.net: s/preempt_enable_no_resched/preempt_enable/] Link: http://lkml.kernel.org/r/20170208143128.25ahymqlyspjcixu@techsingularity.net Link: http://lkml.kernel.org/r/20170123153906.3122-5-mgorman@techsingularity.net Signed-off-by: Mel Gorman Acked-by: Hillf Danton Acked-by: Jesper Dangaard Brouer Acked-by: Vlastimil Babka Cc: Hillf Danton Cc: Thomas Gleixner Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 43 +++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) commit a459eeb7b852bcdac605123a500c61286c2a2c3d Author: Michal Hocko Date: Fri Feb 24 14:56:35 2017 -0800 mm, page_alloc: do not depend on cpu hotplug locks inside the allocator Dmitry has reported the following lockdep splat lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3753 __mutex_lock_common kernel/locking/mutex.c:521 [inline] mutex_lock_nested+0x24e/0xff0 kernel/locking/mutex.c:621 pcpu_alloc+0xbda/0x1280 mm/percpu.c:896 __alloc_percpu+0x24/0x30 mm/percpu.c:1075 smpcfd_prepare_cpu+0x73/0xd0 kernel/smp.c:44 cpuhp_invoke_callback+0x254/0x1480 kernel/cpu.c:136 cpuhp_up_callbacks+0x81/0x2a0 kernel/cpu.c:493 _cpu_up+0x1e3/0x2a0 kernel/cpu.c:1057 do_cpu_up+0x73/0xa0 kernel/cpu.c:1087 cpu_up+0x18/0x20 kernel/cpu.c:1095 smp_init+0xe9/0xee kernel/smp.c:564 kernel_init_freeable+0x439/0x690 init/main.c:1010 kernel_init+0x13/0x180 init/main.c:941 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 cpu_hotplug_begin cpu_hotplug.lock pcpu_alloc pcpu_alloc_mutex get_online_cpus+0x62/0x90 kernel/cpu.c:248 drain_all_pages+0xf8/0x710 mm/page_alloc.c:2385 __alloc_pages_direct_reclaim mm/page_alloc.c:3440 [inline] __alloc_pages_slowpath+0x8fd/0x2370 mm/page_alloc.c:3778 __alloc_pages_nodemask+0x8f5/0xc60 mm/page_alloc.c:3980 __alloc_pages include/linux/gfp.h:426 [inline] __alloc_pages_node include/linux/gfp.h:439 [inline] alloc_pages_node include/linux/gfp.h:453 [inline] pcpu_alloc_pages mm/percpu-vm.c:93 [inline] pcpu_populate_chunk+0x1e1/0x900 mm/percpu-vm.c:282 pcpu_alloc+0xe01/0x1280 mm/percpu.c:998 __alloc_percpu_gfp+0x27/0x30 mm/percpu.c:1062 bpf_array_alloc_percpu kernel/bpf/arraymap.c:34 [inline] array_map_alloc+0x532/0x710 kernel/bpf/arraymap.c:99 find_and_alloc_map kernel/bpf/syscall.c:34 [inline] map_create kernel/bpf/syscall.c:188 [inline] SYSC_bpf kernel/bpf/syscall.c:870 [inline] SyS_bpf+0xd64/0x2500 kernel/bpf/syscall.c:827 entry_SYSCALL_64_fastpath+0x1f/0xc2 pcpu_alloc pcpu_alloc_mutex drain_all_pages get_online_cpus cpu_hotplug.lock cpu_hotplug_begin+0x206/0x2e0 kernel/cpu.c:304 _cpu_up+0xca/0x2a0 kernel/cpu.c:1011 do_cpu_up+0x73/0xa0 kernel/cpu.c:1087 cpu_up+0x18/0x20 kernel/cpu.c:1095 smp_init+0xe9/0xee kernel/smp.c:564 kernel_init_freeable+0x439/0x690 init/main.c:1010 kernel_init+0x13/0x180 init/main.c:941 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433 cpu_hotplug_begin cpu_hotplug.lock Pulling cpu hotplug locks inside the page allocator is just too dangerous. Let's remove the dependency by dropping get_online_cpus() from drain_all_pages. This is not so simple though because now we do not have a protection against cpu hotplug which means 2 things: - the work item might be executed on a different cpu in worker from unbound pool so it doesn't run on pinned on the cpu - we have to make sure that we do not race with page_alloc_cpu_dead calling drain_pages_zone Disabling preemption in drain_local_pages_wq will solve the first problem drain_local_pages will determine its local CPU from the WQ context which will be stable after that point, page_alloc_cpu_dead is pinned to the CPU already. The later condition is achieved by disabling IRQs in drain_pages_zone. Fixes: mm, page_alloc: drain per-cpu pages from workqueue context Link: http://lkml.kernel.org/r/20170207201950.20482-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Dmitry Vyukov Acked-by: Tejun Heo Acked-by: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 0ccce3b924212e121503619df97cc0f17189b77b Author: Mel Gorman Date: Fri Feb 24 14:56:32 2017 -0800 mm, page_alloc: drain per-cpu pages from workqueue context The per-cpu page allocator can be drained immediately via drain_all_pages() which sends IPIs to every CPU. In the next patch, the per-cpu allocator will only be used for interrupt-safe allocations which prevents draining it from IPI context. This patch uses workqueues to drain the per-cpu lists instead. This is slower but no slowdown during intensive reclaim was measured and the paths that use drain_all_pages() are not that sensitive to performance. This is particularly true as the path would only be triggered when reclaim is failing. It also makes a some sense to avoid storming a machine with IPIs when it's under memory pressure. Arguably, it should be further adjusted so that only one caller at a time is draining pages but it's beyond the scope of the current patch. Link: http://lkml.kernel.org/r/20170123153906.3122-4-mgorman@techsingularity.net Signed-off-by: Mel Gorman Cc: Vlastimil Babka Cc: Hillf Danton Cc: Jesper Dangaard Brouer Cc: Tejun Heo Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 44 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) commit 9cd7555875bb09dad875e89a76f41f576e11c638 Author: Mel Gorman Date: Fri Feb 24 14:56:29 2017 -0800 mm, page_alloc: split alloc_pages_nodemask() alloc_pages_nodemask does a number of preperation steps that determine what zones can be used for the allocation depending on a variety of factors. This is fine but a hypothetical caller that wanted multiple order-0 pages has to do the preparation steps multiple times. This patch structures __alloc_pages_nodemask such that it's relatively easy to build a bulk order-0 page allocator. There is no functional change. Link: http://lkml.kernel.org/r/20170123153906.3122-3-mgorman@techsingularity.net Signed-off-by: Mel Gorman Acked-by: Hillf Danton Acked-by: Vlastimil Babka Cc: Jesper Dangaard Brouer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 75 +++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 46 insertions(+), 29 deletions(-) commit 066b23935578d3913c2df9bed7addbcdf4711f1a Author: Mel Gorman Date: Fri Feb 24 14:56:26 2017 -0800 mm, page_alloc: split buffered_rmqueue() Patch series "Use per-cpu allocator for !irq requests and prepare for a bulk allocator", v5. This series is motivated by a conversation led by Jesper Dangaard Brouer at the last LSF/MM proposing a generic page pool for DMA-coherent pages. Part of his motivation was due to the overhead of allocating multiple order-0 that led some drivers to use high-order allocations and splitting them. This is very slow in some cases. The first two patches in this series restructure the page allocator such that it is relatively easy to introduce an order-0 bulk page allocator. A patch exists to do that and has been handed over to Jesper until an in-kernel users is created. The third patch prevents the per-cpu allocator being drained from IPI context as that can potentially corrupt the list after patch four is merged. The final patch alters the per-cpu alloctor to make it exclusive to !irq requests. This cuts allocation/free overhead by roughly 30%. Performance tests from both Jesper and me are included in the patch. This patch (of 4): buffered_rmqueue removes a page from a given zone and uses the per-cpu list for order-0. This is fine but a hypothetical caller that wanted multiple order-0 pages has to disable/reenable interrupts multiple times. This patch structures buffere_rmqueue such that it's relatively easy to build a bulk order-0 page allocator. There is no functional change. [mgorman@techsingularity.net: failed per-cpu refill may blow up] Link: http://lkml.kernel.org/r/20170124112723.mshmgwq2ihxku2um@techsingularity.net Link: http://lkml.kernel.org/r/20170123153906.3122-2-mgorman@techsingularity.net Signed-off-by: Mel Gorman Acked-by: Hillf Danton Cc: Vlastimil Babka Cc: Jesper Dangaard Brouer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 128 ++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 79 insertions(+), 49 deletions(-) commit c55e8d035b28b2867e68b0e2d0eee2c0f1016b43 Author: Johannes Weiner Date: Fri Feb 24 14:56:23 2017 -0800 mm: vmscan: move dirty pages out of the way until they're flushed We noticed a performance regression when moving hadoop workloads from 3.10 kernels to 4.0 and 4.6. This is accompanied by increased pageout activity initiated by kswapd as well as frequent bursts of allocation stalls and direct reclaim scans. Even lowering the dirty ratios to the equivalent of less than 1% of memory would not eliminate the issue, suggesting that dirty pages concentrate where the scanner is looking. This can be traced back to recent efforts of thrash avoidance. Where 3.10 would not detect refaulting pages and continuously supply clean cache to the inactive list, a thrashing workload on 4.0+ will detect and activate refaulting pages right away, distilling used-once pages on the inactive list much more effectively. This is by design, and it makes sense for clean cache. But for the most part our workload's cache faults are refaults and its use-once cache is from streaming writes. We end up with most of the inactive list dirty, and we don't go after the active cache as long as we have use-once pages around. But waiting for writes to avoid reclaiming clean cache that *might* refault is a bad trade-off. Even if the refaults happen, reads are faster than writes. Before getting bogged down on writeback, reclaim should first look at *all* cache in the system, even active cache. To accomplish this, activate pages that are dirty or under writeback when they reach the end of the inactive LRU. The pages are marked for immediate reclaim, meaning they'll get moved back to the inactive LRU tail as soon as they're written back and become reclaimable. But in the meantime, by reducing the inactive list to only immediately reclaimable pages, we allow the scanner to deactivate and refill the inactive list with clean cache from the active list tail to guarantee forward progress. [hannes@cmpxchg.org: update comment] Link: http://lkml.kernel.org/r/20170202191957.22872-8-hannes@cmpxchg.org Link: http://lkml.kernel.org/r/20170123181641.23938-6-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Minchan Kim Acked-by: Michal Hocko Acked-by: Hillf Danton Cc: Mel Gorman Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm_inline.h | 7 +++++++ mm/swap.c | 9 +++++---- mm/vmscan.c | 15 ++++++++++++--- 3 files changed, 24 insertions(+), 7 deletions(-) commit 4eda48235011d6965f5229f8955ddcd355311570 Author: Johannes Weiner Date: Fri Feb 24 14:56:20 2017 -0800 mm: vmscan: only write dirty pages that the scanner has seen twice Dirty pages can easily reach the end of the LRU while there are still clean pages to reclaim around. Don't let kswapd write them back just because there are a lot of them. It costs more CPU to find the clean pages, but that's almost certainly better than to disrupt writeback from the flushers with LRU-order single-page writes from reclaim. And the flushers have been woken up by that point, so we spend IO capacity on flushing and CPU capacity on finding the clean cache. Only start writing dirty pages if they have cycled around the LRU twice now and STILL haven't been queued on the IO device. It's possible that the dirty pages are so sparsely distributed across different bdis, inodes, memory cgroups, that the flushers take forever to get to the ones we want reclaimed. Once we see them twice on the LRU, we know that's the quicker way to find them, so do LRU writeback. Link: http://lkml.kernel.org/r/20170123181641.23938-5-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Minchan Kim Acked-by: Michal Hocko Acked-by: Mel Gorman Acked-by: Hillf Danton Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit bbef938429f5b201f9972f399a04f01af1934cc2 Author: Johannes Weiner Date: Fri Feb 24 14:56:17 2017 -0800 mm: vmscan: remove old flusher wakeup from direct reclaim path Direct reclaim has been replaced by kswapd reclaim in pretty much all common memory pressure situations, so this code most likely doesn't accomplish the described effect anymore. The previous patch wakes up flushers for all reclaimers when we encounter dirty pages at the tail end of the LRU. Remove the crufty old direct reclaim invocation. Link: http://lkml.kernel.org/r/20170123181641.23938-4-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Minchan Kim Acked-by: Michal Hocko Acked-by: Hillf Danton Cc: Mel Gorman Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 17 ----------------- 1 file changed, 17 deletions(-) commit 726d061fbd3658e4bfeffa1b8e82da97de2ca4dd Author: Johannes Weiner Date: Fri Feb 24 14:56:14 2017 -0800 mm: vmscan: kick flushers when we encounter dirty pages on the LRU Memory pressure can put dirty pages at the end of the LRU without anybody running into dirty limits. Don't start writing individual pages from kswapd while the flushers might be asleep. Unlike the old direct reclaim flusher wakeup (removed in the next patch) that flushes the number of pages just scanned, this patch wakes the flushers for all outstanding dirty pages. That seemed to perform better in a synthetic test that pushes dirty pages to the end of the LRU and into reclaim, because we know LRU aging outstrips writeback already, and this way we give younger dirty pages a headstart rather than wait until reclaim runs into them as well. It also means less plugging and risk of exhausting the struct request pool from reclaim. There is a concern that this will cause temporary files that used to get dirtied and truncated before writeback to now get written to disk under memory pressure. If this turns out to be a real problem, we'll have to revisit this and tame the reclaim flusher wakeups. [hannes@cmpxchg.org: mention dirty expiration as a condition] Link: http://lkml.kernel.org/r/20170126174739.GA30636@cmpxchg.org Link: http://lkml.kernel.org/r/20170123181641.23938-3-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Minchan Kim Acked-by: Michal Hocko Acked-by: Mel Gorman Acked-by: Hillf Danton Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/writeback.h | 2 +- include/trace/events/writeback.h | 2 +- mm/vmscan.c | 18 +++++++++++++----- 3 files changed, 15 insertions(+), 7 deletions(-) commit 1276ad68e2491d1ceeb65f55d790f9277593c459 Author: Johannes Weiner Date: Fri Feb 24 14:56:11 2017 -0800 mm: vmscan: scan dirty pages even in laptop mode Patch series "mm: vmscan: fix kswapd writeback regression". We noticed a regression on multiple hadoop workloads when moving from 3.10 to 4.0 and 4.6, which involves kswapd getting tangled up in page writeout, causing direct reclaim herds that also don't make progress. I tracked it down to the thrash avoidance efforts after 3.10 that make the kernel better at keeping use-once cache and use-many cache sorted on the inactive and active list, with more aggressive protection of the active list as long as there is inactive cache. Unfortunately, our workload's use-once cache is mostly from streaming writes. Waiting for writes to avoid potential reloads in the future is not a good tradeoff. These patches do the following: 1. Wake the flushers when kswapd sees a lump of dirty pages. It's possible to be below the dirty background limit and still have cache velocity push them through the LRU. So start a-flushin'. 2. Let kswapd only write pages that have been rotated twice. This makes sure we really tried to get all the clean pages on the inactive list before resorting to horrible LRU-order writeback. 3. Move rotating dirty pages off the inactive list. Instead of churning or waiting on page writeback, we'll go after clean active cache. This might lead to thrashing, but in this state memory demand outstrips IO speed anyway, and reads are faster than writes. Mel backported the series to 4.10-rc5 with one minor conflict and ran a couple of tests on it. Mix of read/write random workload didn't show anything interesting. Write-only database didn't show much difference in performance but there were slight reductions in IO -- probably in the noise. simoop did show big differences although not as big as Mel expected. This is Chris Mason's workload that similate the VM activity of hadoop. Mel won't go through the full details but over the samples measured during an hour it reported 4.10.0-rc5 4.10.0-rc5 vanilla johannes-v1r1 Amean p50-Read 21346531.56 ( 0.00%) 21697513.24 ( -1.64%) Amean p95-Read 24700518.40 ( 0.00%) 25743268.98 ( -4.22%) Amean p99-Read 27959842.13 ( 0.00%) 28963271.11 ( -3.59%) Amean p50-Write 1138.04 ( 0.00%) 989.82 ( 13.02%) Amean p95-Write 1106643.48 ( 0.00%) 12104.00 ( 98.91%) Amean p99-Write 1569213.22 ( 0.00%) 36343.38 ( 97.68%) Amean p50-Allocation 85159.82 ( 0.00%) 79120.70 ( 7.09%) Amean p95-Allocation 204222.58 ( 0.00%) 129018.43 ( 36.82%) Amean p99-Allocation 278070.04 ( 0.00%) 183354.43 ( 34.06%) Amean final-p50-Read 21266432.00 ( 0.00%) 21921792.00 ( -3.08%) Amean final-p95-Read 24870912.00 ( 0.00%) 26116096.00 ( -5.01%) Amean final-p99-Read 28147712.00 ( 0.00%) 29523968.00 ( -4.89%) Amean final-p50-Write 1130.00 ( 0.00%) 977.00 ( 13.54%) Amean final-p95-Write 1033216.00 ( 0.00%) 2980.00 ( 99.71%) Amean final-p99-Write 1517568.00 ( 0.00%) 32672.00 ( 97.85%) Amean final-p50-Allocation 86656.00 ( 0.00%) 78464.00 ( 9.45%) Amean final-p95-Allocation 211712.00 ( 0.00%) 116608.00 ( 44.92%) Amean final-p99-Allocation 287232.00 ( 0.00%) 168704.00 ( 41.27%) The latencies are actually completely horrific in comparison to 4.4 (and 4.10-rc5 is worse than 4.9 according to historical data for reasons Mel hasn't analysed yet). Still, 95% of write latency (p95-write) is halved by the series and allocation latency is way down. Direct reclaim activity is one fifth of what it was according to vmstats. Kswapd activity is higher but this is not necessarily surprising. Kswapd efficiency is unchanged at 99% (99% of pages scanned were reclaimed) but direct reclaim efficiency went from 77% to 99% In the vanilla kernel, 627MB of data was written back from reclaim context. With the series, no data was written back. With or without the patch, pages are being immediately reclaimed after writeback completes. However, with the patch, only 1/8th of the pages are reclaimed like this. This patch (of 5): We have an elaborate dirty/writeback throttling mechanism inside the reclaim scanner, but for that to work the pages have to go through shrink_page_list() and get counted for what they are. Otherwise, we mess up the LRU order and don't match reclaim speed to writeback. Especially during deactivation, there is never a reason to skip dirty pages; nothing is even trying to write them out from there. Don't mess up the LRU order for nothing, shuffle these pages along. Link: http://lkml.kernel.org/r/20170123181641.23938-2-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Minchan Kim Acked-by: Michal Hocko Acked-by: Mel Gorman Acked-by: Hillf Danton Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mmzone.h | 2 -- mm/vmscan.c | 14 ++------------ 2 files changed, 2 insertions(+), 14 deletions(-) commit 64527f5d540ad496718c7bca5e9387cf6cf94e8c Author: Mike Rapoport Date: Fri Feb 24 14:56:08 2017 -0800 userfaultfd: non-cooperative: selftest: enable REMOVE event test for shmem Now when madvise(MADV_REMOVE) notifies uffd reader, we should verify that appliciation actually sees zeros at the removed range. Link: http://lkml.kernel.org/r/1484814154-1557-4-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrea Arcangeli Cc: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/userfaultfd.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit a6bf53eba98e0c36f51322cd6aa771c0ffa283f3 Author: Mike Rapoport Date: Fri Feb 24 14:56:05 2017 -0800 userfaultfd: non-cooperative: add madvise() event for MADV_REMOVE request When a page is removed from a shared mapping, the uffd reader should be notified, so that it won't attempt to handle #PF events for the removed pages. We can reuse the UFFD_EVENT_REMOVE because from the uffd monitor point of view, the semantices of madvise(MADV_DONTNEED) and madvise(MADV_REMOVE) is exactly the same. Link: http://lkml.kernel.org/r/1484814154-1557-3-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrea Arcangeli Acked-by: Hillf Danton Acked-by: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/madvise.c | 1 + 1 file changed, 1 insertion(+) commit d811914d87576c562e849c00d9f9beff45038801 Author: Mike Rapoport Date: Fri Feb 24 14:56:02 2017 -0800 userfaultfd: non-cooperative: rename *EVENT_MADVDONTNEED to *EVENT_REMOVE Patch series "userfaultfd: non-cooperative: add madvise() event for MADV_REMOVE request". These patches add notification of madvise(MADV_REMOVE) event to non-cooperative userfaultfd monitor. The first pacth renames EVENT_MADVDONTNEED to EVENT_REMOVE along with relevant functions and structures. Using _REMOVE instead of _MADVDONTNEED describes the event semantics more clearly and I hope it's not too late for such change in the ABI. This patch (of 3): The UFFD_EVENT_MADVDONTNEED purpose is to notify uffd monitor about removal of certain range from address space tracked by userfaultfd. Hence, UFFD_EVENT_REMOVE seems to better reflect the operation semantics. Respectively, 'madv_dn' field of uffd_msg is renamed to 'remove' and the madvise_userfault_dontneed callback is renamed to userfaultfd_remove. Link: http://lkml.kernel.org/r/1484814154-1557-2-git-send-email-rppt@linux.vnet.ibm.com Signed-off-by: Mike Rapoport Reviewed-by: Andrea Arcangeli Acked-by: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 14 +++++++------- include/linux/userfaultfd_k.h | 16 ++++++++-------- include/uapi/linux/userfaultfd.h | 8 ++++---- mm/madvise.c | 2 +- tools/testing/selftests/vm/userfaultfd.c | 16 ++++++++-------- 5 files changed, 28 insertions(+), 28 deletions(-) commit 0262d9c845ec349edf93f69688a5129c36cc2232 Author: Heiko Carstens Date: Fri Feb 24 14:55:59 2017 -0800 memblock: embed memblock type name within struct memblock_type Provide the name of each memblock type with struct memblock_type. This allows to get rid of the function memblock_type_name() and duplicating the type names in __memblock_dump_all(). The only memblock_type usage out of mm/memblock.c seems to be arch/s390/kernel/crash_dump.c. While at it, give it a name. Link: http://lkml.kernel.org/r/20170120123456.46508-4-heiko.carstens@de.ibm.com Signed-off-by: Heiko Carstens Cc: Philipp Hachtmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/s390/kernel/crash_dump.c | 1 + include/linux/memblock.h | 1 + mm/memblock.c | 35 +++++++++++------------------------ 3 files changed, 13 insertions(+), 24 deletions(-) commit 409efd4c9bae4bbf58cc8476077db58454b1ed7e Author: Heiko Carstens Date: Fri Feb 24 14:55:56 2017 -0800 memblock: also dump physmem list within __memblock_dump_all Since commit 70210ed950b5 ("mm/memblock: add physical memory list") the memblock structure knows about a physical memory list. The physical memory list should also be dumped if memblock_dump_all() is called in case memblock_debug is switched on. This makes debugging a bit easier. Link: http://lkml.kernel.org/r/20170120123456.46508-3-heiko.carstens@de.ibm.com Signed-off-by: Heiko Carstens Cc: Philipp Hachtmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memblock.c | 3 +++ 1 file changed, 3 insertions(+) commit 7409c5f738c879f7595b46314635c02c4c162484 Author: Heiko Carstens Date: Fri Feb 24 14:55:54 2017 -0800 memblock: let memblock_type_name know about physmem type Since commit 70210ed950b5 ("mm/memblock: add physical memory list") the memblock structure knows about a physical memory list. memblock_type_name() should return "physmem" instead of "unknown" if the name of the physmem memblock_type is being asked for. Link: http://lkml.kernel.org/r/20170120123456.46508-2-heiko.carstens@de.ibm.com Signed-off-by: Heiko Carstens Cc: Philipp Hachtmann Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memblock.c | 4 ++++ 1 file changed, 4 insertions(+) commit 997126bbc58e432e5f26ecec4498229003df1c66 Author: Andrew Morton Date: Fri Feb 24 14:55:51 2017 -0800 mm/memory_hotplug.c: unexport __remove_pages() It has no modular callers. Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory_hotplug.c | 1 - 1 file changed, 1 deletion(-) commit 3fc21924100b13f73c734d0ce8dfcfe913fcf7a8 Author: Dan Williams Date: Fri Feb 24 14:55:48 2017 -0800 mm: validate device_hotplug is held for memory hotplug mem_hotplug_begin() assumes that it can set mem_hotplug.active_writer and run the hotplug process without racing another thread. Validate this assumption with a lockdep assertion. Link: http://lkml.kernel.org/r/148693886229.16345.1770484669403334689.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams Reported-by: Ben Hutchings Cc: Michal Hocko Cc: Toshi Kani Cc: Vlastimil Babka Cc: Logan Gunthorpe Cc: Greg Kroah-Hartman Cc: Masayoshi Mizuma Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/base/core.c | 5 +++++ include/linux/device.h | 1 + mm/memory_hotplug.c | 2 ++ 3 files changed, 8 insertions(+) commit b5d24fda9c3dce51fcb4eee459550a458eaaf1e2 Author: Dan Williams Date: Fri Feb 24 14:55:45 2017 -0800 mm, devm_memremap_pages: hold device_hotplug lock over mem_hotplug_{begin, done} The mem_hotplug_{begin,done} lock coordinates with {get,put}_online_mems() to hold off "readers" of the current state of memory from new hotplug actions. mem_hotplug_begin() expects exclusive access, via the device_hotplug lock, to set mem_hotplug.active_writer. Calling mem_hotplug_begin() without locking device_hotplug can lead to corrupting mem_hotplug.refcount and missed wakeups / soft lockups. [dan.j.williams@intel.com: v2] Link: http://lkml.kernel.org/r/148728203365.38457.17804568297887708345.stgit@dwillia2-desk3.amr.corp.intel.com Link: http://lkml.kernel.org/r/148693885680.16345.17802627926777862337.stgit@dwillia2-desk3.amr.corp.intel.com Fixes: f931ab479dd2 ("mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}") Signed-off-by: Dan Williams Reported-by: Ben Hutchings Cc: Michal Hocko Cc: Toshi Kani Cc: Vlastimil Babka Cc: Logan Gunthorpe Cc: Masayoshi Mizuma Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/memremap.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 299c517adb903ddd376dd103fcc9dcfff3d4728b Author: David Rientjes Date: Fri Feb 24 14:55:42 2017 -0800 mm, oom: header nodemask is NULL when cpusets are disabled Commit 82e7d3abec86 ("oom: print nodemask in the oom report") implicitly sets the allocation nodemask to cpuset_current_mems_allowed when there is no effective mempolicy. cpuset_current_mems_allowed is only effective when cpusets are enabled, which is also printed by dump_header(), so setting the nodemask to cpuset_current_mems_allowed is redundant and prevents debugging issues where ac->nodemask is not set properly in the page allocator. This provides better debugging output since cpuset_print_current_mems_allowed() is already provided. [rientjes@google.com: newline per Hillf] Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1701200158300.88321@chino.kir.corp.google.com Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1701191454470.2381@chino.kir.corp.google.com Signed-off-by: David Rientjes Suggested-by: Vlastimil Babka Acked-by: Hillf Danton Acked-by: Michal Hocko Cc: Johannes Weiner Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/oom_kill.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit e86c59b1b12d0db1c97eb5bec7586a691685c6cc Author: Claudio Imbrenda Date: Fri Feb 24 14:55:39 2017 -0800 mm/ksm: improve deduplication of zero pages with colouring Some architectures have a set of zero pages (coloured zero pages) instead of only one zero page, in order to improve the cache performance. In those cases, the kernel samepage merger (KSM) would merge all the allocated pages that happen to be filled with zeroes to the same deduplicated page, thus losing all the advantages of coloured zero pages. This behaviour is noticeable when a process accesses large arrays of allocated pages containing zeroes. A test I conducted on s390 shows that there is a speed penalty when KSM merges such pages, compared to not merging them or using actual zero pages from the start without breaking the COW. This patch fixes this behaviour. When coloured zero pages are present, the checksum of a zero page is calculated during initialisation, and compared with the checksum of the current canditate during merging. In case of a match, the normal merging routine is used to merge the page with the correct coloured zero page, which ensures the candidate page is checked to be equal to the target zero page. A sysfs entry is also added to toggle this behaviour, since it can potentially introduce performance regressions, especially on architectures without coloured zero pages. The default value is disabled, for backwards compatibility. With this patch, the performance with KSM is the same as with non COW-broken actual zero pages, which is also the same as without KSM. [akpm@linux-foundation.org: make zero_checksum and ksm_use_zero_pages __read_mostly, per Andrea] [imbrenda@linux.vnet.ibm.com: documentation for coloured zero pages deduplication] Link: http://lkml.kernel.org/r/1484927522-1964-1-git-send-email-imbrenda@linux.vnet.ibm.com Link: http://lkml.kernel.org/r/1484850953-23941-1-git-send-email-imbrenda@linux.vnet.ibm.com Signed-off-by: Claudio Imbrenda Cc: Christian Borntraeger Cc: Hugh Dickins Cc: Andrea Arcangeli Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/vm/ksm.txt | 14 ++++++++++ mm/ksm.c | 68 +++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 79 insertions(+), 3 deletions(-) commit 8d4a0170026216e315b1a52ba15357b88487fbc8 Author: Davidlohr Bueso Date: Fri Feb 24 14:55:36 2017 -0800 cris: use generic current.h Given that the arch does not add its own implementations, simply use the asm-generic/current.h (generic-y) header instead of duplicating code. Link: http://lkml.kernel.org/r/1485992878-4780-3-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Mikael Starvik Cc: Jesper Nilsson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/cris/include/asm/Kbuild | 1 + arch/cris/include/asm/current.h | 15 --------------- 2 files changed, 1 insertion(+), 15 deletions(-) commit f8e6859ea9d06ae1565b21278c4e10fbce5f1eab Merge: a682e00 ac65e28 Author: Linus Torvalds Date: Fri Feb 24 15:01:17 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc updates from David Miller: 1) Support multiple huge page sizes, from Nitin Gupta. 2) Improve boot time on large memory configurations, from Pavel Tatashin. 3) Make BRK handling more consistent and documented, from Vijay Kumar. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Fix build error in flush_tsb_user_page sparc64: memblock resizes are not handled properly sparc64: use latency groups to improve add_node_ranges speed sparc64: Add 64K page size support sparc64: Multi-page size support Documentation/sparc: Steps for sending break on sunhv console sparc64: Send break twice from console to return to boot prom sparc64: Migrate hvcons irq to panicked cpu sparc64: Set cpu state to offline when stopped sunvdc: Add support for setting physical sector size sparc64: fix for user probes in high memory sparc: topology_64.h: Fix condition for including cpudata.h sparc32: mm: srmmu: add __ro_after_init to sparc32_cachetlb_ops structures commit a682e0035494c449e53a57d039f86f75b9e2fe67 Merge: 1802979 1ec4922 Author: Linus Torvalds Date: Fri Feb 24 14:42:19 2017 -0800 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md Pull md updates from Shaohua Li: "Mainly fixes bugs and improves performance: - Improve scalability for raid1 from Coly - Improve raid5-cache read performance, disk efficiency and IO pattern from Song and me - Fix a race condition of disk hotplug for linear from Coly - A few cleanup patches from Ming and Byungchul - Fix a memory leak from Neil - Fix WRITE SAME IO failure from me - Add doc for raid5-cache from me" * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: (23 commits) md/raid1: fix write behind issues introduced by bio_clone_bioset_partial md/raid1: handle flush request correctly md/linear: shutup lockdep warnning md/raid1: fix a use-after-free bug RAID1: avoid unnecessary spin locks in I/O barrier code RAID1: a new I/O barrier implementation to remove resync window md/raid5: Don't reinvent the wheel but use existing llist API md: fast clone bio in bio_clone_mddev() md: remove unnecessary check on mddev md/raid1: use bio_clone_bioset_partial() in case of write behind md: fail if mddev->bio_set can't be created block: introduce bio_clone_bioset_partial() md: disable WRITE SAME if it fails in underlayer disks md/raid5-cache: exclude reclaiming stripes in reclaim check md/raid5-cache: stripe reclaim only counts valid stripes MD: add doc for raid5-cache Documentation: move MD related doc into a separate dir md: ensure md devices are freed before module is unloaded. md/r5cache: improve journal device efficiency md/r5cache: enable chunk_aligned_read with write back cache ... commit 1802979ab1ee8ec5a72987ad518f5a91bf41cd89 Merge: f1ef09f 61febef Author: Linus Torvalds Date: Fri Feb 24 14:13:34 2017 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block updates and fixes from Jens Axboe: - NVMe updates and fixes that missed the first pull request. This includes bug fixes, and support for autonomous power management. - Fix from Christoph for missing clear of the request payload, causing a problem with (at least) the storvsc driver. - Further fixes for the queue/bdi life time issues from Jan. - The Kconfig mq scheduler update from me. - Fixing a use-after-free in dm-rq, spotted by Bart, introduced in this merge window. - Three fixes for nbd from Josef. - Bug fix from Omar, fixing a bug in sas transport code that oopses when bsg ioctls were used. From Omar. - Improvements to the queue restart and tag wait from from Omar. - Set of fixes for the sed/opal code from Scott. - Three trivial patches to cciss from Tobin * 'for-linus' of git://git.kernel.dk/linux-block: (41 commits) dm-rq: don't dereference request payload after ending request blk-mq-sched: separate mark hctx and queue restart operations blk-mq: use sbq wait queues instead of restart for driver tags block/sed-opal: Propagate original error message to userland. nvme/pci: re-check security protocol support after reset block/sed-opal: Introduce free_opal_dev to free the structure and clean up state nvme: detect NVMe controller in recent MacBooks nvme-rdma: add support for host_traddr nvmet-rdma: Fix error handling nvmet-rdma: use nvme cm status helper nvme-rdma: move nvme cm status helper to .h file nvme-fc: don't bother to validate ioccsz and iorcsz nvme/pci: No special case for queue busy on IO nvme/core: Fix race kicking freed request_queue nvme/pci: Disable on removal when disconnected nvme: Enable autonomous power state transitions nvme: Add a quirk mechanism that uses identify_ctrl nvme: make nvmf_register_transport require a create_ctrl callback nvme: Use CNS as 8-bit field and avoid endianness conversion nvme: add semicolon in nvme_command setting ... commit 7259f1dfe718234fee3f87d98d082e7f98d1d712 Author: Jeff Layton Date: Fri Feb 24 13:25:25 2017 -0500 sunrpc: don't register UDP port with rpcbind when version needs congestion control Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields net/sunrpc/svc.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 5283b03ee5cd28d516646298bead09b238d92ddc Author: Jeff Layton Date: Fri Feb 24 13:25:24 2017 -0500 nfs/nfsd/sunrpc: enforce transport requirements for NFSv4 NFSv4 requires a transport "that is specified to avoid network congestion" (RFC 7530, section 3.1, paragraph 2). In practical terms, that means that you should not run NFSv4 over UDP. The server has never enforced that requirement, however. This patchset fixes this by adding a new flag to the svc_version that states that it has these transport requirements. With that, we can check that the transport has XPT_CONG_CTRL set before processing an RPC. If it doesn't we reject it with RPC_PROG_MISMATCH. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfs/callback_xdr.c | 2 ++ fs/nfsd/nfs4proc.c | 13 +++++++------ include/linux/sunrpc/svc.h | 3 +++ net/sunrpc/svc.c | 15 +++++++++++++++ 4 files changed, 27 insertions(+), 6 deletions(-) commit e3a60ead2c9b813db832a35e50ebbc6b552a35e3 Author: Krzysztof Kozlowski Date: Fri Feb 24 23:07:43 2017 +0200 watchdog: s3c2410: Add prefix to local function Functions marked static inline might not be inlined so a driver-specific prefix for function name helps when looking through call backtrace. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Guenter Roeck drivers/watchdog/s3c2410_wdt.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 53eac48d5c97e8a926e26ae4205ac890721ef260 Author: Krzysztof Kozlowski Date: Fri Feb 24 23:07:41 2017 +0200 watchdog: s3c2410: Select MFD_SYSCON on all Exynos platforms Syscon is used not only on Exynos5 SoCs but also on Exynos3250, Exynos4412 and ARMv8 versions (Exynos5433, Exynos7). Signed-off-by: Krzysztof Kozlowski Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 456f53d652411594249efc3fcea01842177c9a6f Author: Krzysztof Kozlowski Date: Fri Feb 24 23:07:40 2017 +0200 watchdog: s3c2410: Use dev_dbg instead of pr_info Replace the 'debug' module parameter and pr_info() with proper device dynamic debug calls because this is the preferred and flexible way of enabling debugging printks. Also remove some obvious debug printks. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Guenter Roeck drivers/watchdog/s3c2410_wdt.c | 29 ++++++----------------------- 1 file changed, 6 insertions(+), 23 deletions(-) commit 0b445549ea6f91ffea78a976fe89b932db6e077a Author: Krzysztof Kozlowski Date: Fri Feb 24 17:11:16 2017 +0200 watchdog: s3c2410: Fix infinite interrupt in soft mode In soft (no-reboot) mode, the driver self-pings watchdog upon expiration of an interrupt. However the interrupt itself was not cleared thus on first hit, the system enters infinite interrupt handling loop. On Odroid U3 (Exynos4412), when booted with s3c2410_wdt.soft_noboot=1 argument the console is flooded: # killall -9 watchdog [ 60.523760] s3c2410-wdt 10060000.watchdog: watchdog timer expired (irq) [ 60.536744] s3c2410-wdt 10060000.watchdog: watchdog timer expired (irq) Fix this by writing something to the WTCLRINT register to clear the interrupt. The register WTCLRINT however appeared in S3C6410 so a new watchdog quirk and flavor are needed. Signed-off-by: Krzysztof Kozlowski Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck .../devicetree/bindings/watchdog/samsung-wdt.txt | 9 +++++---- drivers/watchdog/s3c2410_wdt.c | 21 ++++++++++++++++++--- 2 files changed, 23 insertions(+), 7 deletions(-) commit 4f21195d42ef930f20e1753532709bb294aa73ac Author: Krzysztof Kozlowski Date: Fri Feb 24 17:11:15 2017 +0200 watchdog: s3c2410: Remove confusing CONFIG prefix from local defines The CONFIG prefix from defines in the s3c2410_wdt.c might suggest that these constants come from Kconfig. Signed-off-by: Krzysztof Kozlowski Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/s3c2410_wdt.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 4cbc69023a2129c271ed67da555d62eca42469d2 Author: Wolfram Sang Date: Tue Feb 7 15:03:29 2017 +0100 watchdog: softdog: make pretimeout support a compile option It occurred to me that the panic pretimeout governor will stall the softdog, because it is purely software which simply breaks when the kernel panics. Testing governors with the softdog on the other hand is really useful, so make this feature a compile time option which nees to be enabled explicitly. This also removes the overhead if pretimeout support is not used because it will now be compiled away (saving ~10% on ARM32). Signed-off-by: Wolfram Sang Reviewed-by: Vladimir Zapolskiy Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 8 ++++++++ drivers/watchdog/softdog.c | 21 +++++++++++++-------- 2 files changed, 21 insertions(+), 8 deletions(-) commit 8ce6796dabb9f1f55b07cd032449a24b625f761e Author: Baoyou Xie Date: Sat Feb 4 09:34:15 2017 +0800 watchdog: zx2967: add watchdog controller driver for ZTE's zx2967 family This patch adds watchdog controller driver for ZTE's zx2967 family. Signed-off-by: Baoyou Xie Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 10 ++ drivers/watchdog/Makefile | 1 + drivers/watchdog/zx2967_wdt.c | 291 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 302 insertions(+) commit df823c19e5245148b0557577000fb73274af3656 Author: Baoyou Xie Date: Sat Feb 4 09:34:13 2017 +0800 dt: bindings: add documentation for zx2967 family watchdog controller This patch adds dt-binding documentation for zx2967 family watchdog controller. Signed-off-by: Baoyou Xie Acked-by: Rob Herring Signed-off-by: Guenter Roeck .../bindings/watchdog/zte,zx2967-wdt.txt | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) commit f201353273b6dec71940df01ea6eeb528d907941 Author: Alexandre Belloni Date: Mon Jan 30 18:18:48 2017 +0100 watchdog: sama5d4: Implement resume hook When resuming for the deepest state on sama5d2, it is necessary to restore MR as the registers are lost. Signed-off-by: Alexandre Belloni Signed-off-by: Guenter Roeck drivers/watchdog/sama5d4_wdt.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 722ce6356ddfdcb75ab9379f426a89691b0234de Author: Alexandre Belloni Date: Mon Jan 30 18:18:47 2017 +0100 watchdog: sama5d4: Cache MR instead of a partial config .config is used to cache a part of WDT_MR at probe time and is not used afterwards. Instead of doing that, actually cache MR and avoid reading it every time it is modified. Signed-off-by: Alexandre Belloni Signed-off-by: Guenter Roeck drivers/watchdog/sama5d4_wdt.c | 45 ++++++++++++++++++------------------------ 1 file changed, 19 insertions(+), 26 deletions(-) commit 8f8dc7bf3e0ab14d1ce1964dbe66ff8acf8779c6 Author: H Hartley Sweeten Date: Tue Jan 31 09:33:30 2017 -0700 watchdog: ts72xx_wdt: convert driver to watchdog core Cleanup this driver and convert it to use the watchdog framework API. Signed-off-by: H Hartley Sweeten Cc: Mika Westerberg [groeck: Dropped initialization of static variable] Signed-off-by: Guenter Roeck drivers/watchdog/ts72xx_wdt.c | 447 +++++++++--------------------------------- 1 file changed, 89 insertions(+), 358 deletions(-) commit 917003610d178b8bc3cbc63ee9fd203a7b01c444 Author: H Hartley Sweeten Date: Tue Jan 31 09:33:29 2017 -0700 watchdog: ep93xx_wdt: cleanup and let the core handle the heartbeat Cleanup this driver and remove the 200ms heartbeat timer. The core now has the ability to handle the heartbeat. Signed-off-by: H Hartley Sweeten [groeck: Dropped 0-initialization of static variable] Signed-off-by: Guenter Roeck drivers/watchdog/ep93xx_wdt.c | 114 ++++++++++++++++-------------------------- 1 file changed, 44 insertions(+), 70 deletions(-) commit 8751f90c819c156befc630d467adbc003bd59d87 Author: Guenter Roeck Date: Sun Jan 29 11:12:08 2017 -0800 watchdog: RDC321X_WDT always depends on PCI Without this dependency, platforms not supporting PCI (such as m68k) report the following build warning when building allmodconfig or allyesconfig. drivers/watchdog/rdc321x_wdt.c: In function 'rdc321x_wdt_ioctl': ./arch/m68k/include/asm/uaccess_mm.h:61:1: warning: 'value' may be used uninitialized in this function Fixes: f4c3de659054 ("watchdog: Enable COMPILE_TEST where possible") Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 1 + 1 file changed, 1 insertion(+) commit eca10ae6000d45ee3fec65f0abf7e07abfc66abb Author: Linus Walleij Date: Sat Jan 28 23:59:37 2017 +0100 watchdog: add driver for Cortina Gemini watchdog This add support for the Cortina systems Gemini (SL3516) SoC watchdog. I have tried to use all the right new kernel interfaces and tested with busybox' "watchdog" command both to kick and get timeouts and reboots. Signed-off-by: Linus Walleij Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 11 ++ drivers/watchdog/Makefile | 1 + drivers/watchdog/gemini_wdt.c | 229 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 241 insertions(+) commit 428a66554a1d475896e47a23f1d2c99b58fa7105 Author: Linus Walleij Date: Sat Jan 28 23:59:05 2017 +0100 watchdog: add DT bindings for Cortina Gemini This adds DT bindings for the Cortina systems Gemini SoC watchdog timer. Cc: devicetree@vger.kernel.org Signed-off-by: Linus Walleij Signed-off-by: Guenter Roeck .../bindings/watchdog/cortina,gemin-watchdog.txt | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit b893e344bfbd01a3df5df32ecb9f7bf8f1271d46 Author: Bhumika Goyal Date: Sat Jan 28 13:11:17 2017 +0530 watchdog: constify watchdog_ops structures Declare watchdog_ops structures as const as they are only stored in the ops field of a watchdog_device structure. This field is of type const, so watchdog_ops structures having this property can be made const too. Done using Coccinelle: @r disable optional_qualifier@ identifier x; position p; @@ static struct watchdog_ops x@p={...}; @ok@ struct watchdog_device w; identifier r.x; position p; @@ w.ops=&x@p; @bad@ position p != {r.p,ok.p}; identifier r.x; @@ x@p @depends on !bad disable optional_qualifier@ identifier r.x; @@ +const struct watchdog_ops x; File size details before and after patching. First line of every .o file shows the file size before patching and second line shows the size after patching. text data bss dec hex filename 1340 544 0 1884 75c drivers/watchdog/bcm_kona_wdt.o 1436 440 0 1876 754 drivers/watchdog/bcm_kona_wdt.o 1176 544 4 1724 6bc drivers/watchdog/digicolor_wdt.o 1272 440 4 1716 6b4 drivers/watchdog/digicolor_wdt.o 925 580 89 1594 63a drivers/watchdog/ep93xx_wdt.o 1021 476 89 1586 632 drivers/watchdog/ep93xx_wdt.o 4932 288 17 5237 1475 drivers/watchdog/s3c2410_wdt.o 5028 192 17 5237 1475 drivers/watchdog/s3c2410_wdt.o 1977 292 1 2270 8de drivers/watchdog/sama5d4_wdt.o 2073 196 1 2270 8de drivers/watchdog/sama5d4_wdt.o 1375 484 1 1860 744 drivers/watchdog/sirfsoc_wdt.o 1471 380 1 1852 73c drivers/watchdog/sirfsoc_wdt.o Size remains the same for the files drivers/watchdog/diag288_wdt.o drivers/watchdog/asm9260_wdt.o and drivers/watchdog/atlas7_wdt.o The following .o files did not compile: drivers/watchdog/sun4v_wdt.o, drivers/watchdog/sbsa_gwdt.o, drivers/watchdog/rt2880_wdt.o, drivers/watchdog/booke_wdt.o drivers/watchdog/mt7621_wdt.o Signed-off-by: Bhumika Goyal Signed-off-by: Guenter Roeck drivers/watchdog/asm9260_wdt.c | 2 +- drivers/watchdog/atlas7_wdt.c | 2 +- drivers/watchdog/bcm_kona_wdt.c | 2 +- drivers/watchdog/booke_wdt.c | 2 +- drivers/watchdog/diag288_wdt.c | 2 +- drivers/watchdog/digicolor_wdt.c | 2 +- drivers/watchdog/ep93xx_wdt.c | 2 +- drivers/watchdog/mt7621_wdt.c | 2 +- drivers/watchdog/rt2880_wdt.c | 2 +- drivers/watchdog/s3c2410_wdt.c | 2 +- drivers/watchdog/sama5d4_wdt.c | 2 +- drivers/watchdog/sbsa_gwdt.c | 2 +- drivers/watchdog/sirfsoc_wdt.c | 2 +- drivers/watchdog/sun4v_wdt.c | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) commit bb292ac1c6028344013309a309b44dc691581825 Author: Guenter Roeck Date: Wed Jan 25 14:21:10 2017 -0800 watchdog: Introduce watchdog_stop_on_unregister helper Many watchdog drivers explicitly stop the watchdog when unregistering it. While it is unclear if this is actually needed (the whatdog should not be running at that time if it can be stopped), introduce a helper to explicitly stop the watchdog in the watchdog core when unregistering it. This helps reducing driver code size while retaining functionality. Signed-off-by: Guenter Roeck Documentation/watchdog/watchdog-kernel-api.txt | 6 ++++++ drivers/watchdog/watchdog_dev.c | 5 +++++ include/linux/watchdog.h | 7 +++++++ 3 files changed, 18 insertions(+) commit 540aea3dbffc6a75d0b3b77db1cde36a065a6ab5 Author: William Breathitt Gray Date: Tue Jan 24 17:02:33 2017 -0500 watchdog: ebc-c384_wdt: Utilize devm_ functions in driver probe callback The devm_ resource manager functions allow memory to be automatically released when a device is unbound. This patch takes advantage of the resource manager functions and replaces the watchdog_register_device call with the devm_watchdog_register_device call. In addition, the ebc_c384_wdt_remove function has been removed as no longer necessary due to the use of the relevant devm_ resource manager functions. Signed-off-by: William Breathitt Gray Signed-off-by: Guenter Roeck drivers/watchdog/ebc-c384_wdt.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) commit 4b448c96a7f0fd092a4113cab9248ddb7bf21c17 Author: Guenter Roeck Date: Tue Jan 10 18:09:11 2017 -0800 watchdog: tegra_wdt: Convert to use device managed functions Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Use devm_watchdog_register_driver() to register watchdog device Cc: Stephen Warren Cc: Thierry Reding Cc: Alexandre Courbot Signed-off-by: Guenter Roeck Acked-by: Thierry Reding Signed-off-by: Guenter Roeck drivers/watchdog/tegra_wdt.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 64b849e28b8be15a5bb855890fd9ddb8be162db6 Author: Guenter Roeck Date: Tue Jan 10 15:21:47 2017 -0800 watchdog: da9063_wdt: Convert to use device managed functions Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Replace 'val = e; return val;' with 'return e;' - Replace 'if (e) return e; return 0;' with 'return e;' - Drop assignments to otherwise unused variables - Drop unused variables - Drop remove function - Drop dev_set_drvdata() - Use devm_watchdog_register_driver() to register watchdog device Acked-by: Adam Thomson Signed-off-by: Guenter Roeck drivers/watchdog/da9063_wdt.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) commit 528eff34dda07e98c7aeb2266d2bdb9c54439333 Author: Guenter Roeck Date: Tue Jan 10 15:21:47 2017 -0800 watchdog: da9062_wdt: Convert to use device managed functions Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Replace 'val = e; return val;' with 'return e;' - Drop assignments to otherwise unused variables - Drop remove function - Drop dev_set_drvdata() - Use devm_watchdog_register_driver() to register watchdog device Acked-by: Adam Thomson Signed-off-by: Guenter Roeck drivers/watchdog/da9062_wdt.c | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) commit 89f944c0f9abce176cf442894d29a7ab25f81c76 Author: Guenter Roeck Date: Tue Jan 10 15:21:47 2017 -0800 watchdog: da9055_wdt: Convert to use device managed functions Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Replace 'goto l; ... l: return e;' with 'return e;' - Drop assignments to otherwise unused variables - Drop remove function - Drop platform_set_drvdata() - Use devm_watchdog_register_driver() to register watchdog device Acked-by: Adam Thomson Signed-off-by: Guenter Roeck drivers/watchdog/da9055_wdt.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) commit 189c049a01c2de60e5b88cf73326b9ba3811a16b Author: Guenter Roeck Date: Tue Jan 10 15:21:47 2017 -0800 watchdog: da9052_wdt: Convert to use device managed functions Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Replace 'goto l; ... l: return e;' with 'return e;' - Replace 'val = e; return val;' with 'return e;' - Drop assignments to otherwise unused variables - Replace 'if (e) { return expr; }' with 'if (e) return expr;' - Drop remove function - Drop platform_set_drvdata() - Use devm_watchdog_register_driver() to register watchdog device Acked-by: Adam Thomson Signed-off-by: Guenter Roeck drivers/watchdog/da9052_wdt.c | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-) commit 5f5aa6f10a11450fb326430bbbb67abf160edb95 Author: Guenter Roeck Date: Tue Jan 10 15:21:45 2017 -0800 watchdog: bcm2835_wdt: Convert to use device managed functions and other improvements Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. Other improvements as listed below. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Drop assignments to otherwise unused variables - Replace of_iomap() with platform_get_resource() followed by devm_ioremap_resource() - Replace &pdev->dev with dev if 'struct device *dev' is a declared variable - Use devm_watchdog_register_driver() to register watchdog device - Replace shutdown function with call to watchdog_stop_on_reboot() Cc: Stephen Warren Cc: Lee Jones Cc: Florian Fainelli Cc: Ray Jui Cc: Scott Branden Acked-by: Eric Anholt Signed-off-by: Guenter Roeck drivers/watchdog/bcm2835_wdt.c | 27 ++++++++------------------- 1 file changed, 8 insertions(+), 19 deletions(-) commit cb5c14ea573b625053487f9dfde395ac0e8bc11b Author: Guenter Roeck Date: Tue Jan 10 15:21:52 2017 -0800 watchdog: mena21_wdt: Convert to use device managed functions and other improvements Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. Other improvements as listed below. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Replace 'goto l; ... l: return e;' with 'return e;' - Drop assignments to otherwise unused variables - Drop remove function - Drop unnecessary mutex_destroy() on allocated data - Use devm_watchdog_register_driver() to register watchdog device Acked-by: Johannes Thumshirn Signed-off-by: Guenter Roeck drivers/watchdog/mena21_wdt.c | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) commit 30cba9a109feb0dbb262d575ae33be8c16d7d26f Author: Guenter Roeck Date: Tue Jan 10 15:22:01 2017 -0800 watchdog: wm831x_wdt: Convert to use device managed functions Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Replace 'goto l; ... l: return e;' with 'return e;' - Replace 'val = e; return val;' with 'return e;' - Drop assignments to otherwise unused variables - Replace 'if (e) { return expr; }' with 'if (e) return expr;' - Drop remove function - Drop platform_set_drvdata() - Use devm_watchdog_register_driver() to register watchdog device Acked-by: Charles Keepax Signed-off-by: Guenter Roeck drivers/watchdog/wm831x_wdt.c | 31 +++++++------------------------ 1 file changed, 7 insertions(+), 24 deletions(-) commit dd36f6ce680d55fcafa62b35e589549cd53199b1 Author: Guenter Roeck Date: Tue Jan 10 15:21:48 2017 -0800 watchdog: digicolor_wdt: Convert to use device managed functions and other improvements Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. Other improvements as listed below. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Replace 'goto l; ... l: return e;' with 'return e;' - Replace 'val = e; return val;' with 'return e;' - Drop assignments to otherwise unused variables - Replace 'if (e) { return expr; }' with 'if (e) return expr;' - Drop remove function - Replace of_iomap() with platform_get_resource() followed by devm_ioremap_resource() - Drop platform_set_drvdata() - Replace &pdev->dev with dev if 'struct device *dev' is a declared variable - Use devm_watchdog_register_driver() to register watchdog device - Replace shutdown function with call to watchdog_stop_on_reboot() Acked-by: Baruch Siach Tested-by: Baruch Siach Signed-off-by: Guenter Roeck drivers/watchdog/digicolor_wdt.c | 48 ++++++++++------------------------------ 1 file changed, 12 insertions(+), 36 deletions(-) commit d3d77b5abc175684a3c42a240ee49931ca51d10d Author: Guenter Roeck Date: Tue Jan 10 15:21:49 2017 -0800 watchdog: iTCO_wdt: Replace shutdown function with call to watchdog_stop_on_reboot The shutdown function calls the stop function. Call watchdog_stop_on_reboot() from probe instead. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Replace shutdown function with call to watchdog_stop_on_reboot() Reviewed-by: Andy Shevchenko Signed-off-by: Guenter Roeck drivers/watchdog/iTCO_wdt.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit 396164b7407b7419a459c1905e9c8a91cb3c307f Author: Guenter Roeck Date: Tue Jan 10 15:21:50 2017 -0800 watchdog: intel-mid_wdt: Convert to use device managed functions Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Drop assignments to otherwise unused variables - Drop remove function - Drop platform_set_drvdata() - Use devm_watchdog_register_driver() to register watchdog device Reviewed-by: Andy Shevchenko Signed-off-by: Guenter Roeck drivers/watchdog/intel-mid_wdt.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) commit c8841a606740867d7283b37dd948ece281add3d6 Author: Guenter Roeck Date: Tue Jan 10 15:21:53 2017 -0800 watchdog: meson_wdt: Convert to use device managed functions and other improvements Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. Other improvements as listed below. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Drop assignments to otherwise unused variables - Drop remove function - Drop platform_set_drvdata() - Use devm_watchdog_register_driver() to register watchdog device - Replace shutdown function with call to watchdog_stop_on_reboot() Cc: Carlo Caione Acked-by: Kevin Hilman Signed-off-by: Guenter Roeck drivers/watchdog/meson_wdt.c | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) commit 42f82693776cb013baa94c818828f9859cc344a0 Author: Guenter Roeck Date: Tue Jan 10 15:21:59 2017 -0800 watchdog: sunxi_wdt: Convert to use device managed functions and other improvements Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. Other improvements as listed below. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Drop assignments to otherwise unused variables - Drop remove function - Drop platform_set_drvdata() - Use devm_watchdog_register_driver() to register watchdog device - Replace shutdown function with call to watchdog_stop_on_reboot() Cc: Chen-Yu Tsai Acked-by: Maxime Ripard Signed-off-by: Guenter Roeck drivers/watchdog/sunxi_wdt.c | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) commit 7db1634d62d4b521c97ca3439221ee870bcc38f2 Author: Guenter Roeck Date: Tue Jan 10 15:21:44 2017 -0800 watchdog: aspeed_wdt: Convert to use device managed functions Use device managed functions to simplify error handling, reduce source code size, improve readability, and reduce the likelyhood of bugs. The conversion was done automatically with coccinelle using the following semantic patches. The semantic patches and the scripts used to generate this commit log are available at https://github.com/groeck/coccinelle-patches - Drop assignments to otherwise unused variables - Drop remove function - Drop platform_set_drvdata() - Use devm_watchdog_register_driver() to register watchdog device Acked-by: Joel Stanley Signed-off-by: Guenter Roeck drivers/watchdog/aspeed_wdt.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) commit 9e14375880c4a64e190b296023f52e987cb9d33e Author: Guenter Roeck Date: Tue Jan 3 19:21:37 2017 -0800 watchdog: coh901327_wdt: Use dev variable instead of pdev->dev Use a local dev variable instead of dereferencing pdev->dev several times in the probe function to make the code easier to read. Reviewed-by: Linus Walleij Signed-off-by: Guenter Roeck drivers/watchdog/coh901327_wdt.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) commit 30c65b22f04262206e1ea00a87469233930066c2 Author: Guenter Roeck Date: Tue Jan 3 03:10:30 2017 -0800 watchdog: coh901327_wdt: Use devm_ioremap_resource to map resources Map resources using devm_ioremap_resource() to simplify error handling. Reviewed-by: Linus Walleij Signed-off-by: Guenter Roeck drivers/watchdog/coh901327_wdt.c | 31 +++++-------------------------- 1 file changed, 5 insertions(+), 26 deletions(-) commit 14da8d427eb8ea10d8fb78a1264583bb9b279231 Author: Guenter Roeck Date: Tue Jan 3 03:03:27 2017 -0800 watchdog: coh901327_wdt: Keep clock enabled after loading driver Enabling the clock before accessing chip registers and disabling it afterwards does not really make sense and only adds complexity to the driver. In addition to that, a comment int the driver suggests that it does not serve a useful purpose either. "The watchdog block is of course always clocked, the clk_enable()/clk_disable() calls are mainly for performing reference counting higher up in the clock hierarchy." Just keep the clock enabled instead. Reviewed-by: Linus Walleij Signed-off-by: Guenter Roeck drivers/watchdog/coh901327_wdt.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) commit 01372ae13ba6a4792de2f4bd474f1374b5404448 Author: Guenter Roeck Date: Tue Jan 3 03:22:09 2017 -0800 watchdog: coh901327_wdt: Simplify error handling in probe function Checking if there is no error followed by a goto if there is one is confusing. Reverse the logic. Reviewed-by: Linus Walleij Signed-off-by: Guenter Roeck drivers/watchdog/coh901327_wdt.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 0397c5db1d3174a553da674bb779007cc62cc241 Author: Guenter Roeck Date: Wed Jan 4 12:28:01 2017 -0800 watchdog: tangox: Use watchdog core to install restart handler Use the infrastructure provided by the watchdog core to install the restart handler. Signed-off-by: Guenter Roeck drivers/watchdog/tangox_wdt.c | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) commit a70dcc016fedfc214fb0d4cb59cd01d0117c8345 Author: Guenter Roeck Date: Wed Jan 4 12:27:21 2017 -0800 watchdog: dw_wdt: Use watchdog core to install restart handler Use the infrastructure provided by the watchdog core to install the restart handler. Signed-off-by: Guenter Roeck drivers/watchdog/dw_wdt.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) commit 71e9b2f0bf2abab805b23b126747979dda589a7c Author: Guenter Roeck Date: Wed Jan 4 12:26:45 2017 -0800 watchdog: bcm2835_wdt: Use watchdog core to install restart handler Use the infrastructure provided by the watchdog core to install the restart handler. Acked-by: Eric Anholt Signed-off-by: Guenter Roeck drivers/watchdog/bcm2835_wdt.c | 57 ++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 27 deletions(-) commit 55dbe8f325a2e935c7913d538f9b39acff0f3bfc Author: Guenter Roeck Date: Wed Jan 4 12:24:52 2017 -0800 watchdog: asm9260_wdt: Use watchdog core to install restart handler Use the infrastructure provided by the watchdog core to install the restart handler. Signed-off-by: Guenter Roeck drivers/watchdog/asm9260_wdt.c | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) commit 3b72c41f13e64e4799cb0978d46eb06575456f26 Author: Guenter Roeck Date: Fri Jan 6 06:35:16 2017 -0800 watchdog: bcm47xx_wdt: Don't validate platform data on remove Platform data was already validated in the probe function. If it was NULL, the remove function will never be called. Remove the unnecessary check. Signed-off-by: Guenter Roeck drivers/watchdog/bcm47xx_wdt.c | 3 --- 1 file changed, 3 deletions(-) commit 9616bd2a66000a30ff912ac3b1e02391dc2d0c89 Author: Guenter Roeck Date: Tue Jan 3 02:43:32 2017 -0800 watchdog: iTCO_wdt: Simplify module init function The 'ret' variable in iTCO_wdt_init_module() does not add any value; drop it. Reviewed-by: Andy Shevchenko Mika Westerberg Signed-off-by: Guenter Roeck drivers/watchdog/iTCO_wdt.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit 78e45696d55c0754384f81e628b57b4e865a2478 Author: Guenter Roeck Date: Mon Jan 2 09:27:36 2017 -0800 watchdog: iTCO_wdt: Use pdev for platform device and pci_dev for pci device Use pdev for struct platform_device, pci_dev for struct pci_dev, and dev for struct device variables to improve consistency. Remove 'struct platform_device *dev;' from struct iTCO_wdt_private since it was unused. Reviewed-by: Andy Shevchenko Mika Westerberg Signed-off-by: Guenter Roeck drivers/watchdog/iTCO_wdt.c | 53 ++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 27 deletions(-) commit c7bbcc87ac98c340cb6e68c70ea4b600734a04d2 Author: Guenter Roeck Date: Sun Jan 1 10:39:09 2017 -0800 watchdog: iTCO_wdt: Use device managed resources Using device managed resources simplifies error handling and cleanup, and to reduce the likelyhood of errors. Reviewed-by: Andy Shevchenko Mika Westerberg Signed-off-by: Guenter Roeck drivers/watchdog/iTCO_wdt.c | 80 ++++++++++----------------------------------- 1 file changed, 17 insertions(+), 63 deletions(-) commit ce1b95ca23c1265d63746e72f37ea8e546687361 Author: Guenter Roeck Date: Sun Jan 1 11:11:39 2017 -0800 watchdog: iTCO_wdt: Use allocated data structures Allocate private data and the watchdog device to avoid having to clear it on remove and to enable subsequent simplifications. Reviewed-by: Andy Shevchenko Mika Westerberg Signed-off-by: Guenter Roeck drivers/watchdog/iTCO_wdt.c | 402 ++++++++++++++++++++++---------------------- 1 file changed, 205 insertions(+), 197 deletions(-) commit 9bf2dfb0e4bce68d9c0b0109e150f6b099276957 Author: Colin Ian King Date: Thu Dec 29 21:49:18 2016 +0000 watchdog: orion: fix spelling mistake: "harcoded" -> "hardcoded" Trivial fix to spelling mistake in WARN message Signed-off-by: Colin Ian King Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/orion_wdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit da2a68b3eb47b9fb071def3f374258b2ce454096 Author: Guenter Roeck Date: Thu Dec 29 07:20:23 2016 -0800 watchdog: Enable COMPILE_TEST where possible Building all watchdog drivers is all but impossible since many depend on platforms which are not enabled by test builds. Add dependency on COMPILE_TEST where possible to improve the situation. Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 118 +++++++++++++++++++++++------------------------ 1 file changed, 59 insertions(+), 59 deletions(-) commit e628a0c1fdcdcde69037822feb27d81d02e7658c Author: Guenter Roeck Date: Thu Dec 29 08:34:50 2016 -0800 watchdog: pnx833x_wdt: Mark as broken pnx833x_wdt does not compile if enabled. Bit operations expect an unsigned long as argument. If that is fixed, the build still fails because put_user, get_user, and copy_to_user are undefined. Mark it as broken. Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 98078ca34a0a71d012e88d6d0a7de18d11c44f96 Author: Hui Chun Ong Date: Wed Dec 28 15:51:40 2016 +0800 watchdog: nic7018_wdt: Add NIC7018 watchdog driver Add support for the watchdog timer on PXI Embedded Controller. Signed-off-by: Hui Chun Ong Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Documentation/watchdog/watchdog-parameters.txt | 5 + drivers/watchdog/Kconfig | 10 + drivers/watchdog/Makefile | 1 + drivers/watchdog/nic7018_wdt.c | 265 +++++++++++++++++++++++++ 4 files changed, 281 insertions(+) commit 6c368932f0d885e54b8af06d699b6d559e86f0cd Author: Bhumika Goyal Date: Mon Dec 26 22:35:11 2016 +0530 watchdog: constify watchdog_info structures Declare watchdog_info structures as const as they are only stored in the info field of watchdog_device structures. This field is of type const struct watchdog_info *, so watchdog_info structures having this property can be declared const too. Done using Coccinelle: @r1 disable optional_qualifier@ identifier i; position p; @@ static struct watchdog_info i@p={...}; @ok@ identifier r1.i; position p; struct watchdog_device obj; @@ obj.info=&i@p; @bad@ position p!={r1.p,ok.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct watchdog_info i; Signed-off-by: Bhumika Goyal Acked-by: Florian Fainelli Acked-by: Baruch Siach Reviewed-by: Guenter Roeck Acked-by: Adam Thomson Signed-off-by: Guenter Roeck drivers/watchdog/bcm7038_wdt.c | 2 +- drivers/watchdog/bcm_kona_wdt.c | 2 +- drivers/watchdog/cadence_wdt.c | 2 +- drivers/watchdog/da9052_wdt.c | 2 +- drivers/watchdog/da9055_wdt.c | 2 +- drivers/watchdog/digicolor_wdt.c | 2 +- drivers/watchdog/imgpdc_wdt.c | 2 +- drivers/watchdog/kempld_wdt.c | 2 +- drivers/watchdog/lpc18xx_wdt.c | 2 +- drivers/watchdog/rn5t618_wdt.c | 2 +- drivers/watchdog/sbsa_gwdt.c | 2 +- drivers/watchdog/w83627hf_wdt.c | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) commit cb5f9d406d50fc01c6564956ed9317614e665208 Author: Bhumika Goyal Date: Sun Dec 25 13:30:24 2016 +0530 watchdog: pika_wdt: add __ro_after_init to ident The object ident of type watchdog_info structure is not modified after getting initialized by pikawdt_init. Apart from getting referenced in init it is also passed as an argument to the function copy_to_user but this argument is of type const void *. Therefore add __ro_after_init to its declaration. Signed-off-by: Bhumika Goyal Signed-off-by: Guenter Roeck drivers/watchdog/pika_wdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8d97005e01445921b429e92d7c425a86f76050ab Author: Bhumika Goyal Date: Sat Dec 24 21:37:32 2016 +0530 watchdog: booke_wdt: add __ro_after_init to booke_wdt_info The object booke_wdt_info of watchdog_info structure is not modified after getting initialized by booke_wdt_init. Apart from getting referenced in init it is also stored in the info field of watchdog_device structure which is of type const struct watchdog_info *info. So, it becomes read only after init and therefore add __ro_after_init to it's declaration. Signed-off-by: Bhumika Goyal Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/booke_wdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 027d89d96b6833f37091d858b9dcf92cd9b19aa7 Author: Vladimir Zapolskiy Date: Wed Dec 21 03:18:16 2016 +0200 watchdog: sa11x0/pxa: fix error path of driver initialization The change corrects release of captured resources on error path, namely the clock is disabled and put if misc device registration fails and not enabled clock is not disabled now. Fixes: 6924089c488e ("watchdog: sa11x0/pxa: get rid of get_clock_tick_rate") Signed-off-by: Vladimir Zapolskiy Acked-by: Robert Jarzmik Reviewed-by: Guenter Roeck Acked-by: Russell King Signed-off-by: Guenter Roeck drivers/watchdog/sa1100_wdt.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit f3519a662f5f8abf6411a238b1af08a0101878c7 Author: John Crispin Date: Tue Dec 20 19:56:59 2016 +0100 watchdog: update my email address This patch updates my email address as I no longer have access to the old one. Signed-off-by: John Crispin Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/lantiq_wdt.c | 4 ++-- drivers/watchdog/mt7621_wdt.c | 4 ++-- drivers/watchdog/rt2880_wdt.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) commit 362142b25843fb059941aaa01b91501d5d8652cc Author: Jeff Layton Date: Fri Feb 24 13:25:23 2017 -0500 sunrpc: flag transports as having congestion control NFSv4 requires a transport protocol with congestion control in most cases. On an IP network, that means that NFSv4 over UDP should be forbidden. The situation with RDMA is a bit more nuanced, but most RDMA transports are suitable for this. For now, we assume that all RDMA transports are suitable, but we may need to revise that at some point. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields include/linux/sunrpc/svc_xprt.h | 1 + net/sunrpc/svcsock.c | 1 + net/sunrpc/xprtrdma/svc_rdma_transport.c | 8 ++++++++ 3 files changed, 10 insertions(+) commit 05a45a2db42543c5f1a32e08f545aebbd7cb4790 Author: Jeff Layton Date: Fri Feb 24 13:25:22 2017 -0500 sunrpc: turn bitfield flags in svc_version into bools It's just simpler to read this way, IMO. Also, no need to explicitly set vs_hidden to false in the nfsacl ones. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfs/callback_xdr.c | 4 ++-- fs/nfsd/nfs2acl.c | 1 - fs/nfsd/nfs3acl.c | 1 - fs/nfsd/nfs4proc.c | 2 +- include/linux/sunrpc/svc.h | 9 +++++---- net/sunrpc/svc.c | 2 +- 6 files changed, 9 insertions(+), 10 deletions(-) commit 4ab495bfe58dfe6b346ae3949a406163152919c8 Author: Rasmus Villemoes Date: Fri Feb 24 01:15:55 2017 +0100 nfsd: remove superfluous KERN_INFO dprintk already provides a KERN_* prefix; this KERN_INFO just shows up as some odd characters in the output. Simplify the message a bit while we're there. Signed-off-by: Rasmus Villemoes Signed-off-by: J. Bruce Fields fs/nfsd/nfs4state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 61febef40bfe8ab68259d8545257686e8a0d91d1 Author: Jens Axboe Date: Fri Feb 24 13:19:32 2017 -0700 dm-rq: don't dereference request payload after ending request Bart reported a case where dm would crash with use-after-free poison. This is due to dm_softirq_done() accessing memory associated with a request after calling end_request on it. This is most visible on !blk-mq, since we free the memory immediately for that case. Reported-by: Bart Van Assche Suggested-by: Linus Torvalds Fixes: eb8db831be80 ("dm: always defer request allocation to the owner of the request_queue") Signed-off-by: Jens Axboe drivers/md/dm-rq.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit a4d4426635804379d618dd28e29f574a2bc11184 Author: Stafford Horne Date: Sun Feb 5 18:55:40 2017 +0900 openrisc: head: Init r0 to 0 on start Originally openrisc spec 0 specified that r0 would be wired to ground. This is no longer the case. r0 is not guaranteed to be 0 at init, so we need to initialize it to 0 before using it. Also, if we are clearing r0 we cant use r0 to clear itself. Change the the CLEAR_GPR macro to use movhi for clearing. Reported-by: Jakob Viketoft Signed-off-by: Stafford Horne arch/openrisc/kernel/head.S | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit a0eba4f7ebcdf81da0a4480d8fc514af4f76579e Author: Stafford Horne Date: Sun Feb 5 15:32:26 2017 +0900 openrisc: Export ioremap symbols used by modules Noticed this when building with allyesconfig. Got build failures due to iounmap and __ioremap symbols missing. This patch exports them so modules can use them. This is inline with other architectures. Signed-off-by: Stafford Horne arch/openrisc/mm/ioremap.c | 2 ++ 1 file changed, 2 insertions(+) commit e34f671d1cf8a032a8cd248a12eef217f1789c4c Author: Valentin Rothberg Date: Tue Jan 17 09:12:48 2017 +0100 arch/openrisc/lib/memcpy.c: use correct OR1200 option The Kconfig option for OR12000 is OR1K_1200. Signed-off-by: Valentin Rothberg Signed-off-by: Stafford Horne arch/openrisc/lib/memcpy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0ccffdf5e114176c14cb4aea584f77794a734865 Author: Stafford Horne Date: Sat Feb 25 05:06:22 2017 +0900 openrisc: head: Remove unused strings These string definitions are no longer used removed them. Noticed this while working on a CONFIG_DEBUG_INFO build issue. Signed-off-by: Stafford Horne arch/openrisc/kernel/head.S | 11 ----------- 1 file changed, 11 deletions(-) commit da99f00ece82cb51ca5ead97008658e1dc49782b Author: Stafford Horne Date: Fri Jan 13 19:22:04 2017 +0900 openrisc: head: Move init strings to rodata section The strings used during the head/init phase of openrisc bootup were stored in the executable section of the binary. This causes compilation to fail when using CONFIG_DEBUG_INFO with error: Error: unaligned opcodes detected in executable segment Signed-off-by: Stafford Horne arch/openrisc/kernel/head.S | 1 + 1 file changed, 1 insertion(+) commit e6d20c55a4d94eca419f80f996133f523ecedfe0 Author: Stafford Horne Date: Tue Jan 10 23:30:23 2017 +0900 openrisc: entry: Fix delay slot detection Use execption SR stored in pt_regs for detection, the current SR is not correct as the handler is running after return from exception. Also, The code that checks for a delay slot uses a flag bitmask and then wants to check if the result is not zero. The test it implemented was wrong. Correct it by changing the test to check result against non zero. Signed-off-by: Stafford Horne arch/openrisc/kernel/entry.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2ead7aba44e973b313fde0e39371363459cc1128 Author: Stafford Horne Date: Tue Jan 10 23:13:45 2017 +0900 openrisc: entry: Whitespace and comment cleanups Cleanups to whitespace and add some comments. Reading through the delay slot logic I noticed some things: - Delay slot instructions were not indented - Some comments are not lined up - Use tabs and spaces consistent with other code No functional change Signed-off-by: Stafford Horne arch/openrisc/kernel/entry.S | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) commit f72deab378db8eadb6d6eb06b6e2b90c9b681c81 Author: Stafford Horne Date: Tue Jan 3 16:15:03 2017 +0900 scripts/checkstack.pl: Add openrisc support Openrisc stack pointer is managed by decrementing r1. Add regexes to recognize this. Signed-off-by: Stafford Horne scripts/checkstack.pl | 3 +++ 1 file changed, 3 insertions(+) commit 1b8c1012142d83229b7d1c960d131e6a30f777a6 Author: Geert Uytterhoeven Date: Fri Feb 24 11:30:03 2017 +0100 drivers: net: xgene: Simplify xgene_enet_setup_mss() to kill warning With gcc-4.1.2 and -Os: drivers/net/ethernet/apm/xgene/xgene_enet_main.c: In function ‘xgene_enet_start_xmit’: drivers/net/ethernet/apm/xgene/xgene_enet_main.c:297: warning: ‘mss_index’ may be used uninitialized in this function Using a separate variable to track success may confuse the compiler. Preinitialize mss_index with -EBUSY and check for negative error values instead to kill the warning. Signed-off-by: Geert Uytterhoeven Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) commit 9dfc96d72b879ebda9a0ed830af6aeee0141943d Author: Stafford Horne Date: Sat Dec 31 20:33:20 2016 +0900 MAINTAINERS: Add the openrisc official repository The openrisc official repository and patch work happens currently on github. Add the repo for reference. Signed-off-by: Stafford Horne MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit f52092831b0713e1e2b934fe08460f1348f31888 Author: Stafford Horne Date: Sun Dec 18 01:13:34 2016 +0900 openrisc: Add .gitignore This helps to suppress the vmlinux.lds file. Signed-off-by: Stafford Horne arch/openrisc/kernel/.gitignore | 1 + 1 file changed, 1 insertion(+) commit f5d45dc9116b17ee830d3425ece1e9485c9bab88 Author: Stafford Horne Date: Mon Mar 21 16:16:46 2016 +0900 openrisc: Add optimized memcpy routine The generic memcpy routine provided in kernel does only byte copies. Using word copies we can lower boot time and cycles spend in memcpy quite significantly. Booting on my de0 nano I see boot times go from 7.2 to 5.6 seconds. The avg cycles in memcpy during boot go from 6467 to 1887. I tested several algorithms (see code in previous patch mails) The implementations I tested and avg cycles: - Word Copies + Loop Unrolls + Non Aligned 1882 - Word Copies + Loop Unrolls 1887 - Word Copies 2441 - Byte Copies + Loop Unrolls 6467 - Byte Copies 7600 In the end I ended up going with Word Copies + Loop Unrolls as it provides best tradeoff between simplicity and boot speedups. Signed-off-by: Stafford Horne arch/openrisc/TODO.openrisc | 1 - arch/openrisc/include/asm/string.h | 3 + arch/openrisc/lib/Makefile | 2 +- arch/openrisc/lib/memcpy.c | 124 +++++++++++++++++++++++++++++++++++++ 4 files changed, 128 insertions(+), 2 deletions(-) commit d857a1e253498feb231173218df26f5562c70f09 Author: Olof Kindgren Date: Fri Feb 6 13:41:51 2015 +0100 openrisc: Add optimized memset This adds a hand-optimized assembler version of memset and sets __HAVE_ARCH_MEMSET to use this version instead of the generic C routine Signed-off-by: Olof Kindgren Signed-off-by: Stafford Horne arch/openrisc/include/asm/string.h | 7 +++ arch/openrisc/kernel/or32_ksyms.c | 1 + arch/openrisc/lib/Makefile | 2 +- arch/openrisc/lib/memset.S | 98 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 107 insertions(+), 1 deletion(-) commit e29d11c6991d078bf2011f25dc8c19a2f38c4c8e Author: Sebastian Macke Date: Sun Jul 20 15:13:31 2014 +0000 openrisc: Initial support for the idle state This patch adds basic support for the idle state of the cpu. The patch overrides the regular idle function, enables the interupts, checks for the power management unit and enables the cpu doze mode if available. Signed-off-by: Sebastian Macke [shorne@gmail.com: Fixed checkpatch, blankline after declarations] Signed-off-by: Stafford Horne arch/openrisc/kernel/process.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 79f8a4d022f2d11d4fc90f785f575ac331e2ef71 Author: Sebastian Macke Date: Sun Jul 20 15:13:30 2014 +0000 openrisc: Fix the bitmask for the unit present register The bits were swapped, as per spec and processor implementation the power management present bit is 9 and PIC bit is 8. This patch brings the definitions into spec. Signed-off-by: Sebastian Macke [shorne@gmail.com: Added commit body] Signed-off-by: Stafford Horne arch/openrisc/include/asm/spr_defs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 89c94fdb9718d8ff3243faf8133a2176fd91f207 Author: Stefan Kristiansson Date: Sun Jul 20 01:00:31 2014 +0300 openrisc: remove unnecessary stddef.h include This causes the build to fail when building with the or1k-musl-linux- toolchain and it is not needed. Signed-off-by: Stafford Horne arch/openrisc/kernel/ptrace.c | 1 - 1 file changed, 1 deletion(-) commit 4ac46db1aaf16a009a8318cdba3acf03de85bcea Author: Stefan Kristiansson Date: Tue Jul 15 18:00:05 2014 +0300 openrisc: add futex_atomic_* implementations Support for the futex_atomic_* operations by using the load-link/store-conditional l.lwa/l.swa instructions. Most openrisc cores provide these instructions now if not available, emulation is provided. Acked-by: Peter Zijlstra (Intel) Cc: Peter Zijlstra Signed-off-by: Stefan Kristiansson [shorne@gmail.com: remove OPENRISC_HAVE_INST_LWA_SWA config suggesed by Alan Cox https://lkml.org/lkml/2014/7/23/666] Signed-off-by: Stafford Horne arch/openrisc/include/asm/Kbuild | 1 - arch/openrisc/include/asm/futex.h | 135 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 135 insertions(+), 1 deletion(-) commit bc19598f1dde267e5214e386b97bb647973275db Author: Stefan Kristiansson Date: Tue May 13 22:30:56 2014 +0300 openrisc: add optimized atomic operations Using the l.lwa and l.swa atomic instruction pair. Most openrisc processor cores provide these instructions now. If the instructions are not available emulation is provided. Acked-by: Peter Zijlstra (Intel) Cc: Peter Zijlstra Signed-off-by: Stefan Kristiansson [shorne@gmail.com: remove OPENRISC_HAVE_INST_LWA_SWA config suggesed by Alan Cox https://lkml.org/lkml/2014/7/23/666] [shorne@gmail.com: expand to implement all ops suggested by Peter Zijlstra https://lkml.org/lkml/2017/2/20/317] Signed-off-by: Stafford Horne arch/openrisc/include/asm/Kbuild | 1 - arch/openrisc/include/asm/atomic.h | 126 +++++++++++++++++++++++++++++++++++++ include/asm-generic/atomic.h | 2 + 3 files changed, 128 insertions(+), 1 deletion(-) commit 11595172537788f0007bfc16590aab18f2b9c40f Author: Stefan Kristiansson Date: Tue May 13 18:01:21 2014 +0300 openrisc: add cmpxchg and xchg implementations Optimized version that make use of the l.lwa and l.swa atomic instruction pair. Most openrisc cores provide these instructions now, if not available emulation is provided. Acked-by: Peter Zijlstra (Intel) Cc: Peter Zijlstra Signed-off-by: Stefan Kristiansson [shorne@gmail.com: remove OPENRISC_HAVE_INST_LWA_SWA config suggesed by Alan Cox https://lkml.org/lkml/2014/7/23/666] [shorne@gmail.com: fixed unused calculated value compiler warning in define cmpxchg] Signed-off-by: Stafford Horne arch/openrisc/include/asm/Kbuild | 2 - arch/openrisc/include/asm/cmpxchg.h | 83 +++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 2 deletions(-) commit 3b5923f0796b13e731802d40faf62d2c59d98e48 Author: Zhu Yanjun Date: Fri Feb 24 04:28:01 2017 -0500 rds: fix memory leak error When the function register_netdevice_notifier fails, the memory allocated by kmem_cache_create should be freed by the function kmem_cache_destroy. Cc: Joe Jin Cc: Junxiao Bi Signed-off-by: Zhu Yanjun Acked-by: Santosh Shilimkar Acked-by: Sowmini Varadhan Signed-off-by: David S. Miller net/rds/tcp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 0e9f9fd20ce931cc2cf0519c56ae33fc74d656ad Author: Stefan Kristiansson Date: Mon May 12 14:08:26 2014 +0300 openrisc: add atomic bitops This utilize the load-link/store-conditional l.lwa and l.swa instructions to implement the atomic bitops. When those instructions are not available emulation is provided. Acked-by: Peter Zijlstra (Intel) Cc: Peter Zijlstra Signed-off-by: Stefan Kristiansson [shorne@gmail.com: remove OPENRISC_HAVE_INST_LWA_SWA config suggesed by Alan Cox https://lkml.org/lkml/2014/7/23/666, implement test_and_change_bit] Signed-off-by: Stafford Horne arch/openrisc/include/asm/bitops.h | 2 +- arch/openrisc/include/asm/bitops/atomic.h | 123 ++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+), 1 deletion(-) commit 1158632b5a2dcce0786c1b1b99654e81cc867981 Author: Brian Russell Date: Fri Feb 24 17:47:11 2017 +0000 vxlan: don't allow overwrite of config src addr When using IPv6 transport and a default dst, a pointer to the configured source address is passed into the route lookup. If no source address is configured, then the value is overwritten. IPv6 route lookup ignores egress ifindex match if the source address is set, so if egress ifindex match is desired, the source address must be passed as any. The overwrite breaks this for subsequent lookups. Avoid this by copying the configured address to an existing stack variable and pass a pointer to that instead. Fixes: 272d96a5ab10 ("net: vxlan: lwt: Use source ip address during route lookup.") Signed-off-by: Brian Russell Acked-by: Jiri Benc Signed-off-by: David S. Miller drivers/net/vxlan.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit 54ea0046b6fe36ec18e82d282a29a18da6cdea0f Author: Ilya Dryomov Date: Sat Feb 11 18:48:41 2017 +0100 libceph, rbd, ceph: WRITE | ONDISK -> WRITE CEPH_OSD_FLAG_ONDISK is set in account_request(). Signed-off-by: Ilya Dryomov Reviewed-by: Jeff Layton Reviewed-by: Sage Weil drivers/block/rbd.c | 6 ++---- fs/ceph/addr.c | 14 +++++--------- fs/ceph/file.c | 15 ++++----------- net/ceph/cls_lock_client.c | 12 ++++++------ net/ceph/osd_client.c | 9 ++++----- 5 files changed, 21 insertions(+), 35 deletions(-) commit b18b9550e4059ceea0393c518eb323b95243f92f Author: Ilya Dryomov Date: Sat Feb 11 18:46:08 2017 +0100 libceph: get rid of ack vs commit - CEPH_OSD_FLAG_ACK shouldn't be set anymore, so assert on it - remove support for handling ack replies (OSDs will send ack replies only if clients request them) - drop the "do lingering callbacks under osd->lock" logic from handle_reply() -- lreq->lock is sufficient in all three cases Signed-off-by: Ilya Dryomov Reviewed-by: Jeff Layton Reviewed-by: Sage Weil include/linux/ceph/osd_client.h | 6 +-- net/ceph/osd_client.c | 113 +++++++++------------------------------- 2 files changed, 27 insertions(+), 92 deletions(-) commit 55f2a04588c5881d90e22631b17a84cd25d17cc4 Author: Ilya Dryomov Date: Mon Feb 13 14:44:19 2017 +0100 ceph: remove special ack vs commit behavior - ask for a commit reply instead of an ack reply in __ceph_pool_perm_get() - don't ask for both ack and commit replies in ceph_sync_write() - since just only one reply is requested now, i_unsafe_writes list will always be empty -- kill ceph_sync_write_wait() and go back to a standard ->evict_inode() Signed-off-by: Ilya Dryomov Reviewed-by: Jeff Layton Reviewed-by: Sage Weil fs/ceph/addr.c | 2 +- fs/ceph/caps.c | 2 -- fs/ceph/file.c | 88 +-------------------------------------------------------- fs/ceph/inode.c | 9 ------ fs/ceph/super.c | 1 - fs/ceph/super.h | 4 +-- 6 files changed, 3 insertions(+), 103 deletions(-) commit 70d625cbdbbb99e38953b8b7ac792a6471e68efb Author: Jaegeuk Kim Date: Wed Feb 22 17:02:32 2017 -0800 f2fs: do SSR for node segments more aggresively This patch gives more SSR chances for node blocks. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit c192f7a4779559dddeb8c03de2b6ef499115c938 Author: Jaegeuk Kim Date: Wed Feb 22 17:10:18 2017 -0800 f2fs: find data segments across all the types Previously, if type is CURSEG_HOT_DATA, we only check CURSEG_HOT_DATA only. This patch fixes to search all the different types for SSR. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) commit d0db7703ac186ff2fbed1e8b862bd43ec3fd2812 Author: Jaegeuk Kim Date: Wed Feb 22 16:39:11 2017 -0800 f2fs: do SSR in higher priority Let's check SSR in prior to LFS allocation. Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) commit 035e97adab26c1121cedaeb9bd04cf48a8e8cf51 Author: Yunlong Song Date: Wed Feb 22 20:50:49 2017 +0800 f2fs: do SSR for data when there is enough free space In allocate_segment_by_default(), need_SSR() already detected it's time to do SSR. So, let's try to find victims for data segments more aggressively in time. Signed-off-by: Yunlong Song Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b9cd20619e359d199b755543474c3d853c8e3415 Author: Hou Pengyang Date: Wed Feb 22 10:28:59 2017 +0000 f2fs: node segment is prior to data segment selected victim As data segment gc may lead dnode dirty, so the greedy cost for data segment should be valid blocks * 2, that is data segment is prior to node segment. Signed-off-by: Hou Pengyang Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 3436c4bdb30de421d46f58c9174669fbcfd40ce0 Author: Yunlong Song Date: Tue Feb 21 16:59:26 2017 +0800 f2fs: put allocate_segment after refresh_sit_entry SIT information should be updated before segment allocation, since SSR needs latest valid block information. Current code does not update the old_blkaddr info in sit_entry, so adjust the allocate_segment to its proper location. Commit 5e443818fa0b2a2845561ee25bec181424fb2889 ("f2fs: handle dirty segments inside refresh_sit_entry") puts it into wrong location. Signed-off-by: Yunlong Song Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 7dcdf941cdc96692ab99fd790c8cc68945514851 Author: David Forster Date: Fri Feb 24 14:20:32 2017 +0000 vti6: return GRE_KEY for vti6 Align vti6 with vti by returning GRE_KEY flag. This enables iproute2 to display tunnel keys on "ip -6 tunnel show" Signed-off-by: David Forster Signed-off-by: David S. Miller net/ipv6/ip6_vti.c | 4 ++++ 1 file changed, 4 insertions(+) commit 774521f353e1df1eeb1751775a924e7807465abe Author: Marc Dionne Date: Fri Feb 24 12:33:09 2017 +0000 rxrpc: Fix an assertion in rxrpc_read() In the rxrpc_read() function, which allows a user to read the contents of a key, we miscalculate the expected length of an encoded rxkad token by not taking into account the key length. However, the data is stored later anyway with an ENCODE_DATA() call - and an assertion failure then ensues when the lengths are checked at the end. Fix this by including the key length in the token size estimation. The following assertion is produced: Assertion failed - 384(0x180) == 380(0x17c) is false ------------[ cut here ]------------ kernel BUG at ../net/rxrpc/key.c:1221! invalid opcode: 0000 [#1] SMP Modules linked in: CPU: 2 PID: 2957 Comm: keyctl Not tainted 4.10.0-fscache+ #483 Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 task: ffff8804013a8500 task.stack: ffff8804013ac000 RIP: 0010:rxrpc_read+0x10de/0x11b6 RSP: 0018:ffff8804013afe48 EFLAGS: 00010296 RAX: 000000000000003b RBX: 0000000000000003 RCX: 0000000000000000 RDX: 0000000000040001 RSI: 00000000000000f6 RDI: 0000000000000300 RBP: ffff8804013afed8 R08: 0000000000000001 R09: 0000000000000001 R10: ffff8804013afd90 R11: 0000000000000002 R12: 00005575f7c911b4 R13: 00005575f7c911b3 R14: 0000000000000157 R15: ffff880408a5d640 FS: 00007f8dfbc73700(0000) GS:ffff88041fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005575f7c91008 CR3: 000000040120a000 CR4: 00000000001406e0 Call Trace: keyctl_read_key+0xb6/0xd7 SyS_keyctl+0x83/0xe7 do_syscall_64+0x80/0x191 entry_SYSCALL64_slow_path+0x25/0x25 Signed-off-by: Marc Dionne Signed-off-by: David Howells Signed-off-by: David S. Miller net/rxrpc/key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 65f2767a64ab33847d5f028661b82d8d3a4fda99 Author: Florian Fainelli Date: Thu Feb 23 14:22:19 2017 -0800 net: phy: Add missing driver check in phy_aneg_done() Dan's static checker caught a potential code path in phy_state_machine() where we were not checking phydev->drv which is in phy_aneg_done(). Reported-by: Dan Carpenter Fixes: 25149ef9d25c ("net: phy: Check phydev->drv") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4e37d6911f36545b286d15073f6f2222f840e81c Author: Matthias Schiffer Date: Thu Feb 23 17:19:41 2017 +0100 vxlan: correctly validate VXLAN ID against VXLAN_N_VID The incorrect check caused an off-by-one error: the maximum VID 0xffffff was unusable. Fixes: d342894c5d2f ("vxlan: virtual extensible lan") Signed-off-by: Matthias Schiffer Acked-by: Jiri Benc Signed-off-by: David S. Miller drivers/net/vxlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 681a55d71799b575f46fe94121728cf67460d1c3 Author: Jon Paul Maloy Date: Thu Feb 23 11:10:31 2017 -0500 tipc: move premature initilalization of stack variables In the function tipc_rcv() we initialize a couple of stack variables from the message header before that same header has been validated. In rare cases when the arriving header is non-linar, the validation function itself may linearize the buffer by calling skb_may_pull(), while the wrongly initialized stack fields are not updated accordingly. We fix this in this commit. Reported-by: Matthew Wong Signed-off-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/node.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit fbf68229ffe7e12c78b55714de08c1c34a2e2047 Author: LABBE Corentin Date: Thu Feb 23 14:12:25 2017 +0100 net: stmmac: unify registers dumps methods The stmmac driver have two methods for registers dumps: via ethtool and at init (if NETIF_MSG_HW is enabled). It is better to keep only one method, ethtool, since the other was ugly. This patch convert all dump_regs() function from "printing regs" to "fill the reg_space used by ethtool". Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/common.h | 4 +- .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 10 +-- .../net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 16 ++--- .../net/ethernet/stmicro/stmmac/dwmac100_core.c | 30 +++------ drivers/net/ethernet/stmicro/stmmac/dwmac100_dma.c | 15 ++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 12 +--- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 78 +++++++++++----------- .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 22 +----- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 -- 9 files changed, 71 insertions(+), 121 deletions(-) commit ac65e2828d03ddf84e9fe1fb6d110d8de933dc22 Author: Nitin Gupta Date: Fri Feb 24 03:03:16 2017 -0800 sparc64: Fix build error in flush_tsb_user_page Patch "sparc64: Add 64K page size support" unconditionally used __flush_huge_tsb_one_entry() which is available only when hugetlb support is enabled. Another issue was incorrect TSB flushing for 64K pages in flush_tsb_user(). Signed-off-by: Nitin Gupta Signed-off-by: David S. Miller arch/sparc/mm/hugetlbpage.c | 5 +++-- arch/sparc/mm/tsb.c | 20 ++++++++++++++++---- 2 files changed, 19 insertions(+), 6 deletions(-) commit 77cc7aee099e7a7843835995101379405564f775 Author: Wu Fengguang Date: Thu Feb 23 20:47:01 2017 +0800 RDS: IB: fix ifnullfree.cocci warnings net/rds/ib.c:115:2-7: WARNING: NULL check before freeing functions like kfree, debugfs_remove, debugfs_remove_recursive or usb_free_urb is not needed. Maybe consider reorganizing relevant code to avoid passing NULL values. NULL check before some freeing functions is not needed. Based on checkpatch warning "kfree(NULL) is safe this check is probably not required" and kfreeaddr.cocci by Julia Lawall. Generated by: scripts/coccinelle/free/ifnullfree.cocci Signed-off-by: Fengguang Wu Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller net/rds/ib.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit dfcb9f4f99f1e9a49e43398a7bfbf56927544af1 Author: Marcelo Ricardo Leitner Date: Thu Feb 23 09:31:18 2017 -0300 sctp: deny peeloff operation on asocs with threads sleeping on it commit 2dcab5984841 ("sctp: avoid BUG_ON on sctp_wait_for_sndbuf") attempted to avoid a BUG_ON call when the association being used for a sendmsg() is blocked waiting for more sndbuf and another thread did a peeloff operation on such asoc, moving it to another socket. As Ben Hutchings noticed, then in such case it would return without locking back the socket and would cause two unlocks in a row. Further analysis also revealed that it could allow a double free if the application managed to peeloff the asoc that is created during the sendmsg call, because then sctp_sendmsg() would try to free the asoc that was created only for that call. This patch takes another approach. It will deny the peeloff operation if there is a thread sleeping on the asoc, so this situation doesn't exist anymore. This avoids the issues described above and also honors the syscalls that are already being handled (it can be multiple sendmsg calls). Joint work with Xin Long. Fixes: 2dcab5984841 ("sctp: avoid BUG_ON on sctp_wait_for_sndbuf") Cc: Alexander Popov Cc: Ben Hutchings Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: Xin Long Signed-off-by: David S. Miller net/sctp/socket.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 638f863dbbc8da16834ee0acc6ac10754f79c486 Author: Mark Rutland Date: Thu Feb 23 16:03:17 2017 +0000 arm64/cpufeature: check correct field width when updating sys_val When we're updating a register's sys_val, we use arm64_ftr_value() to find the new field value. We use cpuid_feature_extract_field() to find the new value, but this implicitly assumes a 4-bit field, so we may extract more bits than we mean to for fields like CTR_EL0.L1ip. This affects update_cpu_ftr_reg(), where we may extract erroneous values for ftr_cur and ftr_new. Depending on the additional bits extracted in either case, we may erroneously detect that the value is mismatched, and we'll try to compute a new safe value. Dependent on these extra bits and feature type, arm64_ftr_safe_value() may pessimistically select the always-safe value, or may erroneously choose either the extracted cur or new value as the safe option. The extra bits will subsequently be masked out in arm64_ftr_set_value(), so we may choose a higher value, yet write back a lower one. Fix this by passing the width down explicitly in arm64_ftr_value(), so we always extract the correct amount. Signed-off-by: Mark Rutland Reviewed-by: Suzuki K Poulose Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Will Deacon arch/arm64/include/asm/cpufeature.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit d81bbe6d882461dec4b71dbe2aa85565fcca4187 Author: Mark Rutland Date: Thu Feb 23 16:22:55 2017 +0000 Revert "arm64: mm: set the contiguous bit for kernel mappings where appropriate" This reverts commit 0bfc445dec9dd8130d22c9f4476eed7598524129. When we change the permissions of regions mapped using contiguous entries, the architecture requires us to follow a Break-Before-Make strategy, breaking *all* associated entries before we can change any of the following properties from the entries: - presence of the contiguous bit - output address - attributes - permissiones Failure to do so can result in a number of problems (e.g. TLB conflict aborts and/or erroneous results from TLB lookups). See ARM DDI 0487A.k_iss10775, "Misprogramming of the Contiguous bit", page D4-1762. We do not take this into account when altering the permissions of kernel segments in mark_rodata_ro(), where we change the permissions of live contiguous entires one-by-one, leaving them transiently inconsistent. This has been observed to result in failures on some fast model configurations. Unfortunately, we cannot follow Break-Before-Make here as we'd have to unmap kernel text and data used to perform the sequence. For the timebeing, revert commit 0bfc445dec9dd813 so as to avoid issues resulting from this misuse of the contiguous bit. Signed-off-by: Mark Rutland Acked-by: Ard Biesheuvel Reported-by: Jean-Philippe Brucker Cc: Ard Biesheuvel Cc: Catalin Marinas Cc: Will Deacon Cc: stable@vger.kernel.org # v4.10 Signed-off-by: Will Deacon arch/arm64/mm/mmu.c | 34 ++++------------------------------ 1 file changed, 4 insertions(+), 30 deletions(-) commit ea6eac904f0a5a0c223bcfb133ec880ba9c70ae3 Author: Shanker Donthineni Date: Wed Feb 22 21:10:48 2017 -0600 arm64: Avoid clobbering mm in erratum workaround on QDF2400 Commit 38fd94b0275c ("arm64: Work around Falkor erratum 1003") tried to work around a hardware erratum, but actually caused a system crash of its own during switch_mm: cpu_do_switch_mm+0x20/0x40 efi_virtmap_load+0x34/0x40 virt_efi_get_next_variable+0x64/0xc8 efivar_init+0x8c/0x348 efisubsys_init+0xd4/0x270 do_one_initcall+0x80/0x110 kernel_init_freeable+0x19c/0x240 kernel_init+0x10/0x100 ret_from_fork+0x10/0x50 Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b In cpu_do_switch_mm, x1 contains the mm_struct pointer, which needs to be preserved by the pre_ttbr0_update_workaround macro rather than passed as a temporary. This patch clobbers x2 and x3 instead, keeping the mm_struct intact after the workaround has run. Fixes: 38fd94b0275c ("arm64: Work around Falkor erratum 1003") Tested-by: Manoj Iyer Signed-off-by: Shanker Donthineni Signed-off-by: Will Deacon arch/arm64/mm/proc.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d4f6c6f15a1f57e10374cf1a457f4eab5933bd0c Author: Phil Reid Date: Fri Feb 24 11:12:51 2017 +0800 rtc: ds3232: Call device_init_wakeup before device_register The wakealarm attribute is currently not exposed in the sysfs interface as the device has not been set as doing wakealarm when device_register is called. Changing the order of the calls fixes that problem. Interrupts are cleared in check_rtc_status prior to requesting the interrupt. This is only set if an irq is defined. If irq registration fails then set wakeup_capable to false. With this change the sysfs wakealarm attribute will be left visible but it is non functional. rtcwake still returns that the device is not enabled for wakeup. Signed-off-by: Phil Reid Signed-off-by: Alexandre Belloni drivers/rtc/rtc-ds3232.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 41bfab35b3d0e0a85ed0c12d7bafd7484e96ca78 Author: Pei Zhang Date: Fri Feb 24 16:03:28 2017 +0800 drm/i915/gvt: add some new MMIOs to cmd_access white list Guest is now acces some MMIOs (0x215c, RING_INSTPM) through command which is not originally in gvt's white list. This cause huge error log printed in gvt. This patch addes these MMIOs to the white list. V2. change the commit message content. V3. remove duplicate defination of 0x20c0. V4. refine code style. Signed-off-by: Pei Zhang Signed-off-by: Weinan Li Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 8bcd7c188bc479bea866d286a7dc0af9734c3c64 Author: Weinan Li Date: Fri Feb 24 17:07:38 2017 +0800 drm/i915/gvt: fix pcode mailbox write emulation of BDW Add pcode mailbox write emulation in gvt for BDW, reuse emulation code of Skylake. V2: refine comments, remove duplication defination of 0x138124, add IS_SKYLAKE() check for Skylake only pcode commands. Signed-off-by: Weinan Li Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) commit 96b777452d8881480fd5be50112f791c17db4b6b Author: Konstantin Khlebnikov Date: Wed Feb 8 14:27:27 2017 +0300 sched/cgroup: Move sched_online_group() back into css_online() to fix crash Commit: 2f5177f0fd7e ("sched/cgroup: Fix/cleanup cgroup teardown/init") .. moved sched_online_group() from css_online() to css_alloc(). It exposes half-baked task group into global lists before initializing generic cgroup stuff. LTP testcase (third in cgroup_regression_test) written for testing similar race in kernels 2.6.26-2.6.28 easily triggers this oops: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: kernfs_path_from_node_locked+0x260/0x320 CPU: 1 PID: 30346 Comm: cat Not tainted 4.10.0-rc5-test #4 Call Trace: ? kernfs_path_from_node+0x4f/0x60 kernfs_path_from_node+0x3e/0x60 print_rt_rq+0x44/0x2b0 print_rt_stats+0x7a/0xd0 print_cpu+0x2fc/0xe80 ? __might_sleep+0x4a/0x80 sched_debug_show+0x17/0x30 seq_read+0xf2/0x3b0 proc_reg_read+0x42/0x70 __vfs_read+0x28/0x130 ? security_file_permission+0x9b/0xc0 ? rw_verify_area+0x4e/0xb0 vfs_read+0xa5/0x170 SyS_read+0x46/0xa0 entry_SYSCALL_64_fastpath+0x1e/0xad Here the task group is already linked into the global RCU-protected 'task_groups' list, but the css->cgroup pointer is still NULL. This patch reverts this chunk and moves online back to css_online(). Signed-off-by: Konstantin Khlebnikov Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Tejun Heo Cc: Thomas Gleixner Fixes: 2f5177f0fd7e ("sched/cgroup: Fix/cleanup cgroup teardown/init") Link: http://lkml.kernel.org/r/148655324740.424917.5302984537258726349.stgit@buzz Signed-off-by: Ingo Molnar kernel/sched/core.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit d1091c7fa3d52ebce4dd3f15d04155b3469b2f90 Author: Josh Poimboeuf Date: Tue Feb 21 15:35:32 2017 -0600 objtool: Improve detection of BUG() and other dead ends The BUG() macro's use of __builtin_unreachable() via the unreachable() macro tells gcc that the instruction is a dead end, and that it's safe to assume the current code path will not execute past the previous instruction. On x86, the BUG() macro is implemented with the 'ud2' instruction. When objtool's branch analysis sees that instruction, it knows the current code path has come to a dead end. Peter Zijlstra has been working on a patch to change the WARN macros to use 'ud2'. That patch will break objtool's assumption that 'ud2' is always a dead end. Generally it's best for objtool to avoid making those kinds of assumptions anyway. The more ignorant it is of kernel code internals, the better. So create a more generic way for objtool to detect dead ends by adding an annotation to the unreachable() macro. The annotation stores a pointer to the end of the unreachable code path in an '__unreachable' section. Objtool can read that section to find the dead ends. Tested-by: Peter Zijlstra (Intel) Signed-off-by: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/41a6d33971462ebd944a1c60ad4bf5be86c17b77.1487712920.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/kernel/vmlinux.lds.S | 1 + include/linux/compiler-gcc.h | 13 ++++++++- tools/objtool/arch.h | 5 ++-- tools/objtool/arch/x86/decode.c | 3 --- tools/objtool/builtin-check.c | 60 ++++++++++++++++++++++++++++++++++++++--- 5 files changed, 71 insertions(+), 11 deletions(-) commit 318b1dedcd39012624f466d281627553e9fa2570 Author: Elena Reshetova Date: Thu Feb 23 15:09:34 2017 +0200 locking/refcounts: Add missing kernel.h header to have UINT_MAX defined Fix header dependency. Suggested-by: Arnaldo Carvalho de Melo Signed-off-by: Elena Reshetova Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1487855374-21993-1-git-send-email-elena.reshetova@intel.com Signed-off-by: Ingo Molnar include/linux/refcount.h | 1 + 1 file changed, 1 insertion(+) commit 29dee3c03abce04cd527878ef5f9e5f91b7b83f4 Author: Peter Zijlstra Date: Fri Feb 10 16:27:52 2017 +0100 locking/refcounts: Out-of-line everything Linus asked to please make this real C code. And since size then isn't an issue what so ever anymore, remove the debug knob and make all WARN()s unconditional. Suggested-by: Linus Torvalds Signed-off-by: Peter Zijlstra (Intel) Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: dwindsor@gmail.com Cc: elena.reshetova@intel.com Cc: gregkh@linuxfoundation.org Cc: ishkamiel@gmail.com Cc: keescook@chromium.org Signed-off-by: Ingo Molnar include/linux/refcount.h | 277 ++--------------------------------------------- lib/Kconfig.debug | 13 --- lib/Makefile | 2 +- lib/refcount.c | 267 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 280 insertions(+), 279 deletions(-) commit a499c3ead88ccf147fc50689e85a530ad923ce36 Author: Wanpeng Li Date: Tue Feb 21 23:52:55 2017 -0800 sched/fair: Update rq clock before changing a task's CPU affinity This is triggered during boot when CONFIG_SCHED_DEBUG is enabled: ------------[ cut here ]------------ WARNING: CPU: 6 PID: 81 at kernel/sched/sched.h:812 set_next_entity+0x11d/0x380 rq->clock_update_flags < RQCF_ACT_SKIP CPU: 6 PID: 81 Comm: torture_shuffle Not tainted 4.10.0+ #1 Hardware name: LENOVO ThinkCentre M8500t-N000/SHARKBAY, BIOS FBKTC1AUS 02/16/2016 Call Trace: dump_stack+0x85/0xc2 __warn+0xcb/0xf0 warn_slowpath_fmt+0x5f/0x80 set_next_entity+0x11d/0x380 set_curr_task_fair+0x2b/0x60 do_set_cpus_allowed+0x139/0x180 __set_cpus_allowed_ptr+0x113/0x260 set_cpus_allowed_ptr+0x10/0x20 torture_shuffle+0xfd/0x180 kthread+0x10f/0x150 ? torture_shutdown_init+0x60/0x60 ? kthread_create_on_node+0x60/0x60 ret_from_fork+0x31/0x40 ---[ end trace dd94d92344cea9c6 ]--- The task is running && !queued, so there is no rq clock update before calling set_curr_task(). This patch fixes it by updating rq clock after holding rq->lock/pi_lock just as what other dequeue + put_prev + enqueue + set_curr story does. Signed-off-by: Wanpeng Li Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Matt Fleming Cc: Linus Torvalds Cc: Mike Galbraith Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1487749975-5994-1-git-send-email-wanpeng.li@hotmail.com Signed-off-by: Ingo Molnar kernel/sched/core.c | 1 + 1 file changed, 1 insertion(+) commit 8cb68b343a66cf19834472012590490d34d31703 Author: Peter Zijlstra Date: Thu Feb 2 16:55:06 2017 +0100 sched/core: Fix update_rq_clock() splat on hotplug (and suspend/resume) The hotplug code still triggers the warning about using a stale rq->clock value. Fix things up to actually run update_rq_clock() in a place where we record the 'UPDATED' flag, and then modify the annotation to retain this flag over the rq->lock fiddling that happens as a result of actually migrating all the tasks elsewhere. Reported-by: Linus Torvalds Tested-by: Mike Galbraith Tested-by: Sachin Sant Tested-by: Borislav Petkov Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Matt Fleming Cc: Michael Ellerman Cc: Peter Zijlstra Cc: Ross Zwisler Cc: Thomas Gleixner Fixes: 4d25b35ea372 ("sched/fair: Restore previous rq_flags when migrating tasks in hotplug") Link: http://lkml.kernel.org/r/20170202155506.GX6515@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar kernel/sched/core.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit 1572e45a924f254d9570093abde46430c3172e3d Author: Tan Xiaojun Date: Thu Feb 23 14:04:39 2017 +0800 perf/core: Fix the perf_cpu_time_max_percent check Use "proc_dointvec_minmax" instead of "proc_dointvec" to check the input value from user-space. If not, we can set a big value and some vars will overflow like "sysctl_perf_event_sample_rate" which will cause a lot of unexpected problems. Signed-off-by: Tan Xiaojun Signed-off-by: Peter Zijlstra (Intel) Cc: Cc: Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Link: http://lkml.kernel.org/r/1487829879-56237-1-git-send-email-tanxiaojun@huawei.com Signed-off-by: Ingo Molnar kernel/events/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7bbba0eb1af34694868d028b80475981f90e6bee Author: Peter Zijlstra Date: Wed Feb 15 16:12:20 2017 +0100 perf/core: Fix perf_event_enable_on_exec() timekeeping (again) Where commit: 7fce250915ef ("perf: Fix scaling vs. perf_event_enable_on_exec()") disabled the ctx-time a-priory, such that all events get enabled and scheduled at the time point in time, there is one hole in that patch, when no events do get enabled nothing re-enables the ctx-time. Reported-by: Ravi Bangoria Reported-by: Anton Blanchard Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Fixes: 7fce250915ef ("perf: Fix scaling vs. perf_event_enable_on_exec()") Signed-off-by: Ingo Molnar kernel/events/core.c | 2 ++ 1 file changed, 2 insertions(+) commit 279b5165ffadf57e2596e0ad438cb9b69b76f320 Author: Peter Zijlstra Date: Thu Feb 16 10:28:37 2017 +0100 perf/core: Remove confusing comment and move put_ctx() Since commit: 321027c1fe77 ("perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race") ... the code looks like (assuming move_group==1): gctx = __perf_event_ctx_lock_double(group_leader, ctx); perf_remove_from_context(group_leader, 0); list_for_each_entry(sibling, &group_leader->sibling_list, group_entry) { perf_remove_from_context(sibling, 0); put_ctx(gctx); } /* ... */ /* misleading comment about how this is the last reference */ put_ctx(gctx); perf_event_ctx_unlock(group_leader, gctx); What that 'last' put_ctx() does is drop @group_leader's reference on gctx after having dropped all its potential sibling references. But the thing is that __perf_event_ctx_lock_double() returns with a reference _and_ a held lock, and perf_event_ctx_unlock() unlocks that lock and drops that reference. Therefore that put_ctx() cannot be the 'last' of anything, nor is there an unbalance in puts. To reduce confusion, remove the comment and place the put_ctx() next to the remove_from_context() call. Reported-by: Ben Hutchings Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Signed-off-by: Ingo Molnar kernel/events/core.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit fb94a687d96c570d46332a4a890f1dcb7310e643 Author: Martin Schwidefsky Date: Fri Feb 24 07:43:51 2017 +0100 s390: TASK_SIZE for kernel threads Return a sensible value if TASK_SIZE if called from a kernel thread. This gets us around an issue with copy_mount_options that does a magic size calculation "TASK_SIZE - (unsigned long)data" while in a kernel thread and data pointing to kernel space. Cc: Signed-off-by: Martin Schwidefsky arch/s390/include/asm/processor.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2793784307688a7a72bd322727a2cb11dede875f Author: Martin Schwidefsky Date: Fri Nov 4 11:57:15 2016 +0100 s390/crypt: Add protected key AES module This patch introduces a new in-kernel-crypto blockcipher called 'paes' which implements AES with protected keys. The paes blockcipher can be used similar to the aes blockcipher but uses secure key material to derive the working protected key and so offers an encryption implementation where never a clear key value is exposed in memory. The paes module is only available for the s390 platform providing a minimal hardware support of CPACF enabled with at least MSA level 3. Upon module initialization these requirements are checked. Includes additional contribution from Harald Freudenberger. Signed-off-by: Martin Schwidefsky arch/s390/crypto/Makefile | 2 +- arch/s390/crypto/paes_s390.c | 619 ++++++++++++++++++++++++++++++++++++++++++ arch/s390/include/asm/cpacf.h | 14 +- drivers/crypto/Kconfig | 1 + 4 files changed, 634 insertions(+), 2 deletions(-) commit d1a513be1f0a25f094e1577d059b9aebaa279bb2 Author: Zhenyu Wang Date: Fri Feb 24 10:58:21 2017 +0800 drm/i915/gvt: add resolution definition for vGPU type This assigns resolution definition for each vGPU type. For smaller resource type we should limit max resolution, so e.g limit to 1024x768 for 64M type, others are still default to 1920x1200. v2: Fix for actual 1920x1200 resolution Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/display.c | 15 ++++++++++----- drivers/gpu/drm/i915/gvt/display.h | 14 +++++++++++++- drivers/gpu/drm/i915/gvt/gvt.h | 2 ++ drivers/gpu/drm/i915/gvt/kvmgt.c | 8 ++++---- drivers/gpu/drm/i915/gvt/vgpu.c | 18 +++++++++++------- 5 files changed, 40 insertions(+), 17 deletions(-) commit bca5609fcc401b0055a3c01ecc33c5f6fb67af7b Author: Zhenyu Wang Date: Fri Feb 24 10:58:20 2017 +0800 drm/i915/gvt: Add more edid definition support We'll need to apply different resolution for vgpu types, so this adds more EDID types definition. v2: fix typo for actual 1920x1200 resolution Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/display.c | 112 ++++++++++++++++++++++++------------- drivers/gpu/drm/i915/gvt/display.h | 6 ++ 2 files changed, 80 insertions(+), 38 deletions(-) commit f1ef09fde17f9b77ca1435a5b53a28b203afb81c Merge: ef96152 ace0c79 Author: Linus Torvalds Date: Thu Feb 23 20:33:51 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull namespace updates from Eric Biederman: "There is a lot here. A lot of these changes result in subtle user visible differences in kernel behavior. I don't expect anything will care but I will revert/fix things immediately if any regressions show up. From Seth Forshee there is a continuation of the work to make the vfs ready for unpriviled mounts. We had thought the previous changes prevented the creation of files outside of s_user_ns of a filesystem, but it turns we missed the O_CREAT path. Ooops. Pavel Tikhomirov and Oleg Nesterov worked together to fix a long standing bug in the implemenation of PR_SET_CHILD_SUBREAPER where only children that are forked after the prctl are considered and not children forked before the prctl. The only known user of this prctl systemd forks all children after the prctl. So no userspace regressions will occur. Holding earlier forked children to the same rules as later forked children creates a semantic that is sane enough to allow checkpoing of processes that use this feature. There is a long delayed change by Nikolay Borisov to limit inotify instances inside a user namespace. Michael Kerrisk extends the API for files used to maniuplate namespaces with two new trivial ioctls to allow discovery of the hierachy and properties of namespaces. Konstantin Khlebnikov with the help of Al Viro adds code that when a network namespace exits purges it's sysctl entries from the dcache. As in some circumstances this could use a lot of memory. Vivek Goyal fixed a bug with stacked filesystems where the permissions on the wrong inode were being checked. I continue previous work on ptracing across exec. Allowing a file to be setuid across exec while being ptraced if the tracer has enough credentials in the user namespace, and if the process has CAP_SETUID in it's own namespace. Proc files for setuid or otherwise undumpable executables are now owned by the root in the user namespace of their mm. Allowing debugging of setuid applications in containers to work better. A bug I introduced with permission checking and automount is now fixed. The big change is to mark the mounts that the kernel initiates as a result of an automount. This allows the permission checks in sget to be safely suppressed for this kind of mount. As the permission check happened when the original filesystem was mounted. Finally a special case in the mount namespace is removed preventing unbounded chains in the mount hash table, and making the semantics simpler which benefits CRIU. The vfs fix along with related work in ima and evm I believe makes us ready to finish developing and merge fully unprivileged mounts of the fuse filesystem. The cleanups of the mount namespace makes discussing how to fix the worst case complexity of umount. The stacked filesystem fixes pave the way for adding multiple mappings for the filesystem uids so that efficient and safer containers can be implemented" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: proc/sysctl: Don't grab i_lock under sysctl_lock. vfs: Use upper filesystem inode in bprm_fill_uid() proc/sysctl: prune stale dentries during unregistering mnt: Tuck mounts under others instead of creating shadow/side mounts. prctl: propagate has_child_subreaper flag to every descendant introduce the walk_process_tree() helper nsfs: Add an ioctl() to return owner UID of a userns fs: Better permission checking for submounts exit: fix the setns() && PR_SET_CHILD_SUBREAPER interaction vfs: open() with O_CREAT should not create inodes with unknown ids nsfs: Add an ioctl() to return the namespace type proc: Better ownership of files for non-dumpable tasks in user namespaces exec: Remove LSM_UNSAFE_PTRACE_CAP exec: Test the ptracer's saved cred to see if the tracee can gain caps exec: Don't reset euid and egid when the tracee has CAP_SETUID inotify: Convert to using per-namespace limits commit ef96152e6a36e0510387cb174178b7982c1ae879 Merge: d5500a0 64a5771 Author: Linus Torvalds Date: Thu Feb 23 18:58:18 2017 -0800 Merge tag 'drm-for-v4.11-less-shouty' of git://people.freedesktop.org/~airlied/linux Pull drm updates from Dave Airlie: "This is the main drm pull request for v4.11. Nothing too major, the tinydrm and mmu-less support should make writing smaller drivers easier for some of the simpler platforms, and there are a bunch of documentation updates. Intel grew displayport MST audio support which is hopefully useful to people, and FBC is on by default for GEN9+ (so people know where to look for regressions). AMDGPU has a lot of fixes that would like new firmware files installed for some GPUs. Other than that it's pretty scattered all over. I may have a follow up pull request as I know BenH has a bunch of AST rework and fixes and I'd like to get those in once they've been tested by AST, and I've got at least one pull request I'm just trying to get the author to fix up. Core: - drm_mm reworked - Connector list locking and iterators - Documentation updates - Format handling rework - MMU-less support for fbdev helpers - drm_crtc_from_index helper - Core CRC API - Remove drm_framebuffer_unregister_private - Debugfs cleanup - EDID/Infoframe fixes - Release callback - Tinydrm support (smaller drivers for simple hw) panel: - Add support for some new simple panels i915: - FBC by default for gen9+ - Shared dpll cleanups and docs - GEN8 powerdomain cleanup - DMC support on GLK - DP MST audio support - HuC loading support - GVT init ordering fixes - GVT IOMMU workaround fix amdgpu/radeon: - Power/clockgating improvements - Preliminary SR-IOV support - TTM buffer priority and eviction fixes - SI DPM quirks removed due to firmware fixes - Powerplay improvements - VCE/UVD powergating fixes - Cleanup SI GFX code to match CI/VI - Support for > 2 displays on 3/5 crtc asics - SI headless fixes nouveau: - Rework securre boot code in prep for GP10x secure boot - Channel recovery improvements - Initial power budget code - MMU rework preperation vmwgfx: - Bunch of fixes and cleanups exynos: - Runtime PM support for MIC driver - Cleanups to use atomic helpers - UHD Support for TM2/TM2E boards - Trigger mode fix for Rinato board etnaviv: - Shader performance fix - Command stream validator fixes - Command buffer suballocator rockchip: - CDN DisplayPort support - IOMMU support for arm64 platform imx-drm: - Fix i.MX5 TV encoder probing - Remove lower fb size limits msm: - Support for HW cursor on MDP5 devices - DSI encoder cleanup - GPU DT bindings cleanup sti: - stih410 cleanups - Create fbdev at binding - HQVDP fixes - Remove stih416 chip functionality - DVI/HDMI mode selection fixes - FPS statistic reporting omapdrm: - IRQ code cleanup dwi-hdmi bridge: - Cleanups and fixes adv-bridge: - Updates for nexus sii8520 bridge: - Add interlace mode support - Rework HDMI and lots of fixes qxl: - probing/teardown cleanups ZTE drm: - HDMI audio via SPDIF interface - Video Layer overlay plane support - Add TV encoder output device atmel-hlcdc: - Rework fbdev creation logic tegra: - OF node fix fsl-dcu: - Minor fixes mali-dp: - Assorted fixes sunxi: - Minor fix" [ This was the "fixed" pull, that still had build warnings due to people not even having build tested the result. I'm not a happy camper I've fixed the things I noticed up in this merge. - Linus ] * tag 'drm-for-v4.11-less-shouty' of git://people.freedesktop.org/~airlied/linux: (1177 commits) lib/Kconfig: make PRIME_NUMBERS not user selectable drm/tinydrm: helpers: Properly fix backlight dependency drm/tinydrm: mipi-dbi: Fix field width specifier warning drm/tinydrm: mipi-dbi: Silence: ‘cmd’ may be used uninitialized drm/sti: fix build warnings in sti_drv.c and sti_vtg.c files drm/amd/powerplay: fix PSI feature on Polars12 drm/amdgpu: refuse to reserve io mem for split VRAM buffers drm/ttm: fix use-after-free races in vm fault handling drm/tinydrm: Add support for Multi-Inno MI0283QT display dt-bindings: Add Multi-Inno MI0283QT binding dt-bindings: display/panel: Add common rotation property of: Add vendor prefix for Multi-Inno drm/tinydrm: Add MIPI DBI support drm/tinydrm: Add helper functions drm: Add DRM support for tiny LCD displays drm/amd/amdgpu: post card if there is real hw resetting performed drm/nouveau/tmr: provide backtrace when a timeout is hit drm/nouveau/pci/g92: Fix rearm drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios drm/nouveau/hwmon: expose power_max and power_crit .. commit 64a577196d66b44e37384bc5c4d78c61f59d5b2a Author: Dave Airlie Date: Fri Feb 24 12:11:21 2017 +1000 lib/Kconfig: make PRIME_NUMBERS not user selectable. Linus doesn't like it user selectable, so kill it until someone needs it for something else. Signed-off-by: Dave Airlie lib/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7fef80a4b9c8ed5a48d44ea4a74b68afe13d73ae Author: Noralf Trønnes Date: Thu Feb 23 14:29:57 2017 +0100 drm/tinydrm: helpers: Properly fix backlight dependency BACKLIGHT_CLASS_DEVICE was selected in the last version of the tinydrm patchset to fix the backlight dependency, but the ifdef CONFIG_BACKLIGHT_CLASS_DEVICE was forgotten. Fix that. Signed-off-by: Noralf Trønnes Signed-off-by: Dave Airlie include/drm/tinydrm/tinydrm-helpers.h | 19 ------------------- 1 file changed, 19 deletions(-) commit ce8c0137001e3ac237830a6059addaee3b5e0e26 Author: Noralf Trønnes Date: Thu Feb 23 14:29:56 2017 +0100 drm/tinydrm: mipi-dbi: Fix field width specifier warning This warning is seen on 64-bit builds in functions: 'mipi_dbi_typec1_command': 'mipi_dbi_typec3_command_read': 'mipi_dbi_typec3_command': >> drivers/gpu/drm/tinydrm/mipi-dbi.c:65:20: warning: field width specifier '*' expects argument of type 'int', but argument 5 has type 'size_t {aka long unsigned int}' [-Wformat=] DRM_DEBUG_DRIVER("cmd=%02x, par=%*ph\n", cmd, len, data); \ ^ include/drm/drmP.h:228:40: note: in definition of macro 'DRM_DEBUG_DRIVER' drm_printk(KERN_DEBUG, DRM_UT_DRIVER, fmt, ##__VA_ARGS__) ^~~ >> drivers/gpu/drm/tinydrm/mipi-dbi.c:671:2: note: in expansion of macro 'MIPI_DBI_DEBUG_COMMAND' MIPI_DBI_DEBUG_COMMAND(cmd, parameters, num); ^~~~~~~~~~~~~~~~~~~~~~ Fix by casting 'len' to int in the macro MIPI_DBI_DEBUG_COMMAND(). There is no chance of overflow. Signed-off-by: Noralf Trønnes Signed-off-by: Dave Airlie drivers/gpu/drm/tinydrm/mipi-dbi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b401f34314db7c60e6d23ee7771cd090b4ef56c1 Author: Noralf Trønnes Date: Thu Feb 23 14:29:55 2017 +0100 drm/tinydrm: mipi-dbi: Silence: ‘cmd’ may be used uninitialized Fix this warning: drivers/gpu/drm/tinydrm/mipi-dbi.c: In function ‘mipi_dbi_debugfs_command_write’: drivers/gpu/drm/tinydrm/mipi-dbi.c:905:8: warning: ‘cmd’ may be used uninitialized in this function [-Wmaybe-uninitialized] ret = mipi_dbi_command_buf(mipi, cmd, parameters, i); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ cmd can't be used uninitialized, but to satisfy the compiler, initialize it to zero. Signed-off-by: Noralf Trønnes Signed-off-by: Dave Airlie drivers/gpu/drm/tinydrm/mipi-dbi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d5500a074741b78b7f778b4ab3415d5ecdcda0a7 Merge: b2e3c43 4deaa6f Author: Linus Torvalds Date: Thu Feb 23 16:55:48 2017 -0800 Merge tag 'usercopy-v4.11-rc1.fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull usercopy test fix from Kees Cook: "Fix for non-MMU ARM testing, from Arnd Bergmann" * tag 'usercopy-v4.11-rc1.fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: usercopy: ARM NOMMU has no 64-bit get_user commit 263d3995c93c6020576f6c93506412a0b9d1e932 Author: Filipe Manana Date: Fri Feb 17 18:43:57 2017 +0000 Btrfs: try harder to migrate items to left sibling before splitting a leaf Before attempting to split a leaf we try to migrate items from the leaf to its right and left siblings. We start by trying to move items into the rigth sibling and, if the new item is meant to be inserted at the end of our leaf, we try to free from our leaf an amount of bytes equal to the number of bytes used by the new item, by setting the variable space_needed to the byte size of that new item. However if we fail to move enough items to the right sibling due to lack of space in that sibling, we then try to move items into the left sibling, and in that case we try to free an amount equal to the size of the new item from our leaf, when we need only to free an amount corresponding to the size of the new item minus the current free space of our leaf. So make sure that before we try to move items to the left sibling we do set the variable space_needed with a value corresponding to the new item's size minus the leaf's current free space. Signed-off-by: Filipe Manana Reviewed-by: Liu Bo fs/btrfs/ctree.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 76b42abbf7488121c4f9f1ea5941123306e25d99 Author: Filipe Manana Date: Tue Feb 14 16:56:01 2017 +0000 Btrfs: fix data loss after truncate when using the no-holes feature If we have a file with an implicit hole (NO_HOLES feature enabled) that has an extent following the hole, delayed writes against regions of the file behind the hole happened before but were not yet flushed and then we truncate the file to a smaller size that lies inside the hole, we end up persisting a wrong disk_i_size value for our inode that leads to data loss after umounting and mounting again the filesystem or after the inode is evicted and loaded again. This happens because at inode.c:btrfs_truncate_inode_items() we end up setting last_size to the offset of the extent that we deleted and that followed the hole. We then pass that value to btrfs_ordered_update_i_size() which updates the inode's disk_i_size to a value smaller then the offset of the buffered (delayed) writes. Example reproducer: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ xfs_io -f -c "pwrite -S 0x01 0K 32K" /mnt/foo $ xfs_io -d -c "pwrite -S 0x02 -b 32K 64K 32K" /mnt/foo $ xfs_io -c "truncate 60K" /mnt/foo --> inode's disk_i_size updated to 0 $ md5sum /mnt/foo 3c5ca3c3ab42f4b04d7e7eb0b0d4d806 /mnt/foo $ umount /dev/sdb $ mount /dev/sdb /mnt $ md5sum /mnt/foo d41d8cd98f00b204e9800998ecf8427e /mnt/foo --> Empty file, all data lost! Cc: # 3.14+ Fixes: 16e7549f045d ("Btrfs: incompatible format change to remove hole extents") Signed-off-by: Filipe Manana Reviewed-by: Liu Bo fs/btrfs/inode.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) commit 82bfb2e7b645c8f228dc3b6d3b27b0b10125ca4f Author: Filipe Manana Date: Tue Feb 14 17:56:32 2017 +0000 Btrfs: incremental send, fix unnecessary hole writes for sparse files When using the NO_HOLES feature, during an incremental send we often issue write operations for holes when we should not, because that range is already a hole in the destination snapshot. While that does not change the contents of the file at the receiver, it avoids preservation of file holes, leading to wasted disk space and extra IO during send/receive. A couple examples where the holes are not preserved follows. $ mkfs.btrfs -O no-holes -f /dev/sdb $ mount /dev/sdb /mnt $ xfs_io -f -c "pwrite -S 0xaa 0 4K" /mnt/foo $ xfs_io -f -c "pwrite -S 0xaa 0 4K" -c "pwrite -S 0xbb 1028K 4K" /mnt/bar $ btrfs subvolume snapshot -r /mnt /mnt/snap1 # Now add one new extent to our first test file, increasing its size and # leaving a 1Mb hole between the first extent and this new extent. $ xfs_io -c "pwrite -S 0xbb 1028K 4K" /mnt/foo # Now overwrite the last extent of our second test file. $ xfs_io -c "pwrite -S 0xcc 1028K 4K" /mnt/bar $ btrfs subvolume snapshot -r /mnt /mnt/snap2 $ xfs_io -r -c "fiemap -v" /mnt/snap2/foo /mnt/snap2/foo: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..7]: 25088..25095 8 0x2000 1: [8..2055]: hole 2048 2: [2056..2063]: 24576..24583 8 0x2001 $ xfs_io -r -c "fiemap -v" /mnt/snap2/bar /mnt/snap2/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..7]: 25096..25103 8 0x2000 1: [8..2055]: hole 2048 2: [2056..2063]: 24584..24591 8 0x2001 $ btrfs send /mnt/snap1 -f /tmp/1.snap $ btrfs send -p /mnt/snap1 /mnt/snap2 -f /tmp/2.snap $ umount /mnt # It's not relevant to enable no-holes in the new filesystem. $ mkfs.btrfs -O no-holes -f /dev/sdc $ mount /dev/sdc /mnt $ btrfs receive /mnt -f /tmp/1.snap $ btrfs receive /mnt -f /tmp/2.snap $ xfs_io -r -c "fiemap -v" /mnt/snap2/foo /mnt/snap2/foo: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..7]: 24576..24583 8 0x2000 1: [8..2063]: 25624..27679 2056 0x1 $ xfs_io -r -c "fiemap -v" /mnt/snap2/bar /mnt/snap2/bar: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..7]: 24584..24591 8 0x2000 1: [8..2063]: 27680..29735 2056 0x1 The holes do not exist in the second filesystem and they were replaced with extents filled with the byte 0x00, making each file take 1032Kb of space instead of 8Kb. So fix this by not issuing the write operations consisting of buffers filled with the byte 0x00 when the destination snapshot already has a hole for the respective range. A test case for fstests will follow soon. Signed-off-by: Filipe Manana fs/btrfs/send.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 86 insertions(+), 2 deletions(-) commit a9b9477db2937934e469db800317ec3ef7e81b51 Author: Filipe Manana Date: Sat Feb 4 17:12:00 2017 +0000 Btrfs: fix use-after-free due to wrong order of destroying work queues Before we destroy all work queues (and wait for their tasks to complete) we were destroying the work queues used for metadata I/O operations, which can result in a use-after-free problem because most tasks from all work queues do metadata I/O operations. For example, the tasks from the caching workers work queue (fs_info->caching_workers), which is destroyed only after the work queue used for metadata reads (fs_info->endio_meta_workers) is destroyed, do metadata reads, which result in attempts to queue tasks into the later work queue, triggering a use-after-free with a trace like the following: [23114.613543] general protection fault: 0000 [#1] PREEMPT SMP [23114.614442] Modules linked in: dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio libcrc32c btrfs xor raid6_pq dm_flakey dm_mod crc32c_generic acpi_cpufreq tpm_tis tpm_tis_core tpm ppdev parport_pc parport i2c_piix4 processor sg evdev i2c_core psmouse pcspkr serio_raw button loop autofs4 ext4 crc16 jbd2 mbcache sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix virtio_pci libata virtio_ring virtio e1000 scsi_mod floppy [last unloaded: scsi_debug] [23114.616932] CPU: 9 PID: 4537 Comm: kworker/u32:8 Not tainted 4.9.0-rc7-btrfs-next-36+ #1 [23114.616932] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 [23114.616932] Workqueue: btrfs-cache btrfs_cache_helper [btrfs] [23114.616932] task: ffff880221d45780 task.stack: ffffc9000bc50000 [23114.616932] RIP: 0010:[] [] btrfs_queue_work+0x2c/0x190 [btrfs] [23114.616932] RSP: 0018:ffff88023f443d60 EFLAGS: 00010246 [23114.616932] RAX: 0000000000000000 RBX: 6b6b6b6b6b6b6b6b RCX: 0000000000000102 [23114.616932] RDX: ffffffffa0419000 RSI: ffff88011df534f0 RDI: ffff880101f01c00 [23114.616932] RBP: ffff88023f443d80 R08: 00000000000f7000 R09: 000000000000ffff [23114.616932] R10: ffff88023f443d48 R11: 0000000000001000 R12: ffff88011df534f0 [23114.616932] R13: ffff880135963868 R14: 0000000000001000 R15: 0000000000001000 [23114.616932] FS: 0000000000000000(0000) GS:ffff88023f440000(0000) knlGS:0000000000000000 [23114.616932] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [23114.616932] CR2: 00007f0fb9f8e520 CR3: 0000000001a0b000 CR4: 00000000000006e0 [23114.616932] Stack: [23114.616932] ffff880101f01c00 ffff88011df534f0 ffff880135963868 0000000000001000 [23114.616932] ffff88023f443da0 ffffffffa03470af ffff880149b37200 ffff880135963868 [23114.616932] ffff88023f443db8 ffffffff8125293c ffff880149b37200 ffff88023f443de0 [23114.616932] Call Trace: [23114.616932] [23114.616932] [] end_workqueue_bio+0xd5/0xda [btrfs] [23114.616932] [] bio_endio+0x54/0x57 [23114.616932] [] btrfs_end_bio+0xf7/0x106 [btrfs] [23114.616932] [] bio_endio+0x54/0x57 [23114.616932] [] blk_update_request+0x21a/0x30f [23114.616932] [] scsi_end_request+0x31/0x182 [scsi_mod] [23114.616932] [] scsi_io_completion+0x1ce/0x4c8 [scsi_mod] [23114.616932] [] scsi_finish_command+0x104/0x10d [scsi_mod] [23114.616932] [] scsi_softirq_done+0x101/0x10a [scsi_mod] [23114.616932] [] blk_done_softirq+0x82/0x8d [23114.616932] [] __do_softirq+0x1ab/0x412 [23114.616932] [] irq_exit+0x49/0x99 [23114.616932] [] smp_call_function_single_interrupt+0x24/0x26 [23114.616932] [] call_function_single_interrupt+0x89/0x90 [23114.616932] [23114.616932] [] ? scsi_request_fn+0x13a/0x2a1 [scsi_mod] [23114.616932] [] ? _raw_spin_unlock_irq+0x2c/0x4a [23114.616932] [] ? _raw_spin_unlock_irq+0x32/0x4a [23114.616932] [] ? _raw_spin_unlock_irq+0x2c/0x4a [23114.616932] [] scsi_request_fn+0x13a/0x2a1 [scsi_mod] [23114.616932] [] __blk_run_queue_uncond+0x22/0x2b [23114.616932] [] __blk_run_queue+0x19/0x1b [23114.616932] [] blk_queue_bio+0x268/0x282 [23114.616932] [] generic_make_request+0xbd/0x160 [23114.616932] [] submit_bio+0x100/0x11d [23114.616932] [] ? __this_cpu_preempt_check+0x13/0x15 [23114.616932] [] ? __percpu_counter_add+0x8e/0xa7 [23114.616932] [] btrfsic_submit_bio+0x1a/0x1d [btrfs] [23114.616932] [] btrfs_map_bio+0x1f4/0x26d [btrfs] [23114.616932] [] btree_submit_bio_hook+0x74/0xbf [btrfs] [23114.616932] [] ? btrfs_wq_submit_bio+0x160/0x160 [btrfs] [23114.616932] [] submit_one_bio+0x6b/0x89 [btrfs] [23114.616932] [] read_extent_buffer_pages+0x170/0x1ec [btrfs] [23114.616932] [] ? free_root_pointers+0x64/0x64 [btrfs] [23114.616932] [] readahead_tree_block+0x3f/0x4c [btrfs] [23114.616932] [] read_block_for_search.isra.20+0x1ce/0x23d [btrfs] [23114.616932] [] btrfs_search_slot+0x65f/0x774 [btrfs] [23114.616932] [] ? free_extent_buffer+0x73/0x7e [btrfs] [23114.616932] [] btrfs_next_old_leaf+0xa1/0x33c [btrfs] [23114.616932] [] btrfs_next_leaf+0x10/0x12 [btrfs] [23114.616932] [] caching_thread+0x22d/0x416 [btrfs] [23114.616932] [] btrfs_scrubparity_helper+0x187/0x3b6 [btrfs] [23114.616932] [] btrfs_cache_helper+0xe/0x10 [btrfs] [23114.616932] [] process_one_work+0x273/0x4e4 [23114.616932] [] worker_thread+0x1eb/0x2ca [23114.616932] [] ? rescuer_thread+0x2b6/0x2b6 [23114.616932] [] kthread+0xd5/0xdd [23114.616932] [] ? __kthread_unpark+0x5a/0x5a [23114.616932] [] ret_from_fork+0x27/0x40 [23114.616932] Code: 1f 44 00 00 55 48 89 e5 41 56 41 55 41 54 53 49 89 f4 48 8b 46 70 a8 04 74 09 48 8b 5f 08 48 85 db 75 03 48 8b 1f 49 89 5c 24 68 <83> 7b 64 ff 74 04 f0 ff 43 58 49 83 7c 24 08 00 74 2c 4c 8d 6b [23114.616932] RIP [] btrfs_queue_work+0x2c/0x190 [btrfs] [23114.616932] RSP [23114.689493] ---[ end trace 6e48b6bc707ca34b ]--- [23114.690166] Kernel panic - not syncing: Fatal exception in interrupt [23114.691283] Kernel Offset: disabled [23114.691918] ---[ end Kernel panic - not syncing: Fatal exception in interrupt The following diagram shows the sequence of operations that lead to the use-after-free problem from the above trace: CPU 1 CPU 2 CPU 3 caching_thread() close_ctree() btrfs_stop_all_workers() btrfs_destroy_workqueue( fs_info->endio_meta_workers) btrfs_search_slot() read_block_for_search() readahead_tree_block() read_extent_buffer_pages() submit_one_bio() btree_submit_bio_hook() btrfs_bio_wq_end_io() --> sets the bio's bi_end_io callback to end_workqueue_bio() --> bio is submitted bio completes and its bi_end_io callback is invoked --> end_workqueue_bio() --> attempts to queue a task on fs_info->endio_meta_workers btrfs_destroy_workqueue( fs_info->caching_workers) So fix this by destroying the queues used for metadata I/O tasks only after destroying all the other queues. Signed-off-by: Filipe Manana Reviewed-by: Liu Bo fs/btrfs/disk-io.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 5cdd7db6c5c9d33dc66ecdd81aa8020276c7d140 Author: Filipe Manana Date: Wed Feb 1 22:39:50 2017 +0000 Btrfs: fix assertion failure when freeing block groups at close_ctree() At close_ctree() we free the block groups and then only after we wait for any running worker kthreads to finish and shutdown the workqueues. This behaviour is racy and it triggers an assertion failure when freeing block groups because while we are doing it we can have for example a block group caching kthread running, and in that case the block group's reference count can still be greater than 1 by the time we assert its reference count is 1, leading to an assertion failure: [19041.198004] assertion failed: atomic_read(&block_group->count) == 1, file: fs/btrfs/extent-tree.c, line: 9799 [19041.200584] ------------[ cut here ]------------ [19041.201692] kernel BUG at fs/btrfs/ctree.h:3418! [19041.202830] invalid opcode: 0000 [#1] PREEMPT SMP [19041.203929] Modules linked in: btrfs xor raid6_pq dm_flakey dm_mod crc32c_generic ppdev sg psmouse acpi_cpufreq pcspkr parport_pc evdev tpm_tis parport tpm_tis_core i2c_piix4 i2c_core tpm serio_raw processor button loop autofs4 ext4 crc16 jbd2 mbcache sr_mod cdrom sd_mod ata_generic virtio_scsi ata_piix virtio_pci libata virtio_ring virtio e1000 scsi_mod floppy [last unloaded: btrfs] [19041.208082] CPU: 6 PID: 29051 Comm: umount Not tainted 4.9.0-rc7-btrfs-next-36+ #1 [19041.208082] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org 04/01/2014 [19041.208082] task: ffff88015f028980 task.stack: ffffc9000ad34000 [19041.208082] RIP: 0010:[] [] assfail.constprop.41+0x1c/0x1e [btrfs] [19041.208082] RSP: 0018:ffffc9000ad37d60 EFLAGS: 00010286 [19041.208082] RAX: 0000000000000061 RBX: ffff88015ecb4000 RCX: 0000000000000001 [19041.208082] RDX: ffff88023f392fb8 RSI: ffffffff817ef7ba RDI: 00000000ffffffff [19041.208082] RBP: ffffc9000ad37d60 R08: 0000000000000001 R09: 0000000000000000 [19041.208082] R10: ffffc9000ad37cb0 R11: ffffffff82f2b66d R12: ffff88023431d170 [19041.208082] R13: ffff88015ecb40c0 R14: ffff88023431d000 R15: ffff88015ecb4100 [19041.208082] FS: 00007f44f3d42840(0000) GS:ffff88023f380000(0000) knlGS:0000000000000000 [19041.208082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [19041.208082] CR2: 00007f65d623b000 CR3: 00000002166f2000 CR4: 00000000000006e0 [19041.208082] Stack: [19041.208082] ffffc9000ad37d98 ffffffffa035989f ffff88015ecb4000 ffff88015ecb5630 [19041.208082] ffff88014f6be000 0000000000000000 00007ffcf0ba6a10 ffffc9000ad37df8 [19041.208082] ffffffffa0368cd4 ffff88014e9658e0 ffffc9000ad37e08 ffffffff811a634d [19041.208082] Call Trace: [19041.208082] [] btrfs_free_block_groups+0x17f/0x392 [btrfs] [19041.208082] [] close_ctree+0x1c5/0x2e1 [btrfs] [19041.208082] [] ? evict_inodes+0x132/0x141 [19041.208082] [] btrfs_put_super+0x15/0x17 [btrfs] [19041.208082] [] generic_shutdown_super+0x6a/0xeb [19041.208082] [] kill_anon_super+0x12/0x1c [19041.208082] [] btrfs_kill_super+0x16/0x21 [btrfs] [19041.208082] [] deactivate_locked_super+0x3b/0x68 [19041.208082] [] deactivate_super+0x36/0x39 [19041.208082] [] cleanup_mnt+0x58/0x76 [19041.208082] [] __cleanup_mnt+0x12/0x14 [19041.208082] [] task_work_run+0x6f/0x95 [19041.208082] [] prepare_exit_to_usermode+0xa3/0xc1 [19041.208082] [] syscall_return_slowpath+0x16e/0x1d2 [19041.208082] [] entry_SYSCALL_64_fastpath+0xab/0xad [19041.208082] Code: c7 ae a0 3e a0 48 89 e5 e8 4e 74 d4 e0 0f 0b 55 89 f1 48 c7 c2 0b a4 3e a0 48 89 fe 48 c7 c7 a4 a6 3e a0 48 89 e5 e8 30 74 d4 e0 <0f> 0b 55 31 d2 48 89 e5 e8 d5 b9 f7 ff 5d c3 48 63 f6 55 31 c9 [19041.208082] RIP [] assfail.constprop.41+0x1c/0x1e [btrfs] [19041.208082] RSP [19041.279264] ---[ end trace 23330586f16f064d ]--- This started happening as of kernel 4.8, since commit f3bca8028bd9 ("Btrfs: add ASSERT for block group's memory leak") introduced these assertions. So fix this by freeing the block groups only after waiting for all worker kthreads to complete and shutdown the workqueues. Signed-off-by: Filipe Manana Reviewed-by: Liu Bo fs/btrfs/disk-io.c | 6 +++--- fs/btrfs/extent-tree.c | 9 ++++++--- 2 files changed, 9 insertions(+), 6 deletions(-) commit 3168021cf9b4906f7bd9871770235f14c5a17715 Author: Filipe Manana Date: Wed Feb 1 14:58:02 2017 +0000 Btrfs: do not create explicit holes when replaying log tree if NO_HOLES enabled We log holes explicitly by using file extent items, however when replaying a log tree, if a logged file extent item corresponds to a hole and the NO_HOLES feature is enabled we do not need to copy the file extent item into the fs/subvolume tree, as the absence of such file extent items is the purpose of the NO_HOLES feature. So skip the copying of file extent items representing holes when the NO_HOLES feature is enabled. Signed-off-by: Filipe Manana fs/btrfs/tree-log.c | 5 +++++ 1 file changed, 5 insertions(+) commit 91e1f56a8b3c94cb5ac9ce12b806134dc33c1eeb Author: Robbie Ko Date: Fri Oct 7 10:01:29 2016 +0800 Btrfs: fix leak of subvolume writers counter When falling back from a nocow write to a regular cow write, we were leaking the subvolume writers counter in 2 situations, preventing snapshot creation from ever completing in the future, as it waits for that counter to go down to zero before the snapshot creation starts. Signed-off-by: Robbie Ko Reviewed-by: Filipe Manana [Improved changelog and subject] Signed-off-by: Filipe Manana fs/btrfs/inode.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 6f546216e9f9e95d6783547ce6113eb13e2daa54 Author: Filipe Manana Date: Sat Jan 28 01:47:56 2017 +0000 Btrfs: bulk delete checksum items in the same leaf Very often we have the checksums for an extent spread in multiple items in the checksums tree, and currently the algorithm to delete them starts by looking for them one by one and then deleting them one by one, which is not optimal since each deletion involves shifting all the other items in the leaf and when the leaf reaches some low threshold, to move items off the leaf into its left and right neighbor leafs. Also, after each item deletion we release our search path and start a new search for other checksums items. So optimize this by deleting in bulk all the items in the same leaf that contain checksums for the extent being freed. Signed-off-by: Filipe Manana Reviewed-by: Liu Bo fs/btrfs/file-item.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) commit 0191410158840d6176de3267daa4604ad6a773fb Author: Robbie Ko Date: Thu Jan 5 16:24:58 2017 +0800 Btrfs: incremental send, do not issue invalid rmdir operations When both the parent and send snapshots have a directory inode with the same number but different generations (therefore they are different inodes) and both have an entry with the same name, an incremental send stream will contain an invalid rmdir operation that refers to the orphanized name of the inode from the parent snapshot. The following example scenario shows how this happens. Parent snapshot: . |---- d259_old/ (ino 259, gen 9) | |---- d1/ (ino 258, gen 9) | |---- f (ino 257, gen 9) Send snapshot: . |---- d258/ (ino 258, gen 7) |---- d259/ (ino 259, gen 7) |---- d1/ (ino 257, gen 7) When the kernel is processing inode 258 it notices that in both snapshots there is an inode numbered 259 that is a parent of an inode 258. However it ignores the fact that the inodes numbered 259 have different generations in both snapshots, which means they are effectively different inodes. Then it checks that both inodes 259 have a dentry named "d1" and because of that it issues a rmdir operation with orphanized name of the inode 258 from the parent snapshot. This happens at send.c:process_record_refs(), which calls send.c:did_overwrite_first_ref() that returns true and because of that later on at process_recorded_refs() such rmdir operation is issued because the inode being currently processed (258) is a directory and it was deleted in the send snapshot (and replaced with another inode that has the same number and is a directory too). Fix this issue by comparing the generations of parent directory inodes that have the same number and make send.c:did_overwrite_first_ref() when the generations are different. The following steps reproduce the problem. $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ touch /mnt/f $ mkdir /mnt/d1 $ mkdir /mnt/d259_old $ mv /mnt/d1 /mnt/d259_old/d1 $ btrfs subvolume snapshot -r /mnt /mnt/snap1 $ btrfs send /mnt/snap1 -f /tmp/1.snap $ umount /mnt $ mkfs.btrfs -f /dev/sdc $ mount /dev/sdc /mnt $ mkdir /mnt/d1 $ mkdir /mnt/dir258 $ mkdir /mnt/dir259 $ mv /mnt/d1 /mnt/dir259/d1 $ btrfs subvolume snapshot -r /mnt /mnt/snap2 $ btrfs receive /mnt/ -f /tmp/1.snap # Take note that once the filesystem is created, its current # generation has value 7 so the inodes from the second snapshot all have # a generation value of 7. And after receiving the first snapshot # the filesystem is at a generation value of 10, because the call to # create the second snapshot bumps the generation to 8 (the snapshot # creation ioctl does a transaction commit), the receive command calls # the snapshot creation ioctl to create the first snapshot, which bumps # the filesystem's generation to 9, and finally when the receive # operation finishes it calls an ioctl to transition the first snapshot # (snap1) from RW mode to RO mode, which does another transaction commit # and bumps the filesystem's generation to 10. This means all the inodes # in the first snapshot (snap1) have a generation value of 9. $ rm -f /tmp/1.snap $ btrfs send /mnt/snap1 -f /tmp/1.snap $ btrfs send -p /mnt/snap1 /mnt/snap2 -f /tmp/2.snap $ umount /mnt $ mkfs.btrfs -f /dev/sdd $ mount /dev/sdd /mnt $ btrfs receive /mnt -f /tmp/1.snap $ btrfs receive -vv /mnt -f /tmp/2.snap receiving snapshot mysnap2 uuid=9c03962f-f620-0047-9f98-32e5a87116d9, ctransid=7 parent_uuid=d17a6e3f-14e5-df4f-be39-a7951a5399aa, parent_ctransid=9 utimes unlink f mkdir o257-7-0 mkdir o259-7-0 rename o257-7-0 -> o259-7-0/d1 chown o259-7-0/d1 - uid=0, gid=0 chmod o259-7-0/d1 - mode=0755 utimes o259-7-0/d1 rmdir o258-9-0 ERROR: rmdir o258-9-0 failed: No such file or directory Signed-off-by: Robbie Ko Reviewed-by: Filipe Manana [Rewrote changelog to be more precise and clear] Signed-off-by: Filipe Manana fs/btrfs/send.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit fe9c798dbf4c78322549068255f611e4038a5b28 Author: Filipe Manana Date: Wed Jan 11 02:15:39 2017 +0000 Btrfs: incremental send, do not delay rename when parent inode is new When we are checking if we need to delay the rename operation for an inode we not checking if a parent inode that exists in the send and parent snapshots is really the same inode or not, that is, we are not comparing the generation number of the parent inode in the send and parent snapshots. Not only this results in unnecessarily delaying a rename operation but also can later on make us generate an incorrect name for a new inode in the send snapshot that has the same number as another inode in the parent snapshot but a different generation. Here follows an example where this happens. Parent snapshot: . (ino 256, gen 3) |--- dir258/ (ino 258, gen 7) | |--- dir257/ (ino 257, gen 7) | |--- dir259/ (ino 259, gen 7) Send snapshot: . (ino 256, gen 3) |--- file258 (ino 258, gen 10) | |--- new_dir259/ (ino 259, gen 10) |--- dir257/ (ino 257, gen 7) The following steps happen when computing the incremental send stream: 1) When processing inode 257, its new parent is created using its orphan name (o257-21-0), and the rename operation for inode 257 is delayed because its new parent (inode 259) was not yet processed - this decision to delay the rename operation does not make much sense because the inode 259 in the send snapshot is a new inode, it's not the same as inode 259 in the parent snapshot. 2) When processing inode 258 we end up delaying its rmdir operation, because inode 257 was not yet renamed (moved away from the directory inode 258 represents). We also create the new inode 258 using its orphan name "o258-10-0", then rename it to its final name of "file258" and then issue a truncate operation for it. However this truncate operation contains an incorrect name, which corresponds to the orphan name and not to the final name, which makes the receiver fail. This happens because when we attempt to compute the inode's current name we verify that there's another inode with the same number (258) that has its rmdir operation pending and because of that we generate an orphan name for the new inode 258 (we do this in the function get_cur_path()). Fix this by not delayed the rename operation of an inode if it has parents with the same number but different generations in both snapshots. The following steps reproduce this example scenario. $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ mkdir /mnt/dir257 $ mkdir /mnt/dir258 $ mkdir /mnt/dir259 $ mv /mnt/dir257 /mnt/dir258/dir257 $ btrfs subvolume snapshot -r /mnt /mnt/snap1 $ mv /mnt/dir258/dir257 /mnt/dir257 $ rmdir /mnt/dir258 $ rmdir /mnt/dir259 # Remount the filesystem so that the next created inodes will have the # numbers 258 and 259. This is because when a filesystem is mounted, # btrfs sets the subvolume's inode counter to a value corresponding to # the highest inode number in the subvolume plus 1. This inode counter # is used to assign a unique number to each new inode and it's # incremented by 1 after very inode creation. # Note: we unmount and then mount instead of doing a mount with # "-o remount" because otherwise the inode counter remains at value 260. $ umount /mnt $ mount /dev/sdb /mnt $ touch /mnt/file258 $ mkdir /mnt/new_dir259 $ mv /mnt/dir257 /mnt/new_dir259/dir257 $ btrfs subvolume snapshot -r /mnt /mnt/snap2 $ btrfs send /mnt/snap1 -f /tmp/1.snap $ btrfs send -p /mnt/snap1 /mnt/snap2 -f /tmp/2.snap $ umount /mnt $ mkfs.btrfs -f /dev/sdc $ mount /dev/sdc /mnt $ btrfs receive /mnt -f /tmo/1.snap $ btrfs receive /mnt -f /tmo/2.snap -vv receiving snapshot mysnap2 uuid=e059b6d1-7f55-f140-8d7c-9a3039d23c97, ctransid=10 parent_uuid=77e98cb6-8762-814f-9e05-e8ba877fc0b0, parent_ctransid=7 utimes mkdir o259-10-0 rename dir258 -> o258-7-0 utimes mkfile o258-10-0 rename o258-10-0 -> file258 utimes truncate o258-10-0 size=0 ERROR: truncate o258-10-0 failed: No such file or directory Reported-by: Robbie Ko Signed-off-by: Filipe Manana fs/btrfs/send.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) commit 4dd9920d991745c4a16f53a8f615f706fbe4b3f7 Author: Robbie Ko Date: Thu Jan 5 16:24:55 2017 +0800 Btrfs: send, fix failure to rename top level inode due to name collision Under certain situations, an incremental send operation can fail due to a premature attempt to create a new top level inode (a direct child of the subvolume/snapshot root) whose name collides with another inode that was removed from the send snapshot. Consider the following example scenario. Parent snapshot: . (ino 256, gen 8) |---- a1/ (ino 257, gen 9) |---- a2/ (ino 258, gen 9) Send snapshot: . (ino 256, gen 3) |---- a2/ (ino 257, gen 7) In this scenario, when receiving the incremental send stream, the btrfs receive command fails like this (ran in verbose mode, -vv argument): rmdir a1 mkfile o257-7-0 rename o257-7-0 -> a2 ERROR: rename o257-7-0 -> a2 failed: Is a directory What happens when computing the incremental send stream is: 1) An operation to remove the directory with inode number 257 and generation 9 is issued. 2) An operation to create the inode with number 257 and generation 7 is issued. This creates the inode with an orphanized name of "o257-7-0". 3) An operation rename the new inode 257 to its final name, "a2", is issued. This is incorrect because inode 258, which has the same name and it's a child of the same parent (root inode 256), was not yet processed and therefore no rmdir operation for it was yet issued. The rename operation is issued because we fail to detect that the name of the new inode 257 collides with inode 258, because their parent, a subvolume/snapshot root (inode 256) has a different generation in both snapshots. So fix this by ignoring the generation value of a parent directory that matches a root inode (number 256) when we are checking if the name of the inode currently being processed collides with the name of some other inode that was not yet processed. We can achieve this scenario of different inodes with the same number but different generation values either by mounting a filesystem with the inode cache option (-o inode_cache) or by creating and sending snapshots across different filesystems, like in the following example: $ mkfs.btrfs -f /dev/sdb $ mount /dev/sdb /mnt $ mkdir /mnt/a1 $ mkdir /mnt/a2 $ btrfs subvolume snapshot -r /mnt /mnt/snap1 $ btrfs send /mnt/snap1 -f /tmp/1.snap $ umount /mnt $ mkfs.btrfs -f /dev/sdc $ mount /dev/sdc /mnt $ touch /mnt/a2 $ btrfs subvolume snapshot -r /mnt /mnt/snap2 $ btrfs receive /mnt -f /tmp/1.snap # Take note that once the filesystem is created, its current # generation has value 7 so the inode from the second snapshot has # a generation value of 7. And after receiving the first snapshot # the filesystem is at a generation value of 10, because the call to # create the second snapshot bumps the generation to 8 (the snapshot # creation ioctl does a transaction commit), the receive command calls # the snapshot creation ioctl to create the first snapshot, which bumps # the filesystem's generation to 9, and finally when the receive # operation finishes it calls an ioctl to transition the first snapshot # (snap1) from RW mode to RO mode, which does another transaction commit # and bumps the filesystem's generation to 10. $ rm -f /tmp/1.snap $ btrfs send /mnt/snap1 -f /tmp/1.snap $ btrfs send -p /mnt/snap1 /mnt/snap2 -f /tmp/2.snap $ umount /mnt $ mkfs.btrfs -f /dev/sdd $ mount /dev/sdd /mnt $ btrfs receive /mnt /tmp/1.snap # Receive of snapshot snap2 used to fail. $ btrfs receive /mnt /tmp/2.snap Signed-off-by: Robbie Ko Reviewed-by: Filipe Manana [Rewrote changelog to be more precise and clear] Signed-off-by: Filipe Manana fs/btrfs/send.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit b2e3c4319d40c9055c3c587cdb82ba69b50e919d Merge: c61c15e0 db27dd0 Author: Linus Torvalds Date: Thu Feb 23 15:57:04 2017 -0800 Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC driver updates from Arnd Bergmann: "Driver updates for ARM SoCs. A handful of driver changes this time around. The larger changes are: - Reset drivers for hi3660 and zx2967 - AHCI driver for Davinci, acked by Tejun and brought in here due to platform dependencies - Cleanups of atmel-ebi (External Bus Interface) - Tweaks for Rockchip GRF (General Register File) usage (kitchensink misc register range on the SoCs) - PM domains changes for support of two new ZTE SoCs (zx296718 and zx2967)" * tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (53 commits) soc: samsung: pmu: Add register defines for pad retention control reset: make zx2967 explicitly non-modular reset: core: fix reset_control_put soc: samsung: pm_domains: Read domain name from the new label property soc: samsung: pm_domains: Remove message about failed memory allocation soc: samsung: pm_domains: Remove unused name field soc: samsung: pm_domains: Use full names in subdomains registration log sata: ahci-da850: un-hardcode the MPY bits sata: ahci-da850: add a workaround for controller instability sata: ahci: export ahci_do_hardreset() locally sata: ahci-da850: implement a workaround for the softreset quirk sata: ahci-da850: add device tree match table sata: ahci-da850: get the sata clock using a connection id soc: samsung: pmu: Remove duplicated define for ARM_L2_OPTION register memory: atmel-ebi: Enable the SMC clock if specified soc: samsung: pmu: Remove unused and duplicated defines memory: atmel-ebi: Properly handle multiple reference to the same CS memory: atmel-ebi: Fix the test to enable generic SMC logic soc: samsung: pm_domains: Add new Exynos5433 compatible soc: samsung: pmu: Add dummy support for Exynos5433 SoC ... commit c61c15e08abb4365f100e411604b57a03ee5ae90 Merge: 195849e cbab319 Author: Linus Torvalds Date: Thu Feb 23 15:52:14 2017 -0800 Merge tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM 64-bit DT updates from Arnd Bergmann: "ARM64 DT updates are fairly small this time, only two new SoCs and a handful of new machines get added, all of them similar to other hardware we already support. New SoC: - HiSilicon Kirin960/Hi3660 and HiKey960 development board - NXP LS1012a with three reference boards: http://www.nxp.com/products/microcontrollers-and-processors/arm-processors/qoriq-layerscape-arm-processors/qoriq-layerscape-1012a-low-power-communication-processor:LS1012A New development board: - Banana Pi M64, based on Allwinner A64: http://www.banana-pi.org/m64.html - SolidRun MACCHIATOBin based on Marvell Armada 8K: https://www.solid-run.com/marvell-armada-family/armada-8040-community-board/ - Broadcom BCM958712DxXMC NorthStar2 reference board (another one) A lot of platforms improve support for existing machines by adding extra devices for which a binding and driver is availabe: Allwinner: - MMC, USB ARM Juno: - Coresight, STM Broadcom: - NS2 GICv2m irqchip and PCIe Marvell: - Armada 3700 SPI, I2C, ethernet switch Mediatek: - MT8173 thermal NXP i.MX: - LS1046A thermal Qualcomm: - coresight on MSM8916, HDMI, WCNSS, SCM Renesas: - r8a779[56] thermal, powerdomain, ethernet, sound, pwm, can, can fd Rockchip: - thermal, eDP, pinctrl enhancements Samsung: - TM2 touchkey, Exynos5433 HDMI and power management improvements UniPhier: - SD reset, eMMC controller ZTE: - oppv2 cpufreq" * tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (110 commits) arm64: dts: qcom: Add msm8916 CoreSight components arm64: dts: marvell: adjust name of sd-mmc-gop clock in syscon arm64: allwinner: add BananaPi-M64 support arm64: allwinner: a64: add UART1 pin nodes arm64: allwinner: pine64: add MMC support arm64: allwinner: a64: Increase the MMC max frequency arm64: allwinner: a64: Add MMC pinctrl nodes arm64: allwinner: a64: Add MMC nodes dt-bindings: clockgen: Add compatible string for LS1012A Documentation: DT: add LS1012A compatible for SCFG and DCFG Documentation: DT: Add entry for FSL LS1012A RDB, FRDM, QDS boards arm64: dts: marvell: add generic-ahci compatibles for CP110 ahci arm64: tegra: Use symbolic reset identifiers arm64: dts: r8a7796: Mark EthernetAVB device node disabled arm64: dts: r8a7795: Mark EthernetAVB device node disabled arm64: dts: r8a7795: tidyup audma definition order arm64: dts: r8a7796: Link ARM GIC to clock and clock domain arm64: dts: r8a7795: Link ARM GIC to clock and clock domain arm64: dts: r8a7796: Add R-Car Gen3 thermal support arm64: dts: r8a7795: Add R-Car Gen3 thermal support ... commit 195849ea13549dc2390b7db7d80a22d76f73dfae Merge: 54fff78 a25996e Author: Linus Torvalds Date: Thu Feb 23 15:46:25 2017 -0800 Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM DT updates from Arnd Bergmann: "A total of 380 patches this time, mostly adding support for more hardware in the device tree descriptions. There is not much exciting here for 4.11, but I've tried my best to condense the information from the pull requests I got into a readable summary. Noteworthy changes to existing platforms include: - The GIC memory map was a bit wrong almost everywhere and now gets fixed up - The Allwinner platforms convert to the generic pinmux properties - The Marvell EBU platforms now use the new DSA binding - Samsung Exynos4212 was unused and gets removed - The Renesas power management got improved New production machines: - Lego Mindstorms EV3: https://www.lego.com/en-us/mindstorms/about-ev3 - Beelink X2 Android media box: http://linux-sunxi.org/Beelink_X2 - "Romulus" baseboard management controller for OpenPower - Axentia TSE-850 Data Radio Channel (DARC) encoder: http://www.axentia.se/db/equipment.html - Luxul XAP-1410 and XWR-1200 wireless access points: https://luxul.com/xap-1410 New SoCs: - Allwinner H2+ and V3s, both minor variations of already supported chips: http://www.allwinnertech.com/index.php?c=product&a=index&id=38 - Marvell Prestera DX packet processors based on Armada XP architecture: http://www.marvell.com/switching/prestera-dx/ - Samsung Exynos4412 Prime gets added, a minor variation of Exynos4412 New developer and reference boards: - Lichee Pi One, Lichee Pi Zero and Orange Pi Zero, all based on Allwinner SoCs: http://linux-sunxi.org/LicheePi_One http://www.orangepi.org/orangepizero/ - SAMA5d36ek Reference platform: http://www.atmel.com/tools/sama5d36-ek.aspx - Beaglebone Green Wireless and Black Wireless: https://beagleboard.org/black-wireless https://beagleboard.org/green-wireless - phyCORE-AM335x System on Module: http://phytec.com/products/system-on-modules/phycore/am335x/ - New revision of "vf610-zii" Zodiac Inflight Innovations board - Various i.MX System-on-Module: Is.IoT MX6UL, SavageBoard, Engicam i.Core: http://www.opossom.com/english/index.html http://www.savageboard.org/ http://www.engicam.com/en/products/embedded/som/sodimm/is-iot-mx6ul http://www.engicam.com/en/products/embedded/som/sodimm/i-core-m6s-dl-d-q - Liebherr (LWN) monitor 6 based on i.MX6 Quad, no idea what this is - Cleanups and bugfixes on at91, bcm53xx, i.MX, mvebu, omap, oxnas, qcom, rockchip, sti, stm32 and tegra New device supports added to some boards and SoCs, briefly by platform: - Allwinner: SPDIF, A33 cpufreq, A33 Mali GPU - Aspeed: network, ipmi bt, gpio, pinmux - Broadcom: video encoder for raspberry pi, qspi, ethernet, sd/mmc - TI DaVinci: gpio, lcdc, usb, video-in, uart - TI Keystone 2: MSM RAM, power/reset, uart - Mediatek MT2701: clocks, iommu, spi, nand, adc, thermal - Marvell EBU: ethernet switch on Turris Omnia - NXP i.MX: otp ram, USB, wifi, bluetooth, spdif, spi, pmic, eeprom, mmc, nand - TI OMAP: - Qualcomm: coresight, gyro/accelerometer, hdmi - Renesas: pmic, soc-id - Rockchip: qos - Samsung: audio on Odroid-X - Socfpga: FPGA manager, i2c, led, can, watchdog, nand, power monitor - STi: video in/out - STM32: timer, pwm, i2c, rtc, add, i2s - NVIDIA Tegra: tpm - Uniphier: mmc/sd pinmux" * tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (380 commits) ARM: dts: armada-385-linksys: fix DSA compatible property ARM: dts: Fix typo in armada-xp-98dx4251 ARM: DTS: Fix register map for virt-capable GIC dt-bindings: arm,gic: Fix binding example for a virt-capable GIC ARM: dts: sun8i: sinlinx: Enable audio nodes ARM: dts: sun8i: parrot: Enable audio nodes ARM: dts: sun8i: Add audio codec, dai and card for A33 ARM: dts: Add EMAC AXI settings for Arria10 ARM: dts: am335x-chiliboard: Support charger ARM: dts: am335x-chiliboard: Support power button ARM: sun8i: dt: Add mali node dt-bindings: gpu: Add Mali Utgard bindings ARM: dts: stm32: Add I2C1 support for STM32429 eval board ARM: dts: stm32: Add I2C1 support for STM32F429 SoC ARM: dts: stm32: Use clock DT binding definition on stm32f429 family dt-bindings: mfd: stm32f4: Add missing binding definition dt-bindings: mfd: stm32f4: Fix STM32F4_X_CLOCK() macro ARM: dts: stm32: Enable pwm1 and pwm3 for stm32f469-disco ARM: dts: stm32: add Timers driver for stm32f429 MCU ARM: dts: add the AB8500 sysclk to the device trees ... commit 54fff785db6e44208478ae3b0e5c56b853b3e10d Merge: c35675f ddf5cf0 Author: Linus Torvalds Date: Thu Feb 23 15:39:32 2017 -0800 Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC defconfig updates from Arnd Bergmann: "Defconfig additions, removals, etc. Almost all of them just turn on drivers that we want on some platform, usually after the driver has been merged into mainline. There is now a new defconfig file for tango4" * tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (44 commits) ARM: multi_v7_defconfig: enable pstore configs ARM: multi_v7_defconfig: enable some newly added crypto modules ARM: davinci_all_defconfig: enable SATA modules arm64: defconfig: enable CONFIG_MTD_NAND and CONFIG_MTD_NAND_DENALI_DT arm64: defconfig: enable CONFIG_MTD_BLOCK ARM: Import tango4_defconfig ARM: omap2plus_defconfig: Enable support for RTC M41T80 ARM: omap2plus_defconfig: Enable support for micrell phys ARM: vf610m4: defconfig: enable EXT4 filesystem ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 arm64: defconfig: Enable NUMA and NUMA_BALANCING arm64: defconfig: enable SMMUv3 config ARM: davinci_all_defconfig: enable iio ARM: Keystone: Enable ARCH_HAS_RESET_CONTROLLER ARM: configs: stm32: Add RTC support in STM32 defconfig ARM: defconfig: qcom: add APQ8060 DragonBoard devices ARM: qcom_defconfig: enable thermal sensors ARM: qcom_defconfig: add ahci configs ARM: qcom_defconfig: add pcie and atl1c ethernet configs ARM: qcom_defconfig: add usb related configs ... commit c35675f351b9f13062cfd0fac762615e703af2af Merge: 6ae52c6 971d33c Author: Linus Torvalds Date: Thu Feb 23 15:35:57 2017 -0800 Merge tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC 64-bit updates from Arnd Bergmann: "Changes to platform code for 64-bit ARM platforms, only trivial stuff this time, a few defconfig changes to enable drivers, and a new entry for the Cavium ThunderX2 platform" * tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: MAINTAINERS: Add Cavium ThunderX2 entry arm64: add ARCH_THUNDER2 to defconfig arm64: add THUNDER2 processor family MAINTAINERS: Extend ARM/Mediatek SoC support section arm64: defconfig: enable CONFIG_MMC_SDHCI_CADENCE arm64: defconfig: enable XORv2 for Marvell Armada 7K/8K commit 6ae52c65e01991426e87bb0fb8a2ac9e032db7b1 Merge: af8999f af1d09e Author: Linus Torvalds Date: Thu Feb 23 15:33:54 2017 -0800 Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC platform updates from Arnd Bergmann: "In the SoC branch we normally collect classic arch/arm/mach-* contents, i.e. C code changes for SoC platforms. This release cycle the diffstat is quite nice, in that we're removing 3x the amount of code that's being added. The main reason for this is that there's a removal of camera drivers for Freescale i.MX chips (driver was removed so the device registration isn't needed any more). There's also removal of display initialization code for OMAP that is no longer needed. The rest are mostly minor tweaks and cleanups; constification on Samsung platforms, cleanup of ux500 platform data, purge of other unused platform data/device seutp on i.MX and other good stuff. New SoC support this cycle is for two Allwinner platforms, H2+ and V3s" * tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (55 commits) ARM: ux500: remove deleted file from Makefile ARM: ep93xx: Disable TS-72xx watchdog before uncompressing ARM: ux500: cut some platform data MAINTAINERS: Update for the current location of the bcm2835 tree. ARM: davinci: remove BUG_ON() from da850_register_sata() ARM: davinci: da850: model the SATA refclk ARM: davinci: da850: add con_id for the SATA clock ARM: davinci: da8xx-dt: add OF_DEV_AUXDATA entry for SATA arm: mvebu: support for SMP on 98DX3336 SoC dt-bindings: video: exynos7-decon: Remove obsolete samsung,power-domain property soc: dove: constify reset_control_ops structures ARM: mv78xx0: fix possible PCI buffer overflow MAINTAINERS: transfer maintainership for the EZX platform ARM: shmobile: rcar-gen2: Add more register documentation ARM: tegra: paz00: Fix __initdata placement ARM: OMAP: clock: Remove unused mpurate cmdline option ARM: davinci: add skeleton for pdata-quirks arm: sunxi: add support for V3s SoC ARM: OMAP2+: omap_hwmod: Add support for earlycon arm: hisi: drop extern hip01_cpu_die ... commit af8999f672421776417977101c3e1f334414c065 Merge: 60e8d3e 92f3e6e Author: Linus Torvalds Date: Thu Feb 23 15:28:04 2017 -0800 Merge tag 'armsoc-fixes-nc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC non-urgent fixes from Arnd Bergmann: "We sometimes collect non-critical fixes that come in during the later part of the merge window in a branch for the next release instead, and this is that contents for v4.11. Most of these are OMAP fixes, dealing with OMAP36/37 detection, quirks and setup. There's also some fixes for Davinci and a Kconfig fix for SCPI to only enable on ARM{,64}" * tag 'armsoc-fixes-nc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: firmware: arm_scpi: Add hardware dependencies ARM: OMAP3: Fix SoC detection of OMAP36/37 Family ARM: OMAP5: Add HWMOD_SWSUP_SIDLE_ACT flag for UART ARM: dts: Fix compatible for ti81xx uarts for 8250 ARM: dts: Fix am335x and dm814x scm syscon to probe children ARM: OMAP2+: Fix init for multiple quirks for the same SoC ARM: dts: Fix omap3 off mode pull defines bus: da850-mstpri: fix my e-mail address ARM: davinci: da850: fix da850_set_pll0rate() ARM: davinci: da850: coding style fix commit 1e8ad3d8da4763b238d09244d4d1177aa640c0d3 Merge: 894ebc4 187368a Author: Dave Airlie Date: Fri Feb 24 08:35:23 2017 +1000 Merge branch 'drm-next-4.11' of git://people.freedesktop.org/~agd5f/linux into drm-next Some ttm/amd fixes. * 'drm-next-4.11' of git://people.freedesktop.org/~agd5f/linux: drm/amd/powerplay: fix PSI feature on Polars12. drm/amdgpu: refuse to reserve io mem for split VRAM buffers drm/ttm: fix use-after-free races in vm fault handling drm/amd/amdgpu: post card if there is real hw resetting performed commit 894ebc414d4688da732a185954ca23c5d11900d0 Merge: 84f7174 eaeebff Author: Dave Airlie Date: Fri Feb 24 08:29:03 2017 +1000 Merge tag 'drm/panel/for-4.11-rc1' of git://anongit.freedesktop.org/tegra/linux into drm-next drm/panel: Changes for v4.11-rc1 This set contains a couple of cleanups as well as support for a few more simple panels. * tag 'drm/panel/for-4.11-rc1' of git://anongit.freedesktop.org/tegra/linux: drm/panel: simple: Specify bus width and flags for EDT displays drm/panel: simple: Add Netron DY E231732 of: Add vendor prefix for Netron DY drm/panel: simple: Add support for Tianma TM070JDHG30 of: Add vendor prefix for Tianma Micro-electronics drm/panel: simple: Add support BOE NV101WXMN51 dt-bindings: display: Add BOE NV101WXMN51 panel binding drm/panel: Constify device node argument to of_drm_find_panel() commit 84f7174b4f793898aaeec0213c6c69ad300f4bc4 Merge: f81fa76 7b1d418 Author: Dave Airlie Date: Fri Feb 24 08:26:48 2017 +1000 Merge tag 'drm/tegra/for-4.11-rc1' of git://anongit.freedesktop.org/tegra/linux into drm-next drm/tegra: Changes for v4.11-rc1 Just a single change that hooks up the Tegra DRM parent device to the correct device tree node. * tag 'drm/tegra/for-4.11-rc1' of git://anongit.freedesktop.org/tegra/linux: gpu: host1x: Set OF node for new host1x devices commit 2559a1ef688f933835912c731bed2254146a9b04 Author: Finn Thain Date: Thu Feb 23 09:08:02 2017 +1100 scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m The mac_scsi driver still gets disabled when SCSI=m. This should have been fixed back when I enabled the tristate but I didn't see the bug. Fixes: 6e9ae6d560e1 ("[PATCH] mac_scsi: Add module option to Kconfig") Signed-off-by: Finn Thain Signed-off-by: Martin K. Petersen drivers/scsi/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ed92d8c137b7794c2c2aa14479298b9885967607 Author: Weston Andros Adamson Date: Thu Feb 23 14:54:21 2017 -0500 NFSv4: fix getacl ERANGE for some ACL buffer sizes We're not taking into account that the space needed for the (variable length) attr bitmap, with the result that we'd sometimes get a spurious ERANGE when the ACL data got close to the end of a page. Just add in an extra page to make sure. Signed-off-by: Weston Andros Adamson Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit 6682c14bbe505a8b912c57faf544f866777ee48d Author: J. Bruce Fields Date: Thu Feb 23 14:53:39 2017 -0500 NFSv4: fix getacl head length estimation Bitmap and attrlen follow immediately after the op reply header. This was an oversight from commit bf118a342f. Consequences of this are just minor efficiency (extra calls to xdr_shrink_bufhead). Fixes: bf118a342f10 "NFSv4: include bitmap in nfsv4 get acl data" Reviewed-by: Kinglong Mee Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields Signed-off-by: Anna Schumaker fs/nfs/nfs4xdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ebe73647fb3895b75544cecdb6766a517fbf03d6 Author: Don Brace Date: Thu Feb 23 08:57:20 2017 -0600 scsi: cciss: correct check map error. Remove device driver failed to check map error messages Reported-by: Johnny Bieren Tested-by: Johnny Bieren Reviewed-by: Scott Teel Signed-off-by: Don Brace Signed-off-by: Martin K. Petersen drivers/block/cciss.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) commit 669a311b6ecc4eeb367a269bdd5f4e143caddb9c Author: Colin Ian King Date: Thu Feb 23 10:57:23 2017 +0000 scsi: qla2xxx: fix spelling mistake: "seperator" -> "separator" Trivial fix to spelling mistake in pr_err message Signed-off-by: Colin Ian King Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/tcm_qla2xxx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d08d1b27fe2a7f6923952613f5fab56ae47a6f5b Author: Viresh Kumar Date: Wed Feb 22 13:58:52 2017 +0530 PM / QoS: Remove global notifiers They were never used in the kernel, so get rid of them. Signed-off-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki Documentation/power/pm_qos_interface.txt | 13 +-------- drivers/base/power/qos.c | 50 +++----------------------------- include/linux/pm_qos.h | 8 ----- 3 files changed, 5 insertions(+), 66 deletions(-) commit 35bfa99e81f45079728f6b2ac553dabb0bc62c7d Author: Christophe Jaillet Date: Tue Feb 21 21:41:53 2017 +0100 PM / runtime: Fix some typos Signed-off-by: Christophe Jaillet Acked-by: Pavel Machek Signed-off-by: Rafael J. Wysocki Documentation/power/runtime_pm.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a56e574067c20d01d8fc74863fa187dd66da7b94 Author: Raghava Aditya Renukunta Date: Wed Feb 22 07:23:13 2017 -0800 scsi: aacraid: Fixed expander hotplug for SMART family Current driver Hotplug processing code skips over Enclosure channel, therefore any addition/removal of expander enclosure is not processed. Additionally device addition code relies on older device type, which prevents the hotplug of adapter expanders. Fixed by removing code that skips over Enclosure channels and using the latest device type for addition or removal or enclosure expanders. Fixes: 6223a39fe6fbbeef (scsi: aacraid: Added support for hotplug) Signed-off-by: Raghava Aditya Renukunta Reviewed-by: Dave Carroll Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commsup.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 17b4eaf475684bd12aeecf358a7ea6e3bec871a5 Author: Tang Yuantian Date: Tue Feb 21 14:51:24 2017 +0800 cpufreq: qoriq: clean up unused code This snip code is not needed anymore since its user get_hard_smp_processor_id() has been removed. Signed-off-by: Tang Yuantian Acked-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki drivers/cpufreq/qoriq-cpufreq.c | 4 ---- 1 file changed, 4 deletions(-) commit 1d55abc0e98a0bf35f3af80665aac564e3b30572 Author: Hannes Reinecke Date: Wed Feb 22 11:31:41 2017 +0100 scsi: mpt3sas: switch to pci_alloc_irq_vectors Cleanup the MSI-X handling allowing us to use the PCI-layer provided vector allocation. Signed-off-by: Hannes Reinecke Reviewed-by: Christoph Hellwig Acked-by: Sreekanth Reddy Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_base.c | 105 +++++++++++++++++------------------- drivers/scsi/mpt3sas/mpt3sas_base.h | 2 - 2 files changed, 48 insertions(+), 59 deletions(-) commit 8cc311167c22f9365304b2b20225df2d881c8843 Author: Andrzej Hajda Date: Mon Feb 20 19:57:57 2017 +0100 PM / OPP: fix off-by-one bug in dev_pm_opp_get_max_volt_latency loop Reading array at given index before checking if index is valid results in illegal memory access. The bug was detected using KASAN framework. Signed-off-by: Andrzej Hajda Acked-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki drivers/base/power/opp/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1afca6b5f31616d330fb64a0c87060640a75ff6a Author: Dupuis, Chad Date: Thu Feb 23 07:01:03 2017 -0800 scsi: qedf: fixup compilation warning about atomic_t usage Based on an original patch by Hannes Reinecke. The driver didn't follow the atomic_t vs refcount_t change, and anyway one should be using kref_read() instead of accessing the counter inside an kref. Fixes: 61d8658b4a435e ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.) Cc: Hannes Reinecke Cc: Nilesh Javali Signed-off-by: Dupuis, Chad Signed-off-by: Martin K. Petersen drivers/scsi/qedf/qedf_els.c | 6 +++--- drivers/scsi/qedf/qedf_io.c | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) commit fcbfffe2c5cbec0c1721b2261c316b961ad50208 Author: Christoph Hellwig Date: Thu Feb 23 16:02:37 2017 +0100 scsi: remove scsi_execute_req_flags And switch all callers to use scsi_execute instead. Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/device_handler/scsi_dh_alua.c | 16 ++++++---------- drivers/scsi/device_handler/scsi_dh_emc.c | 7 +++---- drivers/scsi/device_handler/scsi_dh_hp_sw.c | 10 ++++------ drivers/scsi/device_handler/scsi_dh_rdac.c | 7 +++---- drivers/scsi/scsi_lib.c | 11 ----------- drivers/scsi/sd.c | 9 ++++----- drivers/scsi/ufs/ufshcd.c | 10 +++++----- include/scsi/scsi_device.h | 8 ++------ 8 files changed, 27 insertions(+), 51 deletions(-) commit 76aaf87b4cdc7f7115a32e4fda88310d42ce7fde Author: Christoph Hellwig Date: Thu Feb 23 16:02:36 2017 +0100 scsi: merge __scsi_execute into scsi_execute All but one caller want the decoded sense header, so offer the existing __scsi_execute helper as the public scsi_execute API to simply the callers. Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/ata/libata-scsi.c | 12 ++++------ drivers/scsi/cxlflash/superpipe.c | 8 +++---- drivers/scsi/cxlflash/vlun.c | 4 ++-- drivers/scsi/scsi_lib.c | 48 +++++++++++++++++---------------------- drivers/scsi/scsi_transport_spi.c | 24 ++++++++------------ drivers/scsi/sr_ioctl.c | 19 +++------------- include/scsi/scsi_device.h | 5 ++-- 7 files changed, 46 insertions(+), 74 deletions(-) commit 2da835452a0875866ca55d23126c77b9372f0015 Author: Ulf Hansson Date: Fri Feb 17 10:55:25 2017 +0100 PM / Domains: Power off masters immediately in the power off sequence Once a subdomain is powered off, genpd queues a power off work for each of the subdomain's corresponding masters, thus postponing the masters to be powered off to a later point. When genpd used intermediate power off states, which was removed in commit ba2bbfbf6307 ("PM / Domains: Remove intermediate states from the power off sequence"), this behaviour made sense, but now it simply doesn't. Genpd can easily try to power off the masters in the same context as the subdomain, of course by acquiring/releasing the lock. Then, let's convert to this behaviour, as it avoids unnecessary works from being queued. Signed-off-by: Ulf Hansson Signed-off-by: Rafael J. Wysocki drivers/base/power/domain.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 3c64649d1cf9f32fd16491e69ccc16385e0ef421 Author: Ulf Hansson Date: Fri Feb 17 10:55:24 2017 +0100 PM / Domains: Rename is_async to one_dev_on for genpd_power_off() The parameter name is_async, for genpd_power_off() gives a poor description of its purpose. To clarify, let's rename it to one_dev_on and update the documentation of it in the function header. Signed-off-by: Ulf Hansson Signed-off-by: Rafael J. Wysocki drivers/base/power/domain.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 1f8728b7adc4c2b351cda886a6916087595c9125 Author: Ulf Hansson Date: Fri Feb 17 10:55:23 2017 +0100 PM / Domains: Move genpd_power_off() above genpd_power_on() Following changes in genpd_power_on() makes it invoke genpd_power_off(). To enable these changes and avoiding to declare genpd_power_off(), let's move its implementation above genpd_power_on(). In this way, following changes should become easier to review. Signed-off-by: Ulf Hansson Signed-off-by: Rafael J. Wysocki drivers/base/power/domain.c | 162 ++++++++++++++++++++++---------------------- 1 file changed, 81 insertions(+), 81 deletions(-) commit f107548039807eb890e65ce5cd29d6ac52562f09 Author: Dan Carpenter Date: Thu Feb 23 13:39:59 2017 +0300 ceph: tidy some white space in get_nonsnap_parent() The white space here seems slightly messed up. Signed-off-by: Dan Carpenter Signed-off-by: Ilya Dryomov fs/ceph/mds_client.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 7ba0487cca6199cc19bffd34c00df4ea70ac032a Author: Ilya Dryomov Date: Thu Feb 16 15:38:05 2017 +0100 crush: fix dprintk compilation The syntax error was not noticed because dprintk is a macro and the code is discarded by default. Reflects ceph.git commit f29b840c64a933b2cb13e3da6f3d785effd73a57. Signed-off-by: Ilya Dryomov net/ceph/crush/mapper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 98ba6af728de99953e25e550dbeca588c258ef03 Author: Ilya Dryomov Date: Thu Feb 16 15:21:15 2017 +0100 crush: do is_out test only if we do not collide The is_out() test may require an additional hashing operation, so we should skip it whenever possible. Reflects ceph.git commit db107cc7f15cf2481894add325dc93e33479f529. Signed-off-by: Ilya Dryomov net/ceph/crush/mapper.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 47b1f6fd6ebc8b6b72a5aee39cb0513a38e9c099 Author: Dmitry V. Levin Date: Thu Feb 23 05:49:28 2017 +0300 uapi: stop including linux/sysctl.h in uapi/linux/netfilter.h linux/netfilter.h is the last uapi header file that includes linux/sysctl.h but it does not depend on definitions provided by this essentially dead header file. Suggested-by: Eric W. Biederman Signed-off-by: Dmitry V. Levin Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter.h | 1 - 1 file changed, 1 deletion(-) commit 427345d61297f5a501114b2c02e6af06a9768788 Author: Florian Westphal Date: Mon Feb 13 22:26:49 2017 +0100 netfilter: nft_ct: fix random validation errors for zone set support Dan reports: net/netfilter/nft_ct.c:549 nft_ct_set_init() error: uninitialized symbol 'len'. Reported-by: Dan Carpenter Fixes: edee4f1e924582 ("netfilter: nft_ct: add zone id set support") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_ct.c | 1 + 1 file changed, 1 insertion(+) commit 1ec492232ed659acde8cc00b9ecc7529778e03e1 Author: Shaohua Li Date: Tue Feb 21 14:27:57 2017 -0800 md/raid1: fix write behind issues introduced by bio_clone_bioset_partial There are two issues, introduced by commit 8e58e32(md/raid1: use bio_clone_bioset_partial() in case of write behind): - bio_clone_bioset_partial() uses bytes instead of sectors as parameters - in writebehind mode, we return bio if all !writemostly disk bios finish, which could happen before writemostly disk bios run. So all writemostly disk bios should have their bvec. Here we just make sure all bios are cloned instead of fast cloned. Reviewed-by: Ming Lei Signed-off-by: Shaohua Li drivers/md/raid1.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) commit aff8da09f2381f0869faaf6637b0d892a3ee99ed Author: Shaohua Li Date: Tue Feb 21 10:56:19 2017 -0800 md/raid1: handle flush request correctly I got a warning triggered in align_to_barrier_unit_end. It's a flush request so sectors == 0. The flush request happens to work well without the new barrier patch, but we'd better handle it explictly. Cc: NeilBrown Acked-by: Coly Li Signed-off-by: Shaohua Li drivers/md/raid1.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit d939cdfde34f50b95254b375f498447c82190b3e Author: Shaohua Li Date: Tue Feb 21 11:57:01 2017 -0800 md/linear: shutup lockdep warnning Commit 03a9e24(md linear: fix a race between linear_add() and linear_congested()) introduces the warnning. Acked-by: Coly Li Signed-off-by: Shaohua Li drivers/md/linear.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 60e8d3e11645a1b9c4197d9786df3894332c1685 Merge: 190c3ee c4d052c Author: Linus Torvalds Date: Thu Feb 23 11:53:22 2017 -0800 Merge tag 'pci-v4.11-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI updates from Bjorn Helgaas: - add ASPM L1 substate support - enable PCIe Extended Tags when supported - configure PCIe MPS settings on iProc, Versatile, X-Gene, and Xilinx - increase VPD access timeout - add ACS quirks for Intel Union Point, Qualcomm QDF2400 and QDF2432 - use new pci_irq_alloc_vectors() in more drivers - fix MSI affinity memory leak - remove unused MSI interfaces and update documentation - remove unused AER .link_reset() callback - avoid pci_lock / p->pi_lock deadlock seen with perf - serialize sysfs enable/disable num_vfs operations - move DesignWare IP from drivers/pci/host/ to drivers/pci/dwc/ and refactor so we can support both hosts and endpoints - add DT ECAM-like support for HiSilicon Hip06/Hip07 controllers - add Rockchip system power management support - add Thunder-X cn81xx and cn83xx support - add Exynos 5440 PCIe PHY support * tag 'pci-v4.11-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: (93 commits) PCI: dwc: Remove dependency of designware on CONFIG_PCI PCI: dwc: Add CONFIG_PCIE_DW_HOST to enable PCI dwc host PCI: dwc: Split pcie-designware.c into host and core files PCI: dwc: designware: Fix style errors in pcie-designware.c PCI: dwc: designware: Parse "num-lanes" property in dw_pcie_setup_rc() PCI: dwc: all: Split struct pcie_port into host-only and core structures PCI: dwc: designware: Get device pointer at the start of dw_pcie_host_init() PCI: dwc: all: Rename cfg_read/cfg_write to read/write PCI: dwc: all: Use platform_set_drvdata() to save private data PCI: dwc: designware: Move register defines to designware header file PCI: dwc: Use PTR_ERR_OR_ZERO to simplify code PCI: dra7xx: Group PHY API invocations PCI: dra7xx: Enable MSI and legacy interrupts simultaneously PCI: dra7xx: Add support to force RC to work in GEN1 mode PCI: dra7xx: Simplify probe code with devm_gpiod_get_optional() PCI: Move DesignWare IP support to new drivers/pci/dwc/ directory PCI: exynos: Support the PHY generic framework Documentation: binding: Modify the exynos5440 PCIe binding phy: phy-exynos-pcie: Add support for Exynos PCIe PHY Documentation: samsung-phy: Add exynos-pcie-phy binding ... commit 190c3ee06a0f0660839785b7ad8a830e832d9481 Merge: af17fe7 9c47137 Author: Linus Torvalds Date: Thu Feb 23 11:36:06 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Some 'const'ing in qlogic networking drivers, from Bhumika Goyal. 2) Fix scheduling while atomic in l2tp network namespace exit by deferring the work to the workqueue. From Ridge Kennedy. 3) Fix use after free in dccp timewait handling, from Andrey Ryabinin. 4) mlx5e CQE compression engine not initialized properly, from Tariq Toukan. 5) Some UAPI header fixes from Dmitry V. Levin. 6) Don't overwrite module parameter value in mlx4 driver, from Majd Dibbiny. 7) Fix divide by zero in xt_hashlimit netfilter module, from Alban Browaeys. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (35 commits) bpf: Fix bpf_xdp_event_output net/mlx4_en: Use __skb_fill_page_desc() net/mlx4_core: Use cq quota in SRIOV when creating completion EQs net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs net/mlx4: Spoofcheck and zero MAC can't coexist net/mlx4: Change ENOTSUPP to EOPNOTSUPP uapi: fix linux/rds.h userspace compilation errors uapi: fix linux/seg6.h and linux/seg6_iptunnel.h userspace compilation errors lib: Remove string from parman config selection forcedeth: Remove return from a void function bpf: fix spelling mistake: "proccessed" -> "processed" uapi: fix linux/llc.h userspace compilation error uapi: fix linux/ip6_tunnel.h userspace compilation errors net/mlx5e: Fix wrong CQE decompression net/mlx5e: Update MPWQE stride size when modifying CQE compress state net/mlx5e: Fix broken CQE compression initialization net/mlx5e: Do not reduce LRO WQE size when not using build_skb net/mlx5e: Register/unregister vport representors on interface attach/detach net/mlx5e: s390 system compilation fix tcp: account for ts offset only if tsecr not zero ... commit e93b9865251a0503d83fd570e7d5a7c8bc351715 Author: Hou Pengyang Date: Thu Feb 16 12:34:31 2017 +0000 f2fs: add ovp valid_blocks check for bg gc victim to fg_gc For foreground gc, greedy algorithm should be adapted, which makes this formula work well: (2 * (100 / config.overprovision + 1) + 6) But currently, we fg_gc have a prior to select bg_gc victim segments to gc first, these victims are selected by cost-benefit algorithm, we can't guarantee such segments have the small valid blocks, which may destroy the f2fs rule, on the worstest case, would consume all the free segments. This patch fix this by add a filter in check_bg_victims, if segment's has # of valid blocks over overprovision ratio, skip such segments. Cc: Signed-off-by: Hou Pengyang Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 3 +++ fs/f2fs/gc.c | 22 ++++++++++++++++++++-- fs/f2fs/segment.h | 9 +++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) commit af17fe7a63db7e11d65f1296f0cbf156a89a2735 Merge: f14cc3b cdbe33d Author: Linus Torvalds Date: Thu Feb 23 11:27:49 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull Mellanox rdma updates from Doug Ledford: "Mellanox specific updates for 4.11 merge window Because the Mellanox code required being based on a net-next tree, I keept it separate from the remainder of the RDMA stack submission that is based on 4.10-rc3. This branch contains: - Various mlx4 and mlx5 fixes and minor changes - Support for adding a tag match rule to flow specs - Support for cvlan offload operation for raw ethernet QPs - A change to the core IB code to recognize raw eth capabilities and enumerate them (touches non-Mellanox code) - Implicit On-Demand Paging memory registration support" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (40 commits) IB/mlx5: Fix configuration of port capabilities IB/mlx4: Take source GID by index from HW GID table IB/mlx5: Fix blue flame buffer size calculation IB/mlx4: Remove unused variable from function declaration IB: Query ports via the core instead of direct into the driver IB: Add protocol for USNIC IB/mlx4: Support raw packet protocol IB/mlx5: Support raw packet protocol IB/core: Add raw packet protocol IB/mlx5: Add implicit MR support IB/mlx5: Expose MR cache for mlx5_ib IB/mlx5: Add null_mkey access IB/umem: Indicate that process is being terminated IB/umem: Update on demand page (ODP) support IB/core: Add implicit MR flag IB/mlx5: Support creation of a WQ with scatter FCS offload IB/mlx5: Enable QP creation with cvlan offload IB/mlx5: Enable WQ creation and modification with cvlan offload IB/mlx5: Expose vlan offloads capabilities IB/uverbs: Enable QP creation with cvlan offload ... commit f14cc3b13d8f3ceee862f8365d37ba214630126a Merge: 5bcbe22 d9d8478 Author: Linus Torvalds Date: Thu Feb 23 11:26:09 2017 -0800 Merge tag 'vfio-v4.11-rc1' of git://github.com/awilliam/linux-vfio Pull VFIO updates from Alex Williamson: - Kconfig fixes for SPAPR_TCE_IOMMU=n (Michael Ellerman) - Module softdep rather than request_module to simplify usage from initrd (Alex Williamson) - Comment typo fix (Changbin Du) * tag 'vfio-v4.11-rc1' of git://github.com/awilliam/linux-vfio: vfio: fix a typo in comment of function vfio_pin_pages vfio: Replace module request with softdep vfio/mdev: Use a module softdep for vfio_mdev vfio: Fix build break when SPAPR_TCE_IOMMU=n commit 86d54795c94532075d862aa0a79f0c981dab4bdd Author: Jaegeuk Kim Date: Fri Feb 17 09:55:55 2017 -0800 f2fs: do not wait for writeback in write_begin Otherwise we can get livelock like below. [79880.428136] dbench D 0 18405 18404 0x00000000 [79880.428139] Call Trace: [79880.428142] __schedule+0x219/0x6b0 [79880.428144] schedule+0x36/0x80 [79880.428147] schedule_timeout+0x243/0x2e0 [79880.428152] ? update_sd_lb_stats+0x16b/0x5f0 [79880.428155] ? ktime_get+0x3c/0xb0 [79880.428157] io_schedule_timeout+0xa6/0x110 [79880.428161] __lock_page+0xf7/0x130 [79880.428164] ? unlock_page+0x30/0x30 [79880.428167] pagecache_get_page+0x16b/0x250 [79880.428171] grab_cache_page_write_begin+0x20/0x40 [79880.428182] f2fs_write_begin+0xa2/0xdb0 [f2fs] [79880.428192] ? f2fs_mark_inode_dirty_sync+0x16/0x30 [f2fs] [79880.428197] ? kmem_cache_free+0x79/0x200 [79880.428203] ? __mark_inode_dirty+0x17f/0x360 [79880.428206] generic_perform_write+0xbb/0x190 [79880.428213] ? file_update_time+0xa4/0xf0 [79880.428217] __generic_file_write_iter+0x19b/0x1e0 [79880.428226] f2fs_file_write_iter+0x9c/0x180 [f2fs] [79880.428231] __vfs_write+0xc5/0x140 [79880.428235] vfs_write+0xb2/0x1b0 [79880.428238] SyS_write+0x46/0xa0 [79880.428242] entry_SYSCALL_64_fastpath+0x1e/0xad Fixes: cae96a5c8ab6 ("f2fs: check io submission more precisely") Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 05eeb118a0e9fdc675a1f9db05039693da3ea25e Author: Yunlei He Date: Fri Feb 17 17:16:38 2017 +0800 f2fs: replace __get_victim by dirty_segments in FG_GC In FG_GC process, it will search victim section twice. This will cause some dirty section with less valid blocks skip garbage collection. section # 26425 : valid blocks # 3 142.037567: get_victim_by_default: victim 26425 : valid blocks # 3 142.037585: f2fs_get_victim: dev = (259,30), type = No TYPE, policy = (Foreground GC, LFS-mode, Greedy), victim = 26425 ofs_unit = 1, pre_victim_secno = 26425, prefree = 0, free = 244 142.039494: f2fs_get_victim: dev = (259,30), type = Hot DATA, policy = (Background GC, SSR-mode, Greedy), victim = 19022 ofs_unit = 1, pre_victim_secno = 26425, prefree = 0, free = 24 142.070247: new_curseg: Debug: alloc new segment 26746 142.244341: f2fs_get_victim: dev = (259,30), type = No TYPE, policy = (Foreground GC, LFS-mode, Greedy), victim = 26054 ofs_unit = 1, pre_victim_secno = 26054, prefree = 0, free = 243 142.254475: do_garbage_collect: Debug: FG_GC, seg_freed = 1 142.293131: f2fs_get_victim: dev = (259,30), type = Warm DATA, policy = (Background GC, SSR-mode, Greedy), victim = 23466 ofs_unit = 1, pre_victim_secno = -1, prefree = 0, free = 244 142.319001: f2fs_get_victim: dev = (259,30), type = Warm DATA, policy = (Background GC, SSR-mode, Greedy), victim = 23467 ofs_unit = 1, pre_victim_secno = -1, prefree = 0, free = 244 142.368879: get_victim_by_default: victim 26425 : valid blocks # 3 142.368894: f2fs_get_victim: dev = (259,30), type = No TYPE, policy = (Foreground GC, LFS-mode, Greedy), victim = 26425 ofs_unit = 1, pre_victim_secno = 26425, prefree = 0, free = 244 142.378127: f2fs_get_victim: dev = (259,30), type = Hot DATA, policy = (Background GC, SSR-mode, Greedy), victim = 19612 ofs_unit = 1, pre_victim_secno = 26425, prefree = 0, free = 24 142.416917: new_curseg: Debug: alloc new segment 26054 142.656794: f2fs_get_victim: dev = (259,30), type = No TYPE, policy = (Foreground GC, LFS-mode, Greedy), victim = 25404 ofs_unit = 1, pre_victim_secno = 25404, prefree = 0, free = 243 142.662139: do_garbage_collect: Debug: FG_GC, seg_freed = 1 142.684159: new_curseg: Debug: alloc new segment 25197 142.685059: get_victim_by_default: victim 26425 : valid blocks # 3 142.685079: f2fs_get_victim: dev = (259,30), type = No TYPE, policy = (Foreground GC, LFS-mode, Greedy), victim = 26425 ofs_unit = 1, pre_victim_secno = 26425, prefree = 0, free = 243 142.701427: f2fs_get_victim: dev = (259,30), type = No TYPE, policy = (Foreground GC, LFS-mode, Greedy), victim = 26238 ofs_unit = 1, pre_victim_secno = 26238, prefree = 0, free = 243 142.707105: do_garbage_collect: Debug: FG_GC, seg_freed = 1 142.802444: f2fs_get_victim: dev = (259,30), type = Warm DATA, policy = (Background GC, SSR-mode, Greedy), victim = 23473 ofs_unit = 1, pre_victim_secno = -1, prefree = 0, free = 244 142.804422: get_victim_by_default: victim 26425 : valid blocks # 3 142.804443: f2fs_get_victim: dev = (259,30), type = No TYPE, policy = (Foreground GC, LFS-mode, Greedy), victim = 26425 ofs_unit = 1, pre_victim_secno = 26425, prefree = 0, free = 244 142.851567: f2fs_get_victim: dev = (259,30), type = Hot DATA, policy = (Background GC, SSR-mode, Greedy), victim = 19092 ofs_unit = 1, pre_victim_secno = 26425, prefree = 0, free = 24 142.865014: new_curseg: Debug: alloc new segment 26238 143.082245: f2fs_get_victim: dev = (259,30), type = No TYPE, policy = (Foreground GC, LFS-mode, Greedy), victim = 26307 ofs_unit = 1, pre_victim_secno = 26307, prefree = 0, free = 244 143.088252: do_garbage_collect: Debug: FG_GC, seg_freed = 1 143.128307: new_curseg: Debug: alloc new segment 25404 143.181846: get_victim_by_default: victim 26425 : valid blocks # 3 143.181872: f2fs_get_victim: dev = (259,30), type = No TYPE, policy = (Foreground GC, LFS-mode, Greedy), victim = 26425 ofs_unit = 1, pre_victim_secno = 26425, prefree = 0, free = 244 Signed-off-by: Yunlei He Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/gc.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit 5012de209b704ab460ddc5787a5f010cbd4af954 Author: Jaegeuk Kim Date: Thu Feb 16 10:35:41 2017 -0800 f2fs: trace victim's cost selectecd by f2fs_gc This patch adds min_cost of each victims. Signed-off-by: Jaegeuk Kim include/trace/events/f2fs.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 88c5c13a5027b36d914536fdba23f069d7067204 Author: Jaegeuk Kim Date: Tue Feb 14 09:54:37 2017 -0800 f2fs: fix multiple f2fs_add_link() calls having same name It turns out a stakable filesystem like sdcardfs in AOSP can trigger multiple vfs_create() to lower filesystem. In that case, f2fs will add multiple dentries having same name which breaks filesystem consistency. Until upper layer fixes, let's work around by f2fs, which shows actually not much performance regression. Cc: Signed-off-by: Jaegeuk Kim fs/f2fs/dir.c | 34 +++++++++++++++++++++++++++++----- fs/f2fs/f2fs.h | 1 + 2 files changed, 30 insertions(+), 5 deletions(-) commit d50aaeec905baebcef0c401768b987ed18458015 Author: Jaegeuk Kim Date: Wed Feb 15 11:14:06 2017 -0800 f2fs: show actual device info in tracepoints This patch shows actual device information in the tracepoints. Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 10 ++++----- include/trace/events/f2fs.h | 49 ++++++++++++++++++++++++--------------------- 2 files changed, 31 insertions(+), 28 deletions(-) commit 5b6c6be2d878bd7ec4dc2cb4e2a2da2779fe52ab Author: Jaegeuk Kim Date: Tue Feb 14 19:32:51 2017 -0800 f2fs: use SSR for warm node as well We have had node chains, but haven't used it so far due to stale node blocks. Now, we have crc|cp_ver in node footer and give random cp_ver at format time, we can start to use it again. Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d38d35155514ceef5efb79f6d5b4f0f1638da5b4 Author: Omar Sandoval Date: Wed Feb 22 10:58:30 2017 -0800 blk-mq-sched: separate mark hctx and queue restart operations In blk_mq_sched_dispatch_requests(), we call blk_mq_sched_mark_restart() after we dispatch requests left over on our hardware queue dispatch list. This is so we'll go back and dispatch requests from the scheduler. In this case, it's only necessary to restart the hardware queue that we are running; there's no reason to run other hardware queues just because we are using shared tags. So, split out blk_mq_sched_mark_restart() into two operations, one for just the hardware queue and one for the whole request queue. The core code only needs the hctx variant, but I/O schedulers will want to use both. This also requires adjusting blk_mq_sched_restart_queues() to always check the queue restart flag, not just when using shared tags. Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq-sched.c | 20 ++++++++------------ block/blk-mq-sched.h | 26 ++++++++++++++++++-------- 2 files changed, 26 insertions(+), 20 deletions(-) commit da55f2cc78418dee88400aafbbaed19d7ac8188e Author: Omar Sandoval Date: Wed Feb 22 10:58:29 2017 -0800 blk-mq: use sbq wait queues instead of restart for driver tags Commit 50e1dab86aa2 ("blk-mq-sched: fix starvation for multiple hardware queues and shared tags") fixed one starvation issue for shared tags. However, we can still get into a situation where we fail to allocate a tag because all tags are allocated but we don't have any pending requests on any hardware queue. One solution for this would be to restart all queues that share a tag map, but that really sucks. Ideally, we could just block and wait for a tag, but that isn't always possible from blk_mq_dispatch_rq_list(). However, we can still use the struct sbitmap_queue wait queues with a custom callback instead of blocking. This has a few benefits: 1. It avoids iterating over all hardware queues when completing an I/O, which the current restart code has to do. 2. It benefits from the existing rolling wakeup code. 3. It avoids punting to another thread just to have it block. Signed-off-by: Omar Sandoval Signed-off-by: Jens Axboe block/blk-mq.c | 64 +++++++++++++++++++++++++++++++++++++++++++------- include/linux/blk-mq.h | 2 ++ 2 files changed, 57 insertions(+), 9 deletions(-) commit 2d19020b085eaf61d24377db27e8630cd9cff7ce Author: Scott Bauer Date: Wed Feb 22 10:15:08 2017 -0700 block/sed-opal: Propagate original error message to userland. During an error on a comannd, ex: user provides wrong pw to unlock range, we will gracefully terminate the opal session. We want to propagate the original error to userland instead of the result of the session termination, which is almost always a success. Signed-off-by: Scott Bauer Signed-off-by: Jens Axboe block/sed-opal.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit e286bcfc59e01c2c57f2d79a46063c0bddb7a0d1 Author: Scott Bauer Date: Wed Feb 22 10:15:07 2017 -0700 nvme/pci: re-check security protocol support after reset A device may change capabilities after each reset, e.g. due to a firmware upgrade. We should thus check for Security Send/Receive and OPAL support after each reset. Based on patches from Christoph and Keith. Signed-off-by: Scott Bauer Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 7d6d15789d69856f1c5405e106a773c87277eb8c Author: Scott Bauer Date: Wed Feb 22 10:15:06 2017 -0700 block/sed-opal: Introduce free_opal_dev to free the structure and clean up state Before we free the opal structure we need to clean up any saved locking ranges that the user had told us to unlock from a suspend. Signed-off-by: Scott Bauer Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe block/sed-opal.c | 30 ++++++++++++++++++++++++++++++ include/linux/sed-opal.h | 5 +++++ 2 files changed, 35 insertions(+) commit 9c4713701c01e4cef6e2315c2818abc919ffb0de Author: Martin KaFai Lau Date: Thu Feb 23 10:40:34 2017 -0800 bpf: Fix bpf_xdp_event_output Fix a typo. xdp->data instead of xdp should be copied to the perf-event's dst_buff. Fixes: 4de16969523c ("bpf: enable event output helper also for xdp types") Reported-by: Huapeng Zhou Tested-by: Feixiong Zhang Acked-by: Alexei Starovoitov Cc: Daniel Borkmann Signed-off-by: Martin KaFai Lau Acked-by: Daniel Borkmann Signed-off-by: David S. Miller net/core/filter.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 39133a5015e2fa405a0387053d65580988a6a1bc Author: Chao Yu Date: Wed Feb 8 17:39:44 2017 +0800 f2fs: enable inline_xattr by default In android, since SElinux is enable, security policy will be appliedd for each file, it stores in inode as an xattr entry, so it will take one 4k size node block additionally for each file. Let's enable inline_xattr by default in order to save storage space. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 1 + 1 file changed, 1 insertion(+) commit 23cf7212a1cae2158dcf5f41d9733d59e320f8f6 Author: Chao Yu Date: Wed Feb 15 10:34:45 2017 +0800 f2fs: introduce noinline_xattr mount option This patch introduces new mount option 'noinline_xattr', so we can disable inline xattr functionality which is already set as a default mount option. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim Documentation/filesystems/f2fs.txt | 1 + fs/f2fs/super.c | 11 +++++++++++ 2 files changed, 12 insertions(+) commit 25cc5d3b9dde074bfa06024fd6486020963807da Author: Jaegeuk Kim Date: Mon Feb 13 17:02:44 2017 -0800 f2fs: avoid reading NAT page by get_node_info We've not seen this buggy case for a long time, so it's time to avoid this unnecessary get_node_info() call which reading NAT page to cache nat entry. Signed-off-by: Jaegeuk Kim fs/f2fs/node.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit 9b064f7d0c9ab179b9cb18e144ab65d7ea953443 Author: Jaegeuk Kim Date: Sat Feb 11 10:46:44 2017 -0800 f2fs: remove build_free_nids() during checkpoint Let's avoid build_free_nids() in checkpoint path. Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 2 -- 1 file changed, 2 deletions(-) commit d260081ccf37f57b74396ec48f415f27d1b01b13 Author: Chao Yu Date: Wed Feb 8 17:39:45 2017 +0800 f2fs: change recovery policy of xattr node block Currently, if we call fsync after updating the xattr date belongs to the file, f2fs needs to trigger checkpoint to keep xattr data consistent. But, this policy cause low performance as checkpoint will block most foreground operations and cause unneeded and unrelated IOs around checkpoint. This patch will reuse regular file recovery policy for xattr node block, so, we change to write xattr node block tagged with fsync flag to warm area instead of cold area, and during recovery, we search warm node chain for fsynced xattr block, and do the recovery. So, for below application IO pattern, performance can be improved obviously: - touch file - create/update/delete xattr entry in file - fsync file Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 3 +-- fs/f2fs/file.c | 3 --- fs/f2fs/node.c | 29 +++++++++++++++++------------ fs/f2fs/node.h | 2 +- fs/f2fs/recovery.c | 8 +++----- fs/f2fs/xattr.c | 2 -- 6 files changed, 22 insertions(+), 25 deletions(-) commit 2ad0ef846b38288103d8373d1196c465df2c4d7d Author: Bhumika Goyal Date: Sat Feb 11 15:50:46 2017 +0530 f2fs: super: constify fscrypt_operations structure Declare fscrypt_operations structure as const as it is only stored in the s_cop field of a super_block structure. This field is of type const, so fscrypt_operations structure having this property can be made const too. File size before: fs/f2fs/super.o text data bss dec hex filename 54131 31355 184 85670 14ea6 fs/f2fs/super.o File size after: fs/f2fs/super.o text data bss dec hex filename 54227 31259 184 85670 14ea6 fs/f2fs/super.o Signed-off-by: Bhumika Goyal Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1200abb26f8287e723e79e134b66d0041c095b73 Author: Jaegeuk Kim Date: Thu Feb 9 13:25:35 2017 -0800 f2fs: show checkpoint version at mount time If we mounted f2fs successfully, let's show current checkpoint version. Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 2 ++ 1 file changed, 2 insertions(+) commit 6de3f12eb737dae30628296d75c67664e8b1506e Author: Tiezhu Yang Date: Wed Feb 8 05:08:01 2017 +0800 f2fs: fix a typo in f2fs.txt There is a typo "f2f2" in f2fs.txt, this patch fixes it. Signed-off-by: Tiezhu Yang Signed-off-by: Jaegeuk Kim Documentation/filesystems/f2fs.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7f54f51f46f69f3ccde2b65e682a51b0aa6199c3 Author: Jaegeuk Kim Date: Mon Feb 6 13:57:58 2017 -0800 f2fs: remove preflush for nobarrier case This patch removes REQ_PREFLUSH in the nobarrier case. Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 942fd3192f83cef54bc0d485937fd5382ac5acd0 Author: Jaegeuk Kim Date: Wed Feb 1 16:51:22 2017 -0800 f2fs: check last page index in cached bio to decide submission If the cached bio has the last page's index, then we need to submit it. Otherwise, we don't need to submit it and can wait for further IO merges. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 3 ++- fs/f2fs/data.c | 43 ++++++++++++++++++++++--------------------- fs/f2fs/f2fs.h | 4 ++-- fs/f2fs/node.c | 12 +++++++----- fs/f2fs/segment.c | 13 +++++++------ 5 files changed, 40 insertions(+), 35 deletions(-) commit d68f735b3bc934a7523a047aa952a577cf6ca171 Author: Jaegeuk Kim Date: Fri Feb 3 17:44:04 2017 -0800 f2fs: check io submission more precisely This patch check IO submission more precisely than previous rough check. Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 23 +++++++++++++++++------ fs/f2fs/f2fs.h | 1 + fs/f2fs/node.c | 27 +++++++++++++++++++-------- 3 files changed, 37 insertions(+), 14 deletions(-) commit f566bae8462c4a48b55bbf4e58d5b1e0a8563819 Author: Jaegeuk Kim Date: Fri Feb 3 17:18:00 2017 -0800 f2fs: call internal __write_data_page directly This patch introduces __write_data_page to call it by f2fs_write_cache_pages directly.. Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit e7c75ab099c8c8d4616c2ac10517e86a88b368d1 Author: Jaegeuk Kim Date: Thu Feb 2 18:18:06 2017 -0800 f2fs: avoid out-of-order execution of atomic writes We need to flush data writes before flushing last node block writes by using FUA with PREFLUSH. We don't need to guarantee precedent node writes since if those are not written, we can't reach to the last node block when scanning node block chain during roll-forward recovery. Afterwards f2fs_wait_on_page_writeback guarantees all the IO submission to disk, which builds a valid node block chain. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/file.c | 3 ++- fs/f2fs/node.c | 10 +++++++--- include/trace/events/f2fs.h | 1 + 3 files changed, 10 insertions(+), 4 deletions(-) commit faa24895acfd49cb61055b762e39ee6a5452a389 Author: Jaegeuk Kim Date: Thu Feb 2 18:27:17 2017 -0800 f2fs: move write_node_page above fsync_node_pages This patch just moves write_node_page and introduces an inner function. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/node.c | 140 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 73 insertions(+), 67 deletions(-) commit c1b221078baf3d3275dc4309a716f6115696e2eb Author: Jaegeuk Kim Date: Thu Feb 2 16:40:55 2017 -0800 f2fs: move flush tracepoint This patch moves the tracepoint location for flush command. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 5bcbe22ca47da04cda3a858cef67f55b550c1d13 Merge: 1db934a 12cb3a1 Author: Linus Torvalds Date: Thu Feb 23 09:54:19 2017 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto update from Herbert Xu: "API: - Try to catch hash output overrun in testmgr - Introduce walksize attribute for batched walking - Make crypto_xor() and crypto_inc() alignment agnostic Algorithms: - Add time-invariant AES algorithm - Add standalone CBCMAC algorithm Drivers: - Add NEON acclerated chacha20 on ARM/ARM64 - Expose AES-CTR as synchronous skcipher on ARM64 - Add scalar AES implementation on ARM64 - Improve scalar AES implementation on ARM - Improve NEON AES implementation on ARM/ARM64 - Merge CRC32 and PMULL instruction based drivers on ARM64 - Add NEON acclerated CBCMAC/CMAC/XCBC AES on ARM64 - Add IPsec AUTHENC implementation in atmel - Add Support for Octeon-tx CPT Engine - Add Broadcom SPU driver - Add MediaTek driver" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (142 commits) crypto: xts - Add ECB dependency crypto: cavium - switch to pci_alloc_irq_vectors crypto: cavium - switch to pci_alloc_irq_vectors crypto: cavium - remove dead MSI-X related define crypto: brcm - Avoid double free in ahash_finup() crypto: cavium - fix Kconfig dependencies crypto: cavium - cpt_bind_vq_to_grp could return an error code crypto: doc - fix typo hwrng: omap - update Kconfig help description crypto: ccm - drop unnecessary minimum 32-bit alignment crypto: ccm - honour alignmask of subordinate MAC cipher crypto: caam - fix state buffer DMA (un)mapping crypto: caam - abstract ahash request double buffering crypto: caam - fix error path for ctx_dma mapping failure crypto: caam - fix DMA API leaks for multiple setkey() calls crypto: caam - don't dma_map key for hash algorithms crypto: caam - use dma_map_sg() return code crypto: caam - replace sg_count() with sg_nents_for_len() crypto: caam - check sg_count() return value crypto: caam - fix HW S/G in ablkcipher_giv_edesc_alloc() .. commit 1db934a5b77a9e37c4742c704fde6af233187a98 Merge: a3919ca fa04b76 Author: Linus Torvalds Date: Thu Feb 23 09:41:03 2017 -0800 Merge tag 'rpmsg-v4.11' of git://github.com/andersson/remoteproc Pull rpmsg updates from Bjorn Andersson: "This introduces an interface for user space to directly communicate on rpmsg endpoints without the implementation of specific kernel drivers, which is useful for e.g. debug channels: * tag 'rpmsg-v4.11' of git://github.com/andersson/remoteproc: rpmsg: rpmsg_create_ept() returns NULL on error rpmsg: qcom: smd: Return positively when not enabled rpmsg: unlock on error in rpmsg_eptdev_read() rpmsg: char: add CONFIG_NET dependency rpmsg: smd: Register rpmsg user space interface for edges rpmsg: Driver for user space endpoint interface rpmsg: qcom_smd: Implement endpoint "poll" rpmsg: Introduce "poll" to endpoint ops rpmsg: qcom_smd: Add support for "label" property commit 3769a375ab8380ebecc78d0a3fe6e9079f9d6988 Author: Sean Nyekjaer Date: Thu Feb 23 15:01:24 2017 +0100 rtc: pcf2127: bulk read only date and time registers. Read control registers one by one and bulk read time registers. This fixes when the clock is read, the watchdog counter register is zeroed. Signed-off-by: Sean Nyekjaer Signed-off-by: Alexandre Belloni drivers/rtc/rtc-pcf2127.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) commit a3919caaa27a5fde1cbda46e394bb17953e104a1 Merge: 15192b0 01625cc5 Author: Linus Torvalds Date: Thu Feb 23 09:38:10 2017 -0800 Merge tag 'rproc-v4.11' of git://github.com/andersson/remoteproc Pull remoteproc updates from Bjorn Andersson: "This introduces support for booting the dedicated sensor core in the Qualcomm MSM8996, updates the Qualcomm ADSP and Hexagon drivers to utilize SMD subdevice helpers for properly handle shutdowns and restarts of the remoteproc, add virtio support to the ST remoteproc and refactor the Qualcomm Hexagon driver to handle variations between platforms. The support code for parsing, loading and authenticating Qualcomm firmware files (MDT) is refactored and move to drivers/soc/qcom, to allow for non-remoteproc drivers to utilize this. Finally it brings some cleanups to the remoteproc core" * tag 'rproc-v4.11' of git://github.com/andersson/remoteproc: (27 commits) remoteproc: qcom: mdt_loader: Use signed type for offset remoteproc: st: add virtio communication support remoteproc: st: correct probe error management remoteproc: Modify the function names remoteproc: Reduce asynchronous request_firmware to auto-boot only remoteproc: Drop qcom_scm_pas_supported() from adsp_probe() MAINTAINERS: Add missing rpmsg include path remoteproc: qcom: Use common SMD edge handler remoteproc: qcom: wcnss: Make SMD handling common remoteproc: Move qcom_mdt_loader into drivers/soc/qcom remoteproc: qcom: mdt_loader: Refactor MDT loader remoteproc: qcom: mdt_loader: Don't overwrite firmware object remoteproc: qcom: Extract non-mdt related helper remoteproc: qcom: q6v5: Decouple driver from MDT loader remoteproc: qcom: q6v5: Remove mss supply from 8916 remoteproc: qcom: fix initializers for qcom_mss_reg_res array remoteproc: Drop firmware_loading_complete remoteproc: Add RPROC_DELETED state remoteproc: Move rproc_delete_debug_dir() to rproc_del() remoteproc: qcom: Add SLPI rproc support to load and boot slpi proc. ... commit 15192b029509316af4977d2cd389c1eb11183d13 Merge: 28cbc33 f38e5fb Author: Linus Torvalds Date: Thu Feb 23 09:36:04 2017 -0800 Merge tag 'gfs2-4.11.addendum' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull GFS2 fix from Bob Peterson: "This is an addendum for the 4.11 merge window. Andy Price wrote this patch to close a nasty race condition that allows access to glocks that are being destroyed. Without this patch, GFS2 is vulnerable to random corruption and kernel panic" * tag 'gfs2-4.11.addendum' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Add missing rcu locking for glock lookup commit 28cbc335d272f293c4368abd4ac2e17e36805b79 Merge: 1ec5c18 7086b7b Author: Linus Torvalds Date: Thu Feb 23 08:50:22 2017 -0800 Merge tag 'sound-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound updates from Takashi Iwai: "Here is the update of sound bits for 4.11: again at this time, no big changes in ALSA and ASoC core but only cosmetic changes like consitifaction. Meanwhile, quite a lot of developments are seen in a few driver side. ALSA Core: - Clean up, consitification of some ops HD-audio: - A slight behavior change of single_cmd option - Quirks for AmigaOne X1000, Samsung Ativ Book 8, Dell AiO, ALC221 HP, and fixes for Lewisburg controller - Realtek ALC299, ALC1220 codecs Others: - USB-audio: Tascam US-16x08 DSP mixer quirk - Intel HDMI LPE audio support for Baytrail / Cherrytrail; this contains some updates in drm/i915 for the new platform binding ASoC: - Lots of updates in Intel drivers, mostly for DisplayPort and HDMI on Skylake and onwards, as well as more Baytrail / Cherrytrail boards support - Channel mapping support for HDMI - Support for AllWinner A31 and A33, Everest Semiconductor ES8328, Nuvoton NAU8540. * tag 'sound-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (323 commits) ALSA: usb-audio: Tidy up mixer_us16x08.c ALSA: usb-audio: Fix memory leak and corruption in mixer_us16x08.c ALSA: usb-audio: purge needless variable length array ALSA: x86: hdmi: select CONFIG_SND_PCM ALSA: x86: Don't enable runtime PM as default ALSA: x86: Use runtime PM autosuspend ALSA: usb-audio: localize function without external linkage ALSA: usb-audio: localize one-referrer variable ALSA: usb-audio: Tascam US-16x08 DSP mixer quirk ALSA: emu10k1: constify snd_emux_operators structure ASoC: sun4i-spdif: drop unnessary snd_soc_unregister_component() ASoC: Intel: bxt: Add jack port initialize in bxt_rt298 machine ASoC: nau8825: automatic BCLK and LRC divde in master mode ASoC: hdac_hdmi: Add device id for Geminilake ASoC: Intel: Skylake: Add Geminlake IDs ASoC: rt298: Add DMI match for Geminilake reference platform ASoC: Intel: Skylake: Check device type to get endpoint configuration ASoC: Intel: bxt: Add jack port initialize in da7219_max98357a machine ASoC: Intel: Skylake: Add jack port initialize in nau88l25_ssm4567 machine ASoC: Intel: Skylake: Add jack port initialize in nau88l25_max98357a machine ... commit 1ec5c1867af085897bb9e0f67bef3713334dbe7f Merge: d5dee39 3498d86 Author: Linus Torvalds Date: Thu Feb 23 08:46:04 2017 -0800 Merge tag 'gpio-v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO updates from Linus Walleij: "This is the bulk of GPIO changes for the v4.11 cycle Core changes: - Augment fwnode_get_named_gpiod() to configure the GPIO pin immediately after requesting it like all other APIs do. This is a treewide change also updating all users. - Pass a GPIO label down to gpiod_request() from fwnode_get_named_gpiod(). This makes debugfs and the userspace ABI correctly reflect the current in-kernel consumer of a pin taken using this abstraction. This is a treewide change also updating all users. - Rename devm_get_gpiod_from_child() to devm_fwnode_get_gpiod_from_child() to reflect the fact that this function is operating on a fwnode object. This is a treewide change also updating all users. - Make it possible to take multiple GPIOs in a single hog of device tree hogs. - The refactorings switching GPIO chips to use the .set_config() callback using standard pin control properties and providing a backend into the pin control subsystem that were also merged into the pin control tree naturally appear here too. Testing instrumentation: - A whole slew of cleanups and improvements to the mockup GPIO driver. We now have an extended userspace test exercising the subsystem, and we can inject interrupts etc from userspace to fully test the core GPIO functionality. New drivers: - New driver for the Cortina Systems Gemini GPIO controller. - New driver for the Exar XR17V352/354/358 chips. - New driver for the ACCES PCI-IDIO-16 PCI GPIO card. Driver changes: - RCAR: set the irqchip parent device, add fine-grained runtime PM support. - pca953x: support optional RESET control line on the chip. - DaVinci: cleanups and simplifications. Add support for multiple instances. - .set_multiple() and naming of lines on more or less all of the ISA/PCI GPIO controllers. - mcp23s08: refactored to use regmap as a first step to further rewrites and modernizations" * tag 'gpio-v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (61 commits) gpio: reintroduce devm_get_gpiod_from_child() gpio: pci-idio-16: Fix PCI BAR index gpio: pci-idio-16: Fix PCI device ID code gpio: mockup: implement event injecting over debugfs gpio: mockup: add a dummy irqchip gpio: mockup: implement naming the lines gpio: mockup: code shrink gpio: mockup: readability tweaks gpio: Add GPIO support for the ACCES PCI-IDIO-16 gpio: Add the devm_fwnode_get_index_gpiod_from_child() helper gpio: Rename devm_get_gpiod_from_child() gpio: mcp23s08: Select REGMAP/REGMAP_I2C to fix build error gpio: ws16c48: Add support for GPIO names gpio: gpio-mm: Add support for GPIO names gpio: 104-idio-16: Add support for GPIO names gpio: 104-idi-48: Add support for GPIO names gpio: 104-dio-48e: Add support for GPIO names gpio: ws16c48: Remove unnecessary driver_data set gpio: gpio-mm: Remove unnecessary driver_data set gpio: 104-idio-16: Remove unnecessary driver_data set ... commit d5dee39b27201f9f5460eca55efcc91a663b738c Merge: 4cc4b93 6e11617 Author: Linus Torvalds Date: Thu Feb 23 08:39:40 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input updates from Dmitry: - a new driver for Zeitech touchscreen controller - a new driver for Samsung "touchkeys" - touchscreen driver for Moorestown platform has been removed because platform support is gone - MPU3050 accelerometer driver was removed in favor of IIO driver - miscellaneous driver cleanup and fixes * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (88 commits) Input: zet6223 - export OF device ID as module aliases Input: tsc2004/5 - switch to using generic device properties Input: tsc2004/5 - fix regulator handling Input: tsc2005 - add OF device table Input: add driver for Zeitec ZET6223 Input: joydev - do not report stale values on first open Input: synaptics-rmi4 - forward upper mechanical buttons to PS/2 guest Input: synaptics-rmi4 - clean up F30 implementation Input: synaptics - use SERIO_OOB_DATA to handle trackstick buttons Input: psmouse - add a custom serio protocol to send extra information Input: synaptics-rmi4 - fix error return code in rmi_probe_interrupts() Input: xpad - restore LED state after device resume Input: synaptics-rmi4 - add rmi_find_function() Input: xpad - fix stuck mode button on Xbox One S pad Input: joydev - use clamp() macro Input: refuse to register absolute devices without absinfo Input: synaptics-rmi4 - add sysfs interfaces for hardware IDs Input: synaptics-rmi4 - add sysfs attribute update_fw_status Input: mousedev - stop offering PS/2 to userspace by default Input: tca8418 - switch to using generic device properties ... commit cd429ce2d095041d249ec85feaed608bbf72154f Author: Pavel Tatashin Date: Thu Feb 16 15:13:54 2017 -0500 sparc64: memblock resizes are not handled properly In add_node_ranges() when memblock resize happens, the iterator keeps using the previous freed array. This bug cause hangs on machine where there are over 128 memory blocks during boot. For example, on machines where memory interleaving is small. The problem is seen on T4-4 because it cant have 2T of memory, and memory is interleaved at 8G. So we have 2T/8G = 256 regions to set node IDs. The starting size of regions array is 128. Thus, we have to double at least one time (actually we have to double twice because some memory is already reserved and thus we need more than 256 regions). We start using an incorrect pointer to the array after the first doubling. Signed-off-by: Pavel Tatashin Signed-off-by: Babu Moger Reviewed-by: Babu Moger Signed-off-by: David S. Miller arch/sparc/mm/init_64.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 1537b26dab1c1dfd92a116a933143f52b1112a22 Author: Pavel Tatashin Date: Thu Feb 16 15:05:58 2017 -0500 sparc64: use latency groups to improve add_node_ranges speed add_node_ranges() takes 2.6s - 3.6s per 1T of boot time. On machine with 6T memory it takes 15.4s, on 32T it would take 82s-115s of boot time. This function sets NUMA ids for memory blocks, and scans the whole memory a page at a time to do so. But, we could use values in latency groups mask and match to determine the boundaries without checking every single page. With the fix the add_node_ranges() time is reduced from 15.4s down to 0.2s on machine with 6T memory. Signed-off-by: Pavel Tatashin Reviewed-by: Babu Moger Reviewed-by: Bob Picco Signed-off-by: David S. Miller arch/sparc/mm/init_64.c | 208 ++++++++++++++++++++++++++---------------------- 1 file changed, 113 insertions(+), 95 deletions(-) commit dcd1912d21a02534d1f0a9005d5ba3283f164780 Author: Nitin Gupta Date: Mon Feb 6 12:33:26 2017 -0800 sparc64: Add 64K page size support This patch depends on: [v6] sparc64: Multi-page size support - Testing Tested on Sonoma by running stream benchmark instance which allocated 48G worth of 64K pages. boot params: default_hugepagesz=64K hugepagesz=64K hugepages=1310720 Signed-off-by: Nitin Gupta Signed-off-by: David S. Miller arch/sparc/include/asm/page_64.h | 3 ++- arch/sparc/mm/hugetlbpage.c | 54 ++++++++++++++++++++++++++++++++-------- arch/sparc/mm/init_64.c | 4 +++ arch/sparc/mm/tsb.c | 5 ++-- 4 files changed, 52 insertions(+), 14 deletions(-) commit c7d9f77d33a779ad582d8b2284ba007931ebd894 Author: Nitin Gupta Date: Wed Feb 1 16:16:36 2017 -0800 sparc64: Multi-page size support Add support for using multiple hugepage sizes simultaneously on mainline. Currently, support for 256M has been added which can be used along with 8M pages. Page tables are set like this (e.g. for 256M page): VA + (8M * x) -> PA + (8M * x) (sz bit = 256M) where x in [0, 31] and TSB is set similarly: VA + (4M * x) -> PA + (4M * x) (sz bit = 256M) where x in [0, 63] - Testing Tested on Sonoma (which supports 256M pages) by running stream benchmark instances in parallel: one instance uses 8M pages and another uses 256M pages, consuming 48G each. Boot params used: default_hugepagesz=256M hugepagesz=256M hugepages=300 hugepagesz=8M hugepages=10000 Signed-off-by: Nitin Gupta Signed-off-by: David S. Miller arch/sparc/include/asm/page_64.h | 3 +- arch/sparc/include/asm/pgtable_64.h | 23 +++-- arch/sparc/include/asm/tlbflush_64.h | 5 +- arch/sparc/kernel/tsb.S | 21 +---- arch/sparc/mm/hugetlbpage.c | 160 +++++++++++++++++++++++++++++++---- arch/sparc/mm/init_64.c | 42 ++++++++- arch/sparc/mm/tlb.c | 17 ++-- arch/sparc/mm/tsb.c | 44 ++++++++-- 8 files changed, 253 insertions(+), 62 deletions(-) commit 4cc4b9323f43458c9277e082f90316570431881e Merge: a57eaa1 db69032 Author: Linus Torvalds Date: Thu Feb 23 08:27:57 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rdma updates from Doug Ledford: "First set of updates for 4.11 kernel merge window - Add new Broadcom bnxt_re RoCE driver - rxe driver updates - ioctl cleanups - ETH_P_IBOE declaration cleanup - IPoIB changes - Add port state cache - Allow srpt driver to accept guids as port names in config - Update to hfi1 driver - Update to srp driver - Lots of misc minor changes all over" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (114 commits) RDMA/bnxt_re: fix for "bnxt_en: Update to firmware interface spec 1.7.0." rdma_cm: fail iwarp accepts w/o connection params IB/srp: Drain the send queue before destroying a QP IB/core: Add support for draining IB_POLL_DIRECT completion queues IB/srp: Improve an error path IB/srp: Make a diagnostic message more informative IB/srp: Document locking conventions IB/srp: Fix race conditions related to task management IB/srp: Avoid that duplicate responses trigger a kernel bug IB/SRP: Avoid using IB_MR_TYPE_SG_GAPS RDMA/qedr: Fix some error handling RDMA/bnxt_re: add DCB dependency IB/hns: include linux/module.h IB/vmw_pvrdma: Expose vendor error to ULPs vmw_pvrdma: switch to pci_alloc_irq_vectors IB/hfi1: use size_t for passing array length IB/ipoib: Remove redudant label IB/ipoib: remove the unnecessary memory free IB/mthca: switch to pci_alloc_irq_vectors IB/hfi1: Code reuse with memdup_copy ... commit 0d88b86694e0b176c1b9ca10cee95863065e2471 Merge: f41e546 4cfe140 Author: David S. Miller Date: Thu Feb 23 08:27:30 2017 -0800 Merge branch 'sparc64-jump-to-boot-prom' Vijay Kumar says: ==================== sparc64: Jump to boot prom from console on panic V3 changes: - patch 02/04: Added SERIAL_SUNHV conditional group for sunhv_migrate_hvcons_irq in smp_send_stop(). V2 changes: - Added cover letter patch Currently Stop-A (L1A) does not make the kernel switch to OBP on panic. This patchset addresses this issue. Also, now we can cause a jump to OBP by sending 'break' twice from sunhv console. On bare metal, one can send a break by typing Esc + 'B' + Sysrq (or whatever). On LDOM, press Ctrl + ] in telnet, and then "send break" at the telnet prompt. ==================== Signed-off-by: David S. Miller commit 4cfe140618b99e653134598de9f18b48743549ec Author: Vijay Kumar Date: Wed Feb 1 11:34:40 2017 -0800 Documentation/sparc: Steps for sending break on sunhv console Documented the steps for sending break on sunhv console. Signed-off-by: Vijay Kumar Signed-off-by: David S. Miller Documentation/sparc/console.txt | 9 +++++++++ 1 file changed, 9 insertions(+) commit 7db60d05e5ccc0a473fa2275f90f2fca0002ab21 Author: Vijay Kumar Date: Wed Feb 1 11:34:39 2017 -0800 sparc64: Send break twice from console to return to boot prom Now we can also jump to boot prom from sunhv console by sending break twice on console for both running and panicked kernel cases. Signed-off-by: Vijay Kumar Signed-off-by: David S. Miller drivers/tty/serial/sunhv.c | 6 +++++- kernel/panic.c | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) commit 7dd4fcf5b70694dc961eb6b954673e4fc9730dbd Author: Vijay Kumar Date: Wed Feb 1 11:34:38 2017 -0800 sparc64: Migrate hvcons irq to panicked cpu On panic, all other CPUs are stopped except the one which had hit panic. To keep console alive, we need to migrate hvcons irq to panicked CPU. Signed-off-by: Vijay Kumar Signed-off-by: David S. Miller arch/sparc/include/asm/setup.h | 5 ++++- arch/sparc/kernel/smp_64.c | 6 +++++- drivers/tty/serial/sunhv.c | 6 ++++++ 3 files changed, 15 insertions(+), 2 deletions(-) commit cffb3e76818fee4763a2ce5f2b1eca2d7885e2cf Author: Vijay Kumar Date: Wed Feb 1 11:34:37 2017 -0800 sparc64: Set cpu state to offline when stopped CPU needs to be marked offline before stopping it. When not marked offline, the xcall receives HV_EWOULDBLOCK and so assumes that not all CPUs received the message, and retries. After 10000 retries, it finally fails with fatal mondo timeout. Signed-off-by: Vijay Kumar Signed-off-by: David S. Miller arch/sparc/kernel/smp_64.c | 3 +++ 1 file changed, 3 insertions(+) commit f41e54616ca1a199f6c17228f26082ccdaaab3de Author: Liam R. Howlett Date: Wed Feb 1 14:09:26 2017 -0500 sunvdc: Add support for setting physical sector size Physical sector size is supported in v1.2 of the vDisk protocol and should be set if available. If protocol version 1.2 is used and the physical disk size is unavailable, then the disk is considered busy. Signed-off-by: Liam R. Howlett Signed-off-by: David S. Miller drivers/block/sunvdc.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) commit 269d8523585c1b82b53aff3cf00d88ccbaf58c35 Author: Eric Saint Etienne Date: Mon Feb 6 14:32:41 2017 +0000 sparc64: fix for user probes in high memory When returning from the user probe code into userspace process, PC & NPC are truncated to 32 bits. Due to shared libraries getting loaded very high in the virtual address space of the process, placing a user probe inside a shared library makes the kernel return into the process at the wrong address, causing it to seg'fault most of the time. This patch prevents truncating PC and NPC. Signed-off-by: Eric Saint Etienne Reviewed-by: David Aldridge Signed-off-by: David S. Miller arch/sparc/include/asm/uprobes.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit fc5e8c283999168942baa5ef7f3805444f80be2b Author: Ben Hutchings Date: Sat Feb 4 16:32:22 2017 +0000 sparc: topology_64.h: Fix condition for including cpudata.h We currently define macros referring to cpu_data if CONFIG_SMP is defined, but only include the declaration if CONFIG_NUMA is defined. Fixes: 541cc39433a8 ("sparc: fix a building error reported by kbuild") Signed-off-by: Ben Hutchings Acked-by: Gonglei Signed-off-by: David S. Miller arch/sparc/include/asm/topology_64.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit cbc41b43e7c2ba6503b6b96dfe38e6b1316f46cf Author: Bhumika Goyal Date: Sat Jan 14 18:01:54 2017 +0530 sparc32: mm: srmmu: add __ro_after_init to sparc32_cachetlb_ops structures The objects viking_ops, viking_sun4d_smp_ops and smp_cachetlb_ops of type sparc32_cachetlb_ops are not modified anywhere after getting modified in the init functions. Inside init their reference is also stored in a pointer of type const struct sparc32_cachetlb_ops *. So these structures are never modified after init, therefore add __ro_after to the declaration of these structures. Signed-off-by: Bhumika Goyal Reviewed-by: Kees Cook Signed-off-by: David S. Miller arch/sparc/mm/srmmu.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a57eaa1f25bb3e1d0aaf8906460053b9509c74a8 Merge: df9cdc1 80e5d45 Author: Linus Torvalds Date: Thu Feb 23 08:21:32 2017 -0800 Merge tag 'backlight-for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight Pull backlight updates from Lee Jones: "Core Frameworks: - Add Daniel Thompson as co-maintainer Fix-ups: - Improve error handling; adp5520_bl - Split initial power checks into dedicated function; pwm_bl - Check current PWM status; pwm_bl Bug Fixes: - Fix potential race; lcd - Fix module auto-loading; da9052" * tag 'backlight-for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight: MAINTAINERS: Rework entry for Backlight backlight: da9052: Fix module autoload backlight: pwm_bl: Check the PWM state for initial backlight power state backlight: pwm_bl: Move the checks for initial power state to a separate function backlight: adp5520: Fix error handling in adp5520_bl_probe() backlight: lcd: Fix race condition during register commit df9cdc1727ed9debfce59c5f600d794a63fcbfeb Merge: bc49a78 e93c102 Author: Linus Torvalds Date: Thu Feb 23 08:18:01 2017 -0800 Merge tag 'mfd-for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD updates from Lee Jones: "Core Frameworks: - Add new !TOUCHSCREEN_SUN4I dependency for SUN4I_GPADC - List include/dt-bindings/mfd/* to files supported in MAINTAINERS New Drivers: - Intel Apollo Lake SPI NOR - ST STM32 Timers (Advanced, Basic and PWM) - Motorola 6556002 CPCAP (PMIC) New Device Support: - Add support for AXP221 to axp20x - Add support for Intel Gemini Lake to intel-lpss-pci - Add support for MT6323 LED to mt6397-core - Add support for COMe-bBD#, COMe-bSL6, COMe-bKL6, COMe-cAL6 and COMe-cKL6 to kempld-core New Functionality: - Add support for Analog CODAC to sun6i-prcm - Add support for Watchdog to lpc_ich Fix-ups: - Error handling improvements; axp288_charger, axp20x, ab8500-sysctrl - Adapt platform data handling; axp20x - IRQ handling improvements; arizona, axp20x - Remove superfluous code; arizona, axp20x, lpc_ich - Trivial coding style/spelling fixes; axp20x, abx500, mfd.txt - Regmap fix-ups; axp20x - DT changes; mfd.txt, aspeed-lpc, aspeed-gfx, ab8500-core, tps65912, mt6397 - Use new I2C probing mechanism; max77686 - Constification; rk808 Bug Fixes: - Stop data transfer whilst suspended; cros_ec" * tag 'mfd-for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: (43 commits) mfd: lpc_ich: Enable watchdog on Intel Apollo Lake PCH mfd: lpc_ich: Remove useless comments in core part mfd: Add support for several boards to Kontron PLD driver mfd: constify regmap_irq_chip structures MAINTAINERS: Add include/dt-bindings/mfd to MFD entry mfd: cpcap: Add minimal support mfd: mt6397: Add MT6323 LED support into MT6397 driver Documentation: devicetree: Add LED subnode binding for MT6323 PMIC mfd: tps65912: Export OF device ID table as module aliases mfd: ab8500-core: Rename clock device and compatible mfd: cros_ec: Send correct suspend/resume event to EC mfd: max77686: Remove I2C device ID table mfd: max77686: Use the struct i2c_driver .probe_new instead of .probe mfd: max77686: Use of_device_get_match_data() helper mfd: max77686: Don't attempt to get i2c_device_id .data mfd: ab8500-sysctrl: Handle probe deferral mfd: intel-lpss: Add Intel Gemini Lake PCI IDs mfd: axp20x: Fix AXP806 access errors on cold boot mfd: cros_ec: Send suspend state notification to EC mfd: cros_ec: Prevent data transfer while device is suspended ... commit efe0220fc2d2cc1cbd6c663dd3d652ac2b9afd1a Author: Christophe JAILLET Date: Mon Feb 20 08:08:15 2017 +0100 drm/rockchip: cdn-dp: Fix error handling It is likely that both 'clk_disable_unprepare()' should be called if 'pm_runtime_get_sync()' fails. Add a new label for that, because 'err_set_rate' is not meaningful in this case. Add a missing call to 'pm_runtime_put()'. Fixes: 1a0f7ed3abe2 ("drm/rockchip: cdn-dp: add cdn DP support for rk3399") Signed-off-by: Christophe JAILLET Acked-by: Mark Yao Signed-off-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/20170220070815.23096-1-christophe.jaillet@wanadoo.fr drivers/gpu/drm/rockchip/cdn-dp-core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit b6705157b2db521ec7ff3b3ac205230f231798a6 Author: Arnd Bergmann Date: Tue Feb 14 22:31:51 2017 +0100 drm/rockchip: add extcon dependency for DP The newly added DP driver links against the extcon core, which fails when extcon is a module and this driver is not: drivers/gpu/drm/rockchip/cdn-dp-core.o: In function `cdn_dp_get_port_lanes': cdn-dp-core.c:(.text.cdn_dp_get_port_lanes+0x24): undefined reference to `extcon_get_state' cdn-dp-core.c:(.text.cdn_dp_get_port_lanes+0x44): undefined reference to `extcon_get_property' Let's make Kconfig enforce correct behavior with a dependency. Fixes: 1a0f7ed3abe2 ("drm/rockchip: cdn-dp: add cdn DP support for rk3399") Signed-off-by: Arnd Bergmann Reviewed-by: Guenter Roeck Acked-by: Mark Yao Signed-off-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/20170214213215.2888509-1-arnd@arndb.de drivers/gpu/drm/rockchip/Kconfig | 1 + 1 file changed, 1 insertion(+) commit ccaba0621a8577ce6b84cf625f2b9a4c6466d999 Merge: e65ade7 3ef767e Author: David S. Miller Date: Thu Feb 23 10:59:15 2017 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree, they are: 1) Revisit warning logic when not applying default helper assignment. Jiri Kosina considers we are breaking existing setups and not warning our users accordinly now that automatic helper assignment has been turned off by default. So let's make him happy by spotting the warning by when we find a helper but we cannot attach, instead of warning on the former deprecated behaviour. Patch from Jiri Kosina. 2) Two patches to fix regression in ctnetlink interfaces with nfnetlink_queue. Specifically, perform more relaxed in CTA_STATUS and do not bail out if CTA_HELP indicates the same helper that we already have. Patches from Kevin Cernekee. 3) A couple of bugfixes for ipset via Jozsef Kadlecsik. Due to wrong index logic in hash set types and null pointer exception in the list:set type. 4) hashlimit bails out with correct userspace parameters due to wrong arithmetics in the code that avoids "divide by zero" when transforming the userspace timing in milliseconds to token credits. Patch from Alban Browaeys. 5) Fix incorrect NFQA_VLAN_MAX definition, patch from Ken-ichirou MATSUZAWA. 6) Don't not declare nfnetlink batch error list as static, since this may be used by several subsystems at the same time. Patch from Liping Zhang. ==================== Signed-off-by: David S. Miller commit e65ade77e87fd206bb78fae32ab7b604b01fade0 Merge: c12f4d7 7f0137e Author: David S. Miller Date: Thu Feb 23 10:57:58 2017 -0500 Merge branch 'mlx4-misc-fixes' Tariq Toukan says: ==================== mlx4 misc fixes This patchset contains misc bug fixes from Eric Dumazet and our team to the mlx4 Core and Eth drivers. Series generated against net commit: eee2faabc63d tcp: account for ts offset only if tsecr not zero v3: * Rebased, conflict solved. v2: * Added Eric's fix (patch 5/5). ==================== Signed-off-by: David S. Miller commit 7f0137e2ef9f32143df623001a96f7aab61a9595 Author: Eric Dumazet Date: Thu Feb 23 12:02:45 2017 +0200 net/mlx4_en: Use __skb_fill_page_desc() Or we might miss the fact that a page was allocated from memory reserves. Fixes: dceeab0e5258 ("mlx4: support __GFP_MEMALLOC for rx") Signed-off-by: Eric Dumazet Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_rx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 6ed63d845e7866ff1a0eac9f0fa554fdf2c64e1d Author: Jack Morgenstein Date: Thu Feb 23 12:02:44 2017 +0200 net/mlx4_core: Use cq quota in SRIOV when creating completion EQs When creating EQs to handle CQ completion events for the PF or for VFs, we create enough EQE entries to handle completions for the max number of CQs that can use that EQ. When SRIOV is activated, the max number of CQs a VF (or the PF) can obtain is its CQ quota (determined by the Hypervisor resource tracker). Therefore, when creating an EQ, the number of EQE entries that the VF should request for that EQ is the CQ quota value (and not the total number of CQs available in the FW). Under SRIOV, the PF, also must use its CQ quota, because the resource tracker also controls how many CQs the PF can obtain. Using the FW total CQs instead of the CQ quota when creating EQs resulted wasting MTT entries, due to allocating more EQEs than were needed. Fixes: 5a0d0a6161ae ("mlx4: Structures and init/teardown for VF resource quotas") Signed-off-by: Jack Morgenstein Reported-by: Dexuan Cui Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/eq.c | 5 ++--- drivers/net/ethernet/mellanox/mlx4/main.c | 3 ++- 2 files changed, 4 insertions(+), 4 deletions(-) commit 95f1ba9a24af9769f6e20dfe9a77c863f253f311 Author: Majd Dibbiny Date: Thu Feb 23 12:02:43 2017 +0200 net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs In the VF driver, module parameter mlx4_log_num_mgm_entry_size was mistakenly overwritten -- and in a manner which overrode the device-managed flow steering option encoded in the parameter. log_num_mgm_entry_size is a global module parameter which affects all ConnectX-3 PFs installed on that host. If a VF changes log_num_mgm_entry_size, this will affect all PFs which are probed subsequent to the change (by disabling DMFS for those PFs). Fixes: 3c439b5586e9 ("mlx4_core: Allow choosing flow steering mode") Signed-off-by: Majd Dibbiny Reviewed-by: Jack Morgenstein Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/main.c | 2 -- 1 file changed, 2 deletions(-) commit 745d8ae4622c6808b22e33a944c7decb30074be4 Author: Eugenia Emantayev Date: Thu Feb 23 12:02:42 2017 +0200 net/mlx4: Spoofcheck and zero MAC can't coexist Spoofcheck can't be enabled if VF MAC is zero. Vice versa, can't zero MAC if spoofcheck is on. Fixes: 8f7ba3ca12f6 ('net/mlx4: Add set VF mac address support') Signed-off-by: Eugenia Emantayev Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/cmd.c | 22 ++++++++++++++++++++-- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 6 +----- include/linux/mlx4/cmd.h | 2 +- include/linux/mlx4/driver.h | 10 ++++++++++ 4 files changed, 32 insertions(+), 8 deletions(-) commit 423b3aecf29085a52530d4f9167c56a84b081042 Author: Or Gerlitz Date: Thu Feb 23 12:02:41 2017 +0200 net/mlx4: Change ENOTSUPP to EOPNOTSUPP As ENOTSUPP is specific to NFS, change the return error value to EOPNOTSUPP in various places in the mlx4 driver. Signed-off-by: Or Gerlitz Suggested-by: Yotam Gigi Reviewed-by: Matan Barak Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 2 +- drivers/net/ethernet/mellanox/mlx4/fw.c | 2 +- drivers/net/ethernet/mellanox/mlx4/intf.c | 2 +- drivers/net/ethernet/mellanox/mlx4/main.c | 6 +++--- drivers/net/ethernet/mellanox/mlx4/mr.c | 2 +- drivers/net/ethernet/mellanox/mlx4/qp.c | 2 +- drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) commit c12f4d761dd2313ae4f457041df3ec0c603aa76a Author: Dmitry V. Levin Date: Thu Feb 23 14:35:23 2017 +0300 uapi: fix linux/rds.h userspace compilation errors Consistently use types from linux/types.h to fix the following linux/rds.h userspace compilation errors: /usr/include/linux/rds.h:198:2: error: unknown type name 'u8' u8 rx_traces; /usr/include/linux/rds.h:199:2: error: unknown type name 'u8' u8 rx_trace_pos[RDS_MSG_RX_DGRAM_TRACE_MAX]; /usr/include/linux/rds.h:203:2: error: unknown type name 'u8' u8 rx_traces; /usr/include/linux/rds.h:204:2: error: unknown type name 'u8' u8 rx_trace_pos[RDS_MSG_RX_DGRAM_TRACE_MAX]; /usr/include/linux/rds.h:205:2: error: unknown type name 'u64' u64 rx_trace[RDS_MSG_RX_DGRAM_TRACE_MAX]; Fixes: 3289025aedc0 ("RDS: add receive message trace used by application") Signed-off-by: Dmitry V. Levin Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller include/uapi/linux/rds.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit ea3ebc73b46fbdb049dafd47543bb22efaa09c8e Author: Dmitry V. Levin Date: Thu Feb 23 14:30:34 2017 +0300 uapi: fix linux/seg6.h and linux/seg6_iptunnel.h userspace compilation errors Include in uapi/linux/seg6.h to fix the following linux/seg6.h userspace compilation error: /usr/include/linux/seg6.h:31:18: error: array type has incomplete element type 'struct in6_addr' struct in6_addr segments[0]; Include in uapi/linux/seg6_iptunnel.h to fix the following linux/seg6_iptunnel.h userspace compilation error: /usr/include/linux/seg6_iptunnel.h:26:21: error: array type has incomplete element type 'struct ipv6_sr_hdr' struct ipv6_sr_hdr srh[0]; Fixes: a50a05f497a2 ("ipv6: sr: add missing Kbuild export for header files") Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/seg6.h | 1 + include/uapi/linux/seg6_iptunnel.h | 2 ++ 2 files changed, 3 insertions(+) commit 50ab3af16c48bc14a6787ab2f506c403d9d1bfad Author: Jiri Pirko Date: Thu Feb 23 10:57:45 2017 +0100 lib: Remove string from parman config selection As reported by Geert, remove the string so the user does not see this config option. The option is explicitly selected only as a dependency of in-kernel users. Reported-by: Geert Uytterhoeven Fixes: 44091d29f207 ("lib: Introduce priority array area manager") Signed-off-by: Jiri Pirko Tested-by: Geert Uytterhoeven Signed-off-by: David S. Miller lib/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ca92aea9781691bae3bafde95048cc3840a70ad8 Author: Zhu Yanjun Date: Thu Feb 23 03:22:49 2017 -0500 forcedeth: Remove return from a void function In a void function, it is not necessary to append a return statement in it. Signed-off-by: Zhu Yanjun Signed-off-by: David S. Miller drivers/net/ethernet/nvidia/forcedeth.c | 2 -- 1 file changed, 2 deletions(-) commit bc1750f366902449f36f15f4a692a495fe6bcdfe Author: Colin Ian King Date: Thu Feb 23 00:20:53 2017 +0000 bpf: fix spelling mistake: "proccessed" -> "processed" trivial fix to spelling mistake in verbose log message Signed-off-by: Colin Ian King Signed-off-by: David S. Miller kernel/bpf/verifier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 40df93be6a7084e09688e1ddc45615d13df133fc Author: Dmitry V. Levin Date: Thu Feb 23 01:38:26 2017 +0300 uapi: fix linux/llc.h userspace compilation error Include to fix the following linux/llc.h userspace compilation error: /usr/include/linux/llc.h:26:27: error: 'IFHWADDRLEN' undeclared here (not in a function) unsigned char sllc_mac[IFHWADDRLEN]; Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/llc.h | 1 + 1 file changed, 1 insertion(+) commit 557d7acd754543ca6f7166b9abde0a1af01ed848 Author: Dmitry V. Levin Date: Thu Feb 23 01:38:03 2017 +0300 uapi: fix linux/ip6_tunnel.h userspace compilation errors Include and to fix the following linux/ip6_tunnel.h userspace compilation errors: /usr/include/linux/ip6_tunnel.h:23:12: error: 'IFNAMSIZ' undeclared here (not in a function) char name[IFNAMSIZ]; /* name of tunnel device */ /usr/include/linux/ip6_tunnel.h:30:18: error: field 'laddr' has incomplete type struct in6_addr laddr; /* local tunnel end-point address */ Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/ip6_tunnel.h | 2 ++ 1 file changed, 2 insertions(+) commit 79873fb6348a35634b3edb60e21798ae716da824 Merge: eee2faa 36154be Author: David S. Miller Date: Thu Feb 23 10:43:11 2017 -0500 Merge branch 'mlx5-fixes' Saeed Mahameed says: ==================== Mellanox mlx5e fixes for 4.11-rc1 This series includes some important bug fixes for mlx5e driver. Three misc fixes: From Mohamad, compilation fix on s390 system From Me, A fix for driver unload when switchdev mode is on. From Tariq, HW LRO frag size optimization for when build_skb is not used (striding RQ mode). Three CQE compression related fixes: Two fixes from Tariq and I, to correctly setup CQE compression parameters on driver load and on arbitrary user modifications. Last patch, fixes a very critical issue that was originally reported by Tom, where the driver reported csum errors or even page ref issues for when cqe compression is enabled and rapidly active. For your convenience this series was generated on top of net-next branch: 005c3490e9db ('Revert "ath10k: Search SMBIOS for OEM board file extension"') for -stable: net/mlx5e: Register/unregister vport representors on interface (for kernel >= 4.9) net/mlx5e: Do not reduce LRO WQE size when not using build_skb (for kernel >= 4.9) net/mlx5e: Fix broken CQE compression initialization (for kernel >= 4.9) net/mlx5e: Update MPWQE stride size when modifying CQE compress state (for kernel >= 4.7) net/mlx5e: Fix wrong CQE decompression (for kernel >= 4.7) ==================== Signed-off-by: David S. Miller commit 36154be40a28e4afaa0416da2681d80b7e2ca319 Author: Tariq Toukan Date: Wed Feb 22 17:20:16 2017 +0200 net/mlx5e: Fix wrong CQE decompression In cqe compression with striding RQ, the decompression of the CQE field wqe_counter was done with a wrong wraparound value. This caused handling cqes with a wrong pointer to wqe (rx descriptor) and creating SKBs with wrong data, pointing to wrong (and already consumed) strides/pages. The meaning of the CQE field wqe_counter in striding RQ holds the stride index instead of the WQE index. Hence, when decompressing a CQE, wqe_counter should have wrapped-around the number of strides in a single multi-packet WQE. We dropped this wrap-around mask at all in CQE decompression of striding RQ. It is not needed as in such cases the CQE compression session would break because of different value of wqe_id field, starting a new compression session. Tested: ethtool -K ethxx lro off/on ethtool --set-priv-flags ethxx rx_cqe_compress on super_netperf 16 {ipv4,ipv6} -t TCP_STREAM -m 50 -D verified no csum errors and no page refcount issues. Fixes: 7219ab34f184 ("net/mlx5e: CQE compression") Signed-off-by: Tariq Toukan Reported-by: Tom Herbert Cc: kernel-team@fb.com Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 6dc4b54e77282caf17f0ff72aa32dd296037fbc0 Author: Saeed Mahameed Date: Wed Feb 22 17:20:15 2017 +0200 net/mlx5e: Update MPWQE stride size when modifying CQE compress state When the admin enables/disables cqe compression, updating mpwqe stride size is required: CQE compress ON ==> stride size = 256B CQE compress OFF ==> stride size = 64B This is already done on driver load via mlx5e_set_rq_type_params, all we need is just to call it on arbitrary admin changes of cqe compression state via priv flags or when changing timestamping state (as it is mutually exclusive with cqe compression). This bug introduces no functional damage, it only makes cqe compression occur less often, since in ConnectX4-LX CQE compression is performed only on packets smaller than stride size. Tested: ethtool --set-priv-flags ethxx rx_cqe_compress on pktgen with 64 < pkt size < 256 and netperf TCP_STREAM (IPv4/IPv6) verify `ethtool -S ethxx | grep compress` are advancing more often (rapidly) Fixes: 7219ab34f184 ("net/mlx5e: CQE compression") Signed-off-by: Saeed Mahameed Reviewed-by: Tariq Toukan Cc: kernel-team@fb.com Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) commit b0d4660b4cc52e6477ca3a43435351d565dfcedc Author: Tariq Toukan Date: Wed Feb 22 17:20:14 2017 +0200 net/mlx5e: Fix broken CQE compression initialization Some of RQ type parameters are derived from CQE compression state flag, CQE compression flag was initialized only after RQ type parameters setup. This leads to load RQ with stride size smaller than what we want for when CQE compression is on. This bug introduces no functional damage, it only makes CQE compression occur less often, since in ConnectX4-LX CQE compression is performed only on packets smaller than stride size. Fix this by marking default status of CQE compression in PFLAG prior to calling mlx5e_set_rq_priv_params(), as it inits some fields based on it. Tested: load driver on systems where rx CQE compress will be on (MH) pktgen with 64 < pkt size < 256 and netperf TCP_STREAM (IPv4/IPv6) verify `ethtool -S ethxx | grep compress` are advancing more often (rapidly) Fixes: 2fc4bfb7250d ("net/mlx5e: Dynamic RQ type infrastructure") Signed-off-by: Tariq Toukan Cc: kernel-team@fb.com Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 4078e637c12f1e0a74293f1ec9563f42bff14a03 Author: Tariq Toukan Date: Wed Feb 22 17:20:13 2017 +0200 net/mlx5e: Do not reduce LRO WQE size when not using build_skb When rq_type is Striding RQ, no room of SKB_RESERVE is needed as SKB allocation is not done via build_skb. Fixes: e4b85508072b ("net/mlx5e: Slightly reduce hardware LRO size") Signed-off-by: Tariq Toukan Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 6f08a22c5fb2b9aefb8ecd8496758e7a677c1fde Author: Saeed Mahameed Date: Wed Feb 22 17:20:12 2017 +0200 net/mlx5e: Register/unregister vport representors on interface attach/detach Currently vport representors are added only on driver load and removed on driver unload. Apparently we forgot to handle them when we added the seamless reset flow feature. This caused to leave the representors netdevs alive and active with open HW resources on pci shutdown and on error reset flows. To overcome this we move their handling to interface attach/detach, so they would be cleaned up on shutdown and recreated on reset flows. Fixes: 26e59d8077a3 ("net/mlx5e: Implement mlx5e interface attach/detach callbacks") Signed-off-by: Saeed Mahameed Reviewed-by: Hadar Hen Zion Reviewed-by: Roi Dayan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) commit 18bcf742fbb0ddaf68d58ebf50b248748c983cea Author: Mohamad Haj Yahia Date: Wed Feb 22 17:20:11 2017 +0200 net/mlx5e: s390 system compilation fix Add necessary headers include for s390 arch compilation. Fixes: e586b3b0baee ("net/mlx5: Ethernet Datapath files") Fixes: d605d6686dc7 ("net/mlx5e: Add support for ethtool self..") Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_selftest.c | 1 + 2 files changed, 2 insertions(+) commit f38e5fb95a1f8feda88531eedc98f69b24748712 Author: Andrew Price Date: Wed Feb 22 12:05:03 2017 -0500 gfs2: Add missing rcu locking for glock lookup We must hold the rcu read lock across looking up glocks and trying to bump their refcount to prevent the glocks from being freed in between. Cc: # 4.3+ Signed-off-by: Andrew Price Signed-off-by: Andreas Gruenbacher Signed-off-by: Bob Peterson fs/gfs2/glock.c | 5 +++++ 1 file changed, 5 insertions(+) commit 12cb3a1c4184f891d965d1f39f8cfcc9ef617647 Author: Milan Broz Date: Thu Feb 23 08:38:26 2017 +0100 crypto: xts - Add ECB dependency Since the commit f1c131b45410a202eb45cc55980a7a9e4e4b4f40 crypto: xts - Convert to skcipher the XTS mode is based on ECB, so the mode must select ECB otherwise it can fail to initialize. Signed-off-by: Milan Broz Signed-off-by: Herbert Xu crypto/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 15c0b9edcc41fe8fddcd07d6b58ee15e6554d17e Author: Christoph Hellwig Date: Wed Feb 15 08:18:43 2017 +0100 crypto: cavium - switch to pci_alloc_irq_vectors pci_enable_msix has been long deprecated, but this driver adds a new instance. Convert it to pci_alloc_irq_vectors and greatly simplify the code, and make sure the prope code properly unwinds. Signed-off-by: Christoph Hellwig Signed-off-by: Herbert Xu drivers/crypto/cavium/cpt/cptvf.h | 3 - drivers/crypto/cavium/cpt/cptvf_main.c | 203 +++++++++++---------------------- 2 files changed, 65 insertions(+), 141 deletions(-) commit 613844e811a87ddbc646bd30e724c34472540296 Author: Christoph Hellwig Date: Wed Feb 15 08:18:42 2017 +0100 crypto: cavium - switch to pci_alloc_irq_vectors pci_enable_msix has been long deprecated, but this driver adds a new instance. Convert it to pci_alloc_irq_vectors and greatly simplify the code. Signed-off-by: Christoph Hellwig Signed-off-by: Herbert Xu drivers/crypto/cavium/cpt/cptpf.h | 5 --- drivers/crypto/cavium/cpt/cptpf_main.c | 58 ++++++---------------------------- 2 files changed, 10 insertions(+), 53 deletions(-) commit f4f228bff3c98990537ebd4bcab6730ae02d6e48 Author: Christoph Hellwig Date: Wed Feb 15 08:18:41 2017 +0100 crypto: cavium - remove dead MSI-X related define Signed-off-by: Christoph Hellwig Signed-off-by: Herbert Xu drivers/crypto/cavium/cpt/cpt_common.h | 2 -- 1 file changed, 2 deletions(-) commit 4c21541d8da17fbe94ecadbfc913d6dff3be7ca2 Author: Jan Glauber Date: Tue Feb 21 14:07:50 2017 +0100 i2c: thunderx: Replace pci_enable_msix() Using pci_alloc_irq_vectors() instead of the deprecated pci_enable_msix() allows to remove the msix_entry from struct octeon_i2c and thus to get rid of the config symbol check. Signed-off-by: Jan Glauber Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-octeon-core.h | 4 ---- drivers/i2c/busses/i2c-thunderx-pcidrv.c | 6 +++--- 2 files changed, 3 insertions(+), 7 deletions(-) commit 7999eecb7e5675c3c7c2981a3ba9be6fc8e2ee27 Author: Andrzej Hajda Date: Wed Feb 22 12:04:34 2017 +0100 i2c: exynos5: fix arbitration lost handling In case of arbitration lost adequate interrupt sometimes is not signaled. As a result transfer timeouts and is not retried, as it should. To avoid such cases code is added to check transaction status in case of every interrupt. Signed-off-by: Andrzej Hajda Tested-by: Andi Shyti Reviewed-by: Andi Shyti Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-exynos5.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) commit 8693b9145b13dc44664602cd4cbe71862c26d0b5 Author: Colin Ian King Date: Thu Feb 23 11:06:09 2017 +0000 s390/dasd: fix spelling mistake: "supportet" -> "supported" trivial fix to spelling mistake in literal string Signed-off-by: Colin Ian King Signed-off-by: Martin Schwidefsky drivers/s390/block/dasd_eckd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fd1c9c8568439198a66f42108a9b01854e25346e Author: Andrzej Hajda Date: Wed Feb 22 11:11:20 2017 +0100 i2c: exynos5: disable fifo-almost-empty irq signal when necessary Fifo-almost-empty irq signal should be disabled as soon as possible, to avoid unnecessary interrupt storm. The best moment is when there is no more data to feed fifo. This patch fixes system stalls caused by IRQ storm. Signed-off-by: Andrzej Hajda Tested-by: Marek Szyprowski Tested-by: Andi Shyti Reviewed-by: Andi Shyti Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-exynos5.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 191020b670f84f5e2edfaa906c3801df20485610 Author: Zhenyu Wang Date: Thu Feb 23 14:46:23 2017 +0800 drm/i915/gvt: adjust to fixed vGPU types Previous vGPU type create tried to determine vGPU type name e.g _1, _2 based on the number of mdev devices can be created, but different type might have very different resource size depending on physical device. We need to split type name vs. actual mdev resource and create fixed vGPU type with determined size for consistence. With this we'd like to fix vGPU types for _1, _2, _4 and _8 now, each type has fixed defined resource size. Available mdev instances that could be created is determined by physical resource, and user should query for that before creating. Cc: Kevin Tian Reviewed-by: Kevin Tian Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gvt.h | 1 - drivers/gpu/drm/i915/gvt/vgpu.c | 58 ++++++++++++++++++++++++----------------- 2 files changed, 34 insertions(+), 25 deletions(-) commit 7c28135c77414327523b89bfc3f13096e095f5ac Author: Zhao, Xinda Date: Tue Feb 21 15:54:56 2017 +0800 drm/i915/gvt: remove unnecessary error msg from gtt write The guest VM may initialize the whole GTT table during boot up, so the warning msg in emulate_gtt_mmio_write is not necessary, it is the expected behavior and it may confuse the user if error msg is printed out, so remove the msg from emulate_gtt_mmio_write(), Signed-off-by: Zhao, Xinda Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gtt.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit d8a355be0b2b5613f7b34aee1394369d45d50586 Author: Weinan Li Date: Wed Feb 22 11:03:24 2017 +0800 drm/i915/gvt: refine pcode write emulation In GVT-g we always emulate as pcode read/write success and ready for access anytime, since we don't touch real physical registers here. Add 'SKL_PCODE_CDCLK_CONTROL' write emulation, without it will cause skl_set_cdclk fail in guest. Signed-off-by: Weinan Li Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit da9cc8de22aa6bd6ed51c406432d599ab520a6e3 Author: Ping Gao Date: Tue Feb 21 15:52:56 2017 +0800 drm/i915/gvt: clear the vGPU reset logic Releasing shadow PPGTT pages is not enough when vGPU reset, the guest page table tracking data should has same life-cycle with all the shadow PPGTT pages; Otherwise there is no chance to re-shadow the PPGTT pages without free the guest page table tracking data. This patch clear the PPGTT reset logic and make the vGPU reset in working order. v2: refactor some logic to avoid code duplicated. v3: remove useless macro and add comments from Christophe. v4: keep reset logic in reset function. Signed-off-by: Ping Gao Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gtt.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) commit bab059304314e127cf4a5330c6bd5a71fd27c022 Author: Zhao, Xinda Date: Tue Feb 21 15:07:31 2017 +0800 drm/i915/gvt: decrease priority of output msg for untracked mmio When untracked mmio is visited, too many log info will be printed out, it may confuse the user, but most of the time, it is not the urgent case, so use gvt_dbg_mmio() instead. Signed-off-by: Zhao, Xinda Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/mmio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ec162aa84c9057e196f3a844c0a8d569f5095e6c Author: Zhao Yan Date: Tue Feb 21 14:00:37 2017 +0800 drm/i915/gvt: set default value to 0 for unhandled mmio regs for a handled mmio reg, its default value is read from hardware, while for an unhandled mmio regs, its default value would be random if not explicitly set to 0 Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/firmware.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 187447a106fc9caca45f10413845678d3666556c Author: Pei Zhang Date: Tue Feb 21 21:58:14 2017 +0800 drm/i915/gvt: add cmd_access to GEN7_HALF_SLICE_CHICKEN1 Linux guest is using this MMIO in lri command. Add cmd_access flag for this mmio in gvt to avoid error log. v2: change the mmio address to its macro name Signed-off-by: Pei Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e6cedfea6b8dcb205f75ea632570f52d2ffd1251 Author: Zhao Yan Date: Tue Feb 21 10:38:53 2017 +0800 drm/i915/gvt: force-nopriv register handling add a whitelist to check the content of force-nonpriv registers v3: per He Min's comment, modify in_whitelist()'s return type to bool, and use negative value as the return value for failure for force_nonpriv_write(). v2: 1. split a big patch into two smaller ones per zhenyu's comment. this patch is the mmio handling part for force-nopriv registers 2. per zhenyu's comment, combine all non-priv registers into a single MMIO_DFH entry Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 74 +++++++++++++++++++++++++++++++++++-- 1 file changed, 70 insertions(+), 4 deletions(-) commit 4c4b22abb3d405c5c194b02255eecc1a9eff42cf Author: Zhao Yan Date: Tue Feb 21 09:39:00 2017 +0800 drm/i915/gvt: add more registers to context save/restore list the value of those registers should be applied to hardware on context restoring Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/render.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit d8e9b2b9097c117880dc22933239d05199c60b96 Author: Takashi Iwai Date: Mon Feb 20 14:58:25 2017 +0100 drm/i915/gvt: Fix superfluous newline in GVT_DISPLAY_READY env var send_display_send_uevent() sends two environment variable, and the first one GVT_DISPLAY_READY is set including a new line at the end of the string; that is obviously superfluous and wrong -- at least, it *looks* so when you only read the code. However, it doesn't appear in the actual output by a (supposedly unexpected) trick. The code uses snprintf() and truncates the string in size 20 bytes. This makes the string as GVT_DISPLAY_READY=0 or ...=1 including the trailing NUL-letter. That is, the '\n' found in the format string is always cut off as a result. Although the code gives the correct result, it is confusing. This patch addresses it, just removing the superfluous '\n' from the format string for avoiding further confusion. If the argument "ready" were not a bool, the size 20 should be corrected as well. But it's a bool, so we can leave the magic number 20 as is for now. FWIW, the bug was spotted by a new GCC7 warning: drivers/gpu/drm/i915/gvt/handlers.c: In function 'pvinfo_mmio_write': drivers/gpu/drm/i915/gvt/handlers.c:1042:34: error: 'snprintf' output truncated before the last format character [-Werror=format-truncation=] snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d\n", ready); ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/i915/gvt/handlers.c:1042:2: note: 'snprintf' output 21 bytes into a destination of size 20 snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d\n", ready); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fixes: 04d348ae3f0a ("drm/i915/gvt: vGPU display virtualization") Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1025903 Reported-by: Richard Biener Cc: Signed-off-by: Takashi Iwai Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 593e59b4b941910e4f7ba87d3c02d63e38e960d0 Author: Zhao Yan Date: Mon Feb 20 15:51:13 2017 +0800 drm/i915/gvt: fix unhandled mmio warnings some registers were missing or treated as BDW only. This patch is to fix it avoid unhandled mmio wanrings v2: update commit message according to zhenyu's comment Signed-off-by: Zhao Yan Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) commit 9272f73f79bd780502134f227fa52fd280ecda17 Author: Chuanxiao Dong Date: Fri Feb 17 19:29:52 2017 +0800 drm/i915/gvt: add a NULL pointer check to avoid kernel panic Due to the request replay, context switch interrupt may come after gvt free the workload thus can cause a kernel NULL pointer kernel panic. This patch will add a simple check to avoid this for a short term. From long term, gvt workload lifecycle doesn't match with i915 request and need to find a proper way to manage this. v4: simplify the NULL pointer check. v5: add unlikely to optimize. Signed-off-by: Chuanxiao Dong Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/scheduler.c | 3 +++ 1 file changed, 3 insertions(+) commit a33fc7a0482a40068c022aefcefd50f9f0f44f87 Author: Min He Date: Fri Feb 17 16:42:38 2017 +0800 drm/i915/gvt: enter failsafe mode when guest requires more resources Windows guest will notitfy GVT-g to request more resources through g2v interface, when its resources are not enough. This patch is to handle this case and let vgpu enter failsafe mode to avoid too many error messages. Signed-off-by: Min He Signed-off-by: Pei Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gvt.h | 1 + drivers/gpu/drm/i915/gvt/handlers.c | 5 +++++ 2 files changed, 6 insertions(+) commit e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 Author: Harald Freudenberger Date: Wed Nov 2 14:37:20 2016 +0100 s390/pkey: Introduce pkey kernel module This patch introcudes a new kernel module pkey which is providing protected key handling and management functions. The pkey API is available within the kernel for other s390 specific code to create and manage protected keys. Additionally the functions are exported to user space via IOCTL calls. The implementation makes extensive use of functions provided by the zcrypt device driver. For generating protected keys from secure keys there is also a CEX coprocessor card needed. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky arch/s390/configs/default_defconfig | 1 + arch/s390/configs/performance_defconfig | 1 + arch/s390/defconfig | 1 + arch/s390/include/asm/pkey.h | 90 +++ arch/s390/include/uapi/asm/Kbuild | 1 + arch/s390/include/uapi/asm/pkey.h | 112 +++ drivers/crypto/Kconfig | 16 + drivers/s390/crypto/Makefile | 4 + drivers/s390/crypto/pkey_api.c | 1148 +++++++++++++++++++++++++++++++ 9 files changed, 1374 insertions(+) commit a1d001e26d5386c934345dc91f16b530e352f8d7 Author: Harald Freudenberger Date: Wed Nov 2 14:32:32 2016 +0100 s390/zcrypt: export additional symbols Export the two zcrypt device driver functions zcrypt_send_cprb and zcrypt_device_status_mask to be useable for other kernel code. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/zcrypt_api.c | 5 +++-- drivers/s390/crypto/zcrypt_api.h | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) commit a3358e3de3930e076c0f13f0a3507f3c5dc7c66b Author: Harald Freudenberger Date: Mon Feb 20 16:09:51 2017 +0100 s390/zcrypt: Rework CONFIG_ZCRYPT Kconfig text. The CONFIG_ZCRYPT Kconfig entry in drivers/crypto showed outdated hardware whereas the latest cards where missing. Reworked the text to reflect the current abilities of the zcrypt device driver. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/crypto/Kconfig | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) commit f546d6a941912e0ff1d2d7f37f302884f3accd12 Author: Harald Freudenberger Date: Mon Feb 20 15:32:36 2017 +0100 s390/zcrypt: Cleanup leftover module code. The AP bus code is not buildable as kernel module any more. Commit 5fe38260d083 ("s390/zcrypt: make ap_bus explicitly non-modular") leaves one now unused function which gets removed with this patch. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.c | 10 ---------- 1 file changed, 10 deletions(-) commit 5791d90d0046c6d74f19ab58fa774f50e463b0d9 Author: Heiko Carstens Date: Tue Feb 21 11:07:39 2017 +0100 s390/nmi: purge tlbs after control register validation Play safe and purge all tlbs after the control registers that contain the primary, secondary and home space asces have been validated. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/nmi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 70e28aa0bbb68ed458be0b922d8b58a2b4ae191d Author: Heiko Carstens Date: Tue Feb 21 10:51:55 2017 +0100 s390/nmi: fix order of register validation When validating register contents first validate control registers since these control the availability of features later being validated. For example the control register 0 should be validated first, before the additional floating point (AFP) registers are validated, since control register 0 contains the AFP-register control bit. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/nmi.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 776067080ca070ef38d33a16faedc28a2f413ee7 Author: Harald Freudenberger Date: Wed Nov 2 14:19:48 2016 +0100 s390/crypto: Add PCKMO inline function Adding the PCKMO inline function and the function code definitions for using the pckmo function to the cpacf header file. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky arch/s390/include/asm/cpacf.h | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) commit d0360d7b523f150c2ff0ab3c9361dfc3b4185cbf Author: Harald Freudenberger Date: Tue Nov 15 09:05:00 2016 +0100 s390/zcrypt: Enable request count reset for cards and queues. This patch introduces the possibility to reset the request_count attribute for cards and queues to zero. This can be used to set a clear state on the counters before running an application and try out if and which hardware is actually used. If the request_count counter of a card is reset, for all associated queues the request_count is also zeroed. If just a queue request_count is reset the card counter is not updated however. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_card.c | 24 ++++++++++++++++++++---- drivers/s390/crypto/ap_queue.c | 21 +++++++++++++++++---- 2 files changed, 37 insertions(+), 8 deletions(-) commit 54397bb0bbedbb9f7d77a62f6ddc6869354e3d9f Author: Dominik Dingel Date: Wed Apr 27 11:43:07 2016 +0200 s390/mm: use _SEGMENT_ENTRY_EMPTY in the code _SEGMENT_ENTRY_INVALID denotes the invalid bit in a segment table entry whereas _SEGMENT_ENTRY_EMPTY means that the value of the whole entry is only the invalid bit, as the entry is completely empty. Therefore we use _SEGMENT_ENTRY_INVALID only to check and set the invalid bit with bitwise operations. _SEGMENT_ENTRY_EMPTY is only used to check for (un)equality. Signed-off-by: Dominik Dingel Signed-off-by: Martin Schwidefsky arch/s390/include/asm/pgtable.h | 14 +++++++------- arch/s390/mm/gmap.c | 6 +++--- arch/s390/mm/hugetlbpage.c | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) commit 77759137248f34864a8f7a58bbcebfcf1047504a Author: Peter Oberparleiter Date: Mon Feb 20 14:52:58 2017 +0100 s390/chsc: Add exception handler for CHSC instruction Prevent kernel crashes due to unhandled exceptions raised by the CHSC instruction which may for example be triggered by invalid ioctl data. Fixes: 64150adf89df ("s390/cio: Introduce generic synchronous CHSC IOCTL") Cc: # v3.11+ Signed-off-by: Peter Oberparleiter Reviewed-by: Sebastian Ott Reviewed-by: Cornelia Huck Signed-off-by: Martin Schwidefsky drivers/s390/cio/ioasm.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit f50c0e6371c960ad3481daa4504b33a9de4e9d01 Author: Heiko Carstens Date: Mon Feb 20 09:38:42 2017 +0100 s390: opt into HAVE_COPY_THREAD_TLS This the s390 version of commit c1bd55f922a2d ("x86: opt into HAVE_COPY_THREAD_TLS, for both 32-bit and 64-bit"). Simply use the tls system call argument instead of extracting the tls argument by magic from the pt_regs structure. See commit 3033f14ab78c3 ("clone: support passing tls argument via C rather than pt_regs magic") for more background. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/Kconfig | 1 + arch/s390/kernel/process.c | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) commit b5a882fcf146c87cb6b67c6df353e1c042b8773d Author: Heiko Carstens Date: Fri Feb 17 08:13:28 2017 +0100 s390: restore address space when returning to user space Unbalanced set_fs usages (e.g. early exit from a function and a forgotten set_fs(USER_DS) call) may lead to a situation where the secondary asce is the kernel space asce when returning to user space. This would allow user space to modify kernel space at will. This would only be possible with the above mentioned kernel bug, however we can detect this and fix the secondary asce before returning to user space. Therefore a new TIF_ASCE_SECONDARY which is used within set_fs. When returning to user space check if TIF_ASCE_SECONDARY is set, which would indicate a bug. If it is set print a message to the console, fixup the secondary asce, and then return to user space. This is similar to what is being discussed for x86 and arm: "[RFC] syscalls: Restore address limit after a syscall". Reviewed-by: Christian Borntraeger Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/processor.h | 12 ++++++++---- arch/s390/include/asm/uaccess.h | 23 +++++++++++++---------- arch/s390/kernel/entry.S | 29 ++++++++++++++++++----------- arch/s390/kernel/entry.h | 1 + arch/s390/kernel/process.c | 13 +++++++++++++ 5 files changed, 53 insertions(+), 25 deletions(-) commit 606aa4aa0b2c6d7c4f5d2e459922675ea1d7e459 Author: Heiko Carstens Date: Fri Feb 17 08:12:30 2017 +0100 s390: rename CIF_ASCE to CIF_ASCE_PRIMARY This is just a preparation patch in order to keep the "restore address space after syscall" patch small. Rename CIF_ASCE to CIF_ASCE_PRIMARY to be unique and specific when introducing a second CIF_ASCE_SECONDARY CIF flag. Suggested-by: Martin Schwidefsky Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/mmu_context.h | 4 ++-- arch/s390/include/asm/processor.h | 4 ++-- arch/s390/kernel/entry.S | 22 +++++++++++----------- 3 files changed, 15 insertions(+), 15 deletions(-) commit a00861dbca9135b7ed56175646161f1d708b9efa Author: Jaegeuk Kim Date: Wed Feb 1 15:40:11 2017 -0800 f2fs: show # of APPEND and UPDATE inodes This patch shows cached # of APPEND and UPDATE inode entries. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/debug.c | 6 ++++-- fs/f2fs/f2fs.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) commit cac5a3d8f517cfc7a882ffd4a0eba220f02deee8 Author: DongOh Shin Date: Mon Jan 30 10:55:18 2017 -0800 f2fs: fix 446 coding style warnings in f2fs.h 1) Nine coding style warnings below have been resolved: "Missing a blank line after declarations" 2) 435 coding style warnings below have been resolved: "function definition argument 'x' should also have an identifier name" 3) Two coding style warnings below have been resolved: "macros should not use a trailing semicolon" Signed-off-by: DongOh Shin Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 498 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 270 insertions(+), 228 deletions(-) commit c64ab12e365adb505c1be0f4ddea430d4a774514 Author: DongOh Shin Date: Mon Jan 30 10:55:17 2017 -0800 f2fs: fix 3 coding style errors in f2fs.h Two coding style errors below have been resolved: "Macros with complex values should be enclosed in parentheses" And a coding style error below has been resolved: "space prohibited before that ',' (ctx:WxW)" Signed-off-by: DongOh Shin Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 8ed5974552086363aec2ac96fe01e3f2970baeab Author: Jaegeuk Kim Date: Sun Jan 29 14:27:02 2017 +0900 f2fs: declare missing static function We missed two functions declared as static functions. Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0cc0dec2b6f9bf0e69afbddc1c11e220a1cdf328 Author: Kaixu Xia Date: Fri Jan 27 09:35:37 2017 +0800 f2fs: show the fault injection mount option This patch shows the fault injection mount option in f2fs_show_options(). Signed-off-by: Kaixu Xia Signed-off-by: Jaegeuk Kim fs/f2fs/super.c | 5 +++++ 1 file changed, 5 insertions(+) commit 73545817c90edcb367a65720f669cddce633bc46 Author: Chao Yu Date: Wed Jan 25 10:52:40 2017 +0800 f2fs: fix null pointer dereference when issuing flush in ->fsync We only allocate flush merge control structure sbi::sm_info::fcc_info when flush_merge option is on, but in f2fs_issue_flush we still try to access member of the control structure without that option, it incurs panic as show below, fix it. Call Trace: __remove_ino_entry+0xa9/0xc0 [f2fs] f2fs_do_sync_file.isra.27+0x214/0x6d0 [f2fs] f2fs_sync_file+0x18/0x20 [f2fs] vfs_fsync_range+0x3d/0xb0 __do_page_fault+0x261/0x4d0 do_fsync+0x3d/0x70 SyS_fsync+0x10/0x20 do_syscall_64+0x6e/0x180 entry_SYSCALL64_slow_path+0x25/0x25 RIP: 0033:0x7f18ce260de0 RSP: 002b:00007ffdd4589258 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f18ce260de0 RDX: 0000000000000006 RSI: 00000000016c0360 RDI: 0000000000000003 RBP: 00000000016c0360 R08: 000000000000ffff R09: 000000000000001f R10: 00007ffdd4589020 R11: 0000000000000246 R12: 00000000016c0100 R13: 0000000000000000 R14: 00000000016c1f00 R15: 00000000016c0100 Code: fb 81 e3 00 08 00 00 48 89 45 a0 0f 1f 44 00 00 31 c0 85 db 75 27 41 81 e7 00 04 00 00 74 0c 41 8b 45 20 85 c0 0f 85 81 00 00 00 41 ff 45 20 4c 89 e7 e8 f8 e9 ff ff f0 41 ff 4d 20 48 83 c4 RIP: f2fs_issue_flush+0x5b/0x170 [f2fs] RSP: ffffc90003b5fd78 CR2: 0000000000000020 ---[ end trace a09314c24f037648 ]--- Reported-by: Shuoran Liu Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit dba79f38bc60d98b605bdbbf5613aa3fb8f8ff7c Author: Chao Yu Date: Wed Jan 25 10:52:39 2017 +0800 f2fs: fix to avoid overflow when left shifting page offset We use following method to calculate size with current page index: size = index << PAGE_SHIFT If type of index has only 32-bits size, left shifting will incur overflow, which makes result incorrect. So let's cast index with 64-bits type to avoid such issue. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/recovery.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit ba38c27eb93e2d36bf940ca65c145f6e2aaa6d5c Author: Chao Yu Date: Tue Jan 24 20:39:51 2017 +0800 f2fs: enhance lookup xattr Previously, in getxattr we will load all entries both in inline xattr and xattr node block, and then do the lookup in all entries, but our lookup flow shows low efficiency, since if we can lookup and hit in inline xattr of inode page cache first, we don't need to load and lookup xattr node block, which can obviously save cpu time and IO latency. Signed-off-by: Chao Yu [Jaegeuk Kim: initialize NULL to avoid warning] Signed-off-by: Jaegeuk Kim fs/f2fs/xattr.c | 132 +++++++++++++++++++++++++++++++++++++++++++++++++------- fs/f2fs/xattr.h | 7 +-- 2 files changed, 121 insertions(+), 18 deletions(-) commit 04b9a5f0f51942f9fd20e97df4ce1508f6335c59 Author: Masanari Iida Date: Tue Jan 24 12:47:55 2017 +0900 Doc: f2fs: Fix typo in Documentation/filesystems/f2fs.txt This patch fix a typo in f2fs.txt Signed-off-by: Masanari Iida Signed-off-by: Jaegeuk Kim Documentation/filesystems/f2fs.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b86e33075ed1909d8002745b56ecf73b833db143 Author: Wei Fang Date: Sun Jan 22 12:21:02 2017 +0800 f2fs: fix a dead loop in f2fs_fiemap() A dead loop can be triggered in f2fs_fiemap() using the test case as below: ... fd = open(); fallocate(fd, 0, 0, 4294967296); ioctl(fd, FS_IOC_FIEMAP, fiemap_buf); ... It's caused by an overflow in __get_data_block(): ... bh->b_size = map.m_len << inode->i_blkbits; ... map.m_len is an unsigned int, and bh->b_size is a size_t which is 64 bits on 64 bits archtecture, type conversion from an unsigned int to a size_t will result in an overflow. In the above-mentioned case, bh->b_size will be zero, and f2fs_fiemap() will call get_data_block() at block 0 again an again. Fix this by adding a force conversion before left shift. Signed-off-by: Wei Fang Acked-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dc91de78e5e1d44238b5dd2b57d2e8e67cbc00a1 Author: Jaegeuk Kim Date: Fri Jan 13 13:12:29 2017 -0800 f2fs: do not preallocate blocks which has wrong buffer Sheng Yong reports needless preallocation if write(small_buffer, large_size) is called. In that case, f2fs preallocates large_size, but vfs returns early due to small_buffer size. Let's detect it before preallocation phase in f2fs. Reported-by: Sheng Yong Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 6 +++++- fs/f2fs/f2fs.h | 1 + fs/f2fs/file.c | 8 +++++++- 3 files changed, 13 insertions(+), 2 deletions(-) commit dcc9165dbf9961cf2848af728f8be31f28a3c790 Author: Jaegeuk Kim Date: Wed Jan 11 10:20:04 2017 -0800 f2fs: show # of on-going flush and discard bios This patch adds stat information for flush and discard commands. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/debug.c | 11 +++++++++-- fs/f2fs/f2fs.h | 3 ++- fs/f2fs/segment.c | 6 ++++++ 3 files changed, 17 insertions(+), 3 deletions(-) commit 1546996348b33dc44dff829bc86fea8a8536164d Author: Jaegeuk Kim Date: Mon Jan 9 20:32:07 2017 -0800 f2fs: add a kernel thread to issue discard commands asynchronously This patch adds a kernel thread to issue discard commands. It proposes three states, D_PREP, D_SUBMIT, and D_DONE to identify current bio status. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 12 +++++ fs/f2fs/segment.c | 128 +++++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 109 insertions(+), 31 deletions(-) commit bc49a7831b1137ce1c2dda1c57e3631655f5d2ae Merge: be5165a f201ebd Author: Linus Torvalds Date: Wed Feb 22 19:29:24 2017 -0800 Merge branch 'akpm' (patches from Andrew) Merge updates from Andrew Morton: "142 patches: - DAX updates - various misc bits - OCFS2 updates - most of MM" * emailed patches from Andrew Morton : (142 commits) mm/z3fold.c: limit first_num to the actual range of possible buddy indexes mm: fix stray kernel-doc notation zram: remove obsolete sysfs attrs mm/memblock.c: remove unnecessary log and clean up oom-reaper: use madvise_dontneed() logic to decide if unmap the VMA mm: drop unused argument of zap_page_range() mm: drop zap_details::check_swap_entries mm: drop zap_details::ignore_dirty mm, page_alloc: warn_alloc nodemask is NULL when cpusets are disabled mm: help __GFP_NOFAIL allocations which do not trigger OOM killer mm, oom: do not enforce OOM killer for __GFP_NOFAIL automatically mm: consolidate GFP_NOFAIL checks in the allocator slowpath lib/show_mem.c: teach show_mem to work with the given nodemask arch, mm: remove arch specific show_mem mm, page_alloc: warn_alloc print nodemask mm, page_alloc: do not report all nodes in show_mem Revert "mm: bail out in shrink_inactive_list()" mm, vmscan: consider eligible zones in get_scan_count mm, vmscan: cleanup lru size claculations mm, vmscan: do not count freed pages as PGDEACTIVATE ... commit be5165a51d2500ae1afa1236a8b09858831fdf7e Merge: c1aac62 4e29ccd Author: Linus Torvalds Date: Wed Feb 22 19:23:14 2017 -0800 Merge tag 'devicetree-for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull DeviceTree updates from Rob Herring: "Pretty standard stuff with dtc upstream sync being the biggest piece. - Sync dtc to upstream commit 0931cea3ba20. This picks up overlay support in dtc. - Set dma_ops for reserved memory users. - Make references to IOMMU consistent in DT bindings. - Cleanup references to pm_power_off in bindings. - Move some display bindings that snuck into the old bindings/video/ path. - Fix some wrong documentation paths caused from binding restructuring. - Vendor prefixes for Faraday and Fujitsu. - Fix an of_node ref counting leak in of_find_node_opts_by_path - Introduce new graph helper of_graph_get_remote_node() which will be used by DRM drivers in 4.12" * tag 'devicetree-for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (27 commits) DT: add Faraday Tec. as vendor of: introduce of_graph_get_remote_node of: Add missing space at end of pr_fmt(). of: make of_device_make_bus_id() static of: fix of_node leak caused in of_find_node_opts_by_path dt-bindings: net: remove reference to fixed link support dt-bindings: power: reset: qnap-poweroff: Drop reference to pm_power_off dt-bindings: power: reset: gpio-poweroff: Drop reference to pm_power_off dt-bindings: mfd: as3722: Drop reference to pm_power_off dt-bindings: display: move ANX7814 and SiI8620 bridge bindings of/unittest: Swap arguments of of_unittest_apply_overlay() Documentation: usb: fix wrong documentation paths serial: fsl-imx-uart.txt: Remove generic property devicetree: Add Fujitsu Ltd. vendor prefix Documentation: display: fix wrong documentation paths of: remove redundant memset in overlay bus:qcom : Fix typo in qcom,ebi2.txt dt-bindings: qman: Remove pool channel node Documentation: panel-dpi: fix path to display-timing.txt devicetree: bindings: clk: mvebu: fix description for sata1 on Armada XP ... commit f81fa767077bbc9ac49c61ed97d28de09f3d069d Author: Vincent Abriou Date: Mon Feb 20 12:55:10 2017 +0100 drm/sti: fix build warnings in sti_drv.c and sti_vtg.c files Fix compilation warning introduced by: commit 0c7ff84f7f9d ("drm/sti: remove deprecated legacy vtg slave") commit 5e60f595d6ca ("drm/sti: use atomic_helper for commit") Signed-off-by: Vincent Abriou Signed-off-by: Dave Airlie drivers/gpu/drm/sti/sti_drv.c | 9 --------- drivers/gpu/drm/sti/sti_vtg.c | 1 - 2 files changed, 10 deletions(-) commit c1aac62f36c1e37ee81c9e09ee9ee733eef05dcb Merge: fd7e9a8 bd85626 Author: Linus Torvalds Date: Wed Feb 22 18:51:29 2017 -0800 Merge tag 'docs-4.11' of git://git.lwn.net/linux Pull documentation updates from Jonathan Corbet: "A slightly quieter cycle for documentation this time around. Three more DocBook template files have been converted to RST; only 21 to go. There are various build improvements and the usual array of documentation improvements and fixes" * tag 'docs-4.11' of git://git.lwn.net/linux: (44 commits) docs / driver-api: Fix structure references in device_link.rst PM / docs: Fix structure references in device.rst Add a target to check broken external links in the Documentation Documentation: Fix linux-api list typo Documentation: DocBook/Makefile comment typo Improve sparse documentation Documentation: make Makefile.sphinx no-ops quieter Documentation: DMA-ISA-LPC.txt Documentation: input: fix path to input code definitions docs: Remove the copyright year from conf.py docs: Fix a warning in the Korean HOWTO.rst translation PM / sleep / docs: Convert PM notifiers document to reST PM / core / docs: Convert sleep states API document to reST PM / core: Update kerneldoc comments in pm.h doc-rst: Fix recursive make invocation from macros doc-rst: Delete output of failed dot-SVG conversion doc-rst: Break shell command sequences on failure Documentation/sphinx: make targets independent of Sphinx work for HAVE_SPHINX=0 doc-rst: fixed cleandoc target when used with O=dir Documentation/sphinx: prevent generation of .pyc files in the source tree ... commit 0b54fb8458199dbed409abb06933c27439ea0911 Author: Jaegeuk Kim Date: Wed Jan 11 14:40:24 2017 -0800 f2fs: factor out discard command info into discard_cmd_control This patch adds discard_cmd_control with the existing discarding controls. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/debug.c | 2 ++ fs/f2fs/f2fs.h | 16 ++++++++----- fs/f2fs/segment.c | 68 +++++++++++++++++++++++++++++++++++++++++++------------ fs/f2fs/super.c | 5 +++- 4 files changed, 69 insertions(+), 22 deletions(-) commit d4adb30f25f5f2aa9b205891e395251d2a9098be Author: Jaegeuk Kim Date: Wed Jan 11 10:21:15 2017 -0800 f2fs: reorganize stat information This patch modifies stat information more clearly. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/debug.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b01a92019cac30398ef75b560d2668b399f4e393 Author: Jaegeuk Kim Date: Mon Jan 9 14:13:03 2017 -0800 f2fs: clean up flush/discard command namings This patch simply cleans up the names for flush/discard commands. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/debug.c | 2 +- fs/f2fs/f2fs.h | 20 +++++------- fs/f2fs/segment.c | 98 +++++++++++++++++++++++++++---------------------------- 3 files changed, 59 insertions(+), 61 deletions(-) commit ae27d62e6befd3cac4ffa702e644cc52019642e8 Author: Chao Yu Date: Sat Jan 7 18:52:34 2017 +0800 f2fs: check in-memory sit version bitmap This patch adds a mirror for sit version bitmap, and use it to detect in-memory bitmap corruption which may be caused by bit-transition of cache or memory overflow. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 16 ++++++++++++---- fs/f2fs/segment.h | 18 ++++++++++++++++++ 2 files changed, 30 insertions(+), 4 deletions(-) commit 599a09b2c1ac222e6aad0c22515d1ccde7c3b702 Author: Chao Yu Date: Sat Jan 7 18:52:01 2017 +0800 f2fs: check in-memory nat version bitmap This patch adds a mirror for nat version bitmap, and use it to detect in-memory bitmap corruption which may be caused by bit-transition of cache or memory overflow. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 3 +++ fs/f2fs/node.c | 11 +++++++++++ fs/f2fs/node.h | 15 +++++++++++++++ 3 files changed, 29 insertions(+) commit 355e78913c0d57492076d545b6f44b94fec2bf6b Author: Chao Yu Date: Sat Jan 7 18:51:01 2017 +0800 f2fs: check in-memory block bitmap This patch adds a mirror for valid block bitmap, and use it to detect in-memory bitmap corruption which may be caused by bit-transition of cache or memory overflow. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 32 ++++++++++++++++++++++++++++++-- fs/f2fs/segment.h | 6 ++++++ 2 files changed, 36 insertions(+), 2 deletions(-) commit 5fe457430e554a2f5188f13c1a2e36ad845640c5 Author: Chao Yu Date: Sat Jan 7 18:50:26 2017 +0800 f2fs: introduce FI_ATOMIC_COMMIT This patch introduces a new flag to indicate inode status of doing atomic write committing, so that, we can keep atomic write status for inode during atomic committing, then we can skip GCing pages of atomic write inode, that avoids random GCed datas being mixed with current transaction, so isolation of transaction can be kept. Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 6 ++++++ fs/f2fs/file.c | 11 ++++++----- fs/f2fs/gc.c | 6 ++++++ fs/f2fs/segment.c | 10 +++++++--- 5 files changed, 26 insertions(+), 9 deletions(-) commit 939afa943c5290a3b92f01612a792af17bc98115 Author: Chao Yu Date: Sat Jan 7 18:49:42 2017 +0800 f2fs: clean up with list_{first, last}_entry Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 4 ++-- fs/f2fs/data.c | 4 ++-- fs/f2fs/node.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) commit 25290fa5591d81767713db304e0d567bf991786f Author: Jaegeuk Kim Date: Thu Dec 29 22:06:15 2016 -0800 f2fs: return fs_trim if there is no candidate If there is no candidate to submit discard command during f2fs_trim_fs, let's return without checkpoint. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 5 +++++ fs/f2fs/f2fs.h | 1 + fs/f2fs/segment.c | 33 ++++++++++++++++++++++++++++----- 3 files changed, 34 insertions(+), 5 deletions(-) commit fd7e9a88348472521d999434ee02f25735c7dadf Merge: 5066e4a dd0fd8b Author: Linus Torvalds Date: Wed Feb 22 18:22:53 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM updates from Paolo Bonzini: "4.11 is going to be a relatively large release for KVM, with a little over 200 commits and noteworthy changes for most architectures. ARM: - GICv3 save/restore - cache flushing fixes - working MSI injection for GICv3 ITS - physical timer emulation MIPS: - various improvements under the hood - support for SMP guests - a large rewrite of MMU emulation. KVM MIPS can now use MMU notifiers to support copy-on-write, KSM, idle page tracking, swapping, ballooning and everything else. KVM_CAP_READONLY_MEM is also supported, so that writes to some memory regions can be treated as MMIO. The new MMU also paves the way for hardware virtualization support. PPC: - support for POWER9 using the radix-tree MMU for host and guest - resizable hashed page table - bugfixes. s390: - expose more features to the guest - more SIMD extensions - instruction execution protection - ESOP2 x86: - improved hashing in the MMU - faster PageLRU tracking for Intel CPUs without EPT A/D bits - some refactoring of nested VMX entry/exit code, preparing for live migration support of nested hypervisors - expose yet another AVX512 CPUID bit - host-to-guest PTP support - refactoring of interrupt injection, with some optimizations thrown in and some duct tape removed. - remove lazy FPU handling - optimizations of user-mode exits - optimizations of vcpu_is_preempted() for KVM guests generic: - alternative signaling mechanism that doesn't pound on tsk->sighand->siglock" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (195 commits) x86/kvm: Provide optimized version of vcpu_is_preempted() for x86-64 x86/paravirt: Change vcp_is_preempted() arg type to long KVM: VMX: use correct vmcs_read/write for guest segment selector/base x86/kvm/vmx: Defer TR reload after VM exit x86/asm/64: Drop __cacheline_aligned from struct x86_hw_tss x86/kvm/vmx: Simplify segment_base() x86/kvm/vmx: Get rid of segment_base() on 64-bit kernels x86/kvm/vmx: Don't fetch the TSS base from the GDT x86/asm: Define the kernel TSS limit in a macro kvm: fix page struct leak in handle_vmon KVM: PPC: Book3S HV: Disable HPT resizing on POWER9 for now KVM: Return an error code only as a constant in kvm_get_dirty_log() KVM: Return an error code only as a constant in kvm_get_dirty_log_protect() KVM: Return directly after a failed copy_from_user() in kvm_vm_compat_ioctl() KVM: x86: remove code for lazy FPU handling KVM: race-free exit from KVM_RUN without POSIX signals KVM: PPC: Book3S HV: Turn "KVM guest htab" message into a debug message KVM: PPC: Book3S PR: Ratelimit copy data failure error messages KVM: Support vCPU-based gfn->hva cache KVM: use separate generations for each address space ... commit 5066e4a34081dd82fb625f2f382bfa29ca421a3f Merge: b4642c1 c37a017 Author: Linus Torvalds Date: Wed Feb 22 18:11:18 2017 -0800 Merge tag 'iommu-fix-v4.11-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU fix from Joerg Roedel: "Fix a boot crash caused by the VT-d driver when booted with IOMMU disabled. This was introduced with the recent IOMMU changes" * tag 'iommu-fix-v4.11-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/vt-d: Fix crash on boot when DMAR is disabled commit 43f86c9470b8a4c2c26ae678843465aac3831145 Merge: 94000cc 0e47b02 Author: Dave Airlie Date: Thu Feb 23 12:10:42 2017 +1000 Merge tag 'imx-drm-fixes-2017-02-17' of https://git.pengutronix.de/git/pza/linux into drm-next imx-drm: TVE regulator, fb size limit, and ipu-v3 module fixes - Fix i.MX5 TV encoder probing in case no dac-supply regulator is set in the device tree. - Remove 64 pixel min_width/height limit, which unnecessarily prohibits creation of small frame buffers. - Add missing ipu_csi_set_downsize export, for media drivers built as modules. - Stop modifying pdev->dev.of_node for IPU client devices that do not have an OF modalias to fix module autoloading. * tag 'imx-drm-fixes-2017-02-17' of https://git.pengutronix.de/git/pza/linux: gpu: ipu-v3: Stop overwriting pdev->dev.of_node of child devices gpu: ipu-v3: export ipu_csi_set_downsize drm/imx: lift 64x64 pixel minimum framebuffer size requirement drm/imx: imx-tve: Do not set the regulator voltage commit 94000cc32988a0674923309d35ab9c2405c4b39b Merge: a5eb76d 7089db8 Author: Dave Airlie Date: Thu Feb 23 12:10:12 2017 +1000 Merge tag 'v4.10-rc8' into drm-next Linux 4.10-rc8 Backmerge Linus rc8 to fix some conflicts, but also to avoid pulling it in via a fixes pull from someone. commit b4642c109f9bbf62b2ee10babf5c4221c48480aa Merge: a27fcb0 d7276e3 Author: Linus Torvalds Date: Wed Feb 22 18:08:50 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull seccomp fix from James Morris: "A fix for a regression in the seccomp code (it was supposed to be in the first pull req but I had it queued in the wrong branch)" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: seccomp: Only dump core when single-threaded commit a27fcb0cd1bcc812017192bdde41cc456dcd6afe Merge: 7d91de7 8d242e9 Author: Linus Torvalds Date: Wed Feb 22 18:05:23 2017 -0800 Merge tag 'xfs-4.11-merge-7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs updates from Darrick Wong: "Here are the XFS changes for 4.11. We aren't introducing any major features in this release cycle except for this being the first merge window I've managed on my own. :) Changes since last update: - Various cleanups - Livelock fixes for eofblocks scanning - Improved input verification for on-disk metadata - Fix races in the copy on write remap mechanism - Fix buffer io error timeout controls - Streamlining of directio copy on write - Asynchronous discard support - Fix asserts when splitting delalloc reservations - Don't bloat bmbt when right shifting extents - Inode alignment fixes for 32k block sizes" * tag 'xfs-4.11-merge-7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (39 commits) xfs: remove XFS_ALLOCTYPE_ANY_AG and XFS_ALLOCTYPE_START_AG xfs: simplify xfs_rtallocate_extent xfs: tune down agno asserts in the bmap code xfs: Use xfs_icluster_size_fsb() to calculate inode chunk alignment xfs: don't reserve blocks for right shift transactions xfs: fix len comparison in xfs_extent_busy_trim xfs: fix uninitialized variable in _reflink_convert_cow xfs: split indlen reservations fairly when under reserved xfs: handle indlen shortage on delalloc extent merge xfs: resurrect debug mode drop buffered writes mechanism xfs: clear delalloc and cache on buffered write failure xfs: don't block the log commit handler for discards xfs: improve busy extent sorting xfs: improve handling of busy extents in the low-level allocator xfs: don't fail xfs_extent_busy allocation xfs: correct null checks and error processing in xfs_initialize_perag xfs: update ctime and mtime on clone destinatation inodes xfs: allocate direct I/O COW blocks in iomap_begin xfs: go straight to real allocations for direct I/O COW writes xfs: return the converted extent in __xfs_reflink_convert_cow ... commit 7d91de74436a69c2b78a7a72f1e7f97f8b4396fa Merge: 6ef192f d9c2352 Author: Linus Torvalds Date: Wed Feb 22 17:33:34 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk Pull printk updates from Petr Mladek: - Add Petr Mladek, Sergey Senozhatsky as printk maintainers, and Steven Rostedt as the printk reviewer. This idea came up after the discussion about printk issues at Kernel Summit. It was formulated and discussed at lkml[1]. - Extend a lock-less NMI per-cpu buffers idea to handle recursive printk() calls by Sergey Senozhatsky[2]. It is the first step in sanitizing printk as discussed at Kernel Summit. The change allows to see messages that would normally get ignored or would cause a deadlock. Also it allows to enable lockdep in printk(). This already paid off. The testing in linux-next helped to discover two old problems that were hidden before[3][4]. - Remove unused parameter by Sergey Senozhatsky. Clean up after a past change. [1] http://lkml.kernel.org/r/1481798878-31898-1-git-send-email-pmladek@suse.com [2] http://lkml.kernel.org/r/20161227141611.940-1-sergey.senozhatsky@gmail.com [3] http://lkml.kernel.org/r/20170215044332.30449-1-sergey.senozhatsky@gmail.com [4] http://lkml.kernel.org/r/20170217015932.11898-1-sergey.senozhatsky@gmail.com * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk: printk: drop call_console_drivers() unused param printk: convert the rest to printk-safe printk: remove zap_locks() function printk: use printk_safe buffers in printk printk: report lost messages in printk safe/nmi contexts printk: always use deferred printk when flush printk_safe lines printk: introduce per-cpu safe_print seq buffer printk: rename nmi.c and exported api printk: use vprintk_func in vprintk() MAINTAINERS: Add printk maintainers commit 6ef192f2259e78e1870c509fbd3040e6752b3b9c Merge: 37c8596 0d4ec78 Author: Linus Torvalds Date: Wed Feb 22 17:08:33 2017 -0800 Merge tag 'modules-for-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux Pull modules updates from Jessica Yu: "Summary of modules changes for the 4.11 merge window: - A few small code cleanups - Add modules git tree url to MAINTAINERS" * tag 'modules-for-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: MAINTAINERS: add tree for modules module: fix memory leak on early load_module() failures module: Optimize search_module_extables() modules: mark __inittest/__exittest as __maybe_unused livepatch/module: print notice of TAINT_LIVEPATCH module: Drop redundant declaration of struct module commit a5eb76d9c892b8bd7d3505f8897cf126a54860bd Merge: 601109c 1f47e6c Author: Dave Airlie Date: Thu Feb 23 11:05:54 2017 +1000 Merge tag 'drm-tinydrm-2017-02-18' of https://github.com/notro/linux into drm-next Add tinydrm * tag 'drm-tinydrm-2017-02-18' of https://github.com/notro/linux: drm/tinydrm: Add support for Multi-Inno MI0283QT display dt-bindings: Add Multi-Inno MI0283QT binding dt-bindings: display/panel: Add common rotation property of: Add vendor prefix for Multi-Inno drm/tinydrm: Add MIPI DBI support drm/tinydrm: Add helper functions drm: Add DRM support for tiny LCD displays commit dc5e1d628a7bb631450ea661553a8bb496891f47 Author: Shawn Guo Date: Mon Feb 20 21:49:11 2017 +0800 drm: zte: fix static checker warning on variable 'fmt' Commit 4e986d3705df ("drm: zte: add overlay plane support") introduces the following static checker warning: drivers/gpu/drm/zte/zx_plane.c:170 zx_vl_rsz_setup() warn: always true condition '(fmt >= 0) => (0-u32max >= 0)' Fix it by change 'fmt' type to integer. Reported-by: Dan Carpenter Fixes: 4e986d3705df ("drm: zte: add overlay plane support") Signed-off-by: Shawn Guo Reviewed-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/1487598551-28310-1-git-send-email-shawnguo@kernel.org drivers/gpu/drm/zte/zx_plane.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f201ebd87652cf1519792f8662bb3f862c76aa33 Author: zhong jiang Date: Wed Feb 22 15:46:51 2017 -0800 mm/z3fold.c: limit first_num to the actual range of possible buddy indexes At present, Tying the first_num size to NCHUNKS_ORDER is confusing. the number of chunks is completely unrelated to the number of buddies. The patch limits the first_num to actual range of possible buddy indexes. and that is more reasonable and obvious without functional change. Link: http://lkml.kernel.org/r/1476776569-29504-1-git-send-email-zhongjiang@huawei.com Signed-off-by: zhong jiang Suggested-by: Dan Streetman Acked-by: Dan Streetman Acked-by: Vitaly Wool Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/z3fold.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 083fb8edda0487d192e8c117f625563b920cf7a4 Author: Randy Dunlap Date: Wed Feb 22 15:46:48 2017 -0800 mm: fix stray kernel-doc notation Delete stray (second) function description in find_lock_page() kernel-doc notation. Note: scripts/kernel-doc just ignores the second function description. Fixes: 2457aec63745e ("mm: non-atomically mark page accessed during page cache allocation where possible") Link: http://lkml.kernel.org/r/b037e9a3-516c-ec02-6c8e-fa5479747ba6@infradead.org Signed-off-by: Randy Dunlap Reported-by: Matthew Wilcox Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/pagemap.h | 1 - 1 file changed, 1 deletion(-) commit c87d1655c29500b459fb135258a93f8309ada9c7 Author: Sergey Senozhatsky Date: Wed Feb 22 15:46:45 2017 -0800 zram: remove obsolete sysfs attrs We had a deprecated_attr_warn() warning for 2 years and now the time has come and we finally can do the cleanup. The plan was as follows: : per-stat sysfs attributes are considered to be deprecated. : The basic strategy is: : -- the existing RW nodes will be downgraded to WO nodes (in linux 4.11) : -- deprecated RO sysfs nodes will eventually be removed (in linux 4.11) : : The list of deprecated attributes can be found here: : Documentation/ABI/obsolete/sysfs-block-zram : : Basically, every attribute that has its own read accessible sysfs : node (e.g. num_reads) *AND* is accessible via one of the stat files : (zram/stat or zram/io_stat or zram/mm_stat) is considered : to be deprecated. The patch also removes `obsolete/sysfs-block-zram', clean ups `testing/sysfs-block-zram' and tweaks zram.txt files. Link: http://lkml.kernel.org/r/20170118035838.11090-1-sergey.senozhatsky@gmail.com Signed-off-by: Sergey Senozhatsky Acked-by: Minchan Kim Cc: Jonathan Corbet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/ABI/obsolete/sysfs-block-zram | 119 ---------------------------- Documentation/ABI/testing/sysfs-block-zram | 101 ++--------------------- Documentation/blockdev/zram.txt | 74 ++++++++--------- drivers/block/zram/zram_drv.c | 101 +---------------------- 4 files changed, 42 insertions(+), 353 deletions(-) commit 5d63f81c9e495e1f38fa36208bdcbbe2d2e72960 Author: Miles Chen Date: Wed Feb 22 15:46:42 2017 -0800 mm/memblock.c: remove unnecessary log and clean up There is no variable named flags in memblock_add() and memblock_reserve() so remove it from the log messages. This patch also cleans up the type casting for phys_addr_t by using %pa to print them. Link: http://lkml.kernel.org/r/1484720165-25403-1-git-send-email-miles.chen@mediatek.com Signed-off-by: Miles Chen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memblock.c | 54 +++++++++++++++++++++++++----------------------------- 1 file changed, 25 insertions(+), 29 deletions(-) commit 235190738aba7c5c94300c8d882842a535280e5a Author: Kirill A. Shutemov Date: Wed Feb 22 15:46:39 2017 -0800 oom-reaper: use madvise_dontneed() logic to decide if unmap the VMA Logic on whether we can reap pages from the VMA should match what we have in madvise_dontneed(). In particular, we should skip, VM_PFNMAP VMAs, but we don't now. Let's just extract condition on which we can shoot down pagesi from a VMA with MADV_DONTNEED into separate function and use it in both places. Link: http://lkml.kernel.org/r/20170118122429.43661-4-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Cc: Tetsuo Handa Cc: Peter Zijlstra Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/internal.h | 5 +++++ mm/madvise.c | 4 +++- mm/oom_kill.c | 9 +-------- 3 files changed, 9 insertions(+), 9 deletions(-) commit ecf1385d72f0491400a8ceca7001196ca369aa8c Author: Kirill A. Shutemov Date: Wed Feb 22 15:46:37 2017 -0800 mm: drop unused argument of zap_page_range() There's no users of zap_page_range() who wants non-NULL 'details'. Let's drop it. Link: http://lkml.kernel.org/r/20170118122429.43661-3-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Cc: Tetsuo Handa Cc: Peter Zijlstra Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/s390/mm/gmap.c | 2 +- arch/x86/mm/mpx.c | 2 +- drivers/android/binder.c | 2 +- drivers/staging/android/ion/ion.c | 3 +-- include/linux/mm.h | 2 +- mm/madvise.c | 2 +- mm/memory.c | 5 ++--- 7 files changed, 8 insertions(+), 10 deletions(-) commit 3e8715fdc03e8df4d26d8e436166e44e3e416d3b Author: Kirill A. Shutemov Date: Wed Feb 22 15:46:34 2017 -0800 mm: drop zap_details::check_swap_entries detail == NULL would give the same functionality as .check_swap_entries==true. Link: http://lkml.kernel.org/r/20170118122429.43661-2-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Cc: Tetsuo Handa Cc: Peter Zijlstra Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 1 - mm/memory.c | 4 ++-- mm/oom_kill.c | 3 +-- 3 files changed, 3 insertions(+), 5 deletions(-) commit da162e9368990ed747075e2ab427da0759fc4a59 Author: Kirill A. Shutemov Date: Wed Feb 22 15:46:31 2017 -0800 mm: drop zap_details::ignore_dirty The only user of ignore_dirty is oom-reaper. But it doesn't really use it. ignore_dirty only has effect on file pages mapped with dirty pte. But oom-repear skips shared VMAs, so there's no way we can dirty file pte in them. Link: http://lkml.kernel.org/r/20170118122429.43661-1-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Michal Hocko Cc: Tetsuo Handa Cc: Peter Zijlstra Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 1 - mm/memory.c | 6 ------ mm/oom_kill.c | 3 +-- 3 files changed, 1 insertion(+), 9 deletions(-) commit 685dbf6f5a643c4bdb9323ee3544ec652505d2ea Author: David Rientjes Date: Wed Feb 22 15:46:28 2017 -0800 mm, page_alloc: warn_alloc nodemask is NULL when cpusets are disabled The patch "mm, page_alloc: warn_alloc print nodemask" implicitly sets the allocation nodemask to cpuset_current_mems_allowed when there is no effective mempolicy. cpuset_current_mems_allowed is only effective when cpusets are enabled, which is also printed by warn_alloc(), so setting the nodemask to cpuset_current_mems_allowed is redundant and prevents debugging issues where ac->nodemask is not set properly in the page allocator. This provides better debugging output since cpuset_print_current_mems_allowed() is already provided. Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1701181347320.142399@chino.kir.corp.google.com Signed-off-by: David Rientjes Cc: Michal Hocko Cc: Johannes Weiner Cc: Mel Gorman Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 6c18ba7a18997dadbf7ee912e15677ad2c9993e5 Author: Michal Hocko Date: Wed Feb 22 15:46:25 2017 -0800 mm: help __GFP_NOFAIL allocations which do not trigger OOM killer Now that __GFP_NOFAIL doesn't override decisions to skip the oom killer we are left with requests which require to loop inside the allocator without invoking the oom killer (e.g. GFP_NOFS|__GFP_NOFAIL used by fs code) and so they might, in very unlikely situations, loop for ever - e.g. other parallel request could starve them. This patch tries to limit the likelihood of such a lockup by giving these __GFP_NOFAIL requests a chance to move on by consuming a small part of memory reserves. We are using ALLOC_HARDER which should be enough to prevent from the starvation by regular allocation requests, yet it shouldn't consume enough from the reserves to disrupt high priority requests (ALLOC_HIGH). While we are at it, let's introduce a helper __alloc_pages_cpuset_fallback which enforces the cpusets but allows to fallback to ignore them if the first attempt fails. __GFP_NOFAIL requests can be considered important enough to allow cpuset runaway in order for the system to move on. It is highly unlikely that any of these will be GFP_USER anyway. Link: http://lkml.kernel.org/r/20161220134904.21023-4-mhocko@kernel.org Signed-off-by: Michal Hocko Cc: Vlastimil Babka Cc: Johannes Weiner Cc: Hillf Danton Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 46 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 10 deletions(-) commit 06ad276ac18742c6b281698d41b27a290cd42407 Author: Michal Hocko Date: Wed Feb 22 15:46:22 2017 -0800 mm, oom: do not enforce OOM killer for __GFP_NOFAIL automatically __alloc_pages_may_oom makes sure to skip the OOM killer depending on the allocation request. This includes lowmem requests, costly high order requests and others. For a long time __GFP_NOFAIL acted as an override for all those rules. This is not documented and it can be quite surprising as well. E.g. GFP_NOFS requests are not invoking the OOM killer but GFP_NOFS|__GFP_NOFAIL does so if we try to convert some of the existing open coded loops around allocator to nofail request (and we have done that in the past) then such a change would have a non trivial side effect which is far from obvious. Note that the primary motivation for skipping the OOM killer is to prevent from pre-mature invocation. The exception has been added by commit 82553a937f12 ("oom: invoke oom killer for __GFP_NOFAIL"). The changelog points out that the oom killer has to be invoked otherwise the request would be looping for ever. But this argument is rather weak because the OOM killer doesn't really guarantee a forward progress for those exceptional cases: - it will hardly help to form costly order which in turn can result in the system panic because of no oom killable task in the end - I believe we certainly do not want to put the system down just because there is a nasty driver asking for order-9 page with GFP_NOFAIL not realizing all the consequences. It is much better this request would loop for ever than the massive system disruption - lowmem is also highly unlikely to be freed during OOM killer - GFP_NOFS request could trigger while there is still a lot of memory pinned by filesystems. This patch simply removes the __GFP_NOFAIL special case in order to have a more clear semantic without surprising side effects. Signed-off-by: Michal Hocko Reported-by: Nils Holland Acked-by: Johannes Weiner Cc: Vlastimil Babka Cc: Hillf Danton Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/oom_kill.c | 2 +- mm/page_alloc.c | 49 ++++++++++++++++++++++++------------------------- 2 files changed, 25 insertions(+), 26 deletions(-) commit 9a67f6488eca926f8356b2737fc9f8f6c0cbed85 Author: Michal Hocko Date: Wed Feb 22 15:46:19 2017 -0800 mm: consolidate GFP_NOFAIL checks in the allocator slowpath Tetsuo Handa has pointed out that commit 0a0337e0d1d1 ("mm, oom: rework oom detection") has subtly changed semantic for costly high order requests with __GFP_NOFAIL and withtout __GFP_REPEAT and those can fail right now. My code inspection didn't reveal any such users in the tree but it is true that this might lead to unexpected allocation failures and subsequent OOPs. __alloc_pages_slowpath wrt. GFP_NOFAIL is hard to follow currently. There are few special cases but we are lacking a catch all place to be sure we will not miss any case where the non failing allocation might fail. This patch reorganizes the code a bit and puts all those special cases under nopage label which is the generic go-to-fail path. Non failing allocations are retried or those that cannot retry like non-sleeping allocation go to the failure point directly. This should make the code flow much easier to follow and make it less error prone for future changes. While we are there we have to move the stall check up to catch potentially looping non-failing allocations. [akpm@linux-foundation.org: fix alloc_flags may-be-used-uninitalized] Link: http://lkml.kernel.org/r/20161220134904.21023-2-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Acked-by: Johannes Weiner Acked-by: Hillf Danton Cc: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 91 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 52 insertions(+), 39 deletions(-) commit 9af744d743170b5f5ef70031dea8d772d166ab28 Author: Michal Hocko Date: Wed Feb 22 15:46:16 2017 -0800 lib/show_mem.c: teach show_mem to work with the given nodemask show_mem() allows to filter out node specific data which is irrelevant to the allocation request via SHOW_MEM_FILTER_NODES. The filtering is done in skip_free_areas_node which skips all nodes which are not in the mems_allowed of the current process. This works most of the time as expected because the nodemask shouldn't be outside of the allocating task but there are some exceptions. E.g. memory hotplug might want to request allocations from outside of the allowed nodes (see new_node_page). Get rid of this hardcoded behavior and push the allocation mask down the show_mem path and use it instead of cpuset_current_mems_allowed. NULL nodemask is interpreted as cpuset_current_mems_allowed. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20170117091543.25850-5-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Mel Gorman Cc: Hillf Danton Cc: Johannes Weiner Cc: Vlastimil Babka Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/xmon/xmon.c | 2 +- arch/sparc/kernel/setup_32.c | 2 +- drivers/net/ethernet/sgi/ioc3-eth.c | 2 +- drivers/tty/sysrq.c | 2 +- drivers/tty/vt/keyboard.c | 2 +- include/linux/mm.h | 5 ++--- lib/show_mem.c | 4 ++-- mm/nommu.c | 6 +++--- mm/oom_kill.c | 2 +- mm/page_alloc.c | 38 ++++++++++++++++++------------------- 10 files changed, 32 insertions(+), 33 deletions(-) commit 6d23f8a5d432337aa2590ea8fd5eee8b0bc28eee Author: Michal Hocko Date: Wed Feb 22 15:46:13 2017 -0800 arch, mm: remove arch specific show_mem We have a generic implementation for quite some time already. If there is any arch specific information to be printed then we should add a callback called from the generic code rather than duplicate the whole show_mem. The current code has resulted in the code duplication and the output divergence which is both confusing and adds maintainance costs. Let's just get rid of this mess. Link: http://lkml.kernel.org/r/20170117091543.25850-4-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Guan Xuetao [UniCore32] Acked-by: Helge Deller [for parisc] Acked-by: Chris Metcalf [for tile] Acked-by: Mel Gorman Acked-by: Johannes Weiner Cc: Tony Luck Cc: Fenghua Yu Cc: "James E.J. Bottomley" Cc: "David S. Miller" Cc: Hillf Danton Cc: Vlastimil Babka Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/ia64/mm/init.c | 48 ----------------------------------------------- arch/parisc/mm/init.c | 49 ------------------------------------------------ arch/sparc/mm/init_32.c | 11 ----------- arch/tile/mm/pgtable.c | 45 -------------------------------------------- arch/unicore32/mm/init.c | 44 ------------------------------------------- 5 files changed, 197 deletions(-) commit a8e99259e7e32b67af2b447f0a570813c0c283ec Author: Michal Hocko Date: Wed Feb 22 15:46:10 2017 -0800 mm, page_alloc: warn_alloc print nodemask warn_alloc is currently used for to report an allocation failure or an allocation stall. We print some details of the allocation request like the gfp mask and the request order. We do not print the allocation nodemask which is important when debugging the reason for the allocation failure as well. We alreaddy print the nodemask in the OOM report. Add nodemask to warn_alloc and print it in warn_alloc as well. Link: http://lkml.kernel.org/r/20170117091543.25850-3-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Mel Gorman Acked-by: Hillf Danton Cc: Johannes Weiner Cc: Vlastimil Babka Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 4 ++-- mm/page_alloc.c | 10 ++++++---- mm/vmalloc.c | 4 ++-- 3 files changed, 10 insertions(+), 8 deletions(-) commit c02e50bb8a55a7adeeca5e411479ed70c6a2dfa1 Author: Michal Hocko Date: Wed Feb 22 15:46:07 2017 -0800 mm, page_alloc: do not report all nodes in show_mem Patch series "show_mem updates", v2. This is a mixture of one bug fix (patch 1), an enhancement (patch 2) and cleanups (the rest of the series). First two patches should be really straightforward. Patch 3 removes some arch specific show_mem implementations because I think they are quite outdated and do not really serve any useful purpose anymore. I think we should really strive to have a consistent show_mem output regardless of the architecture. If some architecture is really special and wants to dump something additional we should do that via an arch specific hook. The last patch adds nodemask parameter so that we do not rely on the hardcoded mems_allowed of the current task when doing the node filtering. I consider this more a cleanup than a fix because basically all users use a nodemask which is a subset of mems_allowed. There is only one call path in the memory hotplug which doesn't comply with this but that is hardly something to worry about. This patch (of 4): Commit 599d0c954f91 ("mm, vmscan: move LRU lists to node") has added per numa node statistics to show_mem but it forgot to add skip_free_areas_node to filter out nodes which are outside of the allocating task numa policy. Add this check to not pollute the output with the pointless information. Link: http://lkml.kernel.org/r/20170117091543.25850-2-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Mel Gorman Acked-by: Johannes Weiner Acked-by: Hillf Danton Acked-by: David Rientjes Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 3 +++ 1 file changed, 3 insertions(+) commit abd6e8a7ac49807102652861f69583944752e297 Author: Michal Hocko Date: Wed Feb 22 15:46:04 2017 -0800 Revert "mm: bail out in shrink_inactive_list()" This reverts commit 91dcade47a3d0e7. inactive_reclaimable_pages shouldn't be needed anymore since that get_scan_count is aware of the eligble zones ("mm, vmscan: consider eligible zones in get_scan_count"). Link: http://lkml.kernel.org/r/20170117103702.28542-4-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Hillf Danton Acked-by: Minchan Kim Acked-by: Mel Gorman Acked-by: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 27 --------------------------- 1 file changed, 27 deletions(-) commit 71ab6cfe88dcf9f6e6a65eb85cf2bda20a257682 Author: Michal Hocko Date: Wed Feb 22 15:46:01 2017 -0800 mm, vmscan: consider eligible zones in get_scan_count get_scan_count() considers the whole node LRU size when - doing SCAN_FILE due to many page cache inactive pages - calculating the number of pages to scan In both cases this might lead to unexpected behavior especially on 32b systems where we can expect lowmem memory pressure very often. A large highmem zone can easily distort SCAN_FILE heuristic because there might be only few file pages from the eligible zones on the node lru and we would still enforce file lru scanning which can lead to trashing while we could still scan anonymous pages. The later use of lruvec_lru_size can be problematic as well. Especially when there are not many pages from the eligible zones. We would have to skip over many pages to find anything to reclaim but shrink_node_memcg would only reduce the remaining number to scan by SWAP_CLUSTER_MAX at maximum. Therefore we can end up going over a large LRU many times without actually having chance to reclaim much if anything at all. The closer we are out of memory on lowmem zone the worse the problem will be. Fix this by filtering out all the ineligible zones when calculating the lru size for both paths and consider only sc->reclaim_idx zones. The patch would need to be tweaked a bit to apply to 4.10 and older but I will do that as soon as it hits the Linus tree in the next merge window. Link: http://lkml.kernel.org/r/20170117103702.28542-3-mhocko@kernel.org Fixes: b2e18757f2c9 ("mm, vmscan: begin reclaiming pages on a per-node basis") Signed-off-by: Michal Hocko Tested-by: Trevor Cordes Acked-by: Minchan Kim Acked-by: Hillf Danton Acked-by: Mel Gorman Acked-by: Johannes Weiner Cc: [4.8+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit fd538803731e50367b7c59ce4ad3454426a3d671 Author: Michal Hocko Date: Wed Feb 22 15:45:58 2017 -0800 mm, vmscan: cleanup lru size claculations lruvec_lru_size returns the full size of the LRU list while we sometimes need a value reduced only to eligible zones (e.g. for lowmem requests). inactive_list_is_low is one such user. Later patches will add more of them. Add a new parameter to lruvec_lru_size and allow it filter out zones which are not eligible for the given context. Link: http://lkml.kernel.org/r/20170117103702.28542-2-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Johannes Weiner Acked-by: Hillf Danton Acked-by: Minchan Kim Acked-by: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mmzone.h | 2 +- mm/vmscan.c | 89 +++++++++++++++++++++++++------------------------- mm/workingset.c | 2 +- 3 files changed, 46 insertions(+), 47 deletions(-) commit f0958906cd2bf3730cd7938b8af80a1c23e8ac06 Author: Michal Hocko Date: Wed Feb 22 15:45:55 2017 -0800 mm, vmscan: do not count freed pages as PGDEACTIVATE PGDEACTIVATE represents the number of pages moved from the active list to the inactive list. At least this sounds like the original motivation of the counter. move_active_pages_to_lru, however, counts pages which got freed in the mean time as deactivated as well. This is a very rare event and counting them as deactivation in itself is not harmful but it makes the code more convoluted than necessary - we have to count both all pages and those which are freed which is a bit confusing. After this patch the PGDEACTIVATE should have a slightly more clear semantic and only count those pages which are moved from the active to the inactive list which is a plus. Link: http://lkml.kernel.org/r/20170112211221.17636-1-mhocko@kernel.org Signed-off-by: Michal Hocko Suggested-by: Vlastimil Babka Acked-by: Vlastimil Babka Acked-by: Johannes Weiner Cc: Hugh Dickins Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit bc71226b0690c21bdf50c9c9d08c5dc9ef98764e Author: Geliang Tang Date: Wed Feb 22 15:45:52 2017 -0800 mm/backing-dev.c: use rb_entry() To make the code clearer, use rb_entry() instead of container_of() to deal with rbtree. Link: http://lkml.kernel.org/r/671275de093d93ddc7c6f77ddc0d357149691a39.1484306840.git.geliangtang@gmail.com Signed-off-by: Geliang Tang Cc: Jens Axboe Cc: Tejun Heo Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/backing-dev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 21440d7eb9044001b7fdb71d0163689f60a0f2a1 Author: David Rientjes Date: Wed Feb 22 15:45:49 2017 -0800 mm, thp: add new defer+madvise defrag option There is no thp defrag option that currently allows MADV_HUGEPAGE regions to do direct compaction and reclaim while all other thp allocations simply trigger kswapd and kcompactd in the background and fail immediately. The "defer" setting simply triggers background reclaim and compaction for all regions, regardless of MADV_HUGEPAGE, which makes it unusable for our userspace where MADV_HUGEPAGE is being used to indicate the application is willing to wait for work for thp memory to be available. The "madvise" setting will do direct compaction and reclaim for these MADV_HUGEPAGE regions, but does not trigger kswapd and kcompactd in the background for anybody else. For reasonable usage, there needs to be a mesh between the two options. This patch introduces a fifth mode, "defer+madvise", that will do direct reclaim and compaction for MADV_HUGEPAGE regions and trigger background reclaim and compaction for everybody else so that hugepages may be available in the near future. A proposal to allow direct reclaim and compaction for MADV_HUGEPAGE regions as part of the "defer" mode, making it a very powerful setting and avoids breaking userspace, was offered: http://marc.info/?t=148236612700003 This additional mode is a compromise. A second proposal to allow both "defer" and "madvise" to be selected at the same time was also offered: http://marc.info/?t=148357345300001. This is possible, but there was a concern that it might break existing userspaces the parse the output of the defrag mode, so the fifth option was introduced instead. This patch also cleans up the helper function for storing to "enabled" and "defrag" since the former supports three modes while the latter supports five and triple_flag_store() was getting unnecessarily messy. Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1701101614330.41805@chino.kir.corp.google.com Signed-off-by: David Rientjes Acked-by: Mel Gorman Cc: Vlastimil Babka Cc: Michal Hocko Cc: Jonathan Corbet Cc: "Kirill A. Shutemov" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/vm/transhuge.txt | 8 ++- include/linux/huge_mm.h | 1 + mm/huge_memory.c | 146 +++++++++++++++++++++-------------------- 3 files changed, 82 insertions(+), 73 deletions(-) commit ba81f83842549871cbd7226fc11530dc464500bb Author: Huang Ying Date: Wed Feb 22 15:45:46 2017 -0800 mm/swap: skip readahead only when swap slot cache is enabled Because during swap off, a swap entry may have swap_map[] == SWAP_HAS_CACHE (for example, just allocated). If we return NULL in __read_swap_cache_async(), the swap off will abort. So when swap slot cache is disabled, (for swap off), we will wait for page to be put into swap cache in such race condition. This should not be a problem for swap slot cache, because swap slot cache should be drained after clearing swap_slot_cache_enabled. [ying.huang@intel.com: fix memory leak in __read_swap_cache_async()] Link: http://lkml.kernel.org/r/874lzt6znd.fsf@yhuang-dev.intel.com Link: http://lkml.kernel.org/r/5e2c5f6abe8e6eb0797408897b1bba80938e9b9d.1484082593.git.tim.c.chen@linux.intel.com Signed-off-by: "Huang, Ying" Signed-off-by: Tim Chen Cc: Aaron Lu Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Christian Borntraeger Cc: Dave Hansen Cc: Hillf Danton Cc: Huang Ying Cc: Hugh Dickins Cc: Johannes Weiner Cc: Jonathan Corbet escreveu: Cc: Kirill A. Shutemov Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Cc: Shaohua Li Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap_slots.h | 2 ++ mm/swap_slots.c | 2 +- mm/swap_state.c | 13 ++++++++++--- 3 files changed, 13 insertions(+), 4 deletions(-) commit 039939a65059852242c823ece685579370bc574f Author: Tim Chen Date: Wed Feb 22 15:45:43 2017 -0800 mm/swap: enable swap slots cache usage Initialize swap slots cache and enable it on swap on. Drain all swap slots on swap off. Link: http://lkml.kernel.org/r/07cbc94882fa95d4ac3cfc50b8dce0b1ec231b93.1484082593.git.tim.c.chen@linux.intel.com Signed-off-by: Tim Chen Cc: "Huang, Ying" Cc: Aaron Lu Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Christian Borntraeger Cc: Dave Hansen Cc: Hillf Danton Cc: Huang Ying Cc: Hugh Dickins Cc: Johannes Weiner Cc: Jonathan Corbet escreveu: Cc: Kirill A. Shutemov Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Cc: Shaohua Li Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/swapfile.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 67afa38e012e9581b9b42f2a41dfc56b1280794d Author: Tim Chen Date: Wed Feb 22 15:45:39 2017 -0800 mm/swap: add cache for swap slots allocation We add per cpu caches for swap slots that can be allocated and freed quickly without the need to touch the swap info lock. Two separate caches are maintained for swap slots allocated and swap slots returned. This is to allow the swap slots to be returned to the global pool in a batch so they will have a chance to be coaelesced with other slots in a cluster. We do not reuse the slots that are returned right away, as it may increase fragmentation of the slots. The swap allocation cache is protected by a mutex as we may sleep when searching for empty slots in cache. The swap free cache is protected by a spin lock as we cannot sleep in the free path. We refill the swap slots cache when we run out of slots, and we disable the swap slots cache and drain the slots if the global number of slots fall below a low watermark threshold. We re-enable the cache agian when the slots available are above a high watermark. [ying.huang@intel.com: use raw_cpu_ptr over this_cpu_ptr for swap slots access] [tim.c.chen@linux.intel.com: add comments on locks in swap_slots.h] Link: http://lkml.kernel.org/r/20170118180327.GA24225@linux.intel.com Link: http://lkml.kernel.org/r/35de301a4eaa8daa2977de6e987f2c154385eb66.1484082593.git.tim.c.chen@linux.intel.com Signed-off-by: Tim Chen Signed-off-by: "Huang, Ying" Reviewed-by: Michal Hocko Cc: Aaron Lu Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Christian Borntraeger Cc: Dave Hansen Cc: Hillf Danton Cc: Huang Ying Cc: Hugh Dickins Cc: Johannes Weiner Cc: Jonathan Corbet escreveu: Cc: Kirill A. Shutemov Cc: Minchan Kim Cc: Rik van Riel Cc: Shaohua Li Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap.h | 4 + include/linux/swap_slots.h | 28 ++++ mm/Makefile | 2 +- mm/swap_slots.c | 342 +++++++++++++++++++++++++++++++++++++++++++++ mm/swap_state.c | 1 + mm/swapfile.c | 26 ++-- 6 files changed, 391 insertions(+), 12 deletions(-) commit 7c00bafee87c7bac7ed9eced7c161f8e5332cb4e Author: Tim Chen Date: Wed Feb 22 15:45:36 2017 -0800 mm/swap: free swap slots in batch Add new functions that free unused swap slots in batches without the need to reacquire swap info lock. This improves scalability and reduce lock contention. Link: http://lkml.kernel.org/r/c25e0fcdfd237ec4ca7db91631d3b9f6ed23824e.1484082593.git.tim.c.chen@linux.intel.com Signed-off-by: Tim Chen Signed-off-by: "Huang, Ying" Cc: Aaron Lu Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Christian Borntraeger Cc: Dave Hansen Cc: Hillf Danton Cc: Huang Ying Cc: Hugh Dickins Cc: Johannes Weiner Cc: Jonathan Corbet escreveu: Cc: Kirill A. Shutemov Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Cc: Shaohua Li Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap.h | 1 + mm/swapfile.c | 155 +++++++++++++++++++++++++++++++-------------------- 2 files changed, 95 insertions(+), 61 deletions(-) commit 36005bae205da3eef0016a5c96a34f10a68afa1e Author: Tim Chen Date: Wed Feb 22 15:45:33 2017 -0800 mm/swap: allocate swap slots in batches Currently, the swap slots are allocated one page at a time, causing contention to the swap_info lock protecting the swap partition on every page being swapped. This patch adds new functions get_swap_pages and scan_swap_map_slots to request multiple swap slots at once. This will reduces the lock contention on the swap_info lock. Also scan_swap_map_slots can operate more efficiently as swap slots often occurs in clusters close to each other on a swap device and it is quicker to allocate them together. Link: http://lkml.kernel.org/r/9fec2845544371f62c3763d43510045e33d286a6.1484082593.git.tim.c.chen@linux.intel.com Signed-off-by: Tim Chen Signed-off-by: "Huang, Ying" Cc: Aaron Lu Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Christian Borntraeger Cc: Dave Hansen Cc: Hillf Danton Cc: Huang Ying Cc: Hugh Dickins Cc: Johannes Weiner Cc: Jonathan Corbet escreveu: Cc: Kirill A. Shutemov Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Cc: Shaohua Li Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap.h | 2 + mm/swapfile.c | 136 +++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 113 insertions(+), 25 deletions(-) commit e8c26ab60598558ec3a626e7925b06e7417d7710 Author: Tim Chen Date: Wed Feb 22 15:45:29 2017 -0800 mm/swap: skip readahead for unreferenced swap slots We can avoid needlessly allocating page for swap slots that are not used by anyone. No pages have to be read in for these slots. Link: http://lkml.kernel.org/r/0784b3f20b9bd3aa5552219624cb78dc4ae710c9.1484082593.git.tim.c.chen@linux.intel.com Signed-off-by: Tim Chen Signed-off-by: "Huang, Ying" Cc: Aaron Lu Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Christian Borntraeger Cc: Dave Hansen Cc: Hillf Danton Cc: Huang Ying Cc: Hugh Dickins Cc: Johannes Weiner Cc: Jonathan Corbet escreveu: Cc: Kirill A. Shutemov Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Cc: Shaohua Li Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap.h | 6 ++++++ mm/swap_state.c | 4 ++++ mm/swapfile.c | 47 +++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 51 insertions(+), 6 deletions(-) commit 4b3ef9daa4fc0bba742a79faecb17fdaaead083b Author: Huang, Ying Date: Wed Feb 22 15:45:26 2017 -0800 mm/swap: split swap cache into 64MB trunks The patch is to improve the scalability of the swap out/in via using fine grained locks for the swap cache. In current kernel, one address space will be used for each swap device. And in the common configuration, the number of the swap device is very small (one is typical). This causes the heavy lock contention on the radix tree of the address space if multiple tasks swap out/in concurrently. But in fact, there is no dependency between pages in the swap cache. So that, we can split the one shared address space for each swap device into several address spaces to reduce the lock contention. In the patch, the shared address space is split into 64MB trunks. 64MB is chosen to balance the memory space usage and effect of lock contention reduction. The size of struct address_space on x86_64 architecture is 408B, so with the patch, 6528B more memory will be used for every 1GB swap space on x86_64 architecture. One address space is still shared for the swap entries in the same 64M trunks. To avoid lock contention for the first round of swap space allocation, the order of the swap clusters in the initial free clusters list is changed. The swap space distance between the consecutive swap clusters in the free cluster list is at least 64M. After the first round of allocation, the swap clusters are expected to be freed randomly, so the lock contention should be reduced effectively. Link: http://lkml.kernel.org/r/735bab895e64c930581ffb0a05b661e01da82bc5.1484082593.git.tim.c.chen@linux.intel.com Signed-off-by: "Huang, Ying" Signed-off-by: Tim Chen Cc: Aaron Lu Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Christian Borntraeger Cc: Dave Hansen Cc: Hillf Danton Cc: Huang Ying Cc: Hugh Dickins Cc: Johannes Weiner Cc: Jonathan Corbet escreveu: Cc: Kirill A. Shutemov Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Cc: Shaohua Li Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap.h | 11 +++++++-- mm/swap.c | 6 ----- mm/swap_state.c | 68 ++++++++++++++++++++++++++++++++++++++++++---------- mm/swapfile.c | 16 +++++++++++-- 4 files changed, 79 insertions(+), 22 deletions(-) commit 235b62176712b970c815923e36b9a9cc05d4d901 Author: Huang, Ying Date: Wed Feb 22 15:45:22 2017 -0800 mm/swap: add cluster lock This patch is to reduce the lock contention of swap_info_struct->lock via using a more fine grained lock in swap_cluster_info for some swap operations. swap_info_struct->lock is heavily contended if multiple processes reclaim pages simultaneously. Because there is only one lock for each swap device. While in common configuration, there is only one or several swap devices in the system. The lock protects almost all swap related operations. In fact, many swap operations only access one element of swap_info_struct->swap_map array. And there is no dependency between different elements of swap_info_struct->swap_map. So a fine grained lock can be used to allow parallel access to the different elements of swap_info_struct->swap_map. In this patch, a spinlock is added to swap_cluster_info to protect the elements of swap_info_struct->swap_map in the swap cluster and the fields of swap_cluster_info. This reduced locking contention for swap_info_struct->swap_map access greatly. Because of the added spinlock, the size of swap_cluster_info increases from 4 bytes to 8 bytes on the 64 bit and 32 bit system. This will use additional 4k RAM for every 1G swap space. Because the size of swap_cluster_info is much smaller than the size of the cache line (8 vs 64 on x86_64 architecture), there may be false cache line sharing between spinlocks in swap_cluster_info. To avoid the false sharing in the first round of the swap cluster allocation, the order of the swap clusters in the free clusters list is changed. So that, the swap_cluster_info sharing the same cache line will be placed as far as possible. After the first round of allocation, the order of the clusters in free clusters list is expected to be random. So the false sharing should be not serious. Compared with a previous implementation using bit_spin_lock, the sequential swap out throughput improved about 3.2%. Test was done on a Xeon E5 v3 system. The swap device used is a RAM simulated PMEM (persistent memory) device. To test the sequential swapping out, the test case created 32 processes, which sequentially allocate and write to the anonymous pages until the RAM and part of the swap device is used. [ying.huang@intel.com: v5] Link: http://lkml.kernel.org/r/878tqeuuic.fsf_-_@yhuang-dev.intel.com [minchan@kernel.org: initialize spinlock for swap_cluster_info] Link: http://lkml.kernel.org/r/1486434945-29753-1-git-send-email-minchan@kernel.org [hughd@google.com: annotate nested locking for cluster lock] Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1702161050540.21773@eggly.anvils Link: http://lkml.kernel.org/r/dbb860bbd825b1aaba18988015e8963f263c3f0d.1484082593.git.tim.c.chen@linux.intel.com Signed-off-by: "Huang, Ying" Signed-off-by: Tim Chen Signed-off-by: Minchan Kim Signed-off-by: Hugh Dickins Cc: Aaron Lu Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Christian Borntraeger Cc: Dave Hansen Cc: Hillf Danton Cc: Huang Ying Cc: Hugh Dickins Cc: Johannes Weiner Cc: Jonathan Corbet escreveu: Cc: Kirill A. Shutemov Cc: Michal Hocko Cc: Minchan Kim Cc: Rik van Riel Cc: Shaohua Li Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap.h | 6 ++ mm/swapfile.c | 215 +++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 179 insertions(+), 42 deletions(-) commit 6a991fc72d1243b8da0c644d3147d3ec41a0b281 Author: Huang, Ying Date: Wed Feb 22 15:45:19 2017 -0800 mm/swap: fix kernel message in swap_info_get() Patch series "mm/swap: Regular page swap optimizations", v5. Times have changed. Coming generation of Solid state Block device latencies are getting down to sub 100 usec, which is within an order of magnitude of DRAM, and their performance is orders of magnitude higher than the single- spindle rotational media we've swapped to historically. This could benefit many usage scenearios. For example cloud providers who overcommit their memory (as VM don't use all the memory provisioned). Having a fast swap will allow them to be more aggressive in memory overcommit and fit more VMs to a platform. In our testing [see footnote], the median latency that the kernel adds to a page fault is 15 usec, which comes quite close to the amount that will be contributed by the underlying I/O devices. The software latency comes mostly from contentions on the locks protecting the radix tree of the swap cache and also the locks protecting the individual swap devices. The lock contentions already consumed 35% of cpu cycles in our test. In the very near future, software latency will become the bottleneck to swap performnace as block device I/O latency gets within the shouting distance of DRAM speed. This patch set, reduced the median page fault latency from 15 usec to 4 usec (375% reduction) for DRAM based pmem block device. This patch (of 9): swap_info_get() is used not only in swap free code path but also in page_swapcount(), etc. So the original kernel message in swap_info_get() is not correct now. Fix it via replacing "swap_free" to "swap_info_get" in the message. Link: http://lkml.kernel.org/r/9b5f8bd6266f9da978c373f2384c8044df5e262c.1484082593.git.tim.c.chen@linux.intel.com Signed-off-by: "Huang, Ying" Signed-off-by: Tim Chen Reviewed-by: Rik van Riel Cc: Aaron Lu Cc: Andi Kleen Cc: Andrea Arcangeli Cc: Christian Borntraeger Cc: Dave Hansen Cc: Hillf Danton Cc: Huang Ying Cc: Hugh Dickins Cc: Johannes Weiner Cc: Jonathan Corbet escreveu: Cc: Kirill A. Shutemov Cc: Michal Hocko Cc: Minchan Kim Cc: Shaohua Li Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/swapfile.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 16e72e9b30986ee15f17fbb68189ca842c32af58 Author: Denys Vlasenko Date: Wed Feb 22 15:45:16 2017 -0800 powerpc: do not make the entire heap executable On 32-bit powerpc the ELF PLT sections of binaries (built with --bss-plt, or with a toolchain which defaults to it) look like this: [17] .sbss NOBITS 0002aff8 01aff8 000014 00 WA 0 0 4 [18] .plt NOBITS 0002b00c 01aff8 000084 00 WAX 0 0 4 [19] .bss NOBITS 0002b090 01aff8 0000a4 00 WA 0 0 4 Which results in an ELF load header: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align LOAD 0x019c70 0x00029c70 0x00029c70 0x01388 0x014c4 RWE 0x10000 This is all correct, the load region containing the PLT is marked as executable. Note that the PLT starts at 0002b00c but the file mapping ends at 0002aff8, so the PLT falls in the 0 fill section described by the load header, and after a page boundary. Unfortunately the generic ELF loader ignores the X bit in the load headers when it creates the 0 filled non-file backed mappings. It assumes all of these mappings are RW BSS sections, which is not the case for PPC. gcc/ld has an option (--secure-plt) to not do this, this is said to incur a small performance penalty. Currently, to support 32-bit binaries with PLT in BSS kernel maps *entire brk area* with executable rights for all binaries, even --secure-plt ones. Stop doing that. Teach the ELF loader to check the X bit in the relevant load header and create 0 filled anonymous mappings that are executable if the load header requests that. Test program showing the difference in /proc/$PID/maps: int main() { char buf[16*1024]; char *p = malloc(123); /* make "[heap]" mapping appear */ int fd = open("/proc/self/maps", O_RDONLY); int len = read(fd, buf, sizeof(buf)); write(1, buf, len); printf("%p\n", p); return 0; } Compiled using: gcc -mbss-plt -m32 -Os test.c -otest Unpatched ppc64 kernel: 00100000-00120000 r-xp 00000000 00:00 0 [vdso] 0fe10000-0ffd0000 r-xp 00000000 fd:00 67898094 /usr/lib/libc-2.17.so 0ffd0000-0ffe0000 r--p 001b0000 fd:00 67898094 /usr/lib/libc-2.17.so 0ffe0000-0fff0000 rw-p 001c0000 fd:00 67898094 /usr/lib/libc-2.17.so 10000000-10010000 r-xp 00000000 fd:00 100674505 /home/user/test 10010000-10020000 r--p 00000000 fd:00 100674505 /home/user/test 10020000-10030000 rw-p 00010000 fd:00 100674505 /home/user/test 10690000-106c0000 rwxp 00000000 00:00 0 [heap] f7f70000-f7fa0000 r-xp 00000000 fd:00 67898089 /usr/lib/ld-2.17.so f7fa0000-f7fb0000 r--p 00020000 fd:00 67898089 /usr/lib/ld-2.17.so f7fb0000-f7fc0000 rw-p 00030000 fd:00 67898089 /usr/lib/ld-2.17.so ffa90000-ffac0000 rw-p 00000000 00:00 0 [stack] 0x10690008 Patched ppc64 kernel: 00100000-00120000 r-xp 00000000 00:00 0 [vdso] 0fe10000-0ffd0000 r-xp 00000000 fd:00 67898094 /usr/lib/libc-2.17.so 0ffd0000-0ffe0000 r--p 001b0000 fd:00 67898094 /usr/lib/libc-2.17.so 0ffe0000-0fff0000 rw-p 001c0000 fd:00 67898094 /usr/lib/libc-2.17.so 10000000-10010000 r-xp 00000000 fd:00 100674505 /home/user/test 10010000-10020000 r--p 00000000 fd:00 100674505 /home/user/test 10020000-10030000 rw-p 00010000 fd:00 100674505 /home/user/test 10180000-101b0000 rw-p 00000000 00:00 0 [heap] ^^^^ this has changed f7c60000-f7c90000 r-xp 00000000 fd:00 67898089 /usr/lib/ld-2.17.so f7c90000-f7ca0000 r--p 00020000 fd:00 67898089 /usr/lib/ld-2.17.so f7ca0000-f7cb0000 rw-p 00030000 fd:00 67898089 /usr/lib/ld-2.17.so ff860000-ff890000 rw-p 00000000 00:00 0 [stack] 0x10180008 The patch was originally posted in 2012 by Jason Gunthorpe and apparently ignored: https://lkml.org/lkml/2012/9/30/138 Lightly run-tested. Link: http://lkml.kernel.org/r/20161215131950.23054-1-dvlasenk@redhat.com Signed-off-by: Jason Gunthorpe Signed-off-by: Denys Vlasenko Acked-by: Kees Cook Acked-by: Michael Ellerman Tested-by: Jason Gunthorpe Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: "Aneesh Kumar K.V" Cc: Oleg Nesterov Cc: Florian Weimer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/include/asm/page.h | 4 +++- fs/binfmt_elf.c | 30 ++++++++++++++++++++++-------- include/linux/mm.h | 1 + mm/mmap.c | 24 +++++++++++++++++++----- 4 files changed, 45 insertions(+), 14 deletions(-) commit ddffe98d166f4a93d996d5aa628fd745311fc1e7 Author: Yasuaki Ishimatsu Date: Wed Feb 22 15:45:13 2017 -0800 mm/memory_hotplug: set magic number to page->freelist instead of page->lru.next To identify that pages of page table are allocated from bootmem allocator, magic number sets to page->lru.next. But page->lru list is initialized in reserve_bootmem_region(). So when calling free_pagetable(), the function cannot find the magic number of pages. And free_pagetable() frees the pages by free_reserved_page() not put_page_bootmem(). But if the pages are allocated from bootmem allocator and used as page table, the pages have private flag. So before freeing the pages, we should clear the private flag by put_page_bootmem(). Before applying the commit 7bfec6f47bb0 ("mm, page_alloc: check multiple page fields with a single branch"), we could find the following visible issue: BUG: Bad page state in process kworker/u1024:1 page:ffffea103cfd8040 count:0 mapcount:0 mappi flags: 0x6fffff80000800(private) page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x800(private) Call Trace: [...] dump_stack+0x63/0x87 [...] bad_page+0x114/0x130 [...] free_pages_prepare+0x299/0x2d0 [...] free_hot_cold_page+0x31/0x150 [...] __free_pages+0x25/0x30 [...] free_pagetable+0x6f/0xb4 [...] remove_pagetable+0x379/0x7ff [...] vmemmap_free+0x10/0x20 [...] sparse_remove_one_section+0x149/0x180 [...] __remove_pages+0x2e9/0x4f0 [...] arch_remove_memory+0x63/0xc0 [...] remove_memory+0x8c/0xc0 [...] acpi_memory_device_remove+0x79/0xa5 [...] acpi_bus_trim+0x5a/0x8d [...] acpi_bus_trim+0x38/0x8d [...] acpi_device_hotplug+0x1b7/0x418 [...] acpi_hotplug_work_fn+0x1e/0x29 [...] process_one_work+0x152/0x400 [...] worker_thread+0x125/0x4b0 [...] kthread+0xd8/0xf0 [...] ret_from_fork+0x22/0x40 And the issue still silently occurs. Until freeing the pages of page table allocated from bootmem allocator, the page->freelist is never used. So the patch sets magic number to page->freelist instead of page->lru.next. [isimatu.yasuaki@jp.fujitsu.com: fix merge issue] Link: http://lkml.kernel.org/r/722b1cc4-93ac-dd8b-2be2-7a7e313b3b0b@gmail.com Link: http://lkml.kernel.org/r/2c29bd9f-5b67-02d0-18a3-8828e78bbb6f@gmail.com Signed-off-by: Yasuaki Ishimatsu Cc: Thomas Gleixner Cc: Ingo Molnar Cc: H. Peter Anvin Cc: Dave Hansen Cc: Vlastimil Babka Cc: Mel Gorman Cc: Xishi Qiu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/mm/init_64.c | 2 +- mm/memory_hotplug.c | 5 +++-- mm/sparse.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) commit 857e522a007bfda34606ae252e2f61a6eff151ff Author: Yasuaki Ishimatsu Date: Wed Feb 22 15:45:10 2017 -0800 mm/sparse: use page_private() to get page->private value free_map_bootmem() uses page->private directly to set removing_section_nr argument. But to get page->private value, page_private() has been prepared. So free_map_bootmem() should use page_private() instead of page->private. Link: http://lkml.kernel.org/r/1d34eaa5-a506-8b7a-6471-490c345deef8@gmail.com Signed-off-by: Yasuaki Ishimatsu Cc: Thomas Gleixner Cc: Ingo Molnar Cc: H. Peter Anvin Cc: Dave Hansen Cc: Vlastimil Babka Cc: Mel Gorman Cc: Xishi Qiu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/sparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7d41c03e2dc6a650f69655a42c0ddb72a7c121bf Author: Wei Yang Date: Wed Feb 22 15:45:07 2017 -0800 mm/memblock.c: check return value of memblock_reserve() in memblock_virt_alloc_internal() memblock_reserve() would add a new range to memblock.reserved in case the new range is not totally covered by any of the current memblock.reserved range. If the memblock.reserved is full and can't resize, memblock_reserve() would fail. This doesn't happen in real world now, I observed this during code review. While theoretically, it has the chance to happen. And if it happens, others would think this range of memory is still available and may corrupt the memory. This patch checks the return value and goto "done" after it succeeds. Link: http://lkml.kernel.org/r/1482363033-24754-3-git-send-email-richard.weiyang@gmail.com Signed-off-by: Wei Yang Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memblock.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit ef415ef41153b747031e8ad965cb3df4f22ff72e Author: Wei Yang Date: Wed Feb 22 15:45:04 2017 -0800 mm/memblock.c: trivial code refine in memblock_is_region_memory() memblock_is_region_memory() invoke memblock_search() to see whether the base address is in the memory region. If it fails, idx would be -1. Then, it returns 0. If the memblock_search() returns a valid index, it means the base address is guaranteed to be in the range memblock.memory.regions[idx]. Because of this, it is not necessary to check the base again. This patch removes the check on "base". Link: http://lkml.kernel.org/r/1482363033-24754-2-git-send-email-richard.weiyang@gmail.com Signed-off-by: Wei Yang Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memblock.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 399d8eebe768fe3ae648700547d04f2a8796a4da Author: Xishi Qiu Date: Wed Feb 22 15:45:01 2017 -0800 mm: fix some typos in mm/zsmalloc.c Delete extra semicolon, and fix some typos. Link: http://lkml.kernel.org/r/586F1823.4050107@huawei.com Signed-off-by: Xishi Qiu Reviewed-by: Sergey Senozhatsky Acked-by: Minchan Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/zsmalloc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit d3a9d7a3784e3a54c08dcd9eafaef7ccb383a894 Author: Adygzhy Ondar Date: Wed Feb 22 15:44:58 2017 -0800 mm/bootmem.c: cosmetic improvement of code readability The obvious number of bits in a byte is replaced by BITS_PER_BYTE macro in bootmap_bytes() Link: http://lkml.kernel.org/r/1483781600-5136-1-git-send-email-ondar07@gmail.com Signed-off-by: Adygzhy Ondar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/bootmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 46acef048a6568ba490f636db8682a1461ed223c Author: Davidlohr Bueso Date: Wed Feb 22 15:44:55 2017 -0800 mm,compaction: serialize waitqueue_active() checks Without a memory barrier, the following race can occur with a high-order allocation: wakeup_kcompactd(order == 1) kcompactd() [L] waitqueue_active(kcompactd_wait) [S] prepare_to_wait_event(kcompactd_wait) [L] (kcompactd_max_order == 0) [S] kcompactd_max_order = order; schedule() Where the waitqueue_active() check is speculatively re-ordered to before setting the actual condition (max_order), not seeing the threads that's going to block; making us miss a wakeup. There are a couple of options to fix this, including calling wq_has_sleepers() which adds a full barrier, or unconditionally doing the wake_up_interruptible() and serialize on the q->lock. However, to make use of the control dependency, we just need to add L->L guarantees. While this bug is theoretical, there have been other offenders of the lockless waitqueue_active() in the past -- this is also documented in the call itself. Link: http://lkml.kernel.org/r/1483975528-24342-1-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 7 +++++++ 1 file changed, 7 insertions(+) commit b92df1de5d289c0b5d653e72414bf0850b8511e0 Author: Paul Burton Date: Wed Feb 22 15:44:53 2017 -0800 mm: page_alloc: skip over regions of invalid pfns where possible When using a sparse memory model memmap_init_zone() when invoked with the MEMMAP_EARLY context will skip over pages which aren't valid - ie. which aren't in a populated region of the sparse memory map. However if the memory map is extremely sparse then it can spend a long time linearly checking each PFN in a large non-populated region of the memory map & skipping it in turn. When CONFIG_HAVE_MEMBLOCK_NODE_MAP is enabled, we have sufficient information to quickly discover the next valid PFN given an invalid one by searching through the list of memory regions & skipping forwards to the first PFN covered by the memory region to the right of the non-populated region. Implement this in order to speed up memmap_init_zone() for systems with extremely sparse memory maps. James said "I have tested this patch on a virtual model of a Samurai CPU with a sparse memory map. The kernel boot time drops from 109 to 62 seconds. " Link: http://lkml.kernel.org/r/20161125185518.29885-1-paul.burton@imgtec.com Signed-off-by: Paul Burton Tested-by: James Hartley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/memblock.h | 1 + mm/memblock.c | 25 +++++++++++++++++++++++++ mm/page_alloc.c | 11 ++++++++++- 3 files changed, 36 insertions(+), 1 deletion(-) commit 7f354a548d1cb6bb01b6ee74aee9264aa152f1ec Author: David Rientjes Date: Wed Feb 22 15:44:50 2017 -0800 mm, compaction: add vmstats for kcompactd work A "compact_daemon_wake" vmstat exists that represents the number of times kcompactd has woken up. This doesn't represent how much work it actually did, though. It's useful to understand how much compaction work is being done by kcompactd versus other methods such as direct compaction and explicitly triggered per-node (or system) compaction. This adds two new vmstats: "compact_daemon_migrate_scanned" and "compact_daemon_free_scanned" to represent the number of pages kcompactd has scanned as part of its migration scanner and freeing scanner, respectively. These values are still accounted for in the general "compact_migrate_scanned" and "compact_free_scanned" for compatibility. It could be argued that explicitly triggered compaction could also be tracked separately, and that could be added if others find it useful. Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1612071749390.69852@chino.kir.corp.google.com Signed-off-by: David Rientjes Acked-by: Vlastimil Babka Cc: Michal Hocko Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/vm_event_item.h | 1 + mm/compaction.c | 22 +++++++++++++++++++--- mm/internal.h | 2 ++ mm/vmstat.c | 2 ++ 4 files changed, 24 insertions(+), 3 deletions(-) commit e57b9d8c5ad08ed8cbca7e51fe252719a2845394 Author: Steven Rostedt Date: Wed Feb 22 15:44:47 2017 -0800 mm/mmzone.c: swap likely to unlikely as code logic is different for next_zones_zonelist() Commit 682a3385e773 ("mm, page_alloc: inline the fast path of the zonelist iterator") changed how next_zones_zonelist() is called, by adding a static inline function to do the fast path. This function adds: if (likely(!nodes && zonelist_zone_idx(z) <= highest_zoneidx)) return z; return __next_zones_zonelist(z, highest_zoneidx, nodes); Where __next_zones_zonelist() is only called when nodes is not NULL or zonelist_zone_idx(z) is less than highest_zoneidx. The original next_zone_zonelist() was converted to __next_zones_zonelist() but it still maintained: if (likely(nodes == NULL)) Which is now actually a very unlikely, as it is only called with nodes equal to NULL when zonelist_zone_idx(z) is greater than highest_zoneidx. Before this commit, this if had this statistic: correct incorrect % Function File Line ------- --------- - -------- ---- ---- 837895 446078 34 next_zones_zonelist mmzone.c 63 After this commit, it has: correct incorrect % Function File Line ------- --------- - -------- ---- ---- 10 173840 99 __next_zones_zonelist mmzone.c 63 Thus, the if statement is now much more unlikely than it ever was as a likely. Link: http://lkml.kernel.org/r/20170105200102.77989567@gandalf.local.home Signed-off-by: Steven Rostedt (VMware) Acked-by: Mel Gorman Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mmzone.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 870667553af5e18b2f3402c03f8c4f82381f0ec7 Author: Randy Dunlap Date: Wed Feb 22 15:44:44 2017 -0800 mm: fix filemap.c kernel-doc warnings Fix kernel-doc warnings in mm/filemap.c: mm/filemap.c:993: warning: No description found for parameter '__page' mm/filemap.c:993: warning: Excess function parameter 'page' description in '__lock_page' Link: http://lkml.kernel.org/r/a66fe492-518c-ad6c-5f03-5e8b721fb451@infradead.org Signed-off-by: Randy Dunlap Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/filemap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 74d81bfae8e3f52e956367f6ed764db269b87091 Author: Nicholas Piggin Date: Wed Feb 22 15:44:41 2017 -0800 mm: un-export wake_up_page functions These are no longer used outside mm/filemap.c, so un-export them and make them static where possible. These were exported specifically for NFS use in commit a4796e37c12e ("MM: export page_wakeup functions"). Link: http://lkml.kernel.org/r/20170103182234.30141-3-npiggin@gmail.com Signed-off-by: Nicholas Piggin Cc: Trond Myklebust Cc: Anna Schumaker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/pagemap.h | 12 ++---------- mm/filemap.c | 10 ++++++++-- 2 files changed, 10 insertions(+), 12 deletions(-) commit d94e0c05eba9ed627ce467a7c3e92b365269f905 Author: Nicholas Piggin Date: Wed Feb 22 15:44:39 2017 -0800 nfs: no PG_private waiters remain, remove waker Since commit 4f52b6bb8c57 ("NFS: Don't call COMMIT in ->releasepage()"), no tasks wait on PagePrivate. Thus the wake introduced in commit 9590544694be ("NFS: avoid deadlocks with loop-back mounted NFS filesystems.") can be removed. Link: http://lkml.kernel.org/r/20170103182234.30141-2-npiggin@gmail.com Signed-off-by: Nicholas Piggin Cc: Trond Myklebust Cc: Anna Schumaker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/nfs/write.c | 2 -- 1 file changed, 2 deletions(-) commit 93607e5a554a6408a1b56cdd146edc91e5da9983 Author: Michal Hocko Date: Wed Feb 22 15:44:36 2017 -0800 trace-vmscan-postprocess: sync with tracepoints updates Both mm_vmscan_lru_shrink_active and mm_vmscan_lru_isolate have changed so the script needs to be update to reflect those changes Link: http://lkml.kernel.org/r/20170105151737.GU21618@dhcp22.suse.cz Signed-off-by: Michal Hocko Acked-by: Hillf Danton Acked-by: Mel Gorman Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds .../trace/postprocess/trace-vmscan-postprocess.pl | 26 +++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) commit dcec0b60a8213aeb876823a15d834009fce3b36e Author: Michal Hocko Date: Wed Feb 22 15:44:33 2017 -0800 mm, vmscan: add mm_vmscan_inactive_list_is_low tracepoint Currently we have tracepoints for both active and inactive LRU lists reclaim but we do not have any which would tell us why we we decided to age the active list. Without that it is quite hard to diagnose active/inactive lists balancing. Add mm_vmscan_inactive_list_is_low tracepoint to tell us this information. Link: http://lkml.kernel.org/r/20170104101942.4860-8-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Hillf Danton Acked-by: Mel Gorman Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/trace/events/vmscan.h | 40 ++++++++++++++++++++++++++++++++++++++++ mm/vmscan.c | 23 ++++++++++++++--------- 2 files changed, 54 insertions(+), 9 deletions(-) commit 5bccd16657e893e52e96547e7c2b5729d78d4e45 Author: Michal Hocko Date: Wed Feb 22 15:44:30 2017 -0800 mm, vmscan: enhance mm_vmscan_lru_shrink_inactive tracepoint mm_vmscan_lru_shrink_inactive will currently report the number of scanned and reclaimed pages. This doesn't give us an idea how the reclaim went except for the overall effectiveness though. Export and show other counters which will tell us why we couldn't reclaim some pages. - nr_dirty, nr_writeback, nr_congested and nr_immediate tells us how many pages are blocked due to IO - nr_activate tells us how many pages were moved to the active list - nr_ref_keep reports how many pages are kept on the LRU due to references (mostly for the file pages which are about to go for another round through the inactive list) - nr_unmap_fail - how many pages failed to unmap All these are rather low level so they might change in future but the tracepoint is already implementation specific so no tools should be depending on its stability. Link: http://lkml.kernel.org/r/20170104101942.4860-7-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Hillf Danton Acked-by: Mel Gorman Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/trace/events/vmscan.h | 29 ++++++++++++++++++++++++++--- mm/vmscan.c | 14 ++++++++++++++ 2 files changed, 40 insertions(+), 3 deletions(-) commit 3c710c1ad11b4a856a396b181911568f3851a5d8 Author: Michal Hocko Date: Wed Feb 22 15:44:27 2017 -0800 mm, vmscan: extract shrink_page_list reclaim counters into a struct shrink_page_list returns quite some counters back to its caller. Extract the existing 5 into struct reclaim_stat because this makes the code easier to follow and also allows further counters to be returned. While we are at it, make all of them unsigned rather than unsigned long as we do not really need full 64b for them (we never scan more than SWAP_CLUSTER_MAX pages at once). This should reduce some stack space. This patch shouldn't introduce any functional change. Link: http://lkml.kernel.org/r/20170104101942.4860-6-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Hillf Danton Acked-by: Mel Gorman Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 61 ++++++++++++++++++++++++++++++------------------------------- 1 file changed, 30 insertions(+), 31 deletions(-) commit 32b3f2974adca13f8a4a610c396e88c6f81eb10e Author: Michal Hocko Date: Wed Feb 22 15:44:24 2017 -0800 mm, vmscan: show LRU name in mm_vmscan_lru_isolate tracepoint mm_vmscan_lru_isolate currently prints only whether the LRU we isolate from is file or anonymous but we do not know which LRU this is. It is useful to know whether the list is active or inactive, since we are using the same function to isolate pages from both of them and it's hard to distinguish otherwise. Link: http://lkml.kernel.org/r/20170104101942.4860-5-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Hillf Danton Acked-by: Mel Gorman Acked-by: Minchan Kim Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/trace/events/mmflags.h | 8 ++++++++ include/trace/events/vmscan.h | 12 ++++++------ mm/vmscan.c | 3 +-- 3 files changed, 15 insertions(+), 8 deletions(-) commit 1265e3a69f1ea97357536773d48c92a409e01eaf Author: Michal Hocko Date: Wed Feb 22 15:44:21 2017 -0800 mm, vmscan: show the number of skipped pages in mm_vmscan_lru_isolate mm_vmscan_lru_isolate shows the number of requested, scanned and taken pages. This is mostly OK but on 32b systems the number of scanned pages is quite misleading because it includes both the scanned and skipped pages. Moreover the skipped part is scaled based on the number of taken pages. Let's report the exact numbers without any additional logic and add the number of skipped pages. This should make the reported data much more easier to interpret. Link: http://lkml.kernel.org/r/20170104101942.4860-4-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Minchan Kim Acked-by: Mel Gorman Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/trace/events/vmscan.h | 8 ++++++-- mm/vmscan.c | 13 +++++++------ 2 files changed, 13 insertions(+), 8 deletions(-) commit 9d998b4f1e39abd69441d29a1ef3250514479267 Author: Michal Hocko Date: Wed Feb 22 15:44:18 2017 -0800 mm, vmscan: add active list aging tracepoint Our reclaim process has several tracepoints to tell us more about how things are progressing. We are, however, missing a tracepoint to track active list aging. Introduce mm_vmscan_lru_shrink_active which reports the number of - nr_taken is number of isolated pages from the active list - nr_referenced pages which tells us that we are hitting referenced pages which are deactivated. If this is a large part of the reported nr_deactivated pages then we might be hitting into the active list too early because they might be still part of the working set. This might help to debug performance issues. - nr_active pages which tells us how many pages are kept on the active list - mostly exec file backed pages. A high number can indicate that we might be trashing on executables. [mhocko@suse.com: update] Link: http://lkml.kernel.org/r/20170104135244.GJ25453@dhcp22.suse.cz Link: http://lkml.kernel.org/r/20170104101942.4860-3-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Hillf Danton Acked-by: Mel Gorman Acked-by: Minchan Kim Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/trace/events/vmscan.h | 36 ++++++++++++++++++++++++++++++++++++ mm/vmscan.c | 18 ++++++++++++++---- 2 files changed, 50 insertions(+), 4 deletions(-) commit 30b9aed8cd576964bff71a6c5f022ca30ac4c3b7 Author: Michal Hocko Date: Wed Feb 22 15:44:15 2017 -0800 mm, vmscan: remove unused mm_vmscan_memcg_isolate Patch series "vm, vmscan: enahance vmscan tracepoints", v2. While debugging [2] I've realized that there is some room for improvements in the tracepoints set we offer currently. I had hard times to make any conclusion from the existing ones. The resulting problem turned out to be active list aging [3] and we are missing at least two tracepoints to debug such a problem. Some existing tracepoints could export more information to see _why_ the reclaim progress cannot be made not only _how much_ we could reclaim. The later could be seen quite reasonably from the vmstat counters already. It can be argued that we are showing too many implementation details in those tracepoints but I consider them way too lowlevel already to be usable by any kernel independent userspace. I would be _really_ surprised if anything but debugging tools have used them. Any feedback is highly appreciated. [1] http://lkml.kernel.org/r/20161228153032.10821-1-mhocko@kernel.org [2] http://lkml.kernel.org/r/20161215225702.GA27944@boerne.fritz.box [3] http://lkml.kernel.org/r/20161223105157.GB23109@dhcp22.suse.cz This patch (of 8): The trace point is not used since 925b7673cce3 ("mm: make per-memcg LRU lists exclusive") so it can be removed. Link: http://lkml.kernel.org/r/20170104101942.4860-2-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Hillf Danton Acked-by: Mel Gorman Acked-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/trace/events/vmscan.h | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) commit 175ad4f1e7a29c8f914254e2e6316c50671e027a Author: Andrea Arcangeli Date: Wed Feb 22 15:44:12 2017 -0800 mm: mprotect: use pmd_trans_unstable instead of taking the pmd_lock pmd_trans_unstable does an atomic read on the pmd so it doesn't require the pmd_lock for the same check. This also removes the special assumption that the mmap_sem is hold for writing if prot_numa is not set. userfaultfd will hold the mmap_sem only for reading in change_pte_range like prot_numa, but it will not set prot_numa. This is always a valid micro-optimization regardless of userfaultfd. [kirill@shutemov.name: drop unneeded pmd_trans_unstable(pmd) check after __split_huge_pmd()] Link: http://lkml.kernel.org/r/20170208120421.GE5578@node.shutemov.name Link: http://lkml.kernel.org/r/20161216144821.5183-43-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Cc: "Kirill A. Shutemov" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mprotect.c | 46 +++++++++++++++------------------------------- 1 file changed, 15 insertions(+), 31 deletions(-) commit 7a0c4cf85b856430af62a907dd65dfc51438d24f Author: Andrea Arcangeli Date: Wed Feb 22 15:44:10 2017 -0800 userfaultfd: selftest: test UFFDIO_ZEROPAGE on all memory types This will verify -EINVAL is returned with hugetlbfs/shmem and it'll do a functional test of UFFDIO_ZEROPAGE on anonymous memory. Link: http://lkml.kernel.org/r/20161216144821.5183-42-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/userfaultfd.c | 82 +++++++++++++++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) commit da5502c0a39b7ba28f403a4b87d1dd690e7829bf Author: Mike Rapoport Date: Wed Feb 22 15:44:06 2017 -0800 userfaultfd: non-cooperative: selftest: add test for FORK, MADVDONTNEED and REMAP events Add test for userfaultfd events used in non-cooperative scenario when the process that monitors the userfaultfd and handles user faults is not the same process that causes the page faults. Link: http://lkml.kernel.org/r/20161216144821.5183-41-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/userfaultfd.c | 175 ++++++++++++++++++++++++++++--- 1 file changed, 163 insertions(+), 12 deletions(-) commit aa0d27217477acbc1cfcc4fdaa4de4f3ce545b4e Author: Mike Rapoport Date: Wed Feb 22 15:44:04 2017 -0800 userfaultfd: non-cooperative: selftest: add ufd parameter to copy_page With future addition of event tests, copy_page will be called with different userfault file descriptors Link: http://lkml.kernel.org/r/20161216144821.5183-40-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/userfaultfd.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 6228b8f2d15bc9a9b76d6b209a8b760a642fa996 Author: Mike Rapoport Date: Wed Feb 22 15:44:01 2017 -0800 userfaultfd: non-cooperative: selftest: introduce userfaultfd_open userfaultfd_open will be needed by the non cooperative selftest. Link: http://lkml.kernel.org/r/20161216144821.5183-39-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/userfaultfd.c | 41 +++++++++++++++++++------------- 1 file changed, 25 insertions(+), 16 deletions(-) commit 47dd924508f5fb10480afc69de04539fa3d14034 Author: Andrea Arcangeli Date: Wed Feb 22 15:43:58 2017 -0800 userfaultfd: hugetlbfs: UFFD_FEATURE_MISSING_SHMEM Userland developers asked to be notified immediately by the UFFDIO_API ioctl if shmem missing mode is supported by userfaultfd in the running kernel. This avoids the need to run UFFDIO_REGISTER on a shmem virtual memory range to find out. Link: http://lkml.kernel.org/r/20161216144821.5183-38-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/uapi/linux/userfaultfd.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit cb658a453b9327ce96ce5222c24d162b5b65b564 Author: Andrea Arcangeli Date: Wed Feb 22 15:43:55 2017 -0800 userfaultfd: shmem: avoid leaking blocks and used blocks in UFFDIO_COPY If the atomic copy_user fails because of a real dangling userland pointer, we won't go back into the shmem method, so when the method returns it must not leave anything charged up, except the page itself. Link: http://lkml.kernel.org/r/20161216144821.5183-37-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) commit a425d3584e7e69587aa441e91c7ffce7f47004d7 Author: Andrea Arcangeli Date: Wed Feb 22 15:43:52 2017 -0800 userfaultfd: shmem: avoid a lockup resulting from corrupted page->flags Use the non atomic version of __SetPageUptodate while the page is still private and not visible to lookup operations. Using the non atomic version after the page is already visible to lookups is unsafe as there would be concurrent lock_page operation modifying the page->flags while it runs. This solves a lockup in find_lock_entry with the userfaultfd_shmem selftest. userfaultfd_shm D14296 691 1 0x00000004 Call Trace: schedule+0x3d/0x90 schedule_timeout+0x228/0x420 io_schedule_timeout+0xa4/0x110 __lock_page+0x12d/0x170 find_lock_entry+0xa4/0x190 shmem_getpage_gfp+0xb9/0xc30 shmem_fault+0x70/0x1c0 __do_fault+0x21/0x150 handle_mm_fault+0xec9/0x1490 __do_page_fault+0x20d/0x520 trace_do_page_fault+0x61/0x270 do_async_page_fault+0x19/0x80 async_page_fault+0x25/0x30 Link: http://lkml.kernel.org/r/20170116180408.12184-2-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Reported-by: Mike Rapoport Acked-by: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 9cc90c664a65f9b6b9f3ce1c719f1308539427bd Author: Andrea Arcangeli Date: Wed Feb 22 15:43:49 2017 -0800 userfaultfd: shmem: lock the page before adding it to pagecache A VM_BUG_ON triggered on the shmem selftest. Link: http://lkml.kernel.org/r/20161216144821.5183-36-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 5 +++++ 1 file changed, 5 insertions(+) commit 419624daf0e827452837177c4b983dc0f1b6429f Author: Mike Rapoport Date: Wed Feb 22 15:43:46 2017 -0800 userfaultfd: shmem: add userfaultfd_shmem test The test verifies that anonymous shared mapping can be used with userfault using the existing testing method. The shared memory area is allocated using mmap(..., MAP_SHARED | MAP_ANONYMOUS, ...) and released using madvise(MADV_REMOVE) Link: http://lkml.kernel.org/r/20161216144821.5183-35-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/Makefile | 4 ++++ tools/testing/selftests/vm/run_vmtests | 11 ++++++++++ tools/testing/selftests/vm/userfaultfd.c | 37 ++++++++++++++++++++++++++++++-- 3 files changed, 50 insertions(+), 2 deletions(-) commit 1c9e8def43a3452e7af658b340f5f4f4ecde5c38 Author: Mike Kravetz Date: Wed Feb 22 15:43:43 2017 -0800 userfaultfd: hugetlbfs: add UFFDIO_COPY support for shared mappings When userfaultfd hugetlbfs support was originally added, it followed the pattern of anon mappings and did not support any vmas marked VM_SHARED. As such, support was only added for private mappings. Remove this limitation and support shared mappings. The primary functional change required is adding pages to the page cache. More subtle changes are required for huge page reservation handling in error paths. A lengthy comment in the code describes the reservation handling. [mike.kravetz@oracle.com: update] Link: http://lkml.kernel.org/r/c9c8cafe-baa7-05b4-34ea-1dfa5523a85f@oracle.com Link: http://lkml.kernel.org/r/1487195210-12839-1-git-send-email-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Reviewed-by: Andrea Arcangeli Cc: Andrew Morton Cc: Mike Rapoport Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 26 ++++++++++++++++++-- mm/userfaultfd.c | 74 ++++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 82 insertions(+), 18 deletions(-) commit cac673292b9b39493bb0ff526b96c83ace6fdcd0 Author: Mike Rapoport Date: Wed Feb 22 15:43:40 2017 -0800 userfaultfd: shmem: allow registration of shared memory ranges Expand the userfaultfd_register/unregister routines to allow shared memory VMAs. Currently, there is no UFFDIO_ZEROPAGE and write-protection support for shared memory VMAs, which is reflected in ioctl methods supported by uffdio_register. Link: http://lkml.kernel.org/r/20161216144821.5183-34-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 21 +++++++-------------- include/uapi/linux/userfaultfd.h | 2 +- tools/testing/selftests/vm/userfaultfd.c | 2 +- 3 files changed, 9 insertions(+), 16 deletions(-) commit cfda05267f7bd02b5ae5ac6a37fbbdf3b9c41b57 Author: Mike Rapoport Date: Wed Feb 22 15:43:37 2017 -0800 userfaultfd: shmem: add userfaultfd hook for shared memory faults When processing a page fault in shared memory area for not present page, check the VMA determine if faults are to be handled by userfaultfd. If so, delegate the page fault to handle_userfault. Link: http://lkml.kernel.org/r/20161216144821.5183-33-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) commit 26071cedc519b822f69cc42dba9be969d2cdeb19 Author: Mike Rapoport Date: Wed Feb 22 15:43:34 2017 -0800 userfaultfd: shmem: use shmem_mcopy_atomic_pte for shared memory The shmem_mcopy_atomic_pte implements low lever part of UFFDIO_COPY operation for shared memory VMAs. It's based on mcopy_atomic_pte with adjustments necessary for shared memory pages. Link: http://lkml.kernel.org/r/20161216144821.5183-32-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/userfaultfd.c | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) commit 95cc09d66f523895635eca8aa1f9bc7419e60e32 Author: Andrea Arcangeli Date: Wed Feb 22 15:43:31 2017 -0800 userfaultfd: shmem: add tlbflush.h header for microblaze It resolves this build error: All errors (new ones prefixed by >>): mm/shmem.c: In function 'shmem_mcopy_atomic_pte': >> mm/shmem.c:2228:2: error: implicit declaration of function 'update_mmu_cache' [-Werror=implicit-function-declaration] update_mmu_cache(dst_vma, dst_addr, dst_pte); microblaze may have to be also updated to define it in asm/pgtable.h like the other archs, then this header inclusion can be removed. Link: http://lkml.kernel.org/r/20161216144821.5183-31-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 2 ++ 1 file changed, 2 insertions(+) commit b0506e488da5cf2f07f3a4f6d7acaa8f459ad714 Author: Mike Rapoport Date: Wed Feb 22 15:43:28 2017 -0800 userfaultfd: shmem: introduce vma_is_shmem Currently userfault relies on vma_is_anonymous and vma_is_hugetlb to ensure compatibility of a VMA with userfault. Introduction of vma_is_shmem allows detection if tmpfs backed VMAs, so that they may be used with userfaultfd. Current implementation presumes usage of vma_is_shmem only by slow path routines in userfaultfd, therefore the vma_is_shmem is not made inline to leave the few remaining free bits in vm_flags. Link: http://lkml.kernel.org/r/20161216144821.5183-30-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 10 ++++++++++ mm/shmem.c | 5 +++++ 2 files changed, 15 insertions(+) commit 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e Author: Mike Rapoport Date: Wed Feb 22 15:43:25 2017 -0800 userfaultfd: shmem: add shmem_mcopy_atomic_pte for userfaultfd support shmem_mcopy_atomic_pte is the low level routine that implements the userfaultfd UFFDIO_COPY command. It is based on the existing mcopy_atomic_pte routine with modifications for shared memory pages. Link: http://lkml.kernel.org/r/20161216144821.5183-29-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/shmem_fs.h | 11 +++++ mm/shmem.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 121 insertions(+) commit ba6907db6de17cf90c4fc67f3eb1d1d37dd0b7ac Author: Mike Rapoport Date: Wed Feb 22 15:43:22 2017 -0800 userfaultfd: introduce vma_can_userfault Check whether a VMA can be used with userfault in more compact way Link: http://lkml.kernel.org/r/20161216144821.5183-28-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Acked-by: Hillf Danton Cc: "Dr. David Alan Gilbert" Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit 163e11bc4f6ebbfcfdf751c108bd212a26e492ee Author: Andrea Arcangeli Date: Wed Feb 22 15:43:19 2017 -0800 userfaultfd: hugetlbfs: UFFD_FEATURE_MISSING_HUGETLBFS Userland developers asked to be notified immediately by the UFFDIO_API ioctl if hugetlbfs missing mode is supported by userfaultfd in the running kernel. This avoids the need to run UFFDIO_REGISTER on a hugetlbfs virtual memory range to find out. Link: http://lkml.kernel.org/r/20161216144821.5183-27-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/uapi/linux/userfaultfd.h | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) commit 21205bf8f77b23484966cb057ceaec860cc400b3 Author: Mike Kravetz Date: Wed Feb 22 15:43:16 2017 -0800 userfaultfd: hugetlbfs: reserve count on error in __mcopy_atomic_hugetlb If __mcopy_atomic_hugetlb exits with an error, put_page will be called if a huge page was allocated and needs to be freed. If a reservation was associated with the huge page, the PagePrivate flag will be set. Clear PagePrivate before calling put_page/free_huge_page so that the global reservation count is not incremented. Link: http://lkml.kernel.org/r/20161216144821.5183-26-aarcange@redhat.com Signed-off-by: Mike Kravetz Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/userfaultfd.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) commit 87ffc118b54dcd4cc642723603d944673248152f Author: Andrea Arcangeli Date: Wed Feb 22 15:43:13 2017 -0800 userfaultfd: hugetlbfs: gup: support VM_FAULT_RETRY Add support for VM_FAULT_RETRY to follow_hugetlb_page() so that get_user_pages_unlocked/locked and "nonblocking/FOLL_NOWAIT" features will work on hugetlbfs. This is required for fully functional userfaultfd non-present support on hugetlbfs. Link: http://lkml.kernel.org/r/20161216144821.5183-25-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Reviewed-by: Mike Kravetz Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/hugetlb.h | 5 +++-- mm/gup.c | 2 +- mm/hugetlb.c | 48 ++++++++++++++++++++++++++++++++++++++++-------- 3 files changed, 44 insertions(+), 11 deletions(-) commit 369cd2121be440543280b91056de187f625d0dbb Author: Mike Kravetz Date: Wed Feb 22 15:43:10 2017 -0800 userfaultfd: hugetlbfs: userfaultfd_huge_must_wait for hugepmd ranges Add routine userfaultfd_huge_must_wait which has the same functionality as the existing userfaultfd_must_wait routine. Only difference is that new routine must handle page table structure for hugepmd vmas. Link: http://lkml.kernel.org/r/20161216144821.5183-24-aarcange@redhat.com Signed-off-by: Mike Kravetz Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) commit 9903bd7b73ef0dec429e951009b36643eb0fe239 Author: Mike Kravetz Date: Wed Feb 22 15:43:07 2017 -0800 userfaultfd: hugetlbfs: add userfaultfd_hugetlb test Test userfaultfd hugetlb functionality by using the existing testing method (in userfaultfd.c). Instead of an anonymous memeory, a hugetlbfs file is mmap'ed private. In this way fallocate hole punch can be used to release pages. This is because madvise(MADV_DONTNEED) is not supported for huge pages. Use the same file, but create wrappers for allocating ranges and releasing pages. Compile userfaultfd.c with HUGETLB_TEST defined to produce an executable to test userfaultfd hugetlb functionality. Link: http://lkml.kernel.org/r/20161216144821.5183-23-aarcange@redhat.com Signed-off-by: Mike Kravetz Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/selftests/vm/Makefile | 4 + tools/testing/selftests/vm/run_vmtests | 13 +++ tools/testing/selftests/vm/userfaultfd.c | 161 +++++++++++++++++++++++++++---- 3 files changed, 161 insertions(+), 17 deletions(-) commit cab350afcbc9c8a744e0d164d1c26560568f770b Author: Mike Kravetz Date: Wed Feb 22 15:43:04 2017 -0800 userfaultfd: hugetlbfs: allow registration of ranges containing huge pages Expand the userfaultfd_register/unregister routines to allow VM_HUGETLB vmas. huge page alignment checking is performed after a VM_HUGETLB vma is encountered. Also, since there is no UFFDIO_ZEROPAGE support for huge pages do not return that as a valid ioctl method for huge page ranges. Link: http://lkml.kernel.org/r/20161216144821.5183-22-aarcange@redhat.com Signed-off-by: Mike Kravetz Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 55 ++++++++++++++++++++++++++++++++++++---- include/uapi/linux/userfaultfd.h | 3 +++ 2 files changed, 53 insertions(+), 5 deletions(-) commit 1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45 Author: Mike Kravetz Date: Wed Feb 22 15:43:01 2017 -0800 userfaultfd: hugetlbfs: add userfaultfd hugetlb hook When processing a hugetlb fault for no page present, check the vma to determine if faults are to be handled via userfaultfd. If so, drop the hugetlb_fault_mutex and call handle_userfault(). Link: http://lkml.kernel.org/r/20161216144821.5183-21-aarcange@redhat.com Signed-off-by: Mike Kravetz Signed-off-by: Andrea Arcangeli Acked-by: Hillf Danton Cc: "Dr. David Alan Gilbert" Cc: Michael Rapoport Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) commit 810a56b943e265bbabfcd5a8e54cb8d3b16cd6e4 Author: Mike Kravetz Date: Wed Feb 22 15:42:58 2017 -0800 userfaultfd: hugetlbfs: fix __mcopy_atomic_hugetlb retry/error processing The new routine copy_huge_page_from_user() uses kmap_atomic() to map PAGE_SIZE pages. However, this prevents page faults in the subsequent call to copy_from_user(). This is OK in the case where the routine is copied with mmap_sema held. However, in another case we want to allow page faults. So, add a new argument allow_pagefault to indicate if the routine should allow page faults. [dan.carpenter@oracle.com: unmap the correct pointer] Link: http://lkml.kernel.org/r/20170113082608.GA3548@mwanda [akpm@linux-foundation.org: kunmap() takes a page*, per Hugh] Link: http://lkml.kernel.org/r/20161216144821.5183-20-aarcange@redhat.com Signed-off-by: Mike Kravetz Signed-off-by: Andrea Arcangeli Signed-off-by: Dan Carpenter Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Rapoport Cc: Pavel Emelyanov Cc: Hugh Dickins Cc: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 3 ++- mm/hugetlb.c | 2 +- mm/memory.c | 13 ++++++++++--- mm/userfaultfd.c | 2 +- 4 files changed, 14 insertions(+), 6 deletions(-) commit 60d4d2d2b40e44cd36bfb6049e8d9e2055a24f8a Author: Mike Kravetz Date: Wed Feb 22 15:42:55 2017 -0800 userfaultfd: hugetlbfs: add __mcopy_atomic_hugetlb for huge page UFFDIO_COPY __mcopy_atomic_hugetlb performs the UFFDIO_COPY operation for huge pages. It is based on the existing __mcopy_atomic routine for normal pages. Unlike normal pages, there is no huge page support for the UFFDIO_ZEROPAGE operation. Link: http://lkml.kernel.org/r/20161216144821.5183-19-aarcange@redhat.com Signed-off-by: Mike Kravetz Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/userfaultfd.c | 186 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 186 insertions(+) commit 8fb5debc5fcd450470cdd789c2d80ef95ebb8cf4 Author: Mike Kravetz Date: Wed Feb 22 15:42:52 2017 -0800 userfaultfd: hugetlbfs: add hugetlb_mcopy_atomic_pte for userfaultfd support hugetlb_mcopy_atomic_pte is the low level routine that implements the userfaultfd UFFDIO_COPY command. It is based on the existing mcopy_atomic_pte routine with modifications for huge pages. Link: http://lkml.kernel.org/r/20161216144821.5183-18-aarcange@redhat.com Signed-off-by: Mike Kravetz Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/hugetlb.h | 7 +++++ mm/hugetlb.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) commit fa4d75c1de13299c61b5e18a1ae46bc00888b599 Author: Mike Kravetz Date: Wed Feb 22 15:42:49 2017 -0800 userfaultfd: hugetlbfs: add copy_huge_page_from_user for hugetlb userfaultfd support userfaultfd UFFDIO_COPY allows user level code to copy data to a page at fault time. The data is copied from user space to a newly allocated huge page. The new routine copy_huge_page_from_user performs this copy. Link: http://lkml.kernel.org/r/20161216144821.5183-17-aarcange@redhat.com Signed-off-by: Mike Kravetz Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 3 +++ mm/memory.c | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+) commit 09fa5296a40d01e014b4851def20b975feb98fd5 Author: Andrea Arcangeli Date: Wed Feb 22 15:42:46 2017 -0800 userfaultfd: non-cooperative: wake userfaults after UFFDIO_UNREGISTER Userfaults may still happen after the userfaultfd monitor thread received a UFFD_EVENT_MADVDONTNEED until UFFDIO_UNREGISTER is run. Wake any pending userfault within UFFDIO_UNREGISTER protected by the mmap_sem for writing, so they will not be reported to userland leading to UFFDIO_COPY returning -EINVAL (as the range was already unregistered) and they will not hang permanently either. Link: http://lkml.kernel.org/r/20161216144821.5183-16-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 0594f58dbd954f7747553c041d7cbbf9b6ef1947 Author: Andrea Arcangeli Date: Wed Feb 22 15:42:43 2017 -0800 userfaultfd: non-cooperative: avoid MADV_DONTNEED race condition MADV_DONTNEED must be notified to userland before the pages are zapped. This allows userland to immediately stop adding pages to the userfaultfd ranges before the pages are actually zapped or there could be non-zeropage leftovers as result of concurrent UFFDIO_COPY run in between zap_page_range and madvise_userfault_dontneed (both MADV_DONTNEED and UFFDIO_COPY runs under the mmap_sem for reading, so they can run concurrently). Link: http://lkml.kernel.org/r/20161216144821.5183-15-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/madvise.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 05ce77249d5068b057082d24ec22d3824f4816ac Author: Pavel Emelyanov Date: Wed Feb 22 15:42:40 2017 -0800 userfaultfd: non-cooperative: add madvise() event for MADV_DONTNEED request If the page is punched out of the address space the uffd reader should know this and zeromap the respective area in case of the #PF event. Link: http://lkml.kernel.org/r/20161216144821.5183-14-aarcange@redhat.com Signed-off-by: Pavel Emelyanov Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 28 ++++++++++++++++++++++++++++ include/linux/userfaultfd_k.h | 12 ++++++++++++ include/uapi/linux/userfaultfd.h | 10 +++++++++- mm/madvise.c | 2 ++ 4 files changed, 51 insertions(+), 1 deletion(-) commit 90794bf19dc19691a16b71bcd75c04094d9e392d Author: Andrea Arcangeli Date: Wed Feb 22 15:42:37 2017 -0800 userfaultfd: non-cooperative: optimize mremap_userfaultfd_complete() Optimize the mremap_userfaultfd_complete() interface to pass only the vm_userfaultfd_ctx pointer through the stack as a microoptimization. Link: http://lkml.kernel.org/r/20161216144821.5183-13-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Reported-by: Hillf Danton Acked-by: Mike Rapoport Cc: "Dr. David Alan Gilbert" Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 4 ++-- include/linux/userfaultfd_k.h | 4 ++-- mm/mremap.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) commit 72f87654c69690ff4721bd9b4a39983f971de9a5 Author: Pavel Emelyanov Date: Wed Feb 22 15:42:34 2017 -0800 userfaultfd: non-cooperative: add mremap() event The event denotes that an area [start:end] moves to different location. Length change isn't reported as "new" addresses, if they appear on the uffd reader side they will not contain any data and the latter can just zeromap them. Waiting for the event ACK is also done outside of mmap sem, as for fork event. Link: http://lkml.kernel.org/r/20161216144821.5183-12-aarcange@redhat.com Signed-off-by: Pavel Emelyanov Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 37 +++++++++++++++++++++++++++++++++++++ include/linux/userfaultfd_k.h | 17 +++++++++++++++++ include/uapi/linux/userfaultfd.h | 11 ++++++++++- mm/mremap.c | 17 ++++++++++++----- 4 files changed, 76 insertions(+), 6 deletions(-) commit d3aadc8ed4cb447981ecf34f9af71cddc6cf907d Author: Mike Rapoport Date: Wed Feb 22 15:42:30 2017 -0800 userfaultfd: non-cooperative: dup_userfaultfd: use mm_count instead of mm_users Since commit d2005e3f41d4 ("userfaultfd: don't pin the user memory in userfaultfd_file_create()") userfaultfd uses mm_count rather than mm_users to pin mm_struct. Make dup_userfaultfd consistent with this behaviour Link: http://lkml.kernel.org/r/20161216144821.5183-11-aarcange@redhat.com Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 893e26e61d04eac974ded0c11e1647b335c8cb7b Author: Pavel Emelyanov Date: Wed Feb 22 15:42:27 2017 -0800 userfaultfd: non-cooperative: Add fork() event When the mm with uffd-ed vmas fork()-s the respective vmas notify their uffds with the event which contains a descriptor with new uffd. This new descriptor can then be used to get events from the child and populate its mm with data. Note, that there can be different uffd-s controlling different vmas within one mm, so first we should collect all those uffds (and ctx-s) in a list and then notify them all one by one but only once per fork(). The context is created at fork() time but the descriptor, file struct and anon inode object is created at event read time. So some trickery is added to the userfaultfd_ctx_read() to handle the ctx queues' locking vs file creation. Another thing worth noticing is that the task that fork()-s waits for the uffd event to get processed WITHOUT the mmap sem. [aarcange@redhat.com: build warning fix] Link: http://lkml.kernel.org/r/20161216144821.5183-10-aarcange@redhat.com Link: http://lkml.kernel.org/r/20161216144821.5183-9-aarcange@redhat.com Signed-off-by: Pavel Emelyanov Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 148 ++++++++++++++++++++++++++++++++++++++- include/linux/userfaultfd_k.h | 13 ++++ include/uapi/linux/userfaultfd.h | 15 ++-- kernel/fork.c | 10 ++- 4 files changed, 170 insertions(+), 16 deletions(-) commit 656031445d5a855e1c13b291dedae32579d0f3f2 Author: Andrea Arcangeli Date: Wed Feb 22 15:42:24 2017 -0800 userfaultfd: non-cooperative: report all available features to userland This will allow userland to probe all features available in the kernel. It will however only enable the requested features in the open userfaultfd context. Link: http://lkml.kernel.org/r/20161216144821.5183-8-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 9cd75c3cd4c3d06aa0c4ed8ef5327d811a8b6cff Author: Pavel Emelyanov Date: Wed Feb 22 15:42:21 2017 -0800 userfaultfd: non-cooperative: add ability to report non-PF events from uffd descriptor The custom events are queued in ctx->event_wqh not to disturb the fast-path-ed PF queue-wait-wakeup functions. The events to be generated (other than PF-s) are requested in UFFD_API ioctl with the uffd_api.features bits. Those, known by the kernel, are then turned on and reported back to the user-space. Link: http://lkml.kernel.org/r/20161216144821.5183-7-aarcange@redhat.com Signed-off-by: Pavel Emelyanov Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 96 insertions(+), 2 deletions(-) commit 6dcc27fd39437f77057322cf314cc545bf0e4863 Author: Pavel Emelyanov Date: Wed Feb 22 15:42:18 2017 -0800 userfaultfd: non-cooperative: Split the find_userfault() routine I will need one to lookup for userfaultfd_wait_queue-s in different wait queue Link: http://lkml.kernel.org/r/20161216144821.5183-6-aarcange@redhat.com Signed-off-by: Pavel Emelyanov Signed-off-by: Mike Rapoport Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit a94720bf821dd63e72176da5f423ba7935dde67d Author: Andrea Arcangeli Date: Wed Feb 22 15:42:15 2017 -0800 userfaultfd: use vma_is_anonymous Cleanup the vma->vm_ops usage. Side note: it would be more robust if vma_is_anonymous() would also check that vm_flags hasn't VM_PFNMAP set. Link: http://lkml.kernel.org/r/20161216144821.5183-5-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 8 ++++---- mm/userfaultfd.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) commit 8474901a33d8a27958bfa99e78736863abd67874 Author: Andrea Arcangeli Date: Wed Feb 22 15:42:12 2017 -0800 userfaultfd: convert BUG() to WARN_ON_ONCE() Avoid BUG_ON()s and only WARN instead. This is just a cleanup, it can't make any runtime difference. This BUG_ON has never triggered and cannot trigger. Link: http://lkml.kernel.org/r/20161216144821.5183-4-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a4605a61d642fe9b9de050d356432ecac82cc701 Author: Andrea Arcangeli Date: Wed Feb 22 15:42:09 2017 -0800 userfaultfd: correct comment about UFFD_FEATURE_PAGEFAULT_FLAG_WP Minor comment correction. Link: http://lkml.kernel.org/r/20161216144821.5183-3-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Cc: "Dr. David Alan Gilbert" Cc: Hillf Danton Cc: Michael Rapoport Cc: Mike Kravetz Cc: Mike Rapoport Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e067eba5871c6922539dc1728699c14e6b22590f Author: Andrea Arcangeli Date: Wed Feb 22 15:42:06 2017 -0800 userfaultfd: document _IOR/_IOW Patch series "userfaultfd tmpfs/hugetlbfs/non-cooperative", v2 These userfaultfd features are finished and are ready for larger exposure in -mm and upstream merging. 1) tmpfs non present userfault 2) hugetlbfs non present userfault 3) non cooperative userfault for fork/madvise/mremap qemu development code is already exercising 2) and container postcopy live migration needs 3). 1) is not currently used but there's a self test and we know some qemu user for various reasons uses tmpfs as backing for KVM so it'll need it too to use postcopy live migration with tmpfs memory. All review feedback from the previous submit has been handled and the fixes are included. There's no outstanding issue AFIK. Upstream code just did a s/fe/vmf/ conversion in the page faults and this has been converted as well incrementally. In addition to the previous submits, this also wakes up stuck userfaults during UFFDIO_UNREGISTER. The non cooperative testcase actually reproduced this problem by getting stuck instead of quitting clean in some rare case as it could call UFFDIO_UNREGISTER while some userfault could be still in flight. The other option would have been to keep leaving it up to userland to serialize itself and to patch the testcase instead but the wakeup during unregister I think is preferable. David also asked the UFFD_FEATURE_MISSING_HUGETLBFS and UFFD_FEATURE_MISSING_SHMEM feature flags to be added so QEMU can avoid to probe if the hugetlbfs/shmem missing support is available by calling UFFDIO_REGISTER. QEMU already checks HUGETLBFS_MAGIC with fstatfs so if UFFD_FEATURE_MISSING_HUGETLBFS is also set, it knows UFFDIO_REGISTER will succeed (or if it fails, it's for some other more concerning reason). There's no reason to worry about adding too many feature flags. There are 64 available and worst case we've to bump the API if someday we're really going to run out of them. The round-trip network latency of hugetlbfs userfaults during postcopy live migration is still of the order of dozen milliseconds on 10GBit if at 2MB hugepage granularity so it's working perfectly and it should provide for higher bandwidth or lower CPU usage (which makes it interesting to add an option in the future to support THP granularity too for anonymous memory, UFFDIO_COPY would then have to create THP if alignment/len allows for it). 1GB hugetlbfs granularity will require big changes in hugetlbfs to work so it's deferred for later. This patch (of 42): This adds proper documentation (inline) to avoid the risk of further misunderstandings about the semantics of _IOW/_IOR and it also reminds whoever will bump the UFFDIO_API in the future, to change the two ioctl to _IOW. This was found while implementing strace support for those ioctl, otherwise we could have never found it by just reviewing kernel code and testing it. _IOC_READ or _IOC_WRITE alters nothing but the ioctl number itself, so it's only worth fixing if the UFFDIO_API is bumped someday. Link: http://lkml.kernel.org/r/20161216144821.5183-2-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Reported-by: "Dmitry V. Levin" Cc: Michael Rapoport Cc: "Dr. David Alan Gilbert" Cc: Mike Kravetz Cc: Pavel Emelyanov Cc: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/uapi/asm-generic/ioctl.h | 10 +++++++++- include/uapi/linux/userfaultfd.h | 6 ++++++ 2 files changed, 15 insertions(+), 1 deletion(-) commit 65190cff3cc108b72e42cce67ed8b73dbad6b731 Author: Michal Hocko Date: Wed Feb 22 15:42:03 2017 -0800 oom, trace: add compaction retry tracepoint Higher order requests oom debugging is currently quite hard. We do have some compaction points which can tell us how the compaction is operating but there is no trace point to tell us about compaction retry logic. This patch adds a one which will have the following format bash-3126 [001] .... 1498.220001: compact_retry: order=9 priority=COMPACT_PRIO_SYNC_LIGHT compaction_result=withdrawn retries=0 max_retries=16 should_retry=0 we can see that the order 9 request is not retried even though we are in the highest compaction priority mode becase the last compaction attempt was withdrawn. This means that compaction_zonelist_suitable must have returned false and there is no suitable zone to compact for this request and so no need to retry further. another example would be <...>-3137 [001] .... 81.501689: compact_retry: order=9 priority=COMPACT_PRIO_SYNC_LIGHT compaction_result=failed retries=0 max_retries=16 should_retry=0 in this case the order-9 compaction failed to find any suitable block. We do not retry anymore because this is a costly request and those do not go below COMPACT_PRIO_SYNC_LIGHT priority. Link: http://lkml.kernel.org/r/20161220130135.15719-4-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Cc: David Rientjes Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/trace/events/mmflags.h | 26 ++++++++++++++++++++++++++ include/trace/events/oom.h | 39 +++++++++++++++++++++++++++++++++++++++ mm/page_alloc.c | 22 ++++++++++++++++------ 3 files changed, 81 insertions(+), 6 deletions(-) commit d379f01de09570e06d84b4b09e5f4951821a1dc8 Author: Michal Hocko Date: Wed Feb 22 15:42:00 2017 -0800 oom, trace: add oom detection tracepoints should_reclaim_retry is the central decision point for declaring the OOM. It might be really useful to expose data used for this decision making when debugging an unexpected oom situations. Say we have an OOM report: [ 52.264001] mem_eater invoked oom-killer: gfp_mask=0x24280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), nodemask=0, order=0, oom_score_adj=0 [ 52.267549] CPU: 3 PID: 3148 Comm: mem_eater Tainted: G W 4.8.0-oomtrace3-00006-gb21338b386d2 #1024 Now we can check the tracepoint data to see how we have ended up in this situation: mem_eater-3148 [003] .... 52.432801: reclaim_retry_zone: node=0 zone=DMA32 order=0 reclaimable=51 available=11134 min_wmark=11084 no_progress_loops=1 wmark_check=1 mem_eater-3148 [003] .... 52.433269: reclaim_retry_zone: node=0 zone=DMA32 order=0 reclaimable=51 available=11103 min_wmark=11084 no_progress_loops=1 wmark_check=1 mem_eater-3148 [003] .... 52.433712: reclaim_retry_zone: node=0 zone=DMA32 order=0 reclaimable=51 available=11100 min_wmark=11084 no_progress_loops=2 wmark_check=1 mem_eater-3148 [003] .... 52.434067: reclaim_retry_zone: node=0 zone=DMA32 order=0 reclaimable=51 available=11097 min_wmark=11084 no_progress_loops=3 wmark_check=1 mem_eater-3148 [003] .... 52.434414: reclaim_retry_zone: node=0 zone=DMA32 order=0 reclaimable=51 available=11094 min_wmark=11084 no_progress_loops=4 wmark_check=1 mem_eater-3148 [003] .... 52.434761: reclaim_retry_zone: node=0 zone=DMA32 order=0 reclaimable=51 available=11091 min_wmark=11084 no_progress_loops=5 wmark_check=1 mem_eater-3148 [003] .... 52.435108: reclaim_retry_zone: node=0 zone=DMA32 order=0 reclaimable=51 available=11087 min_wmark=11084 no_progress_loops=6 wmark_check=1 mem_eater-3148 [003] .... 52.435478: reclaim_retry_zone: node=0 zone=DMA32 order=0 reclaimable=51 available=11084 min_wmark=11084 no_progress_loops=7 wmark_check=0 mem_eater-3148 [003] .... 52.435478: reclaim_retry_zone: node=0 zone=DMA order=0 reclaimable=0 available=1126 min_wmark=179 no_progress_loops=7 wmark_check=0 The above shows that we can quickly deduce that the reclaim stopped making any progress (see no_progress_loops increased in each round) and while there were still some 51 reclaimable pages they couldn't be dropped for some reason (vmscan trace points would tell us more about that part). available will represent reclaimable + free_pages scaled down per no_progress_loops factor. This is essentially an optimistic estimate of how much memory we would have when reclaiming everything. This can be compared to min_wmark to get a rought idea but the wmark_check tells the result of the watermark check which is more precise (includes lowmem reserves, considers the order etc.). As we can see no zone is eligible in the end and that is why we have triggered the oom in this situation. Please note that higher order requests might fail on the wmark_check even when there is much more memory available than min_wmark - e.g. when the memory is fragmented. A follow up tracepoint will help to debug those situations. Link: http://lkml.kernel.org/r/20161220130135.15719-3-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Cc: David Rientjes Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/trace/events/oom.h | 42 ++++++++++++++++++++++++++++++++++++++++++ mm/page_alloc.c | 10 ++++++++-- 2 files changed, 50 insertions(+), 2 deletions(-) commit aff28015fe5396b7f2bf7f55863949d391eb75fb Author: Michal Hocko Date: Wed Feb 22 15:41:57 2017 -0800 mm, trace: extract COMPACTION_STATUS and ZONE_TYPE to a common header COMPACTION_STATUS resp. ZONE_TYPE are currently used to translate enum compact_result resp. struct zone index into their symbolic names for an easier post processing. The follow up patch would like to reuse this as well. The code involves some preprocessor black magic which is better not duplicated elsewhere so move it to a common mm tracing relate header. Link: http://lkml.kernel.org/r/20161220130135.15719-2-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Cc: David Rientjes Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/trace/events/compaction.h | 60 ++---------------------------------- include/trace/events/mmflags.h | 64 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 57 deletions(-) commit 4583e77310a2edf39ee91099fba3cd153a22a77b Author: Geliang Tang Date: Wed Feb 22 15:41:54 2017 -0800 mm/vmalloc.c: use rb_entry_safe Use rb_entry_safe() instead of open-coding it. Link: http://lkml.kernel.org/r/81bb9820e5b9e4a1c596b3e76f88abf8c4a76cb0.1482221947.git.geliangtang@gmail.com Signed-off-by: Geliang Tang Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 13ad59df67f19788f6c22985b1a33e466eceb643 Author: Vlastimil Babka Date: Wed Feb 22 15:41:51 2017 -0800 mm, page_alloc: avoid page_to_pfn() when merging buddies On architectures that allow memory holes, page_is_buddy() has to perform page_to_pfn() to check for the memory hole. After the previous patch, we have the pfn already available in __free_one_page(), which is the only caller of page_is_buddy(), so move the check there and avoid page_to_pfn(). Link: http://lkml.kernel.org/r/20161216120009.20064-2-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Mel Gorman Cc: Joonsoo Kim Cc: Michal Hocko Cc: "Kirill A. Shutemov" Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 10 +++++----- mm/page_isolation.c | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) commit 76741e776a37973a3e398d504069b3e55c5cc866 Author: Vlastimil Babka Date: Wed Feb 22 15:41:48 2017 -0800 mm, page_alloc: don't convert pfn to idx when merging In __free_one_page() we do the buddy merging arithmetics on "page/buddy index", which is just the lower MAX_ORDER bits of pfn. The operations we do that affect the higher bits are bitwise AND and subtraction (in that order), where the final result will be the same with the higher bits left unmasked, as long as these bits are equal for both buddies - which must be true by the definition of a buddy. We can therefore use pfn's directly instead of "index" and skip the zeroing of >MAX_ORDER bits. This can help a bit by itself, although compiler might be smart enough already. It also helps the next patch to avoid page_to_pfn() for memory hole checks. Link: http://lkml.kernel.org/r/20161216120009.20064-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Mel Gorman Cc: Joonsoo Kim Cc: Michal Hocko Cc: "Kirill A. Shutemov" Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/internal.h | 4 ++-- mm/page_alloc.c | 31 ++++++++++++++----------------- mm/page_isolation.c | 8 ++++---- 3 files changed, 20 insertions(+), 23 deletions(-) commit aa187507ef8bb3178a3312d851e8485bd81913c9 Author: Michal Hocko Date: Wed Feb 22 15:41:45 2017 -0800 mm: throttle show_mem() from warn_alloc() Tetsuo has been stressing OOM killer path with many parallel allocation requests when he has noticed that it is not all that hard to swamp kernel logs with warn_alloc messages caused by allocation stalls. Even though the allocation stall message is triggered only once in 10s there might be many different tasks hitting it roughly around the same time. A big part of the output is show_mem() which can generate a lot of output even on a small machines. There is no reason to show the state of memory counter for each allocation stall, especially when multiple of them are reported in a short time period. Chances are that not much has changed since the last report. This patch simply rate limits show_mem called from warn_alloc to only dump something once per second. This should be enough to give us a clue why an allocation might be stalling while burst of warnings will not swamp log with too much data. While we are at it, extract all the show_mem related handling (filters) into a separate function warn_alloc_show_mem. This will make the code cleaner and as a bonus point we can distinguish which part of warn_alloc got throttled due to rate limiting as ___ratelimit dumps the caller. [akpm@linux-foundation.org: reduce scope of the ratelimit_states] Link: http://lkml.kernel.org/r/20161215101510.9030-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Tetsuo Handa Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) commit f8005451d75f4879a93b12c14b162dd60f81ec56 Author: Hugh Dickins Date: Wed Feb 22 15:41:42 2017 -0800 tmpfs: change shmem_mapping() to test shmem_aops Callers of shmem_mapping() are interested in whether the mapping is swap backed - except for uprobes, which is interested in whether it should use shmem_read_mapping_page(). All these callers are better served by a shmem_mapping() which checks for shmem_aops, than the current version which goes through several indirections to find where the inode lives - and has the surprising effect that a private mmap of /dev/zero satisfies both vma_is_anonymous() and shmem_mapping(), when that device node is on devtmpfs. I don't think anything in the tree suffers from that surprise, but it caught me out, and is better fixed. Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1612052148530.13021@eggly.anvils Signed-off-by: Hugh Dickins Acked-by: Johannes Weiner Cc: Oleg Nesterov Cc: "Kirill A. Shutemov" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 1663f26df3df7df3720306ca67f5ea8296d68fa1 Author: Tejun Heo Date: Wed Feb 22 15:41:39 2017 -0800 slub: make sysfs directories for memcg sub-caches optional SLUB creates a per-cache directory under /sys/kernel/slab which hosts a bunch of debug files. Usually, there aren't that many caches on a system and this doesn't really matter; however, if memcg is in use, each cache can have per-cgroup sub-caches. SLUB creates the same directories for these sub-caches under /sys/kernel/slab/$CACHE/cgroup. Unfortunately, because there can be a lot of cgroups, active or draining, the product of the numbers of caches, cgroups and files in each directory can reach a very high number - hundreds of thousands is commonplace. Millions and beyond aren't difficult to reach either. What's under /sys/kernel/slab is primarily for debugging and the information and control on the a root cache already cover its sub-caches. While having a separate directory for each sub-cache can be helpful for development, it doesn't make much sense to pay this amount of overhead by default. This patch introduces a boot parameter slub_memcg_sysfs which determines whether to create sysfs directories for per-memcg sub-caches. It also adds CONFIG_SLUB_MEMCG_SYSFS_ON which determines the boot parameter's default value and defaults to 0. [akpm@linux-foundation.org: kset_unregister(NULL) is legal] Link: http://lkml.kernel.org/r/20170204145203.GB26958@mtj.duckdns.org Signed-off-by: Tejun Heo Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Vladimir Davydov Cc: Michal Hocko Cc: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/admin-guide/kernel-parameters.txt | 8 ++++++++ init/Kconfig | 14 +++++++++++++ mm/slub.c | 26 +++++++++++++++++++++++-- 3 files changed, 46 insertions(+), 2 deletions(-) commit 17cc4dfeda97636d67e83de8cd41940b65a93bc7 Author: Tejun Heo Date: Wed Feb 22 15:41:36 2017 -0800 slab: use memcg_kmem_cache_wq for slab destruction operations If there's contention on slab_mutex, queueing the per-cache destruction work item on the system_wq can unnecessarily create and tie up a lot of kworkers. Rename memcg_kmem_cache_create_wq to memcg_kmem_cache_wq and make it global and use that workqueue for the destruction work items too. While at it, convert the workqueue from an unbound workqueue to a per-cpu one with concurrency limited to 1. It's generally preferable to use per-cpu workqueues and concurrency limit of 1 is safe enough. This is suggested by Joonsoo Kim. Link: http://lkml.kernel.org/r/20170117235411.9408-11-tj@kernel.org Signed-off-by: Tejun Heo Reported-by: Jay Vana Acked-by: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/memcontrol.h | 1 + mm/memcontrol.c | 16 ++++++++-------- mm/slab_common.c | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) commit 50862ce711b3e9cf8511df7a356892e128b037d3 Author: Tejun Heo Date: Wed Feb 22 15:41:33 2017 -0800 slab: remove slub sysfs interface files early for empty memcg caches With kmem cgroup support enabled, kmem_caches can be created and destroyed frequently and a great number of near empty kmem_caches can accumulate if there are a lot of transient cgroups and the system is not under memory pressure. When memory reclaim starts under such conditions, it can lead to consecutive deactivation and destruction of many kmem_caches, easily hundreds of thousands on moderately large systems, exposing scalability issues in the current slab management code. This is one of the patches to address the issue. Each cache has a number of sysfs interface files under /sys/kernel/slab. On a system with a lot of memory and transient memcgs, the number of interface files which have to be removed once memory reclaim kicks in can reach millions. Link: http://lkml.kernel.org/r/20170117235411.9408-10-tj@kernel.org Signed-off-by: Tejun Heo Reported-by: Jay Vana Acked-by: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slub.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) commit 01fb58bcba63f8fba37581c24c99e9a515dd0335 Author: Tejun Heo Date: Wed Feb 22 15:41:30 2017 -0800 slab: remove synchronous synchronize_sched() from memcg cache deactivation path With kmem cgroup support enabled, kmem_caches can be created and destroyed frequently and a great number of near empty kmem_caches can accumulate if there are a lot of transient cgroups and the system is not under memory pressure. When memory reclaim starts under such conditions, it can lead to consecutive deactivation and destruction of many kmem_caches, easily hundreds of thousands on moderately large systems, exposing scalability issues in the current slab management code. This is one of the patches to address the issue. slub uses synchronize_sched() to deactivate a memcg cache. synchronize_sched() is an expensive and slow operation and doesn't scale when a huge number of caches are destroyed back-to-back. While there used to be a simple batching mechanism, the batching was too restricted to be helpful. This patch implements slab_deactivate_memcg_cache_rcu_sched() which slub can use to schedule sched RCU callback instead of performing synchronize_sched() synchronously while holding cgroup_mutex. While this adds online cpus, mems and slab_mutex operations, operating on these locks back-to-back from the same kworker, which is what's gonna happen when there are many to deactivate, isn't expensive at all and this gets rid of the scalability problem completely. Link: http://lkml.kernel.org/r/20170117235411.9408-9-tj@kernel.org Signed-off-by: Tejun Heo Reported-by: Jay Vana Acked-by: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/slab.h | 6 ++++++ mm/slab.h | 2 ++ mm/slab_common.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++ mm/slub.c | 12 +++++++---- 4 files changed, 76 insertions(+), 4 deletions(-) commit c9fc586403e7c85eee06b2d5dea14ce71c00fcd8 Author: Tejun Heo Date: Wed Feb 22 15:41:27 2017 -0800 slab: introduce __kmemcg_cache_deactivate() __kmem_cache_shrink() is called with %true @deactivate only for memcg caches. Remove @deactivate from __kmem_cache_shrink() and introduce __kmemcg_cache_deactivate() instead. Each memcg-supporting allocator should implement it and it should deactivate and drain the cache. This is to allow memcg cache deactivation behavior to further deviate from simple shrinking without messing up __kmem_cache_shrink(). This is pure reorganization and doesn't introduce any observable behavior changes. v2: Dropped unnecessary ifdef in mm/slab.h as suggested by Vladimir. Link: http://lkml.kernel.org/r/20170117235411.9408-8-tj@kernel.org Signed-off-by: Tejun Heo Acked-by: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.c | 11 +++++++++-- mm/slab.h | 3 ++- mm/slab_common.c | 4 ++-- mm/slob.c | 2 +- mm/slub.c | 39 ++++++++++++++++++++++----------------- 5 files changed, 36 insertions(+), 23 deletions(-) commit 510ded33e075c2bd662b1efab0110f4240325fc9 Author: Tejun Heo Date: Wed Feb 22 15:41:24 2017 -0800 slab: implement slab_root_caches list With kmem cgroup support enabled, kmem_caches can be created and destroyed frequently and a great number of near empty kmem_caches can accumulate if there are a lot of transient cgroups and the system is not under memory pressure. When memory reclaim starts under such conditions, it can lead to consecutive deactivation and destruction of many kmem_caches, easily hundreds of thousands on moderately large systems, exposing scalability issues in the current slab management code. This is one of the patches to address the issue. slab_caches currently lists all caches including root and memcg ones. This is the only data structure which lists the root caches and iterating root caches can only be done by walking the list while skipping over memcg caches. As there can be a huge number of memcg caches, this can become very expensive. This also can make /proc/slabinfo behave very badly. seq_file processes reads in 4k chunks and seeks to the previous Nth position on slab_caches list to resume after each chunk. With a lot of memcg cache churns on the list, reading /proc/slabinfo can become very slow and its content often ends up with duplicate and/or missing entries. This patch adds a new list slab_root_caches which lists only the root caches. When memcg is not enabled, it becomes just an alias of slab_caches. memcg specific list operations are collected into memcg_[un]link_cache(). Link: http://lkml.kernel.org/r/20170117235411.9408-7-tj@kernel.org Signed-off-by: Tejun Heo Reported-by: Jay Vana Acked-by: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/slab.h | 3 +++ mm/slab.h | 15 +++++++++++++ mm/slab_common.c | 59 ++++++++++++++++++++++++++++++---------------------- mm/slub.c | 1 + 4 files changed, 53 insertions(+), 25 deletions(-) commit bc2791f857e1984b7548d2a2de2ffb1a913dee62 Author: Tejun Heo Date: Wed Feb 22 15:41:21 2017 -0800 slab: link memcg kmem_caches on their associated memory cgroup With kmem cgroup support enabled, kmem_caches can be created and destroyed frequently and a great number of near empty kmem_caches can accumulate if there are a lot of transient cgroups and the system is not under memory pressure. When memory reclaim starts under such conditions, it can lead to consecutive deactivation and destruction of many kmem_caches, easily hundreds of thousands on moderately large systems, exposing scalability issues in the current slab management code. This is one of the patches to address the issue. While a memcg kmem_cache is listed on its root cache's ->children list, there is no direct way to iterate all kmem_caches which are assocaited with a memory cgroup. The only way to iterate them is walking all caches while filtering out caches which don't match, which would be most of them. This makes memcg destruction operations O(N^2) where N is the total number of slab caches which can be huge. This combined with the synchronous RCU operations can tie up a CPU and affect the whole machine for many hours when memory reclaim triggers offlining and destruction of the stale memcgs. This patch adds mem_cgroup->kmem_caches list which goes through memcg_cache_params->kmem_caches_node of all kmem_caches which are associated with the memcg. All memcg specific iterations, including stat file access, are updated to use the new list instead. Link: http://lkml.kernel.org/r/20170117235411.9408-6-tj@kernel.org Signed-off-by: Tejun Heo Reported-by: Jay Vana Acked-by: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/memcontrol.h | 1 + include/linux/slab.h | 3 +++ mm/memcontrol.c | 7 ++++--- mm/slab.h | 3 +++ mm/slab_common.c | 36 +++++++++++++++++++++++++++++------- 5 files changed, 40 insertions(+), 10 deletions(-) commit 9eeadc8b6e0e31f9aea1f8886ef472f62c2b7f55 Author: Tejun Heo Date: Wed Feb 22 15:41:17 2017 -0800 slab: reorganize memcg_cache_params We're going to change how memcg caches are iterated. In preparation, clean up and reorganize memcg_cache_params. * The shared ->list is replaced by ->children in root and ->children_node in children. * ->is_root_cache is removed. Instead ->root_cache is moved out of the child union and now used by both root and children. NULL indicates root cache. Non-NULL a memcg one. This patch doesn't cause any observable behavior changes. Link: http://lkml.kernel.org/r/20170117235411.9408-5-tj@kernel.org Signed-off-by: Tejun Heo Acked-by: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/slab.h | 33 ++++++++++++++++++++++++--------- mm/slab.h | 6 +++--- mm/slab_common.c | 25 +++++++++++++------------ 3 files changed, 40 insertions(+), 24 deletions(-) commit 657dc2f9722092e951de95a8109428994541440b Author: Tejun Heo Date: Wed Feb 22 15:41:14 2017 -0800 slab: remove synchronous rcu_barrier() call in memcg cache release path With kmem cgroup support enabled, kmem_caches can be created and destroyed frequently and a great number of near empty kmem_caches can accumulate if there are a lot of transient cgroups and the system is not under memory pressure. When memory reclaim starts under such conditions, it can lead to consecutive deactivation and destruction of many kmem_caches, easily hundreds of thousands on moderately large systems, exposing scalability issues in the current slab management code. This is one of the patches to address the issue. SLAB_DESTORY_BY_RCU caches need to flush all RCU operations before destruction because slab pages are freed through RCU and they need to be able to dereference the associated kmem_cache. Currently, it's done synchronously with rcu_barrier(). As rcu_barrier() is expensive time-wise, slab implements a batching mechanism so that rcu_barrier() can be done for multiple caches at the same time. Unfortunately, the rcu_barrier() is in synchronous path which is called while holding cgroup_mutex and the batching is too limited to be actually helpful. This patch updates the cache release path so that the batching is asynchronous and global. All SLAB_DESTORY_BY_RCU caches are queued globally and a work item consumes the list. The work item calls rcu_barrier() only once for all caches that are currently queued. * release_caches() is removed and shutdown_cache() now either directly release the cache or schedules a RCU callback to do that. This makes the cache inaccessible once shutdown_cache() is called and makes it impossible for shutdown_memcg_caches() to do memcg-specific cleanups afterwards. Move memcg-specific part into a helper, unlink_memcg_cache(), and make shutdown_cache() call it directly. Link: http://lkml.kernel.org/r/20170117235411.9408-4-tj@kernel.org Signed-off-by: Tejun Heo Reported-by: Jay Vana Acked-by: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab_common.c | 102 ++++++++++++++++++++++++++++++++----------------------- 1 file changed, 60 insertions(+), 42 deletions(-) commit bf5eb3de3847ebcfd1fea7bc14072ef9f21d4e8d Author: Tejun Heo Date: Wed Feb 22 15:41:11 2017 -0800 slub: separate out sysfs_slab_release() from sysfs_slab_remove() Separate out slub sysfs removal and release, and call the former earlier from __kmem_cache_shutdown(). There's no reason to defer sysfs removal through RCU and this will later allow us to remove sysfs files way earlier during memory cgroup offline instead of release. Link: http://lkml.kernel.org/r/20170117235411.9408-3-tj@kernel.org Signed-off-by: Tejun Heo Acked-by: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/slub_def.h | 4 ++-- mm/slab_common.c | 2 +- mm/slub.c | 12 ++++++++++-- 3 files changed, 13 insertions(+), 5 deletions(-) commit 290b6a58b78be709e734d7fbeb1aa0416d9d41bc Author: Tejun Heo Date: Wed Feb 22 15:41:08 2017 -0800 Revert "slub: move synchronize_sched out of slab_mutex on shrink" Patch series "slab: make memcg slab destruction scalable", v3. With kmem cgroup support enabled, kmem_caches can be created and destroyed frequently and a great number of near empty kmem_caches can accumulate if there are a lot of transient cgroups and the system is not under memory pressure. When memory reclaim starts under such conditions, it can lead to consecutive deactivation and destruction of many kmem_caches, easily hundreds of thousands on moderately large systems, exposing scalability issues in the current slab management code. I've seen machines which end up with hundred thousands of caches and many millions of kernfs_nodes. The current code is O(N^2) on the total number of caches and has synchronous rcu_barrier() and synchronize_sched() in cgroup offline / release path which is executed while holding cgroup_mutex. Combined, this leads to very expensive and slow cache destruction operations which can easily keep running for half a day. This also messes up /proc/slabinfo along with other cache iterating operations. seq_file operates on 4k chunks and on each 4k boundary tries to seek to the last position in the list. With a huge number of caches on the list, this becomes very slow and very prone to the list content changing underneath it leading to a lot of missing and/or duplicate entries. This patchset addresses the scalability problem. * Add root and per-memcg lists. Update each user to use the appropriate list. * Make rcu_barrier() for SLAB_DESTROY_BY_RCU caches globally batched and asynchronous. * For dying empty slub caches, remove the sysfs files after deactivation so that we don't end up with millions of sysfs files without any useful information on them. This patchset contains the following nine patches. 0001-Revert-slub-move-synchronize_sched-out-of-slab_mutex.patch 0002-slub-separate-out-sysfs_slab_release-from-sysfs_slab.patch 0003-slab-remove-synchronous-rcu_barrier-call-in-memcg-ca.patch 0004-slab-reorganize-memcg_cache_params.patch 0005-slab-link-memcg-kmem_caches-on-their-associated-memo.patch 0006-slab-implement-slab_root_caches-list.patch 0007-slab-introduce-__kmemcg_cache_deactivate.patch 0008-slab-remove-synchronous-synchronize_sched-from-memcg.patch 0009-slab-remove-slub-sysfs-interface-files-early-for-emp.patch 0010-slab-use-memcg_kmem_cache_wq-for-slab-destruction-op.patch 0001 reverts an existing optimization to prepare for the following changes. 0002 is a prep patch. 0003 makes rcu_barrier() in release path batched and asynchronous. 0004-0006 separate out the lists. 0007-0008 replace synchronize_sched() in slub destruction path with call_rcu_sched(). 0009 removes sysfs files early for empty dying caches. 0010 makes destruction work items use a workqueue with limited concurrency. This patch (of 10): Revert 89e364db71fb5e ("slub: move synchronize_sched out of slab_mutex on shrink"). With kmem cgroup support enabled, kmem_caches can be created and destroyed frequently and a great number of near empty kmem_caches can accumulate if there are a lot of transient cgroups and the system is not under memory pressure. When memory reclaim starts under such conditions, it can lead to consecutive deactivation and destruction of many kmem_caches, easily hundreds of thousands on moderately large systems, exposing scalability issues in the current slab management code. This is one of the patches to address the issue. Moving synchronize_sched() out of slab_mutex isn't enough as it's still inside cgroup_mutex. The whole deactivation / release path will be updated to avoid all synchronous RCU operations. Revert this insufficient optimization in preparation to ease future changes. Link: http://lkml.kernel.org/r/20170117235411.9408-2-tj@kernel.org Signed-off-by: Tejun Heo Reported-by: Jay Vana Cc: Vladimir Davydov Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.c | 4 ++-- mm/slab.h | 2 +- mm/slab_common.c | 27 ++------------------------- mm/slob.c | 2 +- mm/slub.c | 19 +++++++++++++++++-- 5 files changed, 23 insertions(+), 31 deletions(-) commit af3b5f8764a270165195d8b9520d913a268c0062 Author: Vlastimil Babka Date: Wed Feb 22 15:41:05 2017 -0800 mm, slab: rename kmalloc-node cache to kmalloc- SLAB as part of its bootstrap pre-creates one kmalloc cache that can fit the kmem_cache_node management structure, and puts it into the generic kmalloc cache array (e.g. for 128b objects). The name of this cache is "kmalloc-node", which is confusing for readers of /proc/slabinfo as the cache is used for generic allocations (and not just the kmem_cache_node struct) and it appears as the kmalloc-128 cache is missing. An easy solution is to use the kmalloc- name when pre-creating the cache, which we can get from the kmalloc_info array. Example /proc/slabinfo before the patch: ... kmalloc-256 1647 1984 256 16 1 : tunables 120 60 8 : slabdata 124 124 828 kmalloc-192 1974 1974 192 21 1 : tunables 120 60 8 : slabdata 94 94 133 kmalloc-96 1332 1344 128 32 1 : tunables 120 60 8 : slabdata 42 42 219 kmalloc-64 2505 5952 64 64 1 : tunables 120 60 8 : slabdata 93 93 715 kmalloc-32 4278 4464 32 124 1 : tunables 120 60 8 : slabdata 36 36 346 kmalloc-node 1352 1376 128 32 1 : tunables 120 60 8 : slabdata 43 43 53 kmem_cache 132 147 192 21 1 : tunables 120 60 8 : slabdata 7 7 0 After the patch: ... kmalloc-256 1672 2160 256 16 1 : tunables 120 60 8 : slabdata 135 135 807 kmalloc-192 1992 2016 192 21 1 : tunables 120 60 8 : slabdata 96 96 203 kmalloc-96 1159 1184 128 32 1 : tunables 120 60 8 : slabdata 37 37 116 kmalloc-64 2561 4864 64 64 1 : tunables 120 60 8 : slabdata 76 76 785 kmalloc-32 4253 4340 32 124 1 : tunables 120 60 8 : slabdata 35 35 270 kmalloc-128 1256 1280 128 32 1 : tunables 120 60 8 : slabdata 40 40 39 kmem_cache 125 147 192 21 1 : tunables 120 60 8 : slabdata 7 7 0 [vbabka@suse.cz: export the whole kmalloc_info structure instead of just a name accessor, per Christoph Lameter] Link: http://lkml.kernel.org/r/54e80303-b814-4232-66d4-95b34d3eb9d0@suse.cz Link: http://lkml.kernel.org/r/20170203181008.24898-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka Reviewed-by: Matthew Wilcox Cc: Joonsoo Kim Cc: David Rientjes Cc: Pekka Enberg Cc: Christoph Lameter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.c | 3 ++- mm/slab.h | 6 ++++++ mm/slab_common.c | 5 +---- 3 files changed, 9 insertions(+), 5 deletions(-) commit 65b9de75253e909e35d8f5c42357e632fdca5d7f Author: Borislav Petkov Date: Wed Feb 22 15:41:02 2017 -0800 mm/slub: add a dump_stack() to the unexpected GFP check We wish to know who is doing such a thing. slab.c does this. Link: http://lkml.kernel.org/r/20170116091643.15260-1-bp@alien8.de Signed-off-by: Borislav Petkov Acked-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slub.c | 1 + 1 file changed, 1 insertion(+) commit c6e28895a4372992961888ffaadc9efc643b5bfe Author: Grygorii Maistrenko Date: Wed Feb 22 15:40:59 2017 -0800 slub: do not merge cache if slub_debug contains a never-merge flag In case CONFIG_SLUB_DEBUG_ON=n, find_mergeable() gets debug features from commandline but never checks if there are features from the SLAB_NEVER_MERGE set. As a result selected by slub_debug caches are always mergeable if they have been created without a custom constructor set or without one of the SLAB_* debug features on. This moves the SLAB_NEVER_MERGE check below the flags update from commandline to make sure it won't merge the slab cache if one of the debug features is on. Link: http://lkml.kernel.org/r/20170101124451.GA4740@lp-laptop-d Signed-off-by: Grygorii Maistrenko Reviewed-by: Pekka Enberg Acked-by: David Rientjes Acked-by: Christoph Lameter Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab_common.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 8dcde9def5a15df54fa4ca41f7750d80fa741d61 Author: Prarit Bhargava Date: Wed Feb 22 15:40:56 2017 -0800 kernel/watchdog.c: do not hardcode CPU 0 as the initial thread When CONFIG_BOOTPARAM_HOTPLUG_CPU0 is enabled, the socket containing the boot cpu can be replaced. During the hot add event, the message NMI watchdog: enabled on all CPUs, permanently consumes one hw-PMU counter. is output implying that the NMI watchdog was disabled at some point. This is not the case and the message has caused confusion for users of systems that support the removal of the boot cpu socket. The watchdog code is coded to assume that cpu 0 is always the first cpu to initialize the watchdog, and the last to stop its watchdog thread. That is not the case for initializing if cpu 0 has been removed and added. The removal case has never been correct because the smpboot code will remove the watchdog threads starting with the lowest cpu number. This patch adds watchdog_cpus to track the number of cpus with active NMI watchdog threads so that the first and last thread can be used to set and clear the value of firstcpu_err. firstcpu_err is set when the first watchdog thread is enabled, and cleared when the last watchdog thread is disabled. Link: http://lkml.kernel.org/r/1480425321-32296-1-git-send-email-prarit@redhat.com Signed-off-by: Prarit Bhargava Acked-by: Don Zickus Cc: Borislav Petkov Cc: Tejun Heo Cc: Hidehiro Kawai Cc: Thomas Gleixner Cc: Andi Kleen Cc: Joshua Hunt Cc: Ingo Molnar Cc: Babu Moger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/watchdog_hld.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) commit b5c66bab72a6a65edb15beb60b90d3cb84c5763b Author: Cong Wang Date: Wed Feb 22 15:40:53 2017 -0800 9p: fix a potential acl leak posix_acl_update_mode() could possibly clear 'acl', if so we leak the memory pointed by 'acl'. Save this pointer before calling posix_acl_update_mode() and release the memory if 'acl' really gets cleared. Link: http://lkml.kernel.org/r/1486678332-2430-1-git-send-email-xiyou.wangcong@gmail.com Signed-off-by: Cong Wang Reported-by: Mark Salyzyn Reviewed-by: Jan Kara Reviewed-by: Greg Kurz Cc: Eric Van Hensbergen Cc: Ron Minnich Cc: Latchesar Ionkov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/9p/acl.c | 2 ++ 1 file changed, 2 insertions(+) commit 612dafabb6a0fa62e9b86f11da5d37ee11dea28f Author: Tetsuo Handa Date: Wed Feb 22 15:40:50 2017 -0800 block: use for_each_thread() in sys_ioprio_set()/sys_ioprio_get() IOPRIO_WHO_USER case in sys_ioprio_set()/sys_ioprio_get() are using while_each_thread(), which is unsafe under RCU lock according to commit 0c740d0afc3bff0a ("introduce for_each_thread() to replace the buggy while_each_thread()"). Use for_each_thread() (via for_each_process_thread()) which is safe under RCU lock. Link: http://lkml.kernel.org/r/201702011947.DBD56740.OMVHOLOtSJFFFQ@I-love.SAKURA.ne.jp Link: http://lkml.kernel.org/r/1486041779-4401-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa Cc: Oleg Nesterov Cc: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds block/ioprio.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 6302666d2ef135be46ca34226791afea275f62d1 Author: Davidlohr Bueso Date: Wed Feb 22 15:40:47 2017 -0800 parisc: use generic current.h Given that the arch does not add its own implementations, simply use the asm-generic/current.h (generic-y) header instead of duplicating code. Link: http://lkml.kernel.org/r/1485992878-4780-4-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: "James E.J. Bottomley" Cc: Helge Deller Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/parisc/include/asm/Kbuild | 1 + arch/parisc/include/asm/current.h | 15 --------------- 2 files changed, 1 insertion(+), 15 deletions(-) commit b891fa5024a95c77e0d6fd6655cb74af6fb77f46 Author: Eric Ren Date: Wed Feb 22 15:40:44 2017 -0800 ocfs2: fix deadlock issue when taking inode lock at vfs entry points Commit 743b5f1434f5 ("ocfs2: take inode lock in ocfs2_iop_set/get_acl()") results in a deadlock, as the author "Tariq Saeed" realized shortly after the patch was merged. The discussion happened here https://oss.oracle.com/pipermail/ocfs2-devel/2015-September/011085.html The reason why taking cluster inode lock at vfs entry points opens up a self deadlock window, is explained in the previous patch of this series. So far, we have seen two different code paths that have this issue. 1. do_sys_open may_open inode_permission ocfs2_permission ocfs2_inode_lock() <=== take PR generic_permission get_acl ocfs2_iop_get_acl ocfs2_inode_lock() <=== take PR 2. fchmod|fchmodat chmod_common notify_change ocfs2_setattr <=== take EX posix_acl_chmod get_acl ocfs2_iop_get_acl <=== take PR ocfs2_iop_set_acl <=== take EX Fixes them by adding the tracking logic (in the previous patch) for these funcs above, ocfs2_permission(), ocfs2_iop_[set|get]_acl(), ocfs2_setattr(). Link: http://lkml.kernel.org/r/20170117100948.11657-3-zren@suse.com Signed-off-by: Eric Ren Reviewed-by: Junxiao Bi Reviewed-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/acl.c | 29 +++++++++++++---------------- fs/ocfs2/file.c | 58 ++++++++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 58 insertions(+), 29 deletions(-) commit 439a36b8ef38657f765b80b775e2885338d72451 Author: Eric Ren Date: Wed Feb 22 15:40:41 2017 -0800 ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock We are in the situation that we have to avoid recursive cluster locking, but there is no way to check if a cluster lock has been taken by a precess already. Mostly, we can avoid recursive locking by writing code carefully. However, we found that it's very hard to handle the routines that are invoked directly by vfs code. For instance: const struct inode_operations ocfs2_file_iops = { .permission = ocfs2_permission, .get_acl = ocfs2_iop_get_acl, .set_acl = ocfs2_iop_set_acl, }; Both ocfs2_permission() and ocfs2_iop_get_acl() call ocfs2_inode_lock(PR): do_sys_open may_open inode_permission ocfs2_permission ocfs2_inode_lock() <=== first time generic_permission get_acl ocfs2_iop_get_acl ocfs2_inode_lock() <=== recursive one A deadlock will occur if a remote EX request comes in between two of ocfs2_inode_lock(). Briefly describe how the deadlock is formed: On one hand, OCFS2_LOCK_BLOCKED flag of this lockres is set in BAST(ocfs2_generic_handle_bast) when downconvert is started on behalf of the remote EX lock request. Another hand, the recursive cluster lock (the second one) will be blocked in in __ocfs2_cluster_lock() because of OCFS2_LOCK_BLOCKED. But, the downconvert never complete, why? because there is no chance for the first cluster lock on this node to be unlocked - we block ourselves in the code path. The idea to fix this issue is mostly taken from gfs2 code. 1. introduce a new field: struct ocfs2_lock_res.l_holders, to keep track of the processes' pid who has taken the cluster lock of this lock resource; 2. introduce a new flag for ocfs2_inode_lock_full: OCFS2_META_LOCK_GETBH; it means just getting back disk inode bh for us if we've got cluster lock. 3. export a helper: ocfs2_is_locked_by_me() is used to check if we have got the cluster lock in the upper code path. The tracking logic should be used by some of the ocfs2 vfs's callbacks, to solve the recursive locking issue cuased by the fact that vfs routines can call into each other. The performance penalty of processing the holder list should only be seen at a few cases where the tracking logic is used, such as get/set acl. You may ask what if the first time we got a PR lock, and the second time we want a EX lock? fortunately, this case never happens in the real world, as far as I can see, including permission check, (get|set)_(acl|attr), and the gfs2 code also do so. [sfr@canb.auug.org.au remove some inlines] Link: http://lkml.kernel.org/r/20170117100948.11657-2-zren@suse.com Signed-off-by: Eric Ren Reviewed-by: Junxiao Bi Reviewed-by: Joseph Qi Cc: Stephen Rothwell Cc: Mark Fasheh Cc: Joel Becker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dlmglue.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++-- fs/ocfs2/dlmglue.h | 18 +++++++++ fs/ocfs2/ocfs2.h | 1 + 3 files changed, 121 insertions(+), 3 deletions(-) commit ca376b37867875b6f661bb24a3238636b74f766e Author: Davidlohr Bueso Date: Wed Feb 22 15:40:38 2017 -0800 score: remove asm/current.h ... it's already using the generic version anyways, so just drop the file as do the other archs that do not implement their own version of the current macro. Link: http://lkml.kernel.org/r/1485992878-4780-5-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Chen Liqin Cc: Lennox Wu Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/score/include/asm/Kbuild | 2 +- arch/score/include/asm/current.h | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) commit af0de7815e2cdb7b3cf1d5faef0ca45c1dfb3ba2 Author: Sudip Mukherjee Date: Wed Feb 22 15:40:35 2017 -0800 m32r: fix build warning Some m32r builds were having a warning: arch/m32r/include/asm/cmpxchg.h:191:3: warning: value computed is not used arch/m32r/include/asm/cmpxchg.h:68:3: warning: value computed is not used Taking the idea from commit e001bbae7147 ("ARM: cmpxchg: avoid warnings from macro-ized cmpxchg() implementations") the m32r implementation is changed to use a similar construct with a compound expression instead of a typecast, which causes the compiler to not complain about an unused result. Link: http://lkml.kernel.org/r/1484432664-7015-1-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Sudip Mukherjee Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/m32r/include/asm/cmpxchg.h | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit 6408b6fb99a066f92a4aa6215169d2264c05af48 Author: Davidlohr Bueso Date: Wed Feb 22 15:40:32 2017 -0800 m32r: use generic current.h Given that the arch does not add its own implementations, simply use the asm-generic/current.h (generic-y) header instead of duplicating code. Link: http://lkml.kernel.org/r/1482896994-25863-1-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/m32r/include/asm/Kbuild | 1 + arch/m32r/include/asm/current.h | 15 --------------- 2 files changed, 1 insertion(+), 15 deletions(-) commit 7659c655bededecd88f6f25102ba3ab926af92cc Author: Hou Tao Date: Wed Feb 22 15:40:29 2017 -0800 scripts/tags.sh: include arch/Kconfig* for tags generation Kconfig files under arch/ directory are ignored by all_kconfigs(), so include them for tags generation. Link: http://lkml.kernel.org/r/1486206053-38223-1-git-send-email-houtao1@huawei.com Signed-off-by: Hou Tao Cc: Michal Marek Cc: Joe Perches Cc: Mathieu Maret Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/tags.sh | 2 ++ 1 file changed, 2 insertions(+) commit 8087a5609dbf73553a226f1ce0b3a14954adab34 Author: Cheah Kok Cheong Date: Wed Feb 22 15:40:26 2017 -0800 scripts/checkincludes.pl: add exit message for no duplicates found If no duplicates found, inform user. Link: http://lkml.kernel.org/r/1486391275-2843-1-git-send-email-thrust73@gmail.com Signed-off-by: Cheah Kok Cheong Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkincludes.pl | 8 ++++++++ 1 file changed, 8 insertions(+) commit 0e5a47a8d346c798bbb1801c7c5852b652155b72 Author: Tobias Klauser Date: Wed Feb 22 15:40:23 2017 -0800 scripts/checkstack.pl: add support for nios2 Adjust checkstack.pl for the nios2 architecture. Link: http://lkml.kernel.org/r/20170116113052.15034-1-tklauser@distanz.ch Signed-off-by: Tobias Klauser Cc: Ley Foon Tan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkstack.pl | 3 +++ 1 file changed, 3 insertions(+) commit 78c5250296c94c0d6bd9e92814e6601ff6c0b18b Author: Jean Delvare Date: Wed Feb 22 15:40:20 2017 -0800 scripts/Lindent: clean up and optimize * Add a few blank lines to improve readability. * Don't call cut 3 times when once is enough. * Drop a useless semicolon. Link: http://lkml.kernel.org/r/20170104140356.162abab2@endymion Signed-off-by: Jean Delvare Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/Lindent | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit 10f24f75b304f6874eacf765d09827a28caea28d Author: Ross Zwisler Date: Wed Feb 22 15:40:17 2017 -0800 scripts/spelling.txt: fix incorrect typo-words Fix up some incorrect typo-words. [akpm@linux-foundation.org: "licencing" is valid British spelling and should be kept, per Joe] Link: http://lkml.kernel.org/r/1486409689-23335-1-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/spelling.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 8c3200265787f787e4133579cc5e5c28d805f76e Author: Colin Ian King Date: Wed Feb 22 15:40:15 2017 -0800 scripts/spelling.txt: add several more common spelling mistakes Lately I've been cleaning up spelling mistakes in kernel error messages and here are some of the more common spelling mistakes that I've found which probably should be added to this list so we don't keep on seeing them appearing again. Link: http://lkml.kernel.org/r/20161209173326.17662-1-colin.king@canonical.com Signed-off-by: Colin Ian King Acked-by: Kees Cook Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/spelling.txt | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) commit 0937577d5f5720046252196f811def2eae470593 Author: Daniel Thompson Date: Wed Feb 22 15:40:12 2017 -0800 tools/vm: add missing Makefile rules Currently the tools/vm Makefile has a rather arbitrary implicit build rule; page-types is the first value in TARGETS so lets just build that one! Additionally there is no install rule and this is needed for make -C tools vm_install to work properly. Provide a more sensible implicit build rule and a new install rule. Note that the variables names used by the install rule (DESTDIR and sbindir) are copied from prior-art in tools/power/cpupower. Link: http://lkml.kernel.org/r/20170113165630.27541-1-daniel.thompson@linaro.org Signed-off-by: Daniel Thompson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/vm/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) commit a5759b2bffa807a727cbf6790ecdc4df2ae8e4d4 Author: Miles Chen Date: Wed Feb 22 15:40:09 2017 -0800 dma-debug: add comment for failed to check map error Add comment for failure to check a map error to help driver developers. Link: http://lkml.kernel.org/r/1484622289-22085-1-git-send-email-miles.chen@mediatek.com Signed-off-by: Miles Chen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/dma-debug.c | 5 +++++ 1 file changed, 5 insertions(+) commit f42003917b4569a2f4f0c79c35e1e3df2859f81a Author: Dave Jiang Date: Wed Feb 22 15:40:06 2017 -0800 mm, dax: change pmd_fault() to take only vmf parameter pmd_fault() and related functions really only need the vmf parameter since the additional parameters are all included in the vmf struct. Remove the additional parameter and simplify pmd_fault() and friends. Link: http://lkml.kernel.org/r/1484085142-2297-8-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Dave Jiang Reviewed-by: Ross Zwisler Reviewed-by: Jan Kara Cc: Dave Chinner Cc: Dave Jiang Cc: Matthew Wilcox Cc: Steven Rostedt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/dax/dax.c | 18 +++++++-------- fs/dax.c | 54 ++++++++++++++++++++----------------------- fs/ext4/file.c | 8 +++---- fs/xfs/xfs_file.c | 7 +++--- include/linux/dax.h | 7 +++--- include/linux/mm.h | 2 +- include/trace/events/fs_dax.h | 54 ++++++++++++++++++++----------------------- mm/memory.c | 9 ++++---- 8 files changed, 74 insertions(+), 85 deletions(-) commit d8a849e1bc123790bbbf1facba94452a3aef5736 Author: Dave Jiang Date: Wed Feb 22 15:40:03 2017 -0800 mm, dax: make pmd_fault() and friends be the same as fault() Instead of passing in multiple parameters in the pmd_fault() handler, a vmf can be passed in just like a fault() handler. This will simplify code and remove the need for the actual pmd fault handlers to allocate a vmf. Related functions are also modified to do the same. [dave.jiang@intel.com: fix issue with xfs_tests stall when DAX option is off] Link: http://lkml.kernel.org/r/148469861071.195597.3619476895250028518.stgit@djiang5-desk3.ch.intel.com Link: http://lkml.kernel.org/r/1484085142-2297-7-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Dave Jiang Reviewed-by: Ross Zwisler Reviewed-by: Jan Kara Cc: Dave Chinner Cc: Matthew Wilcox Cc: Steven Rostedt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/dax/dax.c | 16 +++++++--------- fs/dax.c | 28 +++++++++++----------------- fs/ext4/file.c | 9 ++++----- fs/xfs/xfs_file.c | 10 ++++------ include/linux/dax.h | 7 +++---- include/linux/mm.h | 3 +-- include/trace/events/fs_dax.h | 15 +++++++-------- mm/memory.c | 6 ++---- 8 files changed, 39 insertions(+), 55 deletions(-) commit 27a7ffaccd915675c88045ba83493804a0267ab7 Author: Ross Zwisler Date: Wed Feb 22 15:40:00 2017 -0800 dax: add tracepoints to dax_pmd_insert_mapping() Add tracepoints to dax_pmd_insert_mapping(), following the same logging conventions as the tracepoints in dax_iomap_pmd_fault(). Here is an example PMD fault showing the new tracepoints: big-1504 [001] .... 326.960743: xfs_filemap_pmd_fault: dev 259:0 ino 0x1003 big-1504 [001] .... 326.960753: dax_pmd_fault: dev 259:0 ino 0x1003 shared WRITE|ALLOW_RETRY|KILLABLE|USER address 0x10505000 vm_start 0x10200000 vm_end 0x10700000 pgoff 0x200 max_pgoff 0x1400 big-1504 [001] .... 326.960981: dax_pmd_insert_mapping: dev 259:0 ino 0x1003 shared write address 0x10505000 length 0x200000 pfn 0x100600 DEV|MAP radix_entry 0xc000e big-1504 [001] .... 326.960986: dax_pmd_fault_done: dev 259:0 ino 0x1003 shared WRITE|ALLOW_RETRY|KILLABLE|USER address 0x10505000 vm_start 0x10200000 vm_end 0x10700000 pgoff 0x200 max_pgoff 0x1400 NOPAGE Link: http://lkml.kernel.org/r/1484085142-2297-6-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Reviewed-by: Jan Kara Acked-by: Steven Rostedt Cc: Dave Chinner Cc: Dave Jiang Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 12 +++++++--- include/linux/pfn_t.h | 6 +++++ include/trace/events/fs_dax.h | 51 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 3 deletions(-) commit 653b2ea3396fda0b5e23a37b3356dd2ca82fe5c1 Author: Ross Zwisler Date: Wed Feb 22 15:39:57 2017 -0800 dax: add tracepoints to dax_pmd_load_hole() Add tracepoints to dax_pmd_load_hole(), following the same logging conventions as the tracepoints in dax_iomap_pmd_fault(). Here is an example PMD fault showing the new tracepoints: read_big-1478 [004] .... 238.242188: xfs_filemap_pmd_fault: dev 259:0 ino 0x1003 read_big-1478 [004] .... 238.242191: dax_pmd_fault: dev 259:0 ino 0x1003 shared ALLOW_RETRY|KILLABLE|USER address 0x10400000 vm_start 0x10200000 vm_end 0x10600000 pgoff 0x200 max_pgoff 0x1400 read_big-1478 [004] .... 238.242390: dax_pmd_load_hole: dev 259:0 ino 0x1003 shared address 0x10400000 zero_page ffffea0002c20000 radix_entry 0x1e read_big-1478 [004] .... 238.242392: dax_pmd_fault_done: dev 259:0 ino 0x1003 shared ALLOW_RETRY|KILLABLE|USER address 0x10400000 vm_start 0x10200000 vm_end 0x10600000 pgoff 0x200 max_pgoff 0x1400 NOPAGE Link: http://lkml.kernel.org/r/1484085142-2297-5-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Reviewed-by: Jan Kara Acked-by: Steven Rostedt Cc: Dave Chinner Cc: Dave Jiang Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 14 ++++++++++---- include/trace/events/fs_dax.h | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 4 deletions(-) commit e057541acc173f44f191c8df68c75edc658f4688 Author: Ross Zwisler Date: Wed Feb 22 15:39:54 2017 -0800 dax: update MAINTAINERS entries for FS DAX Add the new include/trace/events/fs_dax.h tracepoint header, the existing include/linux/dax.h header, update Matthew's email address and add myself as a maintainer for filesystem DAX. Link: http://lkml.kernel.org/r/1484085142-2297-4-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Suggested-by: Matthew Wilcox Cc: Dave Chinner Cc: Dave Jiang Cc: Jan Kara Cc: Steven Rostedt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds MAINTAINERS | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 282a8e0391c377b64c7d065b18fc2f6267a24dad Author: Ross Zwisler Date: Wed Feb 22 15:39:50 2017 -0800 dax: add tracepoint infrastructure, PMD tracing Tracepoints are the standard way to capture debugging and tracing information in many parts of the kernel, including the XFS and ext4 filesystems. Create a tracepoint header for FS DAX and add the first DAX tracepoints to the PMD fault handler. This allows the tracing for DAX to be done in the same way as the filesystem tracing so that developers can look at them together and get a coherent idea of what the system is doing. I added both an entry and exit tracepoint because future patches will add tracepoints to child functions of dax_iomap_pmd_fault() like dax_pmd_load_hole() and dax_pmd_insert_mapping(). We want those messages to be wrapped by the parent function tracepoints so the code flow is more easily understood. Having entry and exit tracepoints for faults also allows us to easily see what filesystems functions were called during the fault. These filesystem functions get executed via iomap_begin() and iomap_end() calls, for example, and will have their own tracepoints. For PMD faults we primarily want to understand the type of mapping, the fault flags, the faulting address and whether it fell back to 4k faults. If it fell back to 4k faults the tracepoints should let us understand why. I named the new tracepoint header file "fs_dax.h" to allow for device DAX to have its own separate tracing header in the same directory at some point. Here is an example output for these events from a successful PMD fault: big-1441 [005] .... 32.582758: xfs_filemap_pmd_fault: dev 259:0 ino 0x1003 big-1441 [005] .... 32.582776: dax_pmd_fault: dev 259:0 ino 0x1003 shared WRITE|ALLOW_RETRY|KILLABLE|USER address 0x10505000 vm_start 0x10200000 vm_end 0x10700000 pgoff 0x200 max_pgoff 0x1400 big-1441 [005] .... 32.583292: dax_pmd_fault_done: dev 259:0 ino 0x1003 shared WRITE|ALLOW_RETRY|KILLABLE|USER address 0x10505000 vm_start 0x10200000 vm_end 0x10700000 pgoff 0x200 max_pgoff 0x1400 NOPAGE Link: http://lkml.kernel.org/r/1484085142-2297-3-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Suggested-by: Dave Chinner Reviewed-by: Jan Kara Acked-by: Steven Rostedt Cc: Dave Jiang Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 30 ++++++++++++------- include/linux/mm.h | 25 ++++++++++++++++ include/trace/events/fs_dax.h | 68 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+), 10 deletions(-) commit d3213e8fd4b0f18dfd438268ff480406ba743abb Author: Ross Zwisler Date: Wed Feb 22 15:39:47 2017 -0800 tracing: add __print_flags_u64() Patch series "DAX tracepoints, mm argument simplification", v4. This contains both my DAX tracepoint code and Dave Jiang's MM argument simplifications. Dave's code was written with my tracepoint code as a baseline, so it seemed simplest to keep them together in a single series. This patch (of 7): Add __print_flags_u64() and the helper trace_print_flags_seq_u64() in the same spirit as __print_symbolic_u64() and trace_print_symbols_seq_u64(). These functions allow us to print symbols associated with flags that are 64 bits wide even on 32 bit machines. These will be used by the DAX code so that we can print the flags set in a pfn_t such as PFN_SG_CHAIN, PFN_SG_LAST, PFN_DEV and PFN_MAP. Without this new function I was getting errors like the following when compiling for i386: include/linux/pfn_t.h:13:22: warning: large integer implicitly truncated to unsigned type [-Woverflow] #define PFN_SG_CHAIN (1ULL << (BITS_PER_LONG_LONG - 1)) ^ Link: http://lkml.kernel.org/r/1484085142-2297-2-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Reviewed-by: Steven Rostedt Cc: Dave Chinner Cc: Dave Jiang Cc: Jan Kara Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/trace_events.h | 4 ++++ include/trace/trace_events.h | 11 +++++++++++ kernel/trace/trace_output.c | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+) commit 3949e2f04262495f6c8795b148aa26dffccba646 Author: Christoph Hellwig Date: Tue Feb 14 20:15:58 2017 +0100 scsi: simplify scsi_execute_req_flags Add a sshdr argument to __scsi_execute so that we can decode the sense data directly into the sense header instead of needing a copy of it. Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/scsi_lib.c | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) commit 74a78ebda4fa5c5ae87fc501152863ee31c17da4 Author: Christoph Hellwig Date: Tue Feb 14 20:15:57 2017 +0100 scsi: make the sense header argument to scsi_test_unit_ready mandatory It's a tiny structure that can be allocated on the stack, don't complicate the code by making it optional. Signed-off-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/osd/osd_uld.c | 3 ++- drivers/scsi/scsi_ioctl.c | 3 ++- drivers/scsi/scsi_lib.c | 14 ++------------ 3 files changed, 6 insertions(+), 14 deletions(-) commit 6fa2b8f9e3ae8dd770d8fa264825f86b146381c8 Author: Christoph Hellwig Date: Tue Feb 14 20:15:56 2017 +0100 scsi: sd: improve TUR handling in sd_check_events Remove bogus evaluations of retval and sshdr when the device is offline, and fix a possible NULL pointer dereference by allocating the 8 byte sized sense header on stack. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/sd.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) commit 148cff67b401e2229c076c0ea418712654be77e4 Author: Christoph Hellwig Date: Tue Feb 14 20:15:55 2017 +0100 scsi: always zero sshdr in scsi_normalize_sense This gives us a clear state even if a command didn't return sense data. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/scsi_common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4d7d39a18b8b81511f0b893b7d2203790bf8a58b Author: Dan Carpenter Date: Tue Feb 21 21:46:37 2017 +0300 scsi: scsi_dh_emc: return success in clariion_std_inquiry() We accidentally return an uninitialized variable on success. Fixes: b6ff1b14cdf4 ("[SCSI] scsi_dh: Update EMC handler") Signed-off-by: Dan Carpenter Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/device_handler/scsi_dh_emc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f170396c14243d307e2f479af142fd7356b3bd2a Author: Colin Ian King Date: Fri Feb 3 19:38:54 2017 +0000 scsi: fix memory leak of sdpk on when gd fails to allocate On an allocation failure of gd, the current exit path is via out_free_devt which leaves sdpk still allocated and hence it gets leaked. Fix this by correcting the order of resource free'ing with a change in the error exit path labels. Detected by CoverityScan, CID#1399519 ("Resource Leak") Fixes: 0dba1314d4f81115dc ("scsi, block: fix duplicate bdi name registration crashes") Signed-off-by: Colin Ian King Reviewed-by: Bart Van Assche Signed-off-by: Martin K. Petersen drivers/scsi/sd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8bfcd1bf867d5fae67ecc553b44d7a29ab66013c Author: Wei Yongjun Date: Wed Feb 8 16:24:24 2017 +0000 scsi: sd: make sd_devt_release() static Fixes the following sparse warning: drivers/scsi/sd.c:3087:6: warning: symbol 'sd_devt_release' was not declared. Should it be static? Signed-off-by: Wei Yongjun Signed-off-by: Martin K. Petersen drivers/scsi/sd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 61d8658b4a435eac729966cc94cdda077a8df5cd Author: Dupuis, Chad Date: Wed Feb 15 06:28:23 2017 -0800 scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework. The QLogic FastLinQ Driver for FCoE (qedf) is the FCoE specific module for 41000 Series Converged Network Adapters by QLogic. This patch consists of following changes: - MAINTAINERS Makefile and Kconfig changes for qedf - PCI driver registration - libfc/fcoe host level initialization - SCSI host template initialization and callbacks - Debugfs and log level infrastructure - Link handling - Firmware interface structures - QED core module initialization - Light L2 interface callbacks - I/O request initialization - Firmware I/O completion handling - Firmware ELS request/response handling - FIP request/response handled by the driver itself Signed-off-by: Nilesh Javali Signed-off-by: Manish Rangankar Signed-off-by: Saurav Kashyap Signed-off-by: Arun Easi Signed-off-by: Chad Dupuis Signed-off-by: Martin K. Petersen MAINTAINERS | 6 + drivers/scsi/Kconfig | 1 + drivers/scsi/Makefile | 1 + drivers/scsi/qedf/Kconfig | 11 + drivers/scsi/qedf/Makefile | 5 + drivers/scsi/qedf/qedf.h | 545 +++++++ drivers/scsi/qedf/qedf_attr.c | 165 ++ drivers/scsi/qedf/qedf_dbg.c | 195 +++ drivers/scsi/qedf/qedf_dbg.h | 154 ++ drivers/scsi/qedf/qedf_debugfs.c | 460 ++++++ drivers/scsi/qedf/qedf_els.c | 949 +++++++++++ drivers/scsi/qedf/qedf_fip.c | 269 +++ drivers/scsi/qedf/qedf_hsi.h | 422 +++++ drivers/scsi/qedf/qedf_io.c | 2282 ++++++++++++++++++++++++++ drivers/scsi/qedf/qedf_main.c | 3336 ++++++++++++++++++++++++++++++++++++++ drivers/scsi/qedf/qedf_version.h | 15 + 16 files changed, 8816 insertions(+) commit 67f2db8792f96d8f7521461635d25f9c80245d80 Author: Michael Hernandez Date: Wed Feb 15 15:37:21 2017 -0800 scsi: qla2xxx: Fix Regression introduced by pci_alloc_irq_vectors_affinity call. For target mode, we need to increase minimum vectors value by one to account for ATIO queue. Following stack trace will be seen Call Trace: qla24xx_config_rings+0x15a/0x230 [qla2xxx] qla2x00_init_rings+0x1a1/0x3a0 [qla2xxx] qla2x00_restart_isp+0x5c/0x120 [qla2xxx] qla2x00_abort_isp+0x138/0x430 [qla2xxx] ? __schedule+0x260/0x580 qla2x00_do_dpc+0x3bc/0x920 [qla2xxx] ? qla2x00_relogin+0x290/0x290 [qla2xxx] ? schedule+0x3a/0xa0 ? qla2x00_relogin+0x290/0x290 [qla2xxx] kthread+0x103/0x140 ? __kthread_init_worker+0x40/0x40 ret_from_fork+0x29/0x40 RIP: qlt_24xx_config_rings+0x6c/0x90 [mkp: fixed Fixes: hash] Cc: Fixes: 17e5fc58588b ("scsi: qla2xxx: fix MSI-X vector affinity") Signed-off-by: Michael Hernandez Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_isr.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit d0d2c68b759bbf678e078fd0c71b5fde65a9392c Author: Michael Hernandez Date: Wed Feb 15 15:37:20 2017 -0800 scsi: qla2xxx: Fix response queue count for Target mode. Target mode initialization was not calculating response queue values correctly resulting into one less MSI-X vector. [mkp: fixed Fixes: hash] Cc: Fixes: 093df73771ba ("scsi: qla2xxx: Fix Target mode handling with Multiqueue changes.") Signed-off-by: Michael Hernandez Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f54f2cb540b53d55a81d620e816810d59be5cb1b Author: Michael Hernandez Date: Wed Feb 15 15:37:19 2017 -0800 scsi: qla2xxx: Cleaned up queue configuration code. This patch cleaned up queue configuration code, such that once initialized, we should not touch msix_count value. This will prevent incorrect numbers of MSI-X vectors requested while performing target mode configuration. [mkp: fixed Fixes: hash] Cc: Fixes: d74595278f4a ("scsi: qla2xxx: Add multiple queue pair functionality.") Signed-off-by: Michael Hernandez Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) commit 6288d6eabc7505f42dda34a2c2962f91914be3a4 Author: Liu Bo Date: Tue Feb 21 12:12:58 2017 -0800 Btrfs: use the correct type when creating cow dio extent 'BTRFS_ORDERED_REGULAR' was introduced for the cow case in patch 'Btrfs: specify a new ordered extent type for create_io_em', but it missed the directIO cow case. Signed-off-by: Liu Bo Signed-off-by: Chris Mason fs/btrfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b1517622f2524f531113b12c27b9a0ea69c38983 Author: Filipe Manana Date: Tue Feb 21 17:14:52 2017 +0000 Btrfs: fix deadlock between dedup on same file and starting writeback If we are deduping two ranges of the same file we need to make sure that we lock all pages in ascending order, that is, lock first the pages from the range with lower offset and then the pages from the other range, as otherwise we can deadlock with a concurrent task that is starting delalloc (writeback). Example trace: [74073.052218] INFO: task kworker/u32:10:17997 blocked for more than 120 seconds. [74073.053889] Tainted: G W 4.9.0-rc7-btrfs-next-36+ #1 [74073.055071] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [74073.056696] kworker/u32:10 D 0 17997 2 0x00000000 [74073.058606] Workqueue: writeback wb_workfn (flush-btrfs-53176) [74073.061370] ffff880031e79858 ffff8802159d2580 ffff880237004580 ffff880031e79240 [74073.064784] ffff88023f4978c0 ffffc9000817b638 ffffffff814c15e1 0000000000000000 [74073.068386] ffff88023f4978d8 ffff88023f4978c0 000000000017b620 ffff880031e79240 [74073.071712] Call Trace: [74073.072884] [] ? __schedule+0x48f/0x6f4 [74073.075395] [] ? bit_wait+0x2f/0x2f [74073.077511] [] schedule+0x8c/0xa0 [74073.079440] [] schedule_timeout+0x43/0xff [74073.081637] [] ? time_hardirqs_on+0x9/0x14 [74073.083809] [] ? trace_hardirqs_on_caller+0x16/0x197 [74073.086314] [] ? timekeeping_get_ns+0x1e/0x32 [74073.100654] [] ? ktime_get+0x41/0x52 [74073.102619] [] io_schedule_timeout+0xa0/0x102 [74073.104771] [] ? io_schedule_timeout+0xa0/0x102 [74073.106969] [] bit_wait_io+0x1b/0x39 [74073.108954] [] __wait_on_bit_lock+0x4f/0x99 [74073.110981] [] __lock_page+0x6b/0x6d [74073.112833] [] ? autoremove_wake_function+0x3a/0x3a [74073.115010] [] lock_page+0x2f/0x32 [btrfs] [74073.116999] [] lock_delalloc_pages+0xc7/0x1a0 [btrfs] [74073.119243] [] find_lock_delalloc_range+0xc3/0x1a4 [btrfs] [74073.121636] [] writepage_delalloc.isra.31+0x8b/0x134 [btrfs] [74073.124229] [] __extent_writepage+0x1c1/0x2bf [btrfs] [74073.126372] [] extent_write_cache_pages.isra.30.constprop.49+0x28b/0x36c [btrfs] [74073.129371] [] extent_writepages+0x4b/0x5c [btrfs] [74073.131440] [] ? insert_reserved_file_extent.constprop.42+0x261/0x261 [btrfs] [74073.134303] [] ? writeback_sb_inodes+0xe0/0x4a1 [74073.136298] [] btrfs_writepages+0x28/0x2a [btrfs] [74073.138248] [] do_writepages+0x23/0x2c [74073.139910] [] __writeback_single_inode+0x105/0x6d2 [74073.142003] [] writeback_sb_inodes+0x292/0x4a1 [74073.136298] [] btrfs_writepages+0x28/0x2a [btrfs] [74073.138248] [] do_writepages+0x23/0x2c [74073.139910] [] __writeback_single_inode+0x105/0x6d2 [74073.142003] [] writeback_sb_inodes+0x292/0x4a1 [74073.143911] [] __writeback_inodes_wb+0x76/0xae [74073.145787] [] wb_writeback+0x1cc/0x4d7 [74073.147452] [] wb_workfn+0x194/0x37d [74073.149084] [] ? wb_workfn+0x194/0x37d [74073.150726] [] ? process_one_work+0x154/0x4e4 [74073.152694] [] process_one_work+0x273/0x4e4 [74073.154452] [] worker_thread+0x1eb/0x2ca [74073.156138] [] ? rescuer_thread+0x2b6/0x2b6 [74073.157837] [] kthread+0xd5/0xdd [74073.159339] [] ? __kthread_unpark+0x5a/0x5a [74073.161088] [] ret_from_fork+0x27/0x40 [74073.162680] INFO: lockdep is turned off. [74073.163855] INFO: task do-dedup:30264 blocked for more than 120 seconds. [74073.181180] Tainted: G W 4.9.0-rc7-btrfs-next-36+ #1 [74073.181180] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [74073.185296] fdm-stress D 0 30264 29974 0x00000000 [74073.186810] ffff880089595118 ffff880211b8eac0 ffff880237030380 ffff880089594b00 [74073.188998] ffff88023f2978c0 ffffc900063abb68 ffffffff814c15e1 0000000000000000 [74073.191070] ffff88023f2978d8 ffff88023f2978c0 00000000003abb50 ffff880089594b00 [74073.193286] Call Trace: [74073.193990] [] ? __schedule+0x48f/0x6f4 [74073.195418] [] ? bit_wait+0x2f/0x2f [74073.196796] [] schedule+0x8c/0xa0 [74073.198163] [] schedule_timeout+0x43/0xff [74073.199621] [] ? trace_hardirqs_on+0xd/0xf [74073.201100] [] ? timekeeping_get_ns+0x1e/0x32 [74073.202686] [] ? ktime_get+0x41/0x52 [74073.204051] [] io_schedule_timeout+0xa0/0x102 [74073.205585] [] ? io_schedule_timeout+0xa0/0x102 [74073.207123] [] bit_wait_io+0x1b/0x39 [74073.208238] [] __wait_on_bit_lock+0x4f/0x99 [74073.208871] [] __lock_page+0x6b/0x6d [74073.209430] [] ? autoremove_wake_function+0x3a/0x3a [74073.210101] [] lock_page+0x2f/0x32 [74073.210636] [] pagecache_get_page+0x5e/0x153 [74073.211270] [] gather_extent_pages+0x4e/0x109 [btrfs] [74073.212166] [] btrfs_dedupe_file_range+0x1e1/0x4dd [btrfs] [74073.213257] [] vfs_dedupe_file_range+0x1c1/0x221 [74073.214086] [] do_vfs_ioctl+0x442/0x600 [74073.214767] [] ? rcu_read_unlock+0x5b/0x5d [74073.215619] [] ? __fget+0x6b/0x77 [74073.216338] [] SyS_ioctl+0x57/0x79 [74073.217149] [] entry_SYSCALL_64_fastpath+0x18/0xad [74073.218102] [] ? time_hardirqs_off+0x9/0x14 [74073.218968] [] ? trace_hardirqs_off_caller+0x1f/0xaa [74073.219938] INFO: lockdep is turned off. What happened was the following: CPU 1 CPU 2 btrfs_dedupe_file_range() --> using same inode as source and target --> src range is [768K, 1Mb[ --> dst range is [0, 256K[ btrfs_cmp_data_prepare() --> calls gather_extent_pages() for range [768K, 1Mb[ and locks all pages in that range do_writepages() btrfs_writepages() extent_writepages() extent_write_cache_pages() __extent_writepage() writepage_delalloc() find_lock_delalloc_range() --> finds range [0, 1Mb[ lock_delalloc_pages() --> locks all pages in the range [0, 768K[ --> tries to lock page at offset 768K --> deadlock --> calls gather_extent_pages() to lock pages in the range [0, 256K[ --> deadlock, task at CPU 1 already locked that range and it's trying to lock the range we locked previously So fix this by making sure that during a dedup we always lock first the pages from the range with lower offset. Signed-off-by: Filipe Manana Signed-off-by: Chris Mason fs/btrfs/ioctl.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit 75d943f3e4222fdd4f907b71bd9d1730412e7ce9 Author: James Smart Date: Wed Feb 22 08:20:47 2017 -0800 scsi: lpfc: add missing Kconfig NVME dependencies Add missing Kconfig NVME dependencies. Signed-off-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 693dcc316525d15fcf5a0a8a8e1663985ebdb02c Author: James Smart Date: Sun Feb 12 13:52:40 2017 -0800 scsi: lpfc: Update lpfc version to 11.2.0.7 Update lpfc version to 11.2.0.7 Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Johannes Thumshirn Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d080abe0a8693c58a4b35b74bab3526d8b554ca3 Author: James Smart Date: Sun Feb 12 13:52:39 2017 -0800 scsi: lpfc: Update copyrights Update copyrights to 2017 for all files touched in this patch set Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Johannes Thumshirn Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/Makefile | 4 +++- drivers/scsi/lpfc/lpfc.h | 4 +++- drivers/scsi/lpfc/lpfc_attr.c | 4 +++- drivers/scsi/lpfc/lpfc_attr.h | 4 +++- drivers/scsi/lpfc/lpfc_bsg.c | 4 +++- drivers/scsi/lpfc/lpfc_bsg.h | 6 ++++-- drivers/scsi/lpfc/lpfc_compat.h | 4 +++- drivers/scsi/lpfc/lpfc_crtn.h | 4 +++- drivers/scsi/lpfc/lpfc_ct.c | 4 +++- drivers/scsi/lpfc/lpfc_debugfs.c | 4 +++- drivers/scsi/lpfc/lpfc_debugfs.h | 4 +++- drivers/scsi/lpfc/lpfc_disc.h | 4 +++- drivers/scsi/lpfc/lpfc_els.c | 4 +++- drivers/scsi/lpfc/lpfc_hbadisc.c | 4 +++- drivers/scsi/lpfc/lpfc_hw.h | 4 +++- drivers/scsi/lpfc/lpfc_hw4.h | 6 ++++-- drivers/scsi/lpfc/lpfc_ids.h | 4 +++- drivers/scsi/lpfc/lpfc_init.c | 6 ++++-- drivers/scsi/lpfc/lpfc_logmsg.h | 4 +++- drivers/scsi/lpfc/lpfc_mbox.c | 4 +++- drivers/scsi/lpfc/lpfc_mem.c | 4 +++- drivers/scsi/lpfc/lpfc_nl.h | 4 +++- drivers/scsi/lpfc/lpfc_nportdisc.c | 4 +++- drivers/scsi/lpfc/lpfc_nvme.c | 4 +++- drivers/scsi/lpfc/lpfc_nvme.h | 4 +++- drivers/scsi/lpfc/lpfc_nvmet.c | 6 ++++-- drivers/scsi/lpfc/lpfc_nvmet.h | 4 +++- drivers/scsi/lpfc/lpfc_scsi.c | 4 +++- drivers/scsi/lpfc/lpfc_scsi.h | 4 +++- drivers/scsi/lpfc/lpfc_sli.c | 4 +++- drivers/scsi/lpfc/lpfc_sli.h | 4 +++- drivers/scsi/lpfc/lpfc_sli4.h | 4 +++- drivers/scsi/lpfc/lpfc_version.h | 8 ++++++-- drivers/scsi/lpfc/lpfc_vport.c | 4 +++- drivers/scsi/lpfc/lpfc_vport.h | 4 +++- 35 files changed, 112 insertions(+), 40 deletions(-) commit 2b65e18202fd0f109b739dd6717286edca7a2b0d Author: James Smart Date: Sun Feb 12 13:52:38 2017 -0800 scsi: lpfc: NVME Target: Add debugfs support NVME Target: Add debugfs support Adds debugfs snippets to cover the new NVME target functionality Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_debugfs.c | 303 ++++++++++++++++++++++++++++++++++++- drivers/scsi/lpfc/lpfc_nvmet.c | 317 ++++++++++++++++++++++++++++++++++++++- drivers/scsi/lpfc/lpfc_nvmet.h | 13 ++ 3 files changed, 628 insertions(+), 5 deletions(-) commit d613b6a7aa922690e341c9ff0faba66ae299b5ad Author: James Smart Date: Sun Feb 12 13:52:37 2017 -0800 scsi: lpfc: NVME Target: bind to nvmet_fc api NVME Target: Tie in to NVME Fabrics nvmet_fc LLDD target api Adds the routines to: - register and deregister the FC port as a nvmet-fc targetport - binding of nvme queues to adapter WQs - receipt and passing of NVME LS's to transport, sending transport response - receipt of NVME FCP CMD IUs, processing FCP target io data transmission commands; transmission of FCP io response - Abort operations for tgt io exchanges [mkp: fixed space at end of file warning] Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/Makefile | 2 +- drivers/scsi/lpfc/lpfc_crtn.h | 10 + drivers/scsi/lpfc/lpfc_ct.c | 2 +- drivers/scsi/lpfc/lpfc_els.c | 5 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 10 +- drivers/scsi/lpfc/lpfc_init.c | 14 +- drivers/scsi/lpfc/lpfc_mem.c | 45 + drivers/scsi/lpfc/lpfc_nvmet.c | 1671 ++++++++++++++++++++++++++++++++++++++ drivers/scsi/lpfc/lpfc_sli.c | 8 +- 9 files changed, 1752 insertions(+), 15 deletions(-) commit 8c258641e01cfcc5620c4fb191300bea224bcc99 Author: James Smart Date: Sun Feb 12 13:52:36 2017 -0800 scsi: lpfc: NVME Target: Merge into FC discovery NVME Target: Merge into FC discovery Adds NVME PRLI handling and Nameserver registrations for NVME Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_ct.c | 8 +++- drivers/scsi/lpfc/lpfc_els.c | 61 ++++++++++++++++++++++++++++--- drivers/scsi/lpfc/lpfc_hbadisc.c | 27 ++++++++++++-- drivers/scsi/lpfc/lpfc_hw.h | 10 ++++- drivers/scsi/lpfc/lpfc_nportdisc.c | 75 ++++++++++++++++++++++++++++++++++++-- 5 files changed, 167 insertions(+), 14 deletions(-) commit 2d7dbc4c2775eb30df97be00090adbfcc7fc5086 Author: James Smart Date: Sun Feb 12 13:52:35 2017 -0800 scsi: lpfc: NVME Target: Receive buffer updates NVME Target: Receive buffer updates Allocates buffer pools and configures adapter interfaces to handle receive buffer (asynchronous FCP CMD ius, first burst data) from the adapter. Splits by protocol, etc. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 3 + drivers/scsi/lpfc/lpfc_attr.c | 81 +++++- drivers/scsi/lpfc/lpfc_crtn.h | 1 + drivers/scsi/lpfc/lpfc_debugfs.c | 25 +- drivers/scsi/lpfc/lpfc_hw4.h | 347 +++++++++++++++++++++- drivers/scsi/lpfc/lpfc_init.c | 233 ++++++++++++++- drivers/scsi/lpfc/lpfc_mbox.c | 87 ++++++ drivers/scsi/lpfc/lpfc_sli.c | 608 ++++++++++++++++++++++++++++++++++++++- drivers/scsi/lpfc/lpfc_sli4.h | 11 + 9 files changed, 1374 insertions(+), 22 deletions(-) commit f358dd0ca26c152a5e0922e269996268dcb98a9d Author: James Smart Date: Sun Feb 12 13:52:34 2017 -0800 scsi: lpfc: NVME Target: Base modifications NVME Target: Base modifications This set of patches adds the base modifications for NVME target support The base modifications consist of: - Additional module parameters or configuration tuning - Enablement of configuration mode for NVME target. Ties into the queueing model put into place by the initiator basemods patches. - Target-specific buffer pools, dma pools, sgl pools [mkp: fixed space at end of file] Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 6 + drivers/scsi/lpfc/lpfc_attr.c | 131 +++++++++++++++++++-- drivers/scsi/lpfc/lpfc_crtn.h | 10 ++ drivers/scsi/lpfc/lpfc_debugfs.c | 7 +- drivers/scsi/lpfc/lpfc_disc.h | 1 + drivers/scsi/lpfc/lpfc_hw4.h | 45 ++++++++ drivers/scsi/lpfc/lpfc_init.c | 244 +++++++++++++++++++++++++++++++++++++-- drivers/scsi/lpfc/lpfc_mem.c | 167 +++++++++++++++++++++++++++ drivers/scsi/lpfc/lpfc_nvmet.h | 101 ++++++++++++++++ drivers/scsi/lpfc/lpfc_sli.c | 107 ++++++++++++++++- drivers/scsi/lpfc/lpfc_sli.h | 2 + drivers/scsi/lpfc/lpfc_sli4.h | 6 + 12 files changed, 807 insertions(+), 20 deletions(-) commit bd2cdd5e400f5914bc30d5cfb0a0185cf51e4424 Author: James Smart Date: Sun Feb 12 13:52:33 2017 -0800 scsi: lpfc: NVME Initiator: Add debugfs support NVME Initiator: Add debugfs support Adds debugfs snippets to cover the new NVME initiator functionality Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 55 ++ drivers/scsi/lpfc/lpfc_crtn.h | 6 +- drivers/scsi/lpfc/lpfc_ct.c | 27 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1160 ++++++++++++++++++++++++++++++++++---- drivers/scsi/lpfc/lpfc_debugfs.h | 21 + drivers/scsi/lpfc/lpfc_nvme.c | 143 +++++ drivers/scsi/lpfc/lpfc_nvme.h | 7 + drivers/scsi/lpfc/lpfc_sli.c | 5 + 8 files changed, 1300 insertions(+), 124 deletions(-) commit 01649561a8b4b77247bd234f240d737367bb8a52 Author: James Smart Date: Sun Feb 12 13:52:32 2017 -0800 scsi: lpfc: NVME Initiator: bind to nvme_fc api NVME Initiator: Tie in to NVME Fabrics nvme_fc LLDD initiator api Adds the routines to: - register and deregister the FC port as a nvme-fc initiator localport - register and deregister remote FC ports as a nvme-fc remoteport - binding of nvme queues to adapter WQs - send/perform NVME LS's - send/perform NVME FCP initiator io operations Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/Makefile | 7 +- drivers/scsi/lpfc/lpfc.h | 5 + drivers/scsi/lpfc/lpfc_crtn.h | 10 + drivers/scsi/lpfc/lpfc_ct.c | 2 +- drivers/scsi/lpfc/lpfc_els.c | 4 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 15 +- drivers/scsi/lpfc/lpfc_init.c | 39 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 4 +- drivers/scsi/lpfc/lpfc_nvme.c | 2319 ++++++++++++++++++++++++++++++++++++ drivers/scsi/lpfc/lpfc_nvme.h | 6 + drivers/scsi/lpfc/lpfc_sli.c | 21 +- drivers/scsi/lpfc/lpfc_sli4.h | 1 + drivers/scsi/lpfc/lpfc_vport.c | 16 +- 13 files changed, 2411 insertions(+), 38 deletions(-) commit a0f2d3ef374fd8d2f51b8cc1ea723014b1aa2c9b Author: James Smart Date: Sun Feb 12 13:52:31 2017 -0800 scsi: lpfc: NVME Initiator: Merge into FC discovery NVME Initiator: Merge into FC discovery Adds NVME PRLI support and Nameserver registrations and Queries for NVME Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 6 +- drivers/scsi/lpfc/lpfc_ct.c | 357 ++++++++++++++++++++++++------------- drivers/scsi/lpfc/lpfc_disc.h | 19 +- drivers/scsi/lpfc/lpfc_els.c | 280 +++++++++++++++++++++-------- drivers/scsi/lpfc/lpfc_hbadisc.c | 169 ++++++++++++++---- drivers/scsi/lpfc/lpfc_hw.h | 69 ++++--- drivers/scsi/lpfc/lpfc_hw4.h | 43 +++++ drivers/scsi/lpfc/lpfc_init.c | 7 + drivers/scsi/lpfc/lpfc_nportdisc.c | 177 ++++++++++++++++-- drivers/scsi/lpfc/lpfc_scsi.c | 3 +- 10 files changed, 851 insertions(+), 279 deletions(-) commit 895427bd012ce5814fc9888c7c0ee9de44761833 Author: James Smart Date: Sun Feb 12 13:52:30 2017 -0800 scsi: lpfc: NVME Initiator: Base modifications NVME Initiator: Base modifications This patch adds base modifications for NVME initiator support. The base modifications consist of: - Formal split of SLI3 rings from SLI-4 WQs (sometimes referred to as rings as well) as implementation now widely varies between the two. - Addition of configuration modes: SCSI initiator only; NVME initiator only; NVME target only; and SCSI and NVME initiator. The configuration mode drives overall adapter configuration, offloads enabled, and resource splits. NVME support is only available on SLI-4 devices and newer fw. - Implements the following based on configuration mode: - Exchange resources are split by protocol; Obviously, if only 1 mode, then no split occurs. Default is 50/50. module attribute allows tuning. - Pools and config parameters are separated per-protocol - Each protocol has it's own set of queues, but share interrupt vectors. SCSI: SLI3 devices have few queues and the original style of queue allocation remains. SLI4 devices piggy back on an "io-channel" concept that eventually needs to merge with scsi-mq/blk-mq support (it is underway). For now, the paradigm continues as it existed prior. io channel allocates N msix and N WQs (N=4 default) and either round robins or uses cpu # modulo N for scheduling. A bunch of module parameters allow the configuration to be tuned. NVME (initiator): Allocates an msix per cpu (or whatever pci_alloc_irq_vectors gets) Allocates a WQ per cpu, and maps the WQs to msix on a WQ # modulo msix vector count basis. Module parameters exist to cap/control the config if desired. - Each protocol has its own buffer and dma pools. I apologize for the size of the patch. Signed-off-by: Dick Kennedy Signed-off-by: James Smart ---- Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 80 +- drivers/scsi/lpfc/lpfc_attr.c | 374 ++++++- drivers/scsi/lpfc/lpfc_bsg.c | 27 +- drivers/scsi/lpfc/lpfc_crtn.h | 27 +- drivers/scsi/lpfc/lpfc_debugfs.c | 178 ++- drivers/scsi/lpfc/lpfc_debugfs.h | 72 +- drivers/scsi/lpfc/lpfc_els.c | 38 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 157 ++- drivers/scsi/lpfc/lpfc_hw.h | 3 +- drivers/scsi/lpfc/lpfc_hw4.h | 63 +- drivers/scsi/lpfc/lpfc_init.c | 2141 ++++++++++++++++++++---------------- drivers/scsi/lpfc/lpfc_logmsg.h | 4 + drivers/scsi/lpfc/lpfc_mbox.c | 23 +- drivers/scsi/lpfc/lpfc_mem.c | 62 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 7 +- drivers/scsi/lpfc/lpfc_nvme.h | 88 ++ drivers/scsi/lpfc/lpfc_scsi.c | 101 +- drivers/scsi/lpfc/lpfc_scsi.h | 6 + drivers/scsi/lpfc/lpfc_sli.c | 1429 +++++++++++++++++------- drivers/scsi/lpfc/lpfc_sli.h | 30 +- drivers/scsi/lpfc/lpfc_sli4.h | 75 +- drivers/scsi/lpfc/lpfc_vport.c | 2 + 22 files changed, 3353 insertions(+), 1634 deletions(-) commit 1d9d5a9879ad493ee7cf75987df1f365c61fefe5 Author: James Smart Date: Sun Feb 12 13:52:29 2017 -0800 scsi: lpfc: refactor debugfs queue dump routines Create common wq, cq, eq, rq dump functions Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_debugfs.c | 22 ++-- drivers/scsi/lpfc/lpfc_debugfs.h | 214 ++++++++++++++++----------------------- 2 files changed, 101 insertions(+), 135 deletions(-) commit 07bcd98efba2edd2bd2230e24f6a46a09991e2a4 Author: James Smart Date: Sun Feb 12 13:52:28 2017 -0800 scsi: lpfc: refactor debugfs queue prints Create common wq, cq, eq, rq print functions Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Johannes Thumshirn Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 1 + drivers/scsi/lpfc/lpfc_debugfs.c | 564 ++++++++++++++++----------------------- 2 files changed, 228 insertions(+), 337 deletions(-) commit 2ea259eead133026ac6a3fbfa040cc58a96cae44 Author: James Smart Date: Sun Feb 12 13:52:27 2017 -0800 scsi: lpfc: minor code cleanups This contains code cleanups that were in the prior patch set. This allows better review of real changes later. minor code cleanups: fix indentation, punctuation, line length addition/reduction of whitespace remove unneeded parens, braces lpfc_debugfs_nodelist_data: print as u64 rather than byte by byte covert printk(KERN_ERR to pr_err small print string deltas use num_present_cpus() rather than count them comment updates rctl/type names moved to module variable, not on stack Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Johannes Thumshirn Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_attr.c | 8 ++-- drivers/scsi/lpfc/lpfc_bsg.c | 2 +- drivers/scsi/lpfc/lpfc_debugfs.c | 81 +++++++++++++++++++--------------------- drivers/scsi/lpfc/lpfc_hbadisc.c | 7 ++-- drivers/scsi/lpfc/lpfc_init.c | 19 ++++++---- drivers/scsi/lpfc/lpfc_scsi.c | 3 +- drivers/scsi/lpfc/lpfc_scsi.h | 12 +++--- drivers/scsi/lpfc/lpfc_sli.c | 48 +++++++++++++----------- drivers/scsi/lpfc/lpfc_sli.h | 6 +-- drivers/scsi/lpfc/lpfc_vport.c | 1 + 10 files changed, 98 insertions(+), 89 deletions(-) commit 45ffac1976c580ac20d926257b2f6320ce1b210f Author: Christoph Hellwig Date: Sun Feb 12 13:52:26 2017 -0800 scsi: lpfc: use pci_irq_alloc_vectors and pci_irq_free_vectors This avoids having to store the msix_entries array and simpliefies the shutdown and cleanup path a lot. Signed-off-by: Christoph Hellwig Signed-off-by: James Smart Reviewed-by: Johannes Thumshirn Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc.h | 2 - drivers/scsi/lpfc/lpfc_init.c | 240 ++++++++++-------------------------------- drivers/scsi/lpfc/lpfc_sli4.h | 1 - 3 files changed, 54 insertions(+), 189 deletions(-) commit 8ea73db486cda442f0671f4bc9c03a76be398a28 Author: James Smart Date: Sun Feb 12 13:52:25 2017 -0800 scsi: lpfc: Correct WQ creation for pagesize Correct WQ creation for pagesize The driver was calculating the adapter command pagesize indicator from the system pagesize. However, the buffers the driver allocates are only one size (SLI4_PAGE_SIZE), so no calculation was necessary. Signed-off-by: Dick Kennedy Signed-off-by: James Smart Reviewed-by: Hannes Reinecke Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_hw4.h | 2 ++ drivers/scsi/lpfc/lpfc_sli.c | 9 +++++---- 2 files changed, 7 insertions(+), 4 deletions(-) commit 943445200b049d5179b95297e5372d399c8ab0e2 Author: Matthew R. Ochs Date: Thu Feb 16 21:39:32 2017 -0600 scsi: cxlflash: Enable PCI device ID for future IBM CXL Flash AFU Add support for a future IBM Coherent Accelerator (CXL) flash AFU with an ID of 0x0624. Signed-off-by: Matthew R. Ochs Signed-off-by: Uma Krishnan Signed-off-by: Martin K. Petersen drivers/scsi/cxlflash/main.c | 4 ++++ drivers/scsi/cxlflash/main.h | 1 + 2 files changed, 5 insertions(+) commit 857de6e00778738dc3d61f75acbac35bdc48e533 Author: Hannes Reinecke Date: Fri Feb 17 09:02:45 2017 +0100 scsi: use 'scsi_device_from_queue()' for scsi_dh The device handler needs to check if a given queue belongs to a scsi device; only then does it make sense to attach a device handler. [mkp: dropped flags] Cc: Signed-off-by: Hannes Reinecke Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/scsi_dh.c | 22 ++++------------------ drivers/scsi/scsi_lib.c | 23 +++++++++++++++++++++++ include/scsi/scsi_device.h | 1 + 3 files changed, 28 insertions(+), 18 deletions(-) commit f22aaec97d889f3fbf89b185309bdc98b8202eda Author: Subhash Jadavani Date: Fri Feb 17 13:53:41 2017 -0800 scsi: ufs-qcom: remove redundant condition check Dan Carpenter reported this: The patch 9c46b8676271: "scsi: ufs-qcom: dump additional testbus registers" from Feb 3, 2017, leads to the following static checker warning: drivers/scsi/ufs/ufs-qcom.c:1531 ufs_qcom_testbus_cfg_is_ok() warn: impossible condition '(host->testbus.select_minor > 255) => (0-255 > 255)' drivers/scsi/ufs/ufs-qcom.c 1517 static bool ufs_qcom_testbus_cfg_is_ok(struct ufs_qcom_host *host) 1518 { 1519 if (host->testbus.select_major >= TSTBUS_MAX) { 1520 dev_err(host->hba->dev, 1521 "%s: UFS_CFG1[TEST_BUS_SEL} may not equal 0x%05X\n", 1522 __func__, host->testbus.select_major); 1523 return false; 1524 } 1525 1526 /* 1527 * Not performing check for each individual select_major 1528 * mappings of select_minor, since there is no harm in 1529 * configuring a non-existent select_minor 1530 */ 1531 if (host->testbus.select_minor > 0xFF) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It might make sense to keep this check. I don't know. But it's confusing that 0xFF is a magic number. Better to make it a define. 1532 dev_err(host->hba->dev, 1533 "%s: 0x%05X is not a legal testbus option\n", 1534 __func__, host->testbus.select_minor); 1535 return false; 1536 } 1537 1538 return true; 1539 } --- As data type of "select_minor" is u8, above check is redundant. This change removes it. Reported-by: Dan Carpenter Signed-off-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufs-qcom.c | 12 ------------ 1 file changed, 12 deletions(-) commit ed10858eadd4988260c6bc7d75fc25176342b5a7 Author: Arnd Bergmann Date: Fri Feb 17 16:03:52 2017 +0100 scsi: smartpqi: fix time handling When we have turned off RTC support, the smartpqi driver fails to build: ERROR: "rtc_time64_to_tm" [drivers/scsi/smartpqi/smartpqi.ko] undefined! This is easily avoided by using the generic 'struct tm' based helper rather than the RTC specific one. While fixing this, I noticed that even though the driver uses time64_t for storing seconds, it gets them from the old 32-bit struct timeval. To address this, we can simplify the code by calling ktime_get_real_seconds() directly. Fixes: 6c223761eb54 ("smartpqi: initial commit of Microsemi smartpqi driver") Signed-off-by: Arnd Bergmann Acked-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/smartpqi/smartpqi_init.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 0662cc968aceaca34848e63f431e585f4f71f746 Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:24 2017 -0800 scsi: aacraid: Update driver version Updated driver version to 50792 Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/aacraid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d844752e1801099f92c178845f56412861a2b4af Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:23 2017 -0800 scsi: aacraid: Fix a potential spinlock double unlock bug The driver does not unlock the reply queue spin lock after handling SMART adapter events. Instead it might attempt to unlock an already unlocked spin lock. Fixed by making sure the driver locks the spin lock before freeing it. Thank you dan for finding this issue out. Fixes: 6223a39fe6fbbeef (scsi: aacraid: Added support for hotplug) Reported-by: Dan Carpenter Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commsup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 09624645e1e85df8d68b04de6e0607d696268333 Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:22 2017 -0800 scsi: aacraid: Save adapter fib log before an IOP reset Currently the adapter firmware does not save outstanding I/O's log information when an IOP reset is triggered. This is problematic when trying to root cause and debug issues. Fixed by adding sync command to trigger I/O log file save in the adapter firmware before issuing an IOP reset. Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/aachba.c | 4 ++++ drivers/scsi/aacraid/aacraid.h | 6 ++++++ drivers/scsi/aacraid/src.c | 17 +++++++++++++++++ 3 files changed, 27 insertions(+) commit c421530bf848604e97d0785a03b3fe2c62775083 Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:21 2017 -0800 scsi: aacraid: Reorder Adapter status check The driver currently checks the SELF_TEST_FAILED first and then KERNEL_PANIC next. Under error conditions(boot code failure) both SELF_TEST_FAILED and KERNEL_PANIC can be set at the same time. The driver has the capability to reset the controller on an KERNEL_PANIC, but not on SELF_TEST_FAILED. Fixed by first checking KERNEL_PANIC and then the others. Cc: stable@vger.kernel.org Fixes: e8b12f0fb835223752 ([SCSI] aacraid: Add new code for PMC-Sierra's SRC base controller family) Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/src.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) commit 146aa1786d4978795cab5347d810e00236dea1c3 Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:20 2017 -0800 scsi: aacraid: Skip IOP reset on controller panic(SMART Family) When the SMART family of controller panic (KERNEL_PANIC) , they do not honor IOP resets. So better to skip it and directly perform a IWBR reset. Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/src.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 11da1b7c4856de05e00f50f54efe2f5349214d5b Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:19 2017 -0800 scsi: aacraid: Decrease adapter health check interval Currently driver checks the health status of the adapter once every 24 hours. When that happens the driver becomes dependent on the kernel to figure out if the adapter is misbehaving. This might take some time (when the adapter is idle). The driver currently has support to restart/recover the controller when it fails, and decreasing the time interval will help. Fixed by decreasing check interval from 24 hours to 1 minute Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/aachba.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a2d0321dd532901ea64118ed5a752fa6e447d1da Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:18 2017 -0800 scsi: aacraid: Reload offlined drives after controller reset During the IOP reset stress testing, it was found that the drives can be marked offline when the adapter controller crashes and IO's are running in parallel. When the controller does come back from the reset, the drive that is marked offline is not exposed. Fixed by removing and adding drives that are marked offline. In addition invoke a scsi host bus rescan to capture any additional configuration changes. Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commsup.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 849ac6a591bf7b5777fdb6ce65030f32a7c73e1a Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:17 2017 -0800 scsi: aacraid: Skip wellness sync on controller failure aac_command_thread checks on the health of controller periodically, using aac_check_health. If the status is an error state KERNEL_PANIC or anything else. The driver will attempt to restart the adapter, but the response is not checked in aac_command_thread. This allows the periodic sync to go thru and lead the driver to a hung state. Fixed by terminating the periodic loop(intended per original design), if the controller is not restored to a healthy state. Cc: stable@vger.kernel.org Fixes: 3d77d8404478353358 (scsi: aacraid: Added support for periodic wellness sync) Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commsup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a7e2c642844cfefd570cb54a8d9fe7b85605311b Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:16 2017 -0800 scsi: aacraid: Fix sync fibs time out on controller reset After controller shutdown, all sync fibs time out due to not knowing about the switch to INT-x mode Fixed by replacing aac_src_access_devreg() to aac_set_intx_mode() call. Cc: stable@vger.kernel.org Fixes: 495c021767bd78c998 (aacraid: MSI-x support) Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/aacraid.h | 1 + drivers/scsi/aacraid/comminit.c | 2 +- drivers/scsi/aacraid/src.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) commit 30202e067a81754cb78cb823b7ce7e7cddd040e2 Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:15 2017 -0800 scsi: aacraid: Added sysfs for driver version Added support to retrieve driver version from a new sysfs variable called driver_version. It makes it easier for the user to figure out the driver version that is currently running. Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/linit.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 1bff5abca65d4b9761fcc992ab6288243220003d Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:14 2017 -0800 scsi: aacraid: Fix memory leak in fib init path aac_fib_map_free frees misaligned fib dma memory, additionally it does not free up the whole memory. Fixed by changing the code to free up the correct and full memory allocation. Cc: stable@vger.kernel.org Fixes: e8b12f0fb835223 ([SCSI] aacraid: Add new code for PMC-Sierra's SRC based controller family) Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commsup.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) commit a0c6143e95c5b9e1f2d83e005e4e86ed3dc6096f Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:13 2017 -0800 scsi: aacraid: Prevent E3 lockup when deleting units Arrconf management utility at times sends fibs with AdapterProcessed set in its fibs. This causes the controller to panic and lockup. Fixed by failing the commands that have AdapterProcessed set in its flag. Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commsup.c | 4 ++++ 1 file changed, 4 insertions(+) commit 16ae9dd35d374182ce955063100fce66a9974e74 Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:12 2017 -0800 scsi: aacraid: Fix for excessive prints on EEH This issue showed up on a kdump debug(single CPU on powerkvm), when EEH errors rendered the adapter unusable. The driver correctly detected the issue and attempted to restart the controller, in doing so the driver attempted to read the status registers of the controller. This triggered additional eeh errors which continued for a good 6 minutes. Fixed by returning without waiting when EEH error is reported. Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commsup.c | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) commit f3ef4a74dc3712ef0ce60d652aa87b1ba70cb2a4 Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:11 2017 -0800 scsi: aacraid: Use correct channel number for raw srb The channel being used for raw srb commands is retrieved from the utility sent fibs and is converted into physical channel id. The driver does not need to to do this since the management utility sends the correct channel id in the first place and in addition the driver sets inaccurate information in the cmd sent to the firmware and gets an invalid response. Fixed by using channel id from srb command. Cc: stable@vger.kernel.org Fixes: 423400e64d377c0 ("scsi: aacraid: Include HBA direct interface") Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/commctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1c68856e6ea8abd714415e52ef88943c022e24f0 Author: Raghava Aditya Renukunta Date: Thu Feb 16 12:51:10 2017 -0800 scsi: aacraid: Fix camel case Replaced camel case with snake case for init supported options. Suggested-by: Johannes Thumshirn Signed-off-by: Raghava Aditya Renukunta Reviewed-by: David Carroll Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/aachba.c | 53 ++++++++++++----------- drivers/scsi/aacraid/aacraid.h | 98 +++++++++++++++++++++--------------------- drivers/scsi/aacraid/commsup.c | 6 +-- drivers/scsi/aacraid/linit.c | 32 +++++++------- drivers/scsi/aacraid/rx.c | 2 +- drivers/scsi/aacraid/src.c | 2 +- 6 files changed, 100 insertions(+), 93 deletions(-) commit 187368a5c7ad6c41159b85025a87d6d136eb8d4b Author: Rex Zhu Date: Wed Feb 15 15:48:40 2017 +0800 drm/amd/powerplay: fix PSI feature on Polars12. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.c | 22 ++++++++++++++++++++++ drivers/gpu/drm/amd/powerplay/hwmgr/ppatomctrl.h | 3 +++ drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.c | 9 +++++++++ drivers/gpu/drm/amd/powerplay/hwmgr/smu7_hwmgr.h | 2 +- .../gpu/drm/amd/powerplay/smumgr/polaris10_smc.c | 2 +- 5 files changed, 36 insertions(+), 2 deletions(-) commit d7276e321ff8a53106a59c85ca46d03e34288893 Author: Kees Cook Date: Tue Feb 7 15:18:51 2017 -0800 seccomp: Only dump core when single-threaded The SECCOMP_RET_KILL filter return code has always killed the current thread, not the entire process. Changing this as a side-effect of dumping core isn't a safe thing to do (a few test suites have already flagged this behavioral change). Instead, restore the RET_KILL semantics, but still dump core when a RET_KILL delivers SIGSYS to a single-threaded process. Fixes: b25e67161c29 ("seccomp: dump core when using SECCOMP_RET_KILL") Signed-off-by: Kees Cook Acked-by: Andrei Vagin Signed-off-by: James Morris kernel/seccomp.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 124298bd03acebd9c9da29a794718aca31bec1f7 Author: Daniel Roschka Date: Wed Feb 22 15:17:29 2017 -0700 nvme: detect NVMe controller in recent MacBooks Adds support for detection of the NVMe controller found in the following recent MacBooks: - Retina MacBook 2016 (MacBook9,1) - 13" MacBook Pro 2016 without Touch Bar (MacBook13,1) - 13" MacBook Pro 2016 with Touch Bar (MacBook13,2) Signed-off-by: Daniel Roschka Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 1 + 1 file changed, 1 insertion(+) commit eee2faabc63d863a129000b698a2bca54dff643d Author: Alexey Kodanev Date: Wed Feb 22 13:23:56 2017 +0300 tcp: account for ts offset only if tsecr not zero We can get SYN with zero tsecr, don't apply offset in this case. Fixes: ee684b6f2830 ("tcp: send packets with a socket timestamp") Signed-off-by: Alexey Kodanev Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_minisocks.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 00355fa5bb89840c48eb11eb6d84c6c3b128a839 Author: Alexey Kodanev Date: Wed Feb 22 13:23:55 2017 +0300 tcp: setup timestamp offset when write_seq already set Found that when randomized tcp offsets are enabled (by default) TCP client can still start new connections without them. Later, if server does active close and re-uses sockets in TIME-WAIT state, new SYN from client can be rejected on PAWS check inside tcp_timewait_state_process(), because either tw_ts_recent or rcv_tsval doesn't really have an offset set. Here is how to reproduce it with LTP netstress tool: netstress -R 1 & netstress -H 127.0.0.1 -lr 1000000 -a1 [...] < S seq 1956977072 win 43690 TS val 295618 ecr 459956970 > . ack 1956911535 win 342 TS val 459967184 ecr 1547117608 < R seq 1956911535 win 0 length 0 +1. < S seq 1956977072 win 43690 TS val 296640 ecr 459956970 > S. seq 657450664 ack 1956977073 win 43690 TS val 459968205 ecr 296640 Fixes: 95a22caee396 ("tcp: randomize tcp timestamp offsets for each connection") Signed-off-by: Alexey Kodanev Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_ipv4.c | 16 ++++++++++------ net/ipv6/tcp_ipv6.c | 16 ++++++++++------ 2 files changed, 20 insertions(+), 12 deletions(-) commit 9f3768e02335ddd6ebe1d85d5cb3a68ee6264004 Author: Frédéric Weisbecker Date: Tue Feb 21 16:18:41 2017 +0100 powerpc: Remove leftover cputime_to_nsecs call causing build error This type conversion is a leftover that got ignored during the kcpustat conversion to nanosecs, resulting in build breakage with config having CONFIG_NO_HZ_FULL=y. arch/powerpc/kernel/time.c: In function 'running_clock': arch/powerpc/kernel/time.c:712:2: error: implicit declaration of function 'cputime_to_nsecs' [-Werror=implicit-function-declaration] return local_clock() - cputime_to_nsecs(kcpustat_this_cpu->cpustat[CPUTIME_STEAL]); All we need is to remove it. Fixes: e7f340ca9c07 ("powerpc, sched/cputime: Remove unused cputime definitions") Reported-by: Abdul Haleem Signed-off-by: Frederic Weisbecker Signed-off-by: Michael Ellerman arch/powerpc/kernel/time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fda2d27db6eae5c2468f9e4657539b72bbc238bb Author: Aneesh Kumar K.V Date: Wed Feb 22 10:42:02 2017 +0530 powerpc/mm/hash: Always clear UPRT and Host Radix bits when setting up CPU We will set LPCR with correct value for radix during int. This make sure we start with a sanitized value of LPCR. In case of kexec, cpus can have LPCR value based on the previous translation mode we were running. Fixes: fe036a0605d60 ("powerpc/64/kexec: Fix MMU cleanup on radix") Cc: stable@vger.kernel.org # v4.9+ Acked-by: Michael Neuling Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman arch/powerpc/kernel/cpu_setup_power.S | 4 ++++ 1 file changed, 4 insertions(+) commit f558b37bf4c35a54e1949f6533f39c64091bf60d Author: Naveen N. Rao Date: Tue Feb 21 20:30:47 2017 +0530 powerpc/optprobes: Fix TOC handling in optprobes trampoline Optprobes on powerpc are limited to kernel text area. We decided to also optimize kretprobe_trampoline since that is also in kernel text area. However,we failed to take into consideration the fact that the same trampoline is also used to catch function returns from kernel modules. As an example: $ sudo modprobe kobject-example $ sudo bash -c "echo 'r foo_show+8' > /sys/kernel/debug/tracing/kprobe_events" $ sudo bash -c "echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable" $ sudo cat /sys/kernel/debug/kprobes/list c000000000041350 k kretprobe_trampoline+0x0 [OPTIMIZED] d000000000e00200 r foo_show+0x8 kobject_example $ cat /sys/kernel/kobject_example/foo Segmentation fault With the below (trimmed) splat in dmesg: Unable to handle kernel paging request for data at address 0xfec40000 Faulting instruction address: 0xc000000000041540 Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c000000000041540] optimized_callback+0x70/0xe0 LR [c000000000041e60] optinsn_slot+0xf8/0x10000 Call Trace: [c0000000c7327850] [c000000000289af4] alloc_set_pte+0x1c4/0x860 (unreliable) [c0000000c7327890] [c000000000041e60] optinsn_slot+0xf8/0x10000 --- interrupt: 700 at 0xc0000000c7327a80 LR = kretprobe_trampoline+0x0/0x10 [c0000000c7327ba0] [c0000000003a30d4] sysfs_kf_seq_show+0x104/0x1d0 [c0000000c7327bf0] [c0000000003a0bb4] kernfs_seq_show+0x44/0x60 [c0000000c7327c10] [c000000000330578] seq_read+0xf8/0x560 [c0000000c7327cb0] [c0000000003a1e64] kernfs_fop_read+0x194/0x260 [c0000000c7327d00] [c0000000002f9954] __vfs_read+0x44/0x1a0 [c0000000c7327d90] [c0000000002fb4cc] vfs_read+0xbc/0x1b0 [c0000000c7327de0] [c0000000002fd138] SyS_read+0x68/0x110 [c0000000c7327e30] [c00000000000b8e0] system_call+0x38/0xfc Fix this by loading up the kernel TOC before calling into the kernel. The original TOC gets restored as part of the usual pt_regs restore. Fixes: 762df10bad69 ("powerpc/kprobes: Optimize kprobe in kretprobe_trampoline()") Signed-off-by: Naveen N. Rao Signed-off-by: Michael Ellerman arch/powerpc/kernel/optprobes_head.S | 7 +++++++ 1 file changed, 7 insertions(+) commit 0333ad4e4f49e14217256e1db1134a70cf60b2de Author: Jaegeuk Kim Date: Thu Dec 29 16:58:54 2016 -0800 f2fs: avoid needless checkpoint in f2fs_trim_fs The f2fs_trim_fs() doesn't need to do checkpoint if there are newly allocated data blocks only which didn't change the critical checkpoint data such as nat and sit entries. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit ec7cb62d18d854ea09df8b7194e7e710985f8b9a Author: Andrey Ryabinin Date: Wed Feb 22 12:35:27 2017 +0300 net/dccp: fix use after free in tw_timer_handler() DCCP doesn't purge timewait sockets on network namespace shutdown. So, after net namespace destroyed we could still have an active timer which will trigger use after free in tw_timer_handler(): BUG: KASAN: use-after-free in tw_timer_handler+0x4a/0xa0 at addr ffff88010e0d1e10 Read of size 8 by task swapper/1/0 Call Trace: __asan_load8+0x54/0x90 tw_timer_handler+0x4a/0xa0 call_timer_fn+0x127/0x480 expire_timers+0x1db/0x2e0 run_timer_softirq+0x12f/0x2a0 __do_softirq+0x105/0x5b4 irq_exit+0xdd/0xf0 smp_apic_timer_interrupt+0x57/0x70 apic_timer_interrupt+0x90/0xa0 Object at ffff88010e0d1bc0, in cache net_namespace size: 6848 Allocated: save_stack_trace+0x1b/0x20 kasan_kmalloc+0xee/0x180 kasan_slab_alloc+0x12/0x20 kmem_cache_alloc+0x134/0x310 copy_net_ns+0x8d/0x280 create_new_namespaces+0x23f/0x340 unshare_nsproxy_namespaces+0x75/0xf0 SyS_unshare+0x299/0x4f0 entry_SYSCALL_64_fastpath+0x18/0xad Freed: save_stack_trace+0x1b/0x20 kasan_slab_free+0xae/0x180 kmem_cache_free+0xb4/0x350 net_drop_ns+0x3f/0x50 cleanup_net+0x3df/0x450 process_one_work+0x419/0xbb0 worker_thread+0x92/0x850 kthread+0x192/0x1e0 ret_from_fork+0x2e/0x40 Add .exit_batch hook to dccp_v4_ops()/dccp_v6_ops() which will purge timewait sockets on net namespace destruction and prevent above issue. Fixes: f2bf415cfed7 ("mib: add net to NET_ADD_STATS_BH") Reported-by: Dmitry Vyukov Signed-off-by: Andrey Ryabinin Acked-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller net/dccp/ipv4.c | 6 ++++++ net/dccp/ipv6.c | 6 ++++++ 2 files changed, 12 insertions(+) commit 2618be7dccf8739b89e1906b64bd8d551af351e6 Author: Dmitry V. Levin Date: Mon Feb 20 14:58:41 2017 +0300 uapi: fix linux/if.h userspace compilation errors Include (guarded by ifndef __KERNEL__) to fix the following linux/if.h userspace compilation errors: /usr/include/linux/if.h:234:19: error: field 'ifru_addr' has incomplete type struct sockaddr ifru_addr; /usr/include/linux/if.h:235:19: error: field 'ifru_dstaddr' has incomplete type struct sockaddr ifru_dstaddr; /usr/include/linux/if.h:236:19: error: field 'ifru_broadaddr' has incomplete type struct sockaddr ifru_broadaddr; /usr/include/linux/if.h:237:19: error: field 'ifru_netmask' has incomplete type struct sockaddr ifru_netmask; /usr/include/linux/if.h:238:20: error: field 'ifru_hwaddr' has incomplete type struct sockaddr ifru_hwaddr; This also fixes userspace compilation of the following uapi headers: linux/atmbr2684.h linux/gsmmux.h linux/if_arp.h linux/if_bonding.h linux/if_frad.h linux/if_pppox.h linux/if_tunnel.h linux/netdevice.h linux/route.h linux/wireless.h As no uapi header provides a definition of struct sockaddr, inclusion of seems to be the most conservative and the only safe fix available. All current users of are very likely to be including already because the latter is the sole provider of struct sockaddr definition in libc, so adding a uapi header with a definition of struct sockaddr would create a potential conflict with . Replacing struct sockaddr in the definition of struct ifreq with a different type would create a potential incompatibility with current users of struct ifreq who might rely on ifru_addr et al members being of type struct sockaddr. Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/if.h | 4 ++++ 1 file changed, 4 insertions(+) commit 12d656af4e3d2781b9b9f52538593e1717e7c979 Author: Ridge Kennedy Date: Wed Feb 22 14:59:49 2017 +1300 l2tp: Avoid schedule while atomic in exit_net While destroying a network namespace that contains a L2TP tunnel a "BUG: scheduling while atomic" can be observed. Enabling lockdep shows that this is happening because l2tp_exit_net() is calling l2tp_tunnel_closeall() (via l2tp_tunnel_delete()) from within an RCU critical section. l2tp_exit_net() takes rcu_read_lock_bh() << list_for_each_entry_rcu() >> l2tp_tunnel_delete() l2tp_tunnel_closeall() __l2tp_session_unhash() synchronize_rcu() << Illegal inside RCU critical section >> BUG: sleeping function called from invalid context in_atomic(): 1, irqs_disabled(): 0, pid: 86, name: kworker/u16:2 INFO: lockdep is turned off. CPU: 2 PID: 86 Comm: kworker/u16:2 Tainted: G W O 4.4.6-at1 #2 Hardware name: Xen HVM domU, BIOS 4.6.1-xs125300 05/09/2016 Workqueue: netns cleanup_net 0000000000000000 ffff880202417b90 ffffffff812b0013 ffff880202410ac0 ffffffff81870de8 ffff880202417bb8 ffffffff8107aee8 ffffffff81870de8 0000000000000c51 0000000000000000 ffff880202417be0 ffffffff8107b024 Call Trace: [] dump_stack+0x85/0xc2 [] ___might_sleep+0x148/0x240 [] __might_sleep+0x44/0x80 [] synchronize_sched+0x2d/0xe0 [] ? trace_hardirqs_on+0xd/0x10 [] ? __local_bh_enable_ip+0x6b/0xc0 [] ? _raw_spin_unlock_bh+0x30/0x40 [] __l2tp_session_unhash+0x172/0x220 [] ? __l2tp_session_unhash+0x87/0x220 [] l2tp_tunnel_closeall+0x9b/0x140 [] l2tp_tunnel_delete+0x14/0x60 [] l2tp_exit_net+0x110/0x270 [] ? l2tp_exit_net+0x9c/0x270 [] ops_exit_list.isra.6+0x33/0x60 [] cleanup_net+0x1b6/0x280 ... This bug can easily be reproduced with a few steps: $ sudo unshare -n bash # Create a shell in a new namespace # ip link set lo up # ip addr add 127.0.0.1 dev lo # ip l2tp add tunnel remote 127.0.0.1 local 127.0.0.1 tunnel_id 1 \ peer_tunnel_id 1 udp_sport 50000 udp_dport 50000 # ip l2tp add session name foo tunnel_id 1 session_id 1 \ peer_session_id 1 # ip link set foo up # exit # Exit the shell, in turn exiting the namespace $ dmesg ... [942121.089216] BUG: scheduling while atomic: kworker/u16:3/13872/0x00000200 ... To fix this, move the call to l2tp_tunnel_closeall() out of the RCU critical section, and instead call it from l2tp_tunnel_del_work(), which is running from the l2tp_wq workqueue. Fixes: 2b551c6e7d5b ("l2tp: close sessions before initiating tunnel delete") Signed-off-by: Ridge Kennedy Acked-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit db690328a7df0b507f7d59de0c7e1bbe8f4b9e6a Author: Stephen Rothwell Date: Wed Feb 15 11:30:03 2017 +1100 RDMA/bnxt_re: fix for "bnxt_en: Update to firmware interface spec 1.7.0." When the firmware interface spec was updated, a constant element was renamed. The rename missed the instances in the bnxt_re driver because it wasn't upstream yet. This updates the bnxt_re driver with the rename. Signed-off-by: Stephen Rothwell Signed-off-by: Doug Ledford drivers/infiniband/hw/bnxt_re/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ff2924583b7211b062ee5433924256f99011b0d9 Author: Bhumika Goyal Date: Wed Feb 22 00:17:48 2017 +0530 qlogic: netxen: constify bin_attribute structures Declare bin_attribute structures as const as they are only passed as an arguments to the functions device_remove_bin_file and device_create_bin_file. These function arguments are of type const, so bin_attribute structures having this property can be made const too. Done using Coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct bin_attribute i@p = {...}; @ok1@ identifier r1.i; position p,p1; @@ ( device_remove_bin_file(...,&i@p) | device_create_bin_file(..., &i@p1) ) @bad@ position p!={r1.p,ok1.p,ok1.p1}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct bin_attribute i; Signed-off-by: Bhumika Goyal Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 0ccea2210c7ed486c688cd05fd1b674d95ef9894 Author: Bhumika Goyal Date: Wed Feb 22 00:11:17 2017 +0530 qlogic: qlcnic_sysfs: constify bin_attribute structures Declare bin_attribute structures as const as they are only passed as an arguments to the functions device_remove_bin_file and device_create_bin_file. These function arguments are of type const, so bin_attribute structures having this property can be made const too. Done using Coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct bin_attribute i@p = {...}; @ok1@ identifier r1.i; position p,p1; @@ ( device_remove_bin_file(...,&i@p) | device_create_bin_file(..., &i@p1) ) @bad@ position p!={r1.p,ok1.p,ok1.p1}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct bin_attribute i; Signed-off-by: Bhumika Goyal Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qlcnic/qlcnic_sysfs.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit a577ca6badb5261d3fa1bcbb3332ae7874f1a3a2 Author: Christian Lamparter Date: Mon Feb 20 20:10:58 2017 +0100 net: emac: add support for device-tree based PHY discovery and setup This patch adds glue-code that allows the EMAC driver to interface with the existing dt-supported PHYs in drivers/net/phy. Because currently, the emac driver maintains a small library of supported phys for in a private phy.c file located in the drivers directory. The support is limited to mostly single ethernet transceiver like the: CIS8201, BCM5248, ET1011C, Marvell 88E1111 and 88E1112, AR8035. However, routers like the Netgear WNDR4700 and Cisco Meraki MX60(W) have a 5-port switch (AR8327N) attached to the EMAC. The switch chip is supported by the qca8k mdio driver, which uses the generic phy library. Another reason is that PHYLIB also supports the BCM54610, which was used for the Western Digital My Book Live. This will now also make EMAC select PHYLIB. Signed-off-by: Christian Lamparter Signed-off-by: David S. Miller drivers/net/ethernet/ibm/emac/Kconfig | 1 + drivers/net/ethernet/ibm/emac/core.c | 254 +++++++++++++++++++++++++++++++++- drivers/net/ethernet/ibm/emac/core.h | 4 + 3 files changed, 252 insertions(+), 7 deletions(-) commit f2625f7db4dd0bbd16a9c7d2950e7621f9aa57ad Author: Steve Wise Date: Tue Feb 21 11:21:57 2017 -0800 rdma_cm: fail iwarp accepts w/o connection params cma_accept_iw() needs to return an error if conn_params is NULL. Since this is coming from user space, we can crash. Reported-by: Shaobo He Acked-by: Sean Hefty Signed-off-by: Steve Wise Cc: stable@vger.kernel.org Signed-off-by: Doug Ledford drivers/infiniband/core/cma.c | 3 +++ 1 file changed, 3 insertions(+) commit 8f4e8dace3d182132c8ffbcf243dda85def6c209 Author: Max Gurtovoy Date: Sun Feb 19 20:08:03 2017 +0200 nvme-rdma: add support for host_traddr This will enable the user to control the specific interface for connection establishment in case the host has more than 1 interface under the same subnet. E.g: Host interfaces configured as: - ib0 1.1.1.1/16 - ib1 1.1.1.2/16 Target interfaces configured as: - ib0 1.1.1.3/16 (listener interface) - ib1 1.1.1.4/16 the following connect command will go through host iface ib0 (default): nvme connect -t rdma -n testsubsystem -a 1.1.1.3 -s 1023 but the following command will go through host iface ib1: nvme connect -t rdma -n testsubsystem -a 1.1.1.3 -s 1023 -w 1.1.1.2 Signed-off-by: Max Gurtovoy Reviewed-by: Parav Pandit Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/rdma.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) commit 6ccaeb56004a14329b033968a687324c96d295bf Author: Christophe JAILLET Date: Sun Feb 19 20:04:38 2017 +0100 nvmet-rdma: Fix error handling According to the preceeding goto, it is likely that 'out_destroy_sq' was expected here. Signed-off-by: Christophe JAILLET Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/target/rdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7a01a6ea2c636769f9d029b026549bebc406094a Author: Max Gurtovoy Date: Mon Feb 20 13:44:29 2017 +0200 nvmet-rdma: use nvme cm status helper Also remove redundant debug prints. Signed-off-by: Max Gurtovoy Reviewed-by: Parav Pandit Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/target/rdma.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 3ee80c3d15b61e61611903033df414a0590cfde9 Author: Max Gurtovoy Date: Mon Feb 20 13:44:28 2017 +0200 nvme-rdma: move nvme cm status helper to .h file This will enable the usage for nvme rdma target. Also move from a lookup array to a switch statement. Signed-off-by: Max Gurtovoy Reviewed-by: Parav Pandit Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/rdma.c | 22 ---------------------- include/linux/nvme-rdma.h | 24 ++++++++++++++++++++++++ 2 files changed, 24 insertions(+), 22 deletions(-) commit faef3af69dd7976315d37316698a436b81d05363 Author: James Smart Date: Fri Feb 17 07:57:28 2017 -0800 nvme-fc: don't bother to validate ioccsz and iorcsz Discovery controllers don't set the values. They are in reserved areas of the Identify Controller data structure. Given the cmd completed, the minimal capsule sizes are supported, so no need to check nqn to detect discovery controllers and special case validations. Signed-off-by: James Smart Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/fc.c | 12 ------------ 1 file changed, 12 deletions(-) commit 9ef3932e250f8e2e11ffbc0c1f28b3ba5dc40cd6 Author: Keith Busch Date: Fri Feb 10 18:15:52 2017 -0500 nvme/pci: No special case for queue busy on IO This driver previously required we have a special check for IO submitted to nvme IO queues that are temporarily suspended. That is no longer necessary since blk-mq provides a quiesce, so any IO that actually gets submitted to such a queue must be ended since the queue isn't going to start back up. This is fixing a condition where we have fewer IO queues after a controller reset. This may happen if the number of CPU's has changed, or controller firmware update changed the queue count, for example. While it may be possible to complete the IO on a different queue, the block layer does not provide a way to resubmit a request on a different hardware context once the request has entered the queue. We don't want these requests to be stuck indefinitely either, so ending them in error is our only option at the moment. Signed-off-by: Keith Busch Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit f33447b90e96076483525b21cc4e0a8977cdd07c Author: Keith Busch Date: Fri Feb 10 18:15:51 2017 -0500 nvme/core: Fix race kicking freed request_queue If a namespace has already been marked dead, we don't want to kick the request_queue again since we may have just freed it from another thread. Signed-off-by: Keith Busch Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 6db28eda266052f86a6b402422de61eeb7d2e351 Author: Keith Busch Date: Fri Feb 10 18:15:49 2017 -0500 nvme/pci: Disable on removal when disconnected If the device is not present, the driver should disable the queues immediately. Prior to this, the driver was relying on the watchdog timer to kill the queues if requests were outstanding to the device, and that just delays removal up to one second. Signed-off-by: Keith Busch Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit c5552fde102fcc3f2cf9e502b8ac90e3500d8fdf Author: Andy Lutomirski Date: Tue Feb 7 10:08:45 2017 -0800 nvme: Enable autonomous power state transitions NVMe devices can advertise multiple power states. These states can be either "operational" (the device is fully functional but possibly slow) or "non-operational" (the device is asleep until woken up). Some devices can automatically enter a non-operational state when idle for a specified amount of time and then automatically wake back up when needed. The hardware configuration is a table. For each state, an entry in the table indicates the next deeper non-operational state, if any, to autonomously transition to and the idle time required before transitioning. This patch teaches the driver to program APST so that each successive non-operational state will be entered after an idle time equal to 100% of the total latency (entry plus exit) associated with that state. The maximum acceptable latency is controlled using dev_pm_qos (e.g. power/pm_qos_latency_tolerance_us in sysfs); non-operational states with total latency greater than this value will not be used. As a special case, setting the latency tolerance to 0 will disable APST entirely. On hardware without APST support, the sysfs file will not be exposed. The latency tolerance for newly-probed devices is set by the module parameter nvme_core.default_ps_max_latency_us. In theory, the device can expose "default" APST table, but this doesn't seem to function correctly on my device (Samsung 950), nor does it seem particularly useful. There is also an optional mechanism by which a configuration can be "saved" so it will be automatically loaded on reset. This can be configured from userspace, but it doesn't seem useful to support in the driver. On my laptop, enabling APST seems to save nearly 1W. The hardware tables can be decoded in userspace with nvme-cli. 'nvme id-ctrl /dev/nvmeN' will show the power state table and 'nvme get-feature -f 0x0c -H /dev/nvme0' will show the current APST configuration. This feature is quirked off on a known-buggy Samsung device. Signed-off-by: Andy Lutomirski Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 154 +++++++++++++++++++++++++++++++++++++++++++++++ drivers/nvme/host/nvme.h | 11 ++++ include/linux/nvme.h | 6 ++ 3 files changed, 171 insertions(+) commit bd4da3abaabffdd2472fb7085fcadd5d1d8c2153 Author: Andy Lutomirski Date: Wed Feb 22 13:32:36 2017 -0700 nvme: Add a quirk mechanism that uses identify_ctrl Currently, all NVMe quirks are based on PCI IDs. Add a mechanism to define quirks based on identify_ctrl's vendor id, model number, and/or firmware revision. Reviewed-by: Christoph Hellwig Signed-off-by: Andy Lutomirski Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ drivers/nvme/host/nvme.h | 1 + 2 files changed, 65 insertions(+) commit e5a39dd8238e5d42c830bbd8d31211adf6fea6ca Author: Johannes Thumshirn Date: Fri Jan 27 09:03:45 2017 +0100 nvme: make nvmf_register_transport require a create_ctrl callback nvmf_create_ctrl() relys on the presence of a create_crtl callback in the registered nvmf_transport_ops, so make nvmf_register_transport require one. Update the available call-sites as well to reflect these changes. Signed-off-by: Johannes Thumshirn Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/fabrics.c | 7 ++++++- drivers/nvme/host/fabrics.h | 2 +- drivers/nvme/host/fc.c | 3 +-- drivers/nvme/host/rdma.c | 3 +-- drivers/nvme/target/loop.c | 3 +-- 5 files changed, 10 insertions(+), 8 deletions(-) commit 986994a27587efd8ce4c595cab89b570f7475359 Author: Parav Pandit Date: Thu Jan 26 17:17:28 2017 +0200 nvme: Use CNS as 8-bit field and avoid endianness conversion This patch defines CNS field as 8-bit field and avoids cpu_to/from_le conversions. Also initialize nvme_command cns value explicitly to NVME_ID_CNS_NS for readability (don't rely on the fact that NVME_ID_CNS_NS = 0). Reviewed-by: Max Gurtovoy Signed-off-by: Parav Pandit Reviewed-by: Keith Busch Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 5 +++-- drivers/nvme/target/admin-cmd.c | 2 +- drivers/nvme/target/discovery.c | 4 ++-- include/linux/nvme.h | 4 +++- 4 files changed, 9 insertions(+), 6 deletions(-) commit 778f067c185ce56d06aedb5fba5a0e98bb464f7b Author: Max Gurtovoy Date: Thu Jan 26 17:17:27 2017 +0200 nvme: add semicolon in nvme_command setting Reviewed-by: Parav Pandit Signed-off-by: Max Gurtovoy Reviewed-by: Keith Busch Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2dbf5816bb52ee3198882c1d198440e4bac62253 Author: Max Gurtovoy Date: Mon Jan 23 11:01:12 2017 +0200 nvmet: avoid dereferencing nvmet_req No need to dereference req twice to get the cmd when we already have it stored in a local variable. Signed-off-by: Max Gurtovoy Reviewed-by: Parav Pandit Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/target/fabrics-cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8432bdb2905713cb3ef5cbe4a72630fa575565ad Author: Sagi Grimberg Date: Mon Nov 28 01:47:40 2016 +0200 nvme: Make controller state visible via sysfs Easier for debugging and testing state machine transitions. Signed-off-by: Sagi Grimberg Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit 15fbad96fc5fb1c5a0502e6a10dea671f510de3d Author: Sagi Grimberg Date: Mon Nov 14 14:24:21 2016 +0200 nvmet: Make cntlid globally unique We usually log the cntlid which is confusing in case we have multiple subsystems each with it's own cntlid ida. Instead make cntlid ida globally unique and log the initial association. Signed-off-by: Sagi Grimberg Reviewed-by: Johannes Thumshirn Reviewed-by: Max Gurtovoy Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/target/core.c | 10 ++++------ drivers/nvme/target/fabrics-cmd.c | 4 ++-- drivers/nvme/target/nvmet.h | 1 - 3 files changed, 6 insertions(+), 9 deletions(-) commit f64935abbfcedf47a23ad0345f625b1903d965d2 Author: James Smart Date: Sat Dec 24 09:46:44 2016 -0800 nvmet_fc: cleanup of abort flag processing in fcp_op_done Cleanup of abort flag processing in fcp_op_done. References were unnecessary Signed-off-by: James Smart Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/target/fc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit b38b9054989f33d2e06f1979f90973030ddc17db Author: Colin Ian King Date: Tue Dec 27 16:04:09 2016 +0000 nvme: admin-cmd: fix spelling mistake: "Counld" -> "Could" trivial fix to spelling mistake in pr_err message Signed-off-by: Colin Ian King Signed-off-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/target/admin-cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b86dd815ff74ab9eda474d1c28428ac0db2c3032 Author: Jens Axboe Date: Wed Feb 22 13:19:45 2017 -0700 block: get rid of blk-mq default scheduler choice Kconfig entries The wording in the entries were poor and not understandable by even deities. Kill the selection for default block scheduler, and impose a policy with sane defaults. Architected-by: Linus Torvalds Reviewed-by: Omar Sandoval Signed-off-by: Jens Axboe block/Kconfig.iosched | 44 -------------------------------------------- block/blk-mq-sched.c | 9 --------- block/elevator.c | 19 +++++++++++++------ 3 files changed, 13 insertions(+), 59 deletions(-) commit 37c85961c3f87f2141c84e53df31e59db072fd2e Merge: caa5942 d8a4995 Author: Linus Torvalds Date: Wed Feb 22 12:17:25 2017 -0800 Merge tag 'tty-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial driver updates from Greg KH: "Here is the big tty/serial driver patchset for 4.11-rc1. Not much here, but a lot of little fixes and individual serial driver updates all over the subsystem. Majority are for the sh-sci driver and platform (the arch-specific changes have acks from the maintainer). The start of the "serial bus" code is here as well, but nothing is converted to use it yet. That work is still ongoing, hopefully will start to show up across different subsystems for 4.12 (bluetooth is one major place that will be used.) All of these have been in linux-next for a while with no reported issues" * tag 'tty-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (109 commits) tty: pl011: Work around QDF2400 E44 stuck BUSY bit atmel_serial: Use the fractional divider when possible tty: Remove extra include in HVC console tty framework serial: exar: Enable MSI support serial: exar: Move register defines from uapi header to consumer site serial: pci: Remove unused pci_boards entries serial: exar: Move Commtech adapters to 8250_exar as well serial: exar: Fix feature control register constants serial: exar: Fix initialization of EXAR registers for ports > 0 serial: exar: Fix mapping of port I/O resources serial: sh-sci: fix hardware RX trigger level setting tty/serial: atmel: ensure state is restored after suspending serial: 8250_dw: Avoid "too much work" from bogus rx timeout interrupt serdev: ttyport: check whether tty_init_dev() fails serial: 8250_pci: make pciserial_detach_ports() static ARM: dts: STiH410-b2260: Enable HW flow-control ARM: dts: STiH407-family: Use new Pinctrl groups ARM: dts: STiH407-pinctrl: Add Pinctrl group for HW flow-control ARM: dts: STiH410-b2260: Identify the UART RTS line dt-bindings: serial: Update 'uart-has-rtscts' description ... commit a5e14c9376871ee74fe93fdcb380c5d54eaa2d43 Author: Trond Myklebust Date: Fri Feb 17 19:50:18 2017 -0500 Revert "NFSv4.1: Handle NFS4ERR_BADSESSION/NFS4ERR_DEADSESSION replies to OP_SEQUENCE" This reverts commit 2cf10cdd486c362f983abdce00dc1127e8ab8c59. The patch has been seen to cause excessive looping. Reported-by: Olga Kornievskaia Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # 4.10+ Signed-off-by: Anna Schumaker fs/nfs/nfs4proc.c | 4 ---- 1 file changed, 4 deletions(-) commit caa59428971d5ad81d19512365c9ba580d83268c Merge: b206461 0a44127 Author: Linus Torvalds Date: Wed Feb 22 12:14:01 2017 -0800 Merge tag 'staging-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/iio driver updates from Greg KH: "Here is the big staging and iio driver patchsets for 4.11-rc1. We almost broke even this time around, with only a few thousand lines added overall, as we removed the old and obsolete i4l code, but added some new drivers for the RPi platform, as well as adding some new IIO drivers. All of these have been in linux-next for a while with no reported issues" * tag 'staging-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (669 commits) Staging: vc04_services: Fix the "space prohibited" code style errors Staging: vc04_services: Fix the "wrong indent" code style errors staging: octeon: Use net_device_stats from struct net_device Staging: rtl8192u: ieee80211: ieee80211.h - style fix Staging: rtl8192u: ieee80211: ieee80211_tx.c - style fix Staging: rtl8192u: ieee80211: rtl819x_BAProc.c - style fix Staging: rtl8192u: ieee80211: ieee80211_module.c - style fix Staging: rtl8192u: ieee80211: rtl819x_TSProc.c - style fix Staging: rtl8192u: r8192U.h - style fix Staging: rtl8192u: r8192U_core.c - style fix Staging: rtl8192u: r819xU_cmdpkt.c - style fix staging: rtl8192u: blank lines aren't necessary before a close brace '}' staging: rtl8192u: Adding space after enum and struct definition staging: rtl8192u: Adding space after struct definition Staging: ks7010: Add required and preferred spaces around operators Staging: ks7010: ks*: Remove redundant blank lines Staging: ks7010: ks*: Add missing blank lines after declarations staging: visorbus, replace init_timer with setup_timer staging: vt6656: rxtx.c Removed multiple dereferencing staging: vt6656: Alignment match open parenthesis ... commit b2064617c74f301dab1448f1f9c8dbb3c8021058 Merge: e30aee9 1762715 Author: Linus Torvalds Date: Wed Feb 22 11:44:32 2017 -0800 Merge tag 'driver-core-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core updates from Greg KH: "Here is the "small" driver core patches for 4.11-rc1. Not much here, some firmware documentation and self-test updates, a debugfs code formatting issue, and a new feature for call_usermodehelper to make it more robust on systems that want to lock it down in a more secure way. All of these have been linux-next for a while now with no reported issues" * tag 'driver-core-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: kernfs: handle null pointers while printing node name and path Introduce STATIC_USERMODEHELPER to mediate call_usermodehelper() Make static usermode helper binaries constant kmod: make usermodehelper path a const string firmware: revamp firmware documentation selftests: firmware: send expected errors to /dev/null selftests: firmware: only modprobe if driver is missing platform: Print the resource range if device failed to claim kref: prefer atomic_inc_not_zero to atomic_add_unless debugfs: improve formatting of debugfs_real_fops() commit e30aee9e10bb5168579e047f05c3d13d09e23356 Merge: 8ff546b 6cf18e6 Author: Linus Torvalds Date: Wed Feb 22 11:38:22 2017 -0800 Merge tag 'char-misc-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver updates from Greg KH: "Here is the big char/misc driver patchset for 4.11-rc1. Lots of different driver subsystems updated here: rework for the hyperv subsystem to handle new platforms better, mei and w1 and extcon driver updates, as well as a number of other "minor" driver updates. All of these have been in linux-next for a while with no reported issues" * tag 'char-misc-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (169 commits) goldfish: Sanitize the broken interrupt handler x86/platform/goldfish: Prevent unconditional loading vmbus: replace modulus operation with subtraction vmbus: constify parameters where possible vmbus: expose hv_begin/end_read vmbus: remove conditional locking of vmbus_write vmbus: add direct isr callback mode vmbus: change to per channel tasklet vmbus: put related per-cpu variable together vmbus: callback is in softirq not workqueue binder: Add support for file-descriptor arrays binder: Add support for scatter-gather binder: Add extra size to allocator binder: Refactor binder_transact() binder: Support multiple /dev instances binder: Deal with contexts in debugfs binder: Support multiple context managers binder: Split flat_binder_object auxdisplay: ht16k33: remove private workqueue auxdisplay: ht16k33: rework input device initialization ... commit 4deaa6fd00be2bf408dd06cdf0c40a1b59237879 Author: Arnd Bergmann Date: Wed Feb 22 11:21:22 2017 -0800 usercopy: ARM NOMMU has no 64-bit get_user On a NOMMU ARM kernel, we get this link error: ERROR: "__get_user_bad" [lib/test_user_copy.ko] undefined! The problem is that the extended get_user/put_user definitions were only added for the normal (MMU based) case. We could add it for NOMMU as well, but it seems easier to just not call it, since no other code needs it. Fixes: 4c5d7bc63775 ("usercopy: Add tests for all get_user() sizes") Signed-off-by: Arnd Bergmann Signed-off-by: Kees Cook lib/test_user_copy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8ff546b801e5cca0337c0f0a7234795d0a6309a1 Merge: ca78d31 0df8a3d Author: Linus Torvalds Date: Wed Feb 22 11:15:59 2017 -0800 Merge tag 'usb-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB/PHY updates from Greg KH: "Here is the big USB and PHY driver updates for 4.11-rc1. Nothing major, just the normal amount of churn in the usb gadget and dwc and xhci controllers, new device ids, new phy drivers, a new usb-serial driver, and a few other minor changes in different USB drivers. All have been in linux-next for a long time with no reported issues" * tag 'usb-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (265 commits) usb: cdc-wdm: remove logically dead code USB: serial: keyspan: drop header file USB: serial: io_edgeport: drop io-tables header file usb: musb: add code comment for clarification usb: misc: add USB251xB/xBi Hi-Speed Hub Controller Driver usb: misc: usbtest: remove redundant check on retval < 0 USB: serial: upd78f0730: sort device ids USB: serial: upd78f0730: add ID for EVAL-ADXL362Z ohci-hub: fix typo in dbg_port macro usb: musb: dsps: Manage CPPI 4.1 DMA interrupt in DSPS usb: musb: tusb6010: Clean up tusb_omap_dma structure usb: musb: cppi_dma: Clean up cppi41_dma_controller structure usb: musb: cppi_dma: Clean up cppi structure usb: musb: cppi41: Detect aborted transfers in cppi41_dma_callback() usb: musb: dma: Add a DMA completion platform callback drivers: usb: usbip: Add missing break statement to switch usb: mtu3: remove redundant dev_err call in get_ssusb_rscs() USB: serial: mos7840: fix another NULL-deref at open USB: serial: console: clean up sanity checks USB: serial: console: fix uninitialised spinlock ... commit 9a87ad3da905239413477ac0698734afc5cc30bd Author: Miklos Szeredi Date: Wed Feb 22 20:08:25 2017 +0100 fuse: release: private_data cannot be NULL Signed-off-by: Miklos Szeredi fs/fuse/file.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit 267d84449f52349ee252db684ed95ede18e51744 Author: Miklos Szeredi Date: Wed Feb 22 20:08:25 2017 +0100 fuse: cleanup fuse_file refcounting struct fuse_file is stored in file->private_data. Make this always be a counting reference for consistency. This also allows fuse_sync_release() to call fuse_file_put() instead of partially duplicating its functionality. Signed-off-by: Miklos Szeredi fs/fuse/dir.c | 2 +- fs/fuse/file.c | 18 +++++++++--------- fs/fuse/fuse_i.h | 1 - 3 files changed, 10 insertions(+), 11 deletions(-) commit 2e38bea99a80eab408adee27f873a188d57b76cb Author: Miklos Szeredi Date: Wed Feb 22 20:08:25 2017 +0100 fuse: add missing FR_FORCE fuse_file_put() was missing the "force" flag for the RELEASE request when sending synchronously (fuseblk). If this flag is not set, then a sync request may be interrupted before it is dequeued by the userspace filesystem. In this case the OPEN won't be balanced with a RELEASE. Signed-off-by: Miklos Szeredi Fixes: 5a18ec176c93 ("fuse: fix hang of single threaded fuseblk filesystem") Cc: # v2.6.38+ fs/fuse/file.c | 1 + 1 file changed, 1 insertion(+) commit eed64951f15d63beac75e0f848ac03c14f8a4a6c Author: Jon Derrick Date: Wed Feb 22 07:55:13 2017 -0700 block/sed: Embed function data into the function sequence By embedding the function data with the function sequence, we can eliminate the external function data and state variable code. It also made obvious some other small cleanups. Signed-off-by: Jon Derrick Reviewed-by: Scott Bauer Signed-off-by: Jens Axboe block/sed-opal.c | 418 ++++++++++++++++++++++--------------------------------- 1 file changed, 163 insertions(+), 255 deletions(-) commit 48efbfbf6353af15d97ef37216146e550403c773 Author: Tobin C. Harding Date: Wed Feb 22 17:12:38 2017 +1100 cciss: Remove kmalloc cast Coccinelle emits a warning about casting the return value of kmalloc(). Coccinelle suggests removing the cast as do kerneljanitors. Remove cast from kmalloc() call. Signed-off-by: Tobin C. Harding Acked-by: Don Brace Signed-off-by: Jens Axboe drivers/block/cciss_scsi.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 19a5e10c3b53772cfe47a23963ebcb941d81e695 Author: Tobin C. Harding Date: Wed Feb 22 17:12:37 2017 +1100 cciss: Fix checkpatch OPEN_BRACE Checkpatch emits ERROR:OPEN_BRACE: that open brace { should be on the previous line. Move open brace to new line. Also add space after if/switch statement since we introduce more checkpatch errors if not fixed at the same time. Signed-off-by: Tobin C. Harding Acked-by: Don Brace Signed-off-by: Jens Axboe drivers/block/cciss_scsi.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) commit f0889638456b2da341f35f3c841adfe4bdb88e5c Author: Tobin C. Harding Date: Wed Feb 22 17:12:36 2017 +1100 cciss: Fix checkpatch TRAILING_WHITESPACE Checkpatch emits 85 trailing whitespace warnings. Remove trailing whitespace. Signed-off-by: Tobin C. Harding Acked-by: Don Brace Signed-off-by: Jens Axboe drivers/block/cciss_scsi.c | 170 ++++++++++++++++++++++----------------------- 1 file changed, 85 insertions(+), 85 deletions(-) commit 77039b96316d119cea23f48b617103d50e78b840 Author: Jon Derrick Date: Tue Feb 21 11:59:15 2017 -0700 block/sed: Check received header lengths Add a buffer size check against discovery and response header lengths before we loop over their buffers. Signed-off-by: Jon Derrick Reviewed-by: Scott Bauer Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe block/sed-opal.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) commit cccb92417d447172c4653876f6cd4b04c29d7905 Author: Jon Derrick Date: Tue Feb 21 11:59:14 2017 -0700 block/sed: Add helper to qualify response tokens Add helper which verifies the response token is valid and matches the expected value. Merges token_type and response_get_token. Signed-off-by: Jon Derrick Reviewed-by: Scott Bauer Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe block/sed-opal.c | 61 +++++++++++++++++++++++--------------------------------- 1 file changed, 25 insertions(+), 36 deletions(-) commit aedb6e2411baf242fd0faf95bd3ff0dc62ee1fa5 Author: Jon Derrick Date: Tue Feb 21 11:59:13 2017 -0700 block/sed: Use ssize_t on atom parsers to return errors The short atom parser can return an errno from decoding but does not currently return the error as a signed value. Convert all of the parsers to ssize_t. Signed-off-by: Jon Derrick Reviewed-by: Scott Bauer Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe block/sed-opal.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 9d8cacbf5636657d2cd0dda17438a56d806d3224 Author: Trond Myklebust Date: Fri Feb 17 18:42:32 2017 -0500 NFSv4: Fix reboot recovery in copy offload Copy offload code needs to be hooked into the code for handling NFS4ERR_BAD_STATEID by ensuring that we set the "stateid" field in struct nfs4_exception. Reported-by: Olga Kornievskaia Fixes: 2e72448b07dc3 ("NFS: Add COPY nfs operation") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.7+ Signed-off-by: Anna Schumaker fs/nfs/nfs42proc.c | 63 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 37 insertions(+), 26 deletions(-) commit ca78d3173cff3503bcd15723b049757f75762d15 Merge: a4ee7ba ffe7afd Author: Linus Torvalds Date: Wed Feb 22 10:46:44 2017 -0800 Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 updates from Will Deacon: - Errata workarounds for Qualcomm's Falkor CPU - Qualcomm L2 Cache PMU driver - Qualcomm SMCCC firmware quirk - Support for DEBUG_VIRTUAL - CPU feature detection for userspace via MRS emulation - Preliminary work for the Statistical Profiling Extension - Misc cleanups and non-critical fixes * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (74 commits) arm64/kprobes: consistently handle MRS/MSR with XZR arm64: cpufeature: correctly handle MRS to XZR arm64: traps: correctly handle MRS/MSR with XZR arm64: ptrace: add XZR-safe regs accessors arm64: include asm/assembler.h in entry-ftrace.S arm64: fix warning about swapper_pg_dir overflow arm64: Work around Falkor erratum 1003 arm64: head.S: Enable EL1 (host) access to SPE when entered at EL2 arm64: arch_timer: document Hisilicon erratum 161010101 arm64: use is_vmalloc_addr arm64: use linux/sizes.h for constants arm64: uaccess: consistently check object sizes perf: add qcom l2 cache perf events driver arm64: remove wrong CONFIG_PROC_SYSCTL ifdef ARM: smccc: Update HVC comment to describe new quirk parameter arm64: do not trace atomic operations ACPI/IORT: Fix the error return code in iort_add_smmu_platform_device() ACPI/IORT: Fix iort_node_get_id() mapping entries indexing arm64: mm: enable CONFIG_HOLES_IN_ZONE for NUMA perf: xgene: Include module.h ... commit d9d84780f17cd9e25ddde10eb40357b96b7d6874 Author: Changbin Du Date: Mon Feb 6 15:03:37 2017 +0800 vfio: fix a typo in comment of function vfio_pin_pages Correct the description that 'unpinned' -> 'pinned'. Signed-off-by: Changbin Du Signed-off-by: Alex Williamson drivers/vfio/vfio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a4ee7bacd6c08479d56738456c07e4f32fc8e523 Merge: 38705613 8ba605b Author: Linus Torvalds Date: Wed Feb 22 10:33:53 2017 -0800 Merge tag 'arc-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC updates from Vineet Gupta: - Intc imporvements [Yuriy] - VDK platform updates [Alexey] * tag 'arc-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: [plat-*] ARC_HAS_COH_CACHES no longer relevant ARCv2: intc: Delete useless comments in Device Trees ARCv2: IDU-intc: Delete deprecated parameters in Device Trees ARCv2: IDU-intc: mask all common interrupts by default ARCv2: IDU-intc: Use build registers for getting numbers of interrupts ARCv2: intc: Set default priority for all core interrupts ARCv2: intc: Use runtime value of irq count for setting up intc ARCv2: intc: Rework the build time irq count information ARC: [intc-*]: confine NR_CPU_IRQS to intc code ARCv2: intc: Use ARC_REG_STATUS32 for addressing STATUS32 reg arc: vdk: Add support of UIO arc: vdk: Add support of MMC controller arc: vdk: Disable halt on reset commit 38705613b74ab090eee55c327cd0cb77fb10eb26 Merge: ff47d8c 438e69b Author: Linus Torvalds Date: Wed Feb 22 10:30:38 2017 -0800 Merge tag 'powerpc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc updates from Michael Ellerman: "Highlights include: - Support for direct mapped LPC on POWER9, giving Linux direct access to devices that may be on there such as a UART. - Memory hotplug support for the Power9 Radix MMU. - Add new AUX vectors describing the processor's cache geometry, to be used by glibc. - The ability for a guest to ask the hypervisor to resize the guest's hash table, and in addition support for doing so automatically when memory is hotplugged into/out-of the guest. This allows the hash table to be sized based on the current memory usage of the guest, rather than the maximum possible memory usage. - Implementation of optprobes (kprobe optimisation) for powerpc. In addition there's the topic branch shared with the KVM tree, which includes support for guests to use the Radix MMU on Power9. Thanks to: Alistair Popple, Andrew Donnellan, Aneesh Kumar K.V, Anju T, Anton Blanchard, Benjamin Herrenschmidt, Chris Packham, Daniel Axtens, Daniel Borkmann, David Gibson, Finn Thain, Gautham R. Shenoy, Gavin Shan, Greg Kurz, Joel Stanley, John Allen, Madhavan Srinivasan, Mahesh Salgaonkar, Markus Elfring, Michael Neuling, Nathan Fontenot, Naveen N. Rao, Nicholas Piggin, Paul Mackerras, Ravi Bangoria, Reza Arbab, Shailendra Singh, Vaibhav Jain, Wei Yongjun" * tag 'powerpc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (129 commits) powerpc/mm/radix: Skip ptesync in pte update helpers powerpc/mm/radix: Use ptep_get_and_clear_full when clearing pte for full mm powerpc/mm/radix: Update pte update sequence for pte clear case powerpc/mm: Update PROTFAULT handling in the page fault path powerpc/xmon: Fix data-breakpoint powerpc/mm: Fix build break with BOOK3S_64=n and MEMORY_HOTPLUG=y powerpc/mm: Fix build break when CMA=n && SPAPR_TCE_IOMMU=y powerpc/mm: Fix build break with RADIX=y & HUGETLBFS=n powerpc/pseries: Fix typo in parameter description powerpc/kprobes: Remove kprobe_exceptions_notify() kprobes: Introduce weak variant of kprobe_exceptions_notify() powerpc/ftrace: Fix confusing help text for DISABLE_MPROFILE_KERNEL powerpc/powernv: Fix opal_exit tracepoint opcode powerpc: Add a prototype for mcount() so it can be versioned powerpc: Drop GPL from of_node_to_nid() export to match other arches powerpc/kprobes: Optimize kprobe in kretprobe_trampoline() powerpc/kprobes: Implement Optprobes powerpc/kprobes: Fixes for kprobe_lookup_name() on BE powerpc: Add helper to check if offset is within relative branch range powerpc/bpf: Introduce __PPC_SH64() ... commit ff47d8c05019d6e7753cef270d6399cb5a33be57 Merge: 3051bf3 d24b98e Author: Linus Torvalds Date: Wed Feb 22 10:20:04 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 updates from Martin Schwidefsky: - New entropy generation for the pseudo random number generator. - Early boot printk output via sclp to help debug crashes on boot. This needs to be enabled with a kernel parameter. - Add proper no-execute support with a bit in the page table entry. - Bug fixes and cleanups. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (65 commits) s390/syscall: fix single stepped system calls s390/zcrypt: make ap_bus explicitly non-modular s390/zcrypt: Removed unneeded debug feature directory creation. s390: add missing "do {} while (0)" loop constructs to multiline macros s390/mm: add cond_resched call to kernel page table dumper s390: get rid of MACHINE_HAS_PFMF and MACHINE_HAS_HPAGE s390/mm: make memory_block_size_bytes available for !MEMORY_HOTPLUG s390: replace ACCESS_ONCE with READ_ONCE s390: Audit and remove any remaining unnecessary uses of module.h s390: mm: Audit and remove any unnecessary uses of module.h s390: kernel: Audit and remove any unnecessary uses of module.h s390/kdump: Use "LINUX" ELF note name instead of "CORE" s390: add no-execute support s390: report new vector facilities s390: use correct input data address for setup_randomness s390/sclp: get rid of common response code handling s390/sclp: don't add new lines to each printed string s390/sclp: make early sclp code readable s390/sclp: disable early sclp code as soon as the base sclp driver is active s390/sclp: move early printk code to drivers ... commit 3051bf36c25d5153051704291782f8d44e744d36 Merge: 1e74a2e 005c349 Author: Linus Torvalds Date: Wed Feb 22 10:15:09 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next Pull networking updates from David Miller: "Highlights: 1) Support TX_RING in AF_PACKET TPACKET_V3 mode, from Sowmini Varadhan. 2) Simplify classifier state on sk_buff in order to shrink it a bit. From Willem de Bruijn. 3) Introduce SIPHASH and it's usage for secure sequence numbers and syncookies. From Jason A. Donenfeld. 4) Reduce CPU usage for ICMP replies we are going to limit or suppress, from Jesper Dangaard Brouer. 5) Introduce Shared Memory Communications socket layer, from Ursula Braun. 6) Add RACK loss detection and allow it to actually trigger fast recovery instead of just assisting after other algorithms have triggered it. From Yuchung Cheng. 7) Add xmit_more and BQL support to mvneta driver, from Simon Guinot. 8) skb_cow_data avoidance in esp4 and esp6, from Steffen Klassert. 9) Export MPLS packet stats via netlink, from Robert Shearman. 10) Significantly improve inet port bind conflict handling, especially when an application is restarted and changes it's setting of reuseport. From Josef Bacik. 11) Implement TX batching in vhost_net, from Jason Wang. 12) Extend the dummy device so that VF (virtual function) features, such as configuration, can be more easily tested. From Phil Sutter. 13) Avoid two atomic ops per page on x86 in bnx2x driver, from Eric Dumazet. 14) Add new bpf MAP, implementing a longest prefix match trie. From Daniel Mack. 15) Packet sample offloading support in mlxsw driver, from Yotam Gigi. 16) Add new aquantia driver, from David VomLehn. 17) Add bpf tracepoints, from Daniel Borkmann. 18) Add support for port mirroring to b53 and bcm_sf2 drivers, from Florian Fainelli. 19) Remove custom busy polling in many drivers, it is done in the core networking since 4.5 times. From Eric Dumazet. 20) Support XDP adjust_head in virtio_net, from John Fastabend. 21) Fix several major holes in neighbour entry confirmation, from Julian Anastasov. 22) Add XDP support to bnxt_en driver, from Michael Chan. 23) VXLAN offloads for enic driver, from Govindarajulu Varadarajan. 24) Add IPVTAP driver (IP-VLAN based tap driver) from Sainath Grandhi. 25) Support GRO in IPSEC protocols, from Steffen Klassert" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1764 commits) Revert "ath10k: Search SMBIOS for OEM board file extension" net: socket: fix recvmmsg not returning error from sock_error bnxt_en: use eth_hw_addr_random() bpf: fix unlocking of jited image when module ronx not set arch: add ARCH_HAS_SET_MEMORY config net: napi_watchdog() can use napi_schedule_irqoff() tcp: Revert "tcp: tcp_probe: use spin_lock_bh()" net/hsr: use eth_hw_addr_random() net: mvpp2: enable building on 64-bit platforms net: mvpp2: switch to build_skb() in the RX path net: mvpp2: simplify MVPP2_PRS_RI_* definitions net: mvpp2: fix indentation of MVPP2_EXT_GLOBAL_CTRL_DEFAULT net: mvpp2: remove unused register definitions net: mvpp2: simplify mvpp2_bm_bufs_add() net: mvpp2: drop useless fields in mvpp2_bm_pool and related code net: mvpp2: remove unused 'tx_skb' field of 'struct mvpp2_tx_queue' net: mvpp2: release reference to txq_cpu[] entry after unmapping net: mvpp2: handle too large value in mvpp2_rx_time_coal_set() net: mvpp2: handle too large value handling in mvpp2_rx_pkts_coal_set() net: mvpp2: remove useless arguments in mvpp2_rx_{pkts, time}_coal_set ... commit 1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3 Merge: 7bb0338 c054ee3 Author: Linus Torvalds Date: Wed Feb 22 09:05:47 2017 -0800 Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull gcc-plugins updates from Kees Cook: "This includes infrastructure updates and the structleak plugin, which performs forced initialization of certain structures to avoid possible information exposures to userspace. Summary: - infrastructure updates (gcc-common.h) - introduce structleak plugin for forced initialization of some structures" * tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: Add structleak for more stack initialization gcc-plugins: consolidate on PASS_INFO macro gcc-plugins: add PASS_INFO and build_const_char_string() commit df3ab232e462bce20710596d697ade6b72497694 Author: Trond Myklebust Date: Fri Feb 17 19:49:09 2017 -0500 pNFS/flexfiles: If the layout is invalid, it must be updated before retrying If we see that our pNFS READ/WRITE/COMMIT operation failed, but we also see that our layout segment is no longer valid, then we need to get a new layout segment before retrying. Fixes: 90816d1ddacf ("NFSv4.1/flexfiles: Don't mark the entire deviceid...") Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Trond Myklebust Signed-off-by: Anna Schumaker fs/nfs/flexfilelayout/flexfilelayout.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit c74fd80f2f41d05f350bb478151021f88551afe8 Author: Dan Streetman Date: Fri Jan 13 15:07:51 2017 -0500 xen: do not re-use pirq number cached in pci device msi msg data Revert the main part of commit: af42b8d12f8a ("xen: fix MSI setup and teardown for PV on HVM guests") That commit introduced reading the pci device's msi message data to see if a pirq was previously configured for the device's msi/msix, and re-use that pirq. At the time, that was the correct behavior. However, a later change to Qemu caused it to call into the Xen hypervisor to unmap all pirqs for a pci device, when the pci device disables its MSI/MSIX vectors; specifically the Qemu commit: c976437c7dba9c7444fb41df45468968aaa326ad ("qemu-xen: free all the pirqs for msi/msix when driver unload") Once Qemu added this pirq unmapping, it was no longer correct for the kernel to re-use the pirq number cached in the pci device msi message data. All Qemu releases since 2.1.0 contain the patch that unmaps the pirqs when the pci device disables its MSI/MSIX vectors. This bug is causing failures to initialize multiple NVMe controllers under Xen, because the NVMe driver sets up a single MSIX vector for each controller (concurrently), and then after using that to talk to the controller for some configuration data, it disables the single MSIX vector and re-configures all the MSIX vectors it needs. So the MSIX setup code tries to re-use the cached pirq from the first vector for each controller, but the hypervisor has already given away that pirq to another controller, and its initialization fails. This is discussed in more detail at: https://lists.xen.org/archives/html/xen-devel/2017-01/msg00447.html Fixes: af42b8d12f8a ("xen: fix MSI setup and teardown for PV on HVM guests") Signed-off-by: Dan Streetman Reviewed-by: Stefano Stabellini Acked-by: Konrad Rzeszutek Wilk Signed-off-by: Boris Ostrovsky arch/x86/pci/xen.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) commit 7086b7b3d101e0e6fca2bf7ca2f14483fc881837 Author: Takashi Iwai Date: Wed Feb 22 08:37:41 2017 +0100 ALSA: usb-audio: Tidy up mixer_us16x08.c A few more cleanups and improvements that have been overlooked: - Use ARRAY_SIZE() macro appropriately - Code shuffling for minor optimization - Omit superfluous variable initializations - Get rid of superfluous NULL checks - Add const to snd_us16x08_control_params definitions No functional changes. Reviewed-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/usb/mixer_us16x08.c | 132 ++++++++++++++++++---------------------------- 1 file changed, 50 insertions(+), 82 deletions(-) commit e2810d76c5f3b0152fa0f7c40170e123b33e058c Author: Takashi Iwai Date: Wed Feb 22 08:00:25 2017 +0100 ALSA: usb-audio: Fix memory leak and corruption in mixer_us16x08.c There are a few places leaking memory and doing double-free in mixer_us16x08.c. The driver allocates a usb_mixer_elem_info object at each add_new_ctl() call. This has to be freed via kctl->private_free, but currently this is done properly only for some controls. Also, the driver allocates three external objects (comp_store, eq_store, meter_store), and these are referred in elem->private_data (it's not kctl->private_data). And these have to be released, but there are none doing it. Moreover, these extra objects have to be released only once. Thus the release should be done only by the first kctl element that refers to it. For fixing these, we call either snd_usb_mixer_elem_free() (only for kctl->private_data) or elem_private_free() (for both kctl->private_data and elem->private_data) via kctl->private_free appropriately. Last but not least, snd_us16x08_controls_create() may return in the middle without releasing the allocated *_store objects due to an error. For fixing this, we shuffle the allocation code so that it's called just before its reference. Fixes: d2bb390a2081 ("ALSA: usb-audio: Tascam US-16x08 DSP mixer quirk") Reported-by: Takashi Sakamoto Reviewed-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/usb/mixer_us16x08.c | 92 ++++++++++++++++++++--------------------------- sound/usb/mixer_us16x08.h | 1 - 2 files changed, 39 insertions(+), 54 deletions(-) commit c37a01779b3954d9c8f9ac4f663a03c11f69fded Author: Andy Shevchenko Date: Wed Feb 15 16:42:21 2017 +0200 iommu/vt-d: Fix crash on boot when DMAR is disabled By default CONFIG_INTEL_IOMMU_DEFAULT_ON is not set and thus dmar_disabled variable is set. Intel IOMMU driver based on above doesn't set intel_iommu_enabled variable. The commit b0119e870837 ("iommu: Introduce new 'struct iommu_device'") mistakenly assumes it never happens and tries to unregister not ever registered resources, which crashes the kernel at boot time: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: iommu_device_unregister+0x31/0x60 Make unregister procedure conditional in free_iommu(). Fixes: b0119e870837 ("iommu: Introduce new 'struct iommu_device'") Cc: Joerg Roedel Signed-off-by: Andy Shevchenko Signed-off-by: Joerg Roedel drivers/iommu/dmar.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 01625cc5e65f420dbea57f7de6b9552a0f807a84 Author: Bjorn Andersson Date: Wed Feb 15 14:00:41 2017 -0800 remoteproc: qcom: mdt_loader: Use signed type for offset In the transition from using rproc_da_to_va(), the type of the load offset became unsigned. This causes the subsequent check to let negative values less than p_memsz + mem_size through and we write outside of the buffer. Change the type back to a signed value to catch this. Fixes: 7f0dd07a9b29 ("remoteproc: qcom: mdt_loader: Refactor MDT loader") Fixes: e7fd25226295 ("remoteproc: qcom: q6v5: Decouple driver from MDT loader") Reported-by: Dan Carpenter Reported-by: Stanimir Varbanov Acked-by: Andy Gross Signed-off-by: Bjorn Andersson drivers/remoteproc/qcom_q6v5_pil.c | 2 +- drivers/soc/qcom/mdt_loader.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 6fefe19f583625ca4ea3ecc9128baa51c31c60a4 Merge: d9cc34a ee73bcd da8c1c4 2f96c03 Author: Zhang Rui Date: Wed Feb 22 15:35:06 2017 +0800 Merge branches 'thermal-core', 'thermal-soc', 'thermal-intel' and 'ida-conversion' into next commit ee73bcdb0b1aab35654912d10f07da0176848a87 Author: Hongtao Jia Date: Wed Jan 4 16:57:51 2017 +0800 powerpc/mpc85xx: Update TMU device tree node for T1023/T1024 Update #thermal-sensor-cells from 0 to 1 according to the new binding. The sensor specifier added is the monitoring site ID, and represents the "n" in TRITSRn and TRATSRn. Signed-off-by: Jia Hongtao Acked-by: Scott Wood Signed-off-by: Zhang Rui arch/powerpc/boot/dts/fsl/t1023si-post.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 734211cb621fb2861d7adcd7d2c06be8c6ef8993 Author: Hongtao Jia Date: Wed Jan 4 16:57:50 2017 +0800 powerpc/mpc85xx: Update TMU device tree node for T1040/T1042 Update #thermal-sensor-cells from 0 to 1 according to the new binding. The sensor specifier added is the monitoring site ID, and represents the "n" in TRITSRn and TRATSRn. Signed-off-by: Jia Hongtao Acked-by: Scott Wood Signed-off-by: Zhang Rui arch/powerpc/boot/dts/fsl/t1040si-post.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0d4b7bf1202466aa51c6199a38b4fda06efa51c8 Author: Jia Hongtao Date: Wed Jan 4 16:57:49 2017 +0800 dt-bindings: Update QorIQ TMU thermal bindings For different types of SoC the sensor id and endianness may vary. "#thermal-sensor-cells" is used to provide sensor id information. "little-endian" property is to tell the endianness of TMU. Signed-off-by: Jia Hongtao Acked-by: Rob Herring Acked-by: Scott Wood Signed-off-by: Zhang Rui Documentation/devicetree/bindings/thermal/qoriq-thermal.txt | 7 +++++++ 1 file changed, 7 insertions(+) commit 89b593c30e83ee19b7e7c6c7d6092669bebf343e Author: Takashi Sakamoto Date: Wed Feb 22 07:54:47 2017 +0900 ALSA: usb-audio: purge needless variable length array Variable length array is used in 'snd_us16x08_meter_get()', while there is no need. It's better to purge it because variable length array has overhead for stack handling. This commit replaces the array with static length. Sparse generated below warning. sound/usb/mixer_us16x08.c:714:18: warning: Variable length array is used. Fixes: d2bb390a2081 ("ALSA: usb-audio: Tascam US-16x08 DSP mixer quirk") Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/usb/mixer_us16x08.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit c054ee3bbf69ebcabb1f3218b7faf4b1b37a8eb6 Merge: e7e04c0 c61f13e Author: Kees Cook Date: Tue Feb 21 21:12:57 2017 -0800 Merge branch 'for-next/gcc-plugin/structleak' into for-linus/gcc-plugins commit e7e04c0c8c7ea931d966e5bd349a0b1c836b1ebf Merge: a121103 5a45a4c Author: Kees Cook Date: Tue Feb 21 21:12:38 2017 -0800 Merge branch 'for-next/gcc-plugin-infrastructure' into for-linus/gcc-plugins commit 7bb033829ef3ecfc491c0ed0197966e8f197fbdc Merge: 4a0853b 0f5bf6d Author: Linus Torvalds Date: Tue Feb 21 17:56:45 2017 -0800 Merge tag 'rodata-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull rodata updates from Kees Cook: "This renames the (now inaccurate) DEBUG_RODATA and related SET_MODULE_RONX configs to the more sensible STRICT_KERNEL_RWX and STRICT_MODULE_RWX" * tag 'rodata-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common commit 4a0853bf88c8f56e1c01eda02e6625aed09d55d9 Merge: 6d1dd93 4c5d7bc Author: Linus Torvalds Date: Tue Feb 21 17:53:23 2017 -0800 Merge tag 'usercopy-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull usercopy test updates from Kees Cook: "This improves the usercopy tests: - check zeroing on failed copy_from_user()/get_user() (caught bug on ARM) - adjust tests for SMAP/PAN (can't zero userspace memory on failure)" * tag 'usercopy-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: usercopy: Add tests for all get_user() sizes usercopy: Adjust tests to deal with SMAP/PAN usercopy: add testcases to check zeroing on failure commit 6d1dd93ea0d0f0fb61b5450a2668896028ce3f75 Merge: 81bbef2 fc1b326 Author: Linus Torvalds Date: Tue Feb 21 17:51:37 2017 -0800 Merge tag 'pstore-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull pstore updates from Kees Cook: "Minor changes to pstore tree: - update MAINTAINERS with current git repo, add more files. - move prz allocation checks into the walker - initialize flags correctly (by accident spinlock was technically ok)" * tag 'pstore-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: MAINTAINERS: Adjust pstore git repo URI, add files pstore: Check for prz allocation in walker pstore: Correctly initialize spinlock and flags commit 81bbef23db51c0b450d90607fbbc2ad80ee0d43f Merge: 79f4d1d 2fa299a Author: Linus Torvalds Date: Tue Feb 21 17:28:25 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fix from Jiri Kosina: "Regression fix for HID_RMI-driven synaptics touchpads in !CONFIG_HID_RMI cases" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: rmi: fallback to generic/multitouch if hid-rmi is not built commit 79f4d1d5c0d7d115b5a693a5bb369e69efb7e7a5 Merge: 97a229f 73b2951 Author: Linus Torvalds Date: Tue Feb 21 17:21:32 2017 -0800 Merge branch 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata updates from Tejun Heo: - Bartlomiej added pata_falcon - Christoph is trying to remove use of static 4k buf. It's still WIP - config cleanup around HAS_DMA - other fixes and driver-specific changes * 'for-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: (29 commits) ata: pata_of_platform: using of_property_read_u32() helper pata_atiixp: Don't use unconnected secondary port on SB600/SB700 libata-sff: Don't scan disabled ports when checking for legacy mode. pata_octeon_cf: remove unused local variables from octeon_cf_set_piomode() ahci: qoriq: added ls2088a platforms support ahci: qoriq: report error when ecc register address is missing in dts ahci: qoriq: added a condition to enable dma coherence Revert "libata: switch to dynamic allocation instead of ata_scsi_rbuf" ahci: imx: fix building without hwmon or thermal ata: add Atari Falcon PATA controller driver ata: pass queued command to ->sff_data_xfer method ata: allow subsystem to be used on m68k arch libata: switch to dynamic allocation instead of ata_scsi_rbuf libata: don't call ata_scsi_rbuf_fill for command without a response buffer libata: call ->scsi_done from ata_scsi_simulate libata: remove the done callback from ata_scsi_args libata: move struct ata_scsi_args to libata-scsi.c libata: avoid global response buffer in atapi_qc_complete libata-eh: Use switch() instead of sparse array for protocol strings ata: sata_mv: Convert to devm_ioremap_resource() ... commit 97a229f90731894f46b85c20bcc1842f4a63cb78 Merge: ff58d00 1ad6511 Author: Linus Torvalds Date: Tue Feb 21 17:06:22 2017 -0800 Merge tag 'dmaengine-4.11-rc1' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine updates from Vinod Koul: "This time we fairly boring and bit small update. - Support for Intel iDMA 32-bit hardware - deprecate broken support for channel switching in async_tx - bunch of updates on stm32-dma - Cyclic support for zx dma and making in generic zx dma driver - Small updates to bunch of other drivers" * tag 'dmaengine-4.11-rc1' of git://git.infradead.org/users/vkoul/slave-dma: (29 commits) async_tx: deprecate broken support for channel switching dmaengine: rcar-dmac: Widen DMA mask to 40 bits dmaengine: sun6i: allow build on ARM64 platforms (sun50i) dmaengine: Provide a wrapper for memcpy operations dmaengine: zx: fix build warning dmaengine: dw: we do support Merrifield SoC in PCI mode dmaengine: dw: add support of iDMA 32-bit hardware dmaengine: dw: introduce register mappings for iDMA 32-bit dmaengine: dw: introduce block2bytes() and bytes2block() dmaengine: dw: extract dwc_chan_pause() for future use dmaengine: dw: replace convert_burst() with one liner dmaengine: dw: register IRQ and DMA pool with instance ID dmaengine: dw: Fix data corruption in large device to memory transfers dmaengine: ste_dma40: indicate granularity on channels dmaengine: ste_dma40: indicate directions on channels dmaengine: stm32-dma: Add error messages if xlate fails dmaengine: dw: pci: remove LPE Audio DMA ID dmaengine: stm32-dma: Add max_burst support dmaengine: stm32-dma: Add synchronization support dmaengine: stm32-dma: Fix residue computation issue in cyclic mode ... commit ff58d005cd10fcd372787cceac547e11cf706ff6 Merge: 5ab3566 9eeb0ed Author: Linus Torvalds Date: Tue Feb 21 16:58:32 2017 -0800 Merge tag 'media/v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media updates from Mauro Carvalho Chehab: - new drivers: - i.MX6 Video Data Order Adapter's (VDOA) - Toshiba et8ek8 5MP sensor - STM DELTA multi-format video decoder V4L2 driver - SPI connected IR LED - Mediatek IR remote receiver - ZyDAS ZD1301 DVB USB interface driver - new RC keymaps - some very old LIRC drivers got removed from staging - RC core gained support encoding IR scan codes - DVB si2168 gained support for DVBv5 statistics - lirc_sir driver ported to rc-core and promoted from staging - other bug fixes, board additions and driver improvements * tag 'media/v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (230 commits) [media] mtk-vcodec: fix build warnings without DEBUG [media] zd1301: fix building interface driver without demodulator [media] usbtv: add sharpness control [media] cxusb: Use a dma capable buffer also for reading [media] ttpci: address stringop overflow warning [media] dvb-usb-v2: avoid use-after-free [media] add Hama Hybrid DVB-T Stick support [media] et8ek8: Fix compiler / Coccinelle warnings [media] media: fix semicolon.cocci warnings [media] media: exynos4-is: add flags to dummy Exynos IS i2c adapter [media] v4l: of: check for unique lanes in data-lanes and clock-lanes [media] coda/imx-vdoa: constify structs [media] st-delta: debug: trace stream/frame information & summary [media] st-delta: add mjpeg support [media] st-delta: EOS (End Of Stream) support [media] st-delta: rpmsg ipc support [media] st-delta: add memory allocator helper functions [media] st-delta: STiH4xx multi-format video decoder v4l2 driver [media] MAINTAINERS: add st-delta driver [media] ARM: multi_v7_defconfig: enable STMicroelectronics DELTA Support ... commit 5ab356626f3cf97f00280f17a52e4b5b4a13e038 Merge: 6d1c42d baafaca Author: Linus Torvalds Date: Tue Feb 21 16:34:22 2017 -0800 Merge tag 'pinctrl-v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control updates from Linus Walleij: "Pin control bulk changes for the v4.11 kernel cycle. Core changes: - Switch the generic pin config argument from 16 to 24 bits, only use 8 bits for the configuration type. We might need to encode more information about a certain setting than we need to encode different generic settings. - Add a cross-talk API to the pin control GPIO back-end, utilizing pinctrl_gpio_set_config() from GPIO drivers that want to set up a certain pin configuration in the back-end. This also includes the .set_config() refactoring of the GPIO chips, so that they pass a generic configuration for things like debouncing and single ended (typically open drain). This change has also been merged in an immutable branch to the GPIO tree. - Take hogs with a delayed work, so that we finalize probing a pin controller before trying to get any hogs. - For pin controllers putting all group and function definitions into the device tree, we now have generic code to deal with this and it is used in two drivers so far. - Simplifications of the pin request conflict check. - Make dt_free_map() optional. Updates to drivers: - pinctrl-single now use the generic helpers to generate dynamic group and function tables from the device tree. - Texas Instruments IOdelay configuration driver add-on to pinctrl-single. - i.MX: use radix trees to store groups and functions, use the new generic group and function helpers to manage them. - Intel: add support for hardware debouncing and 1K pull-down. New subdriver for the Gemini Lake SoC. - Renesas SH-PFC: drive strength and bias support, CAN bus muxing, MSIOF, SDHI, HSCIF for r8a7796. Gyro-ADC supporton r8a7791. - Aspeed: use syscon cross-dependencies to set up related bits in the LPC host controller and display controller. - Aspeed: finalize G4 and G5 support. Fix mux configuration on GPIOs. Add banks Y, Z, AA, AB and AC. - AMD: support additional GPIO. - STM32: set this controller to strict muxing mode. STM32H743 MCU support. - Allwinner sunxi: deep simplifications on how to support subvariants of SoCs without adding to much SoC-specific data for each subvariant, especially for sun5i variants. New driver for V3s SoCs. New driver for the H5 SoC. Support A31/A31s variants with the new variant framework. - Mvebu: simplifications to use a MMIO and regmap abstraction. New subdrivers for the 98DX3236, 98DX5241 SoCs. - Samsung Exynos: delete Exynos4415 support. Add crosstalk to the SoC driver to access regmaps. Add infrastructure for pin-bank retention control. Clean out the pin retention control from arch/arm/mach-exynos and arch/arm/mach-s5p and put it properly in the Samsung pin control driver(s). - Meson: add HDMI HPD/DDC pins. Add pwm_ao_b pin. - Qualcomm: use raw spinlock variants: this makes the qualcomm driver realtime-safe" * tag 'pinctrl-v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: (111 commits) pinctrl: samsung: Fix return value check in samsung_pinctrl_get_soc_data() pinctrl: intel: unlock on error in intel_config_set_pull() pinctrl: berlin: make bool drivers explicitly non-modular pinctrl: spear: make bool drivers explicitly non-modular pinctrl: mvebu: make bool drivers explicitly non-modular pinctrl: sunxi: make sun5i explicitly non-modular pinctrl: sunxi: Remove stray printk call in sun5i driver's probe function pinctrl: samsung: mark PM functions as __maybe_unused pinctrl: sunxi: Remove redundant A31s pinctrl driver pinctrl: sunxi: Support A31/A31s with pinctrl variants pinctrl: Amend bindings for STM32 pinctrl pinctrl: Add STM32 pinctrl driver DT bindings pinctrl: stm32: Add STM32H743 MCU support include: dt-bindings: Add STM32H7 pinctrl DT defines gpio: aspeed: Remove dependence on GPIOF_* macros pinctrl: stm32: fix bad location of gpiochip_lock_as_irq drivers: pinctrl: add driver for Allwinner H5 SoC pinctrl: intel: Add Intel Gemini Lake pin controller support pinctrl: intel: Add support for 1k additional pull-down pinctrl: intel: Add support for hardware debouncer ... commit 2fa299a917adb2db2d486b9e4a3072865ce70a03 Author: Jiri Kosina Date: Wed Feb 22 01:13:52 2017 +0100 HID: rmi: fallback to generic/multitouch if hid-rmi is not built Commit 279967a65b32 ("HID: rmi: Handle all Synaptics touchpads using hid-rmi") unconditionally switches over handling of all Synaptics touchpads to hid-rmi (to make use of extended features of the HW); in case CONFIG_HID_RMI is disabled though this renders the touchpad unusable, as the HID_DEVICE(HID_BUS_ANY, HID_GROUP_RMI, HID_ANY_ID, HID_ANY_ID) match doesn't exist and generic/multitouch doesn't bind to it either (due to hid group mismatch). Fix this by switching over to hid-rmi only if it has been actually built. Fixes: 279967a65b32 ("HID: rmi: Handle all Synaptics touchpads using hid-rmi") Reported-by: Linus Torvalds Acked-by: Benjamin Tissoires Tested-by: Andrew Duggan Signed-off-by: Jiri Kosina drivers/hid/hid-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 72cedf599fcebfd6cd2550274d7855838068d28c Author: Arnd Bergmann Date: Tue Feb 21 23:00:46 2017 +0100 ASoC: mediatek: add I2C dependency for CS42XX8 We should not select drivers that depend on I2C when that is disabled, as it results in a build error: warning: (SND_SOC_MT2701_CS42448) selects SND_SOC_CS42XX8_I2C which has unmet direct dependencies (SOUND && !M68K && !UML && SND && SND_SOC && I2C) sound/soc/codecs/cs42xx8-i2c.c:60:1: warning: data definition has no type or storage class module_i2c_driver(cs42xx8_i2c_driver); sound/soc/codecs/cs42xx8-i2c.c:60:1: error: type defaults to 'int' in declaration of 'module_i2c_driver' [-Werror=implicit-int] Fixes: 1f458d53f76c ("ASoC: mediatek: Add mt2701-cs42448 driver and config option.") Signed-off-by: Arnd Bergmann Signed-off-by: Mark Brown sound/soc/mediatek/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4b49f0f7ee1f5de8ea6d1210dfebf2c86f72507f Author: Arnd Bergmann Date: Tue Feb 21 23:02:37 2017 +0100 ALSA: x86: hdmi: select CONFIG_SND_PCM The newly added driver uses the PCM helpers and fails to link if they are disabled: sound/built-in.o: In function `hdmi_lpe_audio_runtime_suspend': intel_hdmi_audio.c:(.text+0x15906): undefined reference to `snd_pcm_suspend' sound/built-in.o: In function `had_pcm_hw_params': intel_hdmi_audio.c:(.text+0x15ac7): undefined reference to `snd_pcm_lib_malloc_pages' sound/built-in.o: In function `had_pcm_open': intel_hdmi_audio.c:(.text+0x15d49): undefined reference to `snd_pcm_hw_constraint_integer' This uses a Kconfig 'select' statement to make sure they are enabled. Fixes: 5dab11d89777 ("ALSA: x86: hdmi: Add audio support for BYT and CHT") Signed-off-by: Arnd Bergmann Signed-off-by: Takashi Iwai sound/x86/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 6d1c42d9b93e38595ad46eeb4634853ca2755c92 Merge: 0f002fd 9085879 Author: Linus Torvalds Date: Tue Feb 21 14:28:55 2017 -0800 Merge tag 'extable-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux Pull exception table module split from Paul Gortmaker: "Final extable.h related changes. This completes the separation of exception table content from the module.h header file. This is achieved with the final commit that removes the one line back compatible change that sourced extable.h into the module.h file. The commits are unchanged since January, with the exception of a couple Acks that came in for the last two commits a bit later. The changes have been in linux-next for quite some time[1] and have got widespread arch coverage via toolchains I have and also from additional ones the kbuild bot has. Maintaners of the various arch were Cc'd during the postings to lkml[2] and informed that the intention was to take the remaining arch specific changes and lump them together with the final two non-arch specific changes and submit for this merge window. The ia64 diffstat stands out and probably warrants a mention. In an earlier review, Al Viro made a valid comment that the original header separation of content left something to be desired, and that it get fixed as a part of this change, hence the larger diffstat" * tag 'extable-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux: (21 commits) module.h: remove extable.h include now users have migrated core: migrate exception table users off module.h and onto extable.h cris: migrate exception table users off module.h and onto extable.h hexagon: migrate exception table users off module.h and onto extable.h microblaze: migrate exception table users off module.h and onto extable.h unicore32: migrate exception table users off module.h and onto extable.h score: migrate exception table users off module.h and onto extable.h metag: migrate exception table users off module.h and onto extable.h arc: migrate exception table users off module.h and onto extable.h nios2: migrate exception table users off module.h and onto extable.h sparc: migrate exception table users onto extable.h openrisc: migrate exception table users off module.h and onto extable.h frv: migrate exception table users off module.h and onto extable.h sh: migrate exception table users off module.h and onto extable.h xtensa: migrate exception table users off module.h and onto extable.h mn10300: migrate exception table users off module.h and onto extable.h alpha: migrate exception table users off module.h and onto extable.h arm: migrate exception table users off module.h and onto extable.h m32r: migrate exception table users off module.h and onto extable.h ia64: ensure exception table search users include extable.h ... commit 34f54f579a9988e96e85e22fc151c15955ae40f0 Author: Gregory CLEMENT Date: Mon Feb 20 18:38:49 2017 +0100 rtc: armada38x: Add support for Armada 7K/8K The Armada 7K/8K use the same RTC IP than the Armada 38x. However the SOC integration differs in 2 points: - MBUS bridge timing initialization - IRQ configuration at SoC level Moreover the Armada 7K/8K have an issue preventing to get the interrupt from alarm 1. This commit allows to use alarm 2 for these A7K/8K but to still use alarm 1 for the Armada 38x. Signed-off-by: Gregory CLEMENT Signed-off-by: Alexandre Belloni .../devicetree/bindings/rtc/armada-380-rtc.txt | 8 ++- drivers/rtc/rtc-armada38x.c | 65 ++++++++++++++++++++++ 2 files changed, 70 insertions(+), 3 deletions(-) commit 75faea9179a775fbc3380e918ac90dc9991dc450 Author: Gregory CLEMENT Date: Mon Feb 20 18:38:48 2017 +0100 rtc: armada38x: Prepare driver to manage different versions In order to prepare the introduction of the A7K/A8K version of the RTC, this commit introduces a new data structure. This structure allows to handle the differences between the integration of the RTC IP in the SoCs. It will be: - MBUS bridge timing initialization - IRQ configuration at SoC level Signed-off-by: Gregory CLEMENT Signed-off-by: Alexandre Belloni drivers/rtc/rtc-armada38x.c | 152 +++++++++++++++++++++++++++++--------------- 1 file changed, 99 insertions(+), 53 deletions(-) commit 0f002fddbe150ec3f2afce3fc09de5bda3096c72 Merge: 252b95c cfd75c2 Author: Linus Torvalds Date: Tue Feb 21 14:21:11 2017 -0800 Merge tag 'mips_4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips Pull MIPS updates from James Hogan: "Here's the main MIPS pull request for 4.11. It contains a few new features such as IRQ stacks, cacheinfo support, and KASLR for Octeon CPUs, and a variety of smaller improvements and fixes including devicetree additions, kexec cleanups, microMIPS stack unwinding fixes, and a bunch of build fixes to clean up continuous integration builds. Its all been in linux-next for at least a couple of days, most of it far longer. Miscellaneous: - Add IRQ stacks - Add cacheinfo support - Add "uzImage.bin" zboot target - Unify performance counter definitions - Export various (mainly assembly) symbols alongside their definitions - Audit and remove unnecessary uses of module.h kexec & kdump: - Lots of improvements and fixes - Add correct copy_regs implementations - Add debug logging of new kernel information Security: - Use Makefile.postlink to insert relocations into vmlinux - Provide plat_post_relocation hook (used for Octeon KASLR) - Add support for tuning mmap randomisation - Relocate DTB microMIPS: - A load of unwind fixes - Add some missing .insn to fix link errors MIPSr6: - Fix MULTU/MADDU/MSUBU sign extension in r2 emulation - Remove r2_emul_return and use ERETNC unconditionally on MIPSr6 - Allow pre-r6 emulation on SMP MIPSr6 kernels Cache management: - Treat physically indexed dcache as non-aliasing - Add return errors to protected cache ops for KVM - CM3: Ensure L1 & L2 cache ECC checking matches - CM3: Indicate inclusive caches - I6400: Treat dcache as physically indexed Memory management: - Ensure bootmem doesn't corrupt reserved memory - Export some TLB exception generation functions for KVM OF: - NULL check initial_boot_params before use in of_scan_flat_dt() - Fix unaligned access in of_alias_scan() SMP: - CPS: Don't BUG if a CPU fails to start Other fixes: - Fix longstanding 64-bit IP checksum carry bug - Fix KERN_CONT fallout in cpu-bugs64.c and sync-r4k.c - Update defconfigs for NF_CT_PROTO_DCCP, DPLITE, CPU_FREQ_STAT,SCSI_DH changes - Disable certain builtin compiler options, stack-check (whole kernel), asynchronous-unwind-tables (VDSO). - A bunch of build fixes from kernelci.org testing - Various other minor cleanups & corrections BMIPS: - Migrate interrupts during bmips_cpu_disable - BCM47xx: Add Luxul devices - BCM47xx: Fix Asus WL-500W button inversion - BCM7xxx: Add SPI device nodes Generic (multiplatform): - Add kexec DTB passing - Fix big endian - Add cpp_its_S in ksym_dep_filter to silence build warning IP22: - Reformat inline assembler code to modern standards - Fix binutils 2.25 build error IP27: - Fix duplicate CAC_BASE definition build error - Disable qlge driver to workaround broken compiler Lantiq: - Refresh defconfig and activate more drivers - Lock DMA register access - Fix cascading IRQ setup - Fix build of VPE loader - xway: Fix ethernet packet header corruption over reboot Loongson1 - Add watchdog support - 1B: Reduce DEFAULT_MEMSIZE to 64MB - 1B: Change OSC clock name to match rest of kernel - 1C: Remove ARCH_WANT_OPTIONAL_GPIOLIB Octeon: - Add KASLR support - Support Octeon III USB controller - Fix large copy_from_user corner case - Enable devtmpfs in defconfig Netlogic: - Fix non-default XLR build error due to netlogic,xlp-pic code - Fix assembler warning from smpboot.S pic32mzda: - Fix linker error when early printk is disabled Pistachio: - Add base device tree - Add Ci40 "Marduk" device tree Ralink: - Support raw appended DTB - Add missing I2C & I2S clocks - Add missing pinmux and fix pinmux function name typo - Add missing clk_round_rate() - Clean up prom_init() - MT7621: Set SoC type - MT7621: Support highmem TXx9: - Modernize printing of kernel messages and resolve KERN_CONT fallout - 7segled: use permission-specific DEVICE_ATTR variants XilFPGA: - Add IRQ controller and UART IRQ - Add AXI I2C and emaclite to DT & defconfig" * tag 'mips_4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips: (148 commits) MIPS: VDSO: Explicitly use -fno-asynchronous-unwind-tables MIPS: BCM47XX: Fix button inversion for Asus WL-500W MIPS: DTS: Add img directory to Makefile MIPS: ip27: Disable qlge driver in defconfig MIPS: pic32mzda: Fix linker error for pic32_get_pbclk() MIPS: Lantiq: Keep ethernet enabled during boot MIPS: OCTEON: Fix copy_from_user fault handling for large buffers MIPS: Fix special case in 64 bit IP checksumming. MIPS: OCTEON: Enable DEVTMPFS MIPS: lantiq: Set physical_memsize MIPS: sysmips: Remove duplicated include from syscall.c Kbuild: Add cpp_its_S in ksym_dep_filter MIPS: Audit and remove any unnecessary uses of module.h MIPS: Unify perf counter register definitions MIPS: Disable stack checks on MIPS kernels MIPS: OCTEON: Platform support for OCTEON III USB controller MIPS: Lantiq: Fix cascaded IRQ setup MIPS: sync-r4k: Fix KERN_CONT fallout MIPS: IRQ Stack: Fix erroneous jal to plat_irq_dispatch MIPS: Fix distclean with Makefile.postlink ... commit 4694335dad7357e9b3d7822ab13049014d74d8b0 Author: Nicolai Hähnle Date: Thu Feb 16 23:49:12 2017 +0100 drm/amdgpu: refuse to reserve io mem for split VRAM buffers When the fast blit path fails while attempting to move a buffer from RAM to VRAM, we fall back to a CPU-based memcpy that cannot handle split VRAM buffers. Instead of crashing, simply fail the buffer move. Ideally, we would teach TTM about split buffers so that the fallback still works in this case, but that is quite involved. So for now, apply the simplest possible fix. Fixes: 40361bb1704b ("drm/amdgpu: add VRAM manager v2") Signed-off-by: Nicolai Hähnle Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 3 +++ 1 file changed, 3 insertions(+) commit 686a816ab6bedb99a892f3171f6c9ccecabff180 Author: Trond Myklebust Date: Sun Feb 19 16:08:32 2017 -0500 NFSv4: Clean up owner/group attribute decode Signed-off-by: Trond Myklebust Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker fs/nfs/nfs4xdr.c | 117 +++++++++++++++++++++++++++---------------------------- 1 file changed, 57 insertions(+), 60 deletions(-) commit 5c741d4f2215371ae17e3dbdf3d46da850662e13 Author: Trond Myklebust Date: Sun Feb 19 16:08:31 2017 -0500 SUNRPC: Add a helper function xdr_stream_decode_string_dup() Create a helper function that decodes a xdr string object, allocates a memory buffer and then store it as a NUL terminated string. Signed-off-by: Trond Myklebust Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker include/linux/sunrpc/xdr.h | 2 ++ net/sunrpc/xdr.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) commit 1bbe60ff49becd7554e9b32b5e8e6fcee4b33db2 Author: Trond Myklebust Date: Sun Feb 19 16:08:30 2017 -0500 NFSv4: Remove bogus "struct nfs_client" argument from decode_ace() We shouldn't need to force callers to carry an unused argument. Signed-off-by: Trond Myklebust Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker fs/nfs/nfs4xdr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5a1f6d9e9b803003271b40b67786ff46fa4eda01 Author: Trond Myklebust Date: Sun Feb 19 16:08:29 2017 -0500 NFSv4: Fix the underestimation of delegation XDR space reservation Account for the "space_limit" field in struct open_write_delegation4. Fixes: 2cebf82883f4 ("NFSv4: Fix the underestimate of NFSv4 open request size") Signed-off-by: Trond Myklebust Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker fs/nfs/nfs4xdr.c | 2 ++ 1 file changed, 2 insertions(+) commit c065eeea3ba03232cb8aaf9d3dc7ad0a9fcb267b Author: Trond Myklebust Date: Sun Feb 19 16:08:28 2017 -0500 NFSv4: Replace callback string decode function with a generic Signed-off-by: Trond Myklebust Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker fs/nfs/callback_xdr.c | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) commit 6da59ce2fd2047fd9cb141479f20d5f84614e84f Author: Trond Myklebust Date: Sun Feb 19 16:08:27 2017 -0500 NFSv4: Replace the open coded decode_opaque_inline() with the new generic Also ensure that we always check that the size of the decoded object matches the expectation that it must be smaller than NFS4_OPAQUE_LIMIT. This should be true for all the current users of decode_opaque_inline(), including decode_ace(), decode_pathname(), decode_attr_fs_locations() and decode_exchange_id(). Note that this allows us to get rid of a number of existing checks in decode_exchange_id(), Signed-off-by: Trond Myklebust Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker fs/nfs/nfs4xdr.c | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) commit ab6e9aaf16cfdfca630f9745fd6d453818df7f64 Author: Trond Myklebust Date: Sun Feb 19 16:08:26 2017 -0500 NFSv4: Replace ad-hoc xdr encode/decode helpers with xdr_stream_* generics Signed-off-by: Trond Myklebust Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker fs/nfs/callback_xdr.c | 8 ++------ fs/nfs/flexfilelayout/flexfilelayout.c | 5 +---- fs/nfs/nfs4xdr.c | 33 +++++++++------------------------ 3 files changed, 12 insertions(+), 34 deletions(-) commit 0ae060ca2bdfe11181094699b0f76437ec210b17 Author: Trond Myklebust Date: Sun Feb 19 16:08:25 2017 -0500 SUNRPC: Add generic helpers for xdr_stream encode/decode Add some generic helpers for encoding/decoding opaque structures and basic u32/u64. Signed-off-by: Trond Myklebust Reviewed-by: Chuck Lever Signed-off-by: Anna Schumaker include/linux/sunrpc/xdr.h | 177 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 177 insertions(+) commit 252b95c0edead46fb188042584d3dcd6d6ede062 Merge: b8989bc 4610d24 Author: Linus Torvalds Date: Tue Feb 21 13:53:41 2017 -0800 Merge tag 'for-linus-4.11-rc0-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen updates from Juergen Gross: "Xen features and fixes: - a series from Boris Ostrovsky adding support for booting Linux as Xen PVH guest - a series from Juergen Gross streamlining the xenbus driver - a series from Paul Durrant adding support for the new device model hypercall - several small corrections" * tag 'for-linus-4.11-rc0-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/privcmd: add IOCTL_PRIVCMD_RESTRICT xen/privcmd: Add IOCTL_PRIVCMD_DM_OP xen/privcmd: return -ENOTTY for unimplemented IOCTLs xen: optimize xenbus driver for multiple concurrent xenstore accesses xen: modify xenstore watch event interface xen: clean up xenbus internal headers xenbus: Neaten xenbus_va_dev_error xen/pvh: Use Xen's emergency_restart op for PVH guests xen/pvh: Enable CPU hotplug xen/pvh: PVH guests always have PV devices xen/pvh: Initialize grant table for PVH guests xen/pvh: Make sure we don't use ACPI_IRQ_MODEL_PIC for SCI xen/pvh: Bootstrap PVH guest xen/pvh: Import PVH-related Xen public interfaces xen/x86: Remove PVH support x86/boot/32: Convert the 32-bit pgtable setup code from assembly to C xen/manage: correct return value check on xenbus_scanf() x86/xen: Fix APIC id mismatch warning on Intel xen/netback: set default upper limit of tx/rx queues to 8 xen/netfront: set default upper limit of tx/rx queues to 8 commit 3089c1df10e2931b1d72d2ffa7d86431084c86b3 Author: Nicolai Hähnle Date: Sat Feb 18 22:59:56 2017 +0100 drm/ttm: fix use-after-free races in vm fault handling The vm fault handler relies on the fact that the VMA owns a reference to the BO. However, once mmap_sem is released, other tasks are free to destroy the VMA, which can lead to the BO being freed. Fix two code paths where that can happen, both related to vm fault retries. Found via a lock debugging warning which flagged &bo->wu_mutex as locked while being destroyed. Fixes: cbe12e74ee4e ("drm/ttm: Allow vm fault retries") Signed-off-by: Nicolai Hähnle Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/ttm/ttm_bo_vm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit b8989bccd6a0ad49db4795afca56a733e1c19099 Merge: c9341ee fe8e52b Author: Linus Torvalds Date: Tue Feb 21 13:25:50 2017 -0800 Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit Pull audit updates from Paul Moore: "The audit changes for v4.11 are relatively small compared to what we did for v4.10, both in terms of size and impact. - two patches from Steve tweak the formatting for some of the audit records to make them more consistent with other audit records. - three patches from Richard record the name of a module on module load, fix the logging of sockaddr information when using socketcall() on 32-bit systems, and add the ability to reset audit's lost record counter. - my lone patch just fixes an annoying style nit that I was reminded about by one of Richard's patches. All these patches pass our test suite" * 'stable-4.11' of git://git.infradead.org/users/pcmoore/audit: audit: remove unnecessary curly braces from switch/case statements audit: log module name on init_module audit: log 32-bit socketcalls audit: add feature audit_lost reset audit: Make AUDIT_ANOM_ABEND event normalized audit: Make AUDIT_KERNEL event conform to the specification commit 0b6b524f3915f88eb4562e8d927528224a8eab41 Author: Takashi Iwai Date: Tue Feb 21 22:18:57 2017 +0100 ALSA: x86: Don't enable runtime PM as default Unlike HSW and newer, BYT/CHT devices have no fine control of audio power domain in i915 side. Since there is little gain by runtime PM on BYT/CHT, so far, this commit removes the pm_runtime_enable() call as default. User who still wants the runtime PM may adjust the corresponding sysfs files (power/control and power/autosuspend_delay_ms) appropriately, of course. Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit bd1599d931ca735c1081f11aa4d49006350709f1 Author: Omar Sandoval Date: Tue Feb 21 10:03:50 2017 -0800 scsi_transport_sas: fix BSG ioctl memory corruption The end_device and sas_host devices support BSG ioctls, but the request_queue allocated for them isn't set up to allocate the struct scsi_request payload. This leads to memory corruption in the call to scsi_req_init() in bsg_map_hdr(), since it will memset past the end of the allocated request. Fix it by setting ->cmd_size on the allocated request_queue. Fixes: 82ed4db499b8 ("block: split scsi_request out of struct request") Signed-off-by: Omar Sandoval Acked-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/scsi/scsi_transport_sas.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) commit 3002b9fb7cbc26e8d29927c9e20e235f38319b24 Author: Takashi Iwai Date: Mon Feb 13 09:52:44 2017 +0100 ALSA: x86: Use runtime PM autosuspend This patch adds a few lines to the driver to use autosuspend for the runtime PM. It'll become useful with the combination of the keep-link feature. Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) commit c4d052ce970ea98e9e1cc72461ba3b7a25397657 Merge: 42d87e3 33be632 Author: Bjorn Helgaas Date: Tue Feb 21 15:16:28 2017 -0600 Merge branch 'pci/virtualization' into next * pci/virtualization: PCI: Add ACS quirk for Qualcomm QDF2400 and QDF2432 commit 42d87e3ffbd53c4514bccc0f24e40d6231a567f5 Merge: 2bdd584 81efbad Author: Bjorn Helgaas Date: Tue Feb 21 15:16:22 2017 -0600 Merge branch 'pci/msi' into next * pci/msi: PCI/MSI: Fix msi_desc->affinity memory leak when freeing MSI IRQs commit 2bdd584a7555d5ac3341b61e751a6ac807a9814a Merge: 9e38637 cd3e2eb Author: Bjorn Helgaas Date: Tue Feb 21 15:16:17 2017 -0600 Merge branch 'pci/enumeration' into next * pci/enumeration: PCI: Sort the list of devices with D3 delay quirk by ID commit 9e38637a0832f15552ae130622808831f515107c Merge: 9d53426 26b54be Author: Bjorn Helgaas Date: Tue Feb 21 15:16:12 2017 -0600 Merge branch 'pci/host-xilinx' into next * pci/host-xilinx: PCI: xilinx-nwl: Remove mask for messages not supported by AXI PCI: xilinx: Configure PCIe MPS settings commit 9d534265bdcd47659c9fd080fff4c005512c4770 Merge: f08bf55 7da7a1a Author: Bjorn Helgaas Date: Tue Feb 21 15:16:08 2017 -0600 Merge branch 'pci/host-xgene' into next * pci/host-xgene: PCI: xgene: Configure PCIe MPS settings PCI: xgene: Fix double free on init error commit f08bf55e690ebdac28402955ef953e11ff478668 Merge: b98a7f7 70bc1b6 Author: Bjorn Helgaas Date: Tue Feb 21 15:15:54 2017 -0600 Merge branch 'pci/host-versatile' into next * pci/host-versatile: PCI: versatile: Configure PCIe MPS settings commit b98a7f7509ed7a031ed750be11b72b7ca1c95513 Merge: bcea623 c5c4d3a Author: Bjorn Helgaas Date: Tue Feb 21 15:15:49 2017 -0600 Merge branch 'pci/host-thunder' into next * pci/host-thunder: PCI: thunder-pem: Add support for cn81xx and cn83xx SoCs commit bcea623c65d5ad3b2f4e51908cffc9423175a10b Merge: 56195e9 5800790 Author: Bjorn Helgaas Date: Tue Feb 21 15:15:44 2017 -0600 Merge branch 'pci/host-rockchip' into next * pci/host-rockchip: PCI: rockchip: Set vendor ID from local core config space PCI: rockchip: Fix rockchip_pcie_probe() error path to free resource list PCI: rockchip: Mark PM functions as __maybe_unused PCI: rockchip: Use readl_poll_timeout() instead of open-coding it PCI: rockchip: Disable RC's ASPM L0s based on DT "aspm-no-l0s" PCI: rockchip: Add system PM support commit 56195e9d1d68a9c201587cb55b7fdf6d43fb31b6 Merge: dda7189 ff1677e Author: Bjorn Helgaas Date: Tue Feb 21 15:15:39 2017 -0600 Merge branch 'pci/host-rcar' into next * pci/host-rcar: PCI: rcar: Use of_device_get_match_data() to simplify probe PCI: rcar: Add compatible string for r8a7796 PCI: rcar: Return -ENODEV from host bridge probe when no card present commit dda718926c0fe091fd5c7ed3f88c9542d8bf67cf Merge: e2dc4f2 8ed81ec Author: Bjorn Helgaas Date: Tue Feb 21 15:15:34 2017 -0600 Merge branch 'pci/host-mvebu' into next * pci/host-mvebu: PCI: mvebu: Change delay after reset to the PCIe spec mandated 100ms PCI: mvebu: Handle changes to the bridge windows while enabled commit e2dc4f225b765c2a12e5eaa7bc09994e67d13741 Merge: 68094b4 6dc2c04 Author: Bjorn Helgaas Date: Tue Feb 21 15:15:21 2017 -0600 Merge branch 'pci/host-layerscape' into next * pci/host-layerscape: PCI: layerscape: Use of_device_get_match_data() to simplify probe Conflicts: drivers/pci/dwc/pci-layerscape.c commit 68094b4b8d72360f9a90804c203e4292c6662fdd Merge: e34e38b ce709f8 Author: Bjorn Helgaas Date: Tue Feb 21 15:15:05 2017 -0600 Merge branch 'pci/host-iproc' into next * pci/host-iproc: PCI: Add Broadcom Northstar2 PAXC quirk for device class and MPSS PCI: iproc: Configure PCIe MPS settings PCI: iproc: Use of_device_get_match_data() to simplify probe commit e34e38bf891bd7bf7c9305ff1d2e1b29a77dd159 Merge: 5dcda98 21b7245 Author: Bjorn Helgaas Date: Tue Feb 21 15:14:53 2017 -0600 Merge branch 'pci/host-imx6' into next * pci/host-imx6: PCI: imx6: Fix a typo in error message PCI: imx6: Remove LTSSM disable workaround PCI: imx6: Remove redundant "Link never came up" message Conflicts: drivers/pci/dwc/pci-imx6.c commit 5dcda98a3b7cfc0025ca49a700765ac9ba78a6a7 Merge: d952097 4a9b093 Author: Bjorn Helgaas Date: Tue Feb 21 15:14:31 2017 -0600 Merge branch 'pci/host-hv' into next * pci/host-hv: PCI: hv: Use device serial number as PCI domain PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal commit d9520971589b008faa8df31aa2bb3d1e4f1c4534 Merge: b2e6d30 3fb5561 Author: Bjorn Helgaas Date: Tue Feb 21 15:14:18 2017 -0600 Merge branch 'pci/host-hisi' into next * pci/host-hisi: PCI: generic: Call pci_fixup_irqs() only on ARM PCI: Disable MSI for HiSilicon Hip06/Hip07 Root Ports PCI: hisi: Rename config space accessors to remove "acpi" PCI: hisi: Add DT almost-ECAM support for Hip06/Hip07 host controllers PCI: hisi: Use of_device_get_match_data() to simplify probe Conflicts: drivers/pci/dwc/pcie-hisi.c commit b2e6d3055d5545b97533d4e8376fa848639d9951 Merge: 1a55761 e7cd7ef Author: Bjorn Helgaas Date: Tue Feb 21 15:13:30 2017 -0600 Merge branch 'pci/host-exynos' into next * pci/host-exynos: PCI: exynos: Support the PHY generic framework Documentation: binding: Modify the exynos5440 PCIe binding phy: phy-exynos-pcie: Add support for Exynos PCIe PHY Documentation: samsung-phy: Add exynos-pcie-phy binding PCI: exynos: Refactor to make it easier to support other SoCs PCI: exynos: Remove duplicated code PCI: exynos: Use the bitops BIT() macro to build bitmasks PCI: exynos: Remove unnecessary local variables PCI: exynos: Replace the *_blk/*_phy/*_elb accessors PCI: exynos: Rename all pointer names from "exynos_pcie" to "ep" Conflicts: drivers/pci/dwc/pci-exynos.c commit 1a55761392b8a4703039614f3ef6275f88dad4c3 Merge: 3bb0356 8ca6e0a Author: Bjorn Helgaas Date: Tue Feb 21 15:12:18 2017 -0600 Merge branch 'pci/host-altera' into next * pci/host-altera: PCI: altera: Extract TLP completion status correctly commit 3bb0356bb1b5a2c4434b4a3267df6dd9927ca5bf Merge: 4c2ae32 7a2b3f0 Author: Bjorn Helgaas Date: Tue Feb 21 15:12:18 2017 -0600 Merge branch 'pci/host-designware' into next * pci/host-designware: PCI: dwc: Remove dependency of designware on CONFIG_PCI PCI: dwc: Add CONFIG_PCIE_DW_HOST to enable PCI dwc host PCI: dwc: Split pcie-designware.c into host and core files PCI: dwc: designware: Fix style errors in pcie-designware.c PCI: dwc: designware: Parse "num-lanes" property in dw_pcie_setup_rc() PCI: dwc: all: Split struct pcie_port into host-only and core structures PCI: dwc: designware: Get device pointer at the start of dw_pcie_host_init() PCI: dwc: all: Rename cfg_read/cfg_write to read/write PCI: dwc: all: Use platform_set_drvdata() to save private data PCI: dwc: designware: Move register defines to designware header file PCI: dwc: Use PTR_ERR_OR_ZERO to simplify code PCI: dra7xx: Group PHY API invocations PCI: dra7xx: Enable MSI and legacy interrupts simultaneously PCI: dra7xx: Add support to force RC to work in GEN1 mode PCI: dra7xx: Simplify probe code with devm_gpiod_get_optional() PCI: Move DesignWare IP support to new drivers/pci/dwc/ directory PCI: designware: Check for iATU unroll only on platforms that use ATU commit 7a2b3f024b8b724257d82f76690e68c69d797efd Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:19 2017 +0530 PCI: dwc: Remove dependency of designware on CONFIG_PCI CONFIG_PCI is used to enable host mode PCI. In preparation for adding endpoint mode support to designware driver, remove the dependency of designware on CONFIG_PCI and make only the host-specific part depend on CONFIG_PCI. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/Makefile | 3 +++ drivers/pci/Makefile | 3 --- drivers/pci/dwc/Kconfig | 13 ++++++++++++- 3 files changed, 15 insertions(+), 4 deletions(-) commit a0560209f10cb55fbfcdd11ef85cfb444f8bea89 Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:18 2017 +0530 PCI: dwc: Add CONFIG_PCIE_DW_HOST to enable PCI dwc host Now that PCI designware host has a separate file, add a new PCIE_DW_HOST config symbol to select the host-only driver. This will enable to independently select host support and endpoint support (when it's added). Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/pci/dwc/Kconfig | 26 +++++++++++++++----------- drivers/pci/dwc/Makefile | 3 ++- drivers/pci/dwc/pcie-designware.h | 29 +++++++++++++++++++++++++---- 3 files changed, 42 insertions(+), 16 deletions(-) commit feb85d9b1c47ea8dbcae559ff127b433fdb245b7 Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:17 2017 +0530 PCI: dwc: Split pcie-designware.c into host and core files Split pcie-designware.c into pcie-designware-host.c that contains the host specific parts of the driver and pcie-designware.c that contains the parts used by both host driver and endpoint driver. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/pci/dwc/Makefile | 2 +- drivers/pci/dwc/pcie-designware-host.c | 635 +++++++++++++++++++++++++++++++++ drivers/pci/dwc/pcie-designware.c | 629 +------------------------------- drivers/pci/dwc/pcie-designware.h | 8 + 4 files changed, 650 insertions(+), 624 deletions(-) commit 314fc854f50317931fb4dfaab431695ab886e8de Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:16 2017 +0530 PCI: dwc: designware: Fix style errors in pcie-designware.c No functional change. Fix all checkpatch warnings and check errors in pcie-designware.c Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas Acked-By: Joao Pinto drivers/pci/dwc/pcie-designware.c | 42 +++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 21 deletions(-) commit 5f334db665173facf2213854408bb5fa2445d0b3 Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:15 2017 +0530 PCI: dwc: designware: Parse "num-lanes" property in dw_pcie_setup_rc() The "num-lanes" DT property is parsed in dw_pcie_host_init(). However num-lanes is applicable to both root complex mode and endpoint mode. As a first step, move the parsing of this property outside dw_pcie_host_init(). This is in preparation for splitting pcie-designware.c to pcie-designware.c and pcie-designware-host.c Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/pci/dwc/pcie-designware.c | 18 +++++++++++------- drivers/pci/dwc/pcie-designware.h | 1 - 2 files changed, 11 insertions(+), 8 deletions(-) commit 442ec4c04d1235f8c664a74004dae54a7a574d18 Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:14 2017 +0530 PCI: dwc: all: Split struct pcie_port into host-only and core structures Keep only the host-specific members in struct pcie_port and move the common members (i.e common to both host and endpoint) to struct dw_pcie. This is in preparation for adding endpoint mode support to designware driver. While at that also fix checkpatch warnings. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas CC: Jingoo Han CC: Richard Zhu CC: Lucas Stach CC: Murali Karicheri CC: Minghuan Lian CC: Mingkai Hu CC: Roy Zang CC: Thomas Petazzoni CC: Niklas Cassel CC: Jesper Nilsson CC: Joao Pinto CC: Zhou Wang CC: Gabriele Paoloni CC: Stanimir Varbanov CC: Pratyush Anand drivers/pci/dwc/pci-dra7xx.c | 80 +++++++------ drivers/pci/dwc/pci-exynos.c | 78 +++++++------ drivers/pci/dwc/pci-imx6.c | 128 +++++++++++---------- drivers/pci/dwc/pci-keystone-dw.c | 83 ++++++++------ drivers/pci/dwc/pci-keystone.c | 54 +++++---- drivers/pci/dwc/pci-keystone.h | 4 +- drivers/pci/dwc/pci-layerscape.c | 91 +++++++++------ drivers/pci/dwc/pcie-armada8k.c | 85 ++++++++------ drivers/pci/dwc/pcie-artpec6.c | 48 ++++---- drivers/pci/dwc/pcie-designware-plat.c | 27 +++-- drivers/pci/dwc/pcie-designware.c | 203 ++++++++++++++++++--------------- drivers/pci/dwc/pcie-designware.h | 67 ++++++----- drivers/pci/dwc/pcie-hisi.c | 55 +++++---- drivers/pci/dwc/pcie-qcom.c | 70 ++++++++---- drivers/pci/dwc/pcie-spear13xx.c | 74 +++++++----- 15 files changed, 666 insertions(+), 481 deletions(-) commit 40f67fb2c384fe12741aa35010d62bfe8c98286c Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:13 2017 +0530 PCI: dwc: designware: Get device pointer at the start of dw_pcie_host_init() No functional change. Get device pointer at the beginning of dw_pcie_host_init() instead of getting it all over dw_pcie_host_init(). This is in preparation for splitting struct pcie_port into host and core structures (once split pcie_port will not have device pointer). Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/pci/dwc/pcie-designware.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) commit 19ce01cc8cbc314d73db9755715a8f6e8ad59a7f Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:12 2017 +0530 PCI: dwc: all: Rename cfg_read/cfg_write to read/write No functional change. dw_pcie_cfg_read()/dw_pcie_cfg_write() doesn't do anything specific to access configuration space. It can be just renamed to dw_pcie_read()/dw_pcie_write() and used to read/write data to dbi space. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas Reviewed-By: Joao Pinto CC: Jingoo Han CC: Murali Karicheri CC: Stanimir Varbanov CC: Pratyush Anand drivers/pci/dwc/pci-dra7xx.c | 16 ++++++++-------- drivers/pci/dwc/pci-exynos.c | 4 ++-- drivers/pci/dwc/pci-keystone-dw.c | 4 ++-- drivers/pci/dwc/pcie-designware.c | 12 ++++++------ drivers/pci/dwc/pcie-designware.h | 4 ++-- drivers/pci/dwc/pcie-qcom.c | 2 +- drivers/pci/dwc/pcie-spear13xx.c | 24 ++++++++++++------------ 7 files changed, 33 insertions(+), 33 deletions(-) commit 9bcf0a6fdc5062e451cd6f1ab39045e142a5938f Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:11 2017 +0530 PCI: dwc: all: Use platform_set_drvdata() to save private data Add platform_set_drvdata() in all designware-based drivers to store the private data structure of the driver so that dev_set_drvdata() can be used to get back private data structure in add_pcie_port/host_init. This is in preparation for splitting struct pcie_port into core and host only structures. After the split pcie_port will not be part of the driver's private data structure and *container_of* used now to get the private data pointer cannot be used. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas CC: Jingoo Han CC: Richard Zhu CC: Lucas Stach CC: Murali Karicheri CC: Minghuan Lian CC: Mingkai Hu CC: Roy Zang CC: Thomas Petazzoni CC: Niklas Cassel CC: Jesper Nilsson CC: Joao Pinto CC: Zhou Wang CC: Gabriele Paoloni CC: Stanimir Varbanov CC: Pratyush Anand drivers/pci/dwc/pci-dra7xx.c | 3 ++- drivers/pci/dwc/pci-exynos.c | 3 ++- drivers/pci/dwc/pci-imx6.c | 3 ++- drivers/pci/dwc/pci-keystone.c | 2 ++ drivers/pci/dwc/pci-layerscape.c | 2 ++ drivers/pci/dwc/pcie-armada8k.c | 2 ++ drivers/pci/dwc/pcie-artpec6.c | 2 ++ drivers/pci/dwc/pcie-designware-plat.c | 2 ++ drivers/pci/dwc/pcie-hisi.c | 2 ++ drivers/pci/dwc/pcie-qcom.c | 2 ++ drivers/pci/dwc/pcie-spear13xx.c | 3 ++- 11 files changed, 22 insertions(+), 4 deletions(-) commit b90dc392212d1153a12eea15cbc6eae352a3c989 Author: Kishon Vijay Abraham I Date: Wed Feb 15 18:48:10 2017 +0530 PCI: dwc: designware: Move register defines to designware header file No functional change. Move the register defines and other macros from pcie-designware.c to pcie-designware.h. This is in preparation to split the pcie-designware.c file into designware core file and host-specific file. While at that also fix a checkpatch warning. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas Reviewed-By: Joao Pinto drivers/pci/dwc/pcie-designware.c | 70 -------------------------------------- drivers/pci/dwc/pcie-designware.h | 71 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 70 deletions(-) commit 11a61a8602812c024d8c404193ce1654ee3b8f08 Author: Fengguang Wu Date: Sat Feb 4 09:35:32 2017 +0800 PCI: dwc: Use PTR_ERR_OR_ZERO to simplify code Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR to avoid the following warnings found by scripts/coccinelle/api/ptr_ret.cocci: drivers/pci/dwc/pcie-qcom.c:215:1-3: WARNING: PTR_ERR_OR_ZERO can be used drivers/pci/dwc/pcie-qcom.c:247:1-3: WARNING: PTR_ERR_OR_ZERO can be used drivers/pci/dwc/pcie-qcom.c:481:1-3: WARNING: PTR_ERR_OR_ZERO can be used Signed-off-by: Fengguang Wu Signed-off-by: Bjorn Helgaas CC: Kishon Vijay Abraham I drivers/pci/dwc/pcie-qcom.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) commit 1f6c4501c667a6bf25996f04c9cae49a88d90d01 Author: Kishon Vijay Abraham I Date: Wed Jan 11 17:36:55 2017 +0530 PCI: dra7xx: Group PHY API invocations No functional change. PHY APIs like phy_init()/phy_power_on() are invoked from multiple places. Group all the PHY APIs in dra7xx_pcie_enable_phy() and dra7xx_pcie_disable_phy() and use these functions for enabling or disabling the PHY. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/pci/dwc/pci-dra7xx.c | 92 ++++++++++++++++++++++++-------------------- 1 file changed, 51 insertions(+), 41 deletions(-) commit ebe85a44aad47bb5f08c5cbd939eb5e40956c73b Author: Kishon Vijay Abraham I Date: Wed Jan 11 17:36:54 2017 +0530 PCI: dra7xx: Enable MSI and legacy interrupts simultaneously pci-dra7xx driver had a bug in that if CONFIG_PCI_MSI config is enabled, it doesn't support legacy interrupt. Fix it here so that both MSI and legacy interrupts can be enabled simultaneously and the interrupt mechanism supported by the endpoint device will be used. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/pci/dwc/pci-dra7xx.c | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) commit ab5fe4f4d31ee27df9b8d7720da710d955d55737 Author: Kishon Vijay Abraham I Date: Wed Jan 11 17:36:53 2017 +0530 PCI: dra7xx: Add support to force RC to work in GEN1 mode PCIe in AM57x/DRA7x devices is by default configured to work in GEN2 mode. However there may be situations when working in GEN1 mode is desired. One example is limitation i925 (PCIe GEN2 mode not supported at junction temperatures < 0C). Add support to force Root Complex to work in GEN1 mode if so desired, but don't force GEN1 mode on any board just yet. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/pci/dwc/pci-dra7xx.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) commit 602d38bc65aa2926d1ecd290a348e87aa8c21290 Author: Kishon Vijay Abraham I Date: Wed Jan 11 17:36:52 2017 +0530 PCI: dra7xx: Simplify probe code with devm_gpiod_get_optional() No functional change. Use the new devm_gpiod_get_optional() to simplify the probe code. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas drivers/pci/dwc/pci-dra7xx.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) commit 950bf6388bc22c2749b8b66c501df1462639d6bd Author: Kishon Vijay Abraham I Date: Fri Jan 6 18:22:48 2017 +0530 PCI: Move DesignWare IP support to new drivers/pci/dwc/ directory Group all the PCI drivers that use DesignWare core in dwc directory. dwc IP is capable of operating in both host mode and device mode and keeping it inside the *host* directory is misleading. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Bjorn Helgaas Acked-by: Jingoo Han Acked-By: Joao Pinto Cc: Thomas Petazzoni Cc: Minghuan Lian Cc: Mingkai Hu Cc: Roy Zang Cc: Richard Zhu Cc: Lucas Stach Cc: Murali Karicheri Cc: Pratyush Anand Cc: Niklas Cassel Cc: Jesper Nilsson Cc: Zhou Wang Cc: Gabriele Paoloni Cc: Stanimir Varbanov MAINTAINERS | 22 +- drivers/pci/Kconfig | 1 + drivers/pci/Makefile | 3 + drivers/pci/dwc/Kconfig | 117 +++++ drivers/pci/dwc/Makefile | 23 + drivers/pci/dwc/pci-dra7xx.c | 525 +++++++++++++++++++ drivers/pci/dwc/pci-exynos.c | 629 ++++++++++++++++++++++ drivers/pci/dwc/pci-imx6.c | 757 +++++++++++++++++++++++++++ drivers/pci/dwc/pci-keystone-dw.c | 560 ++++++++++++++++++++ drivers/pci/dwc/pci-keystone.c | 444 ++++++++++++++++ drivers/pci/dwc/pci-keystone.h | 63 +++ drivers/pci/dwc/pci-layerscape.c | 284 ++++++++++ drivers/pci/dwc/pcie-armada8k.c | 254 +++++++++ drivers/pci/dwc/pcie-artpec6.c | 283 ++++++++++ drivers/pci/dwc/pcie-designware-plat.c | 126 +++++ drivers/pci/dwc/pcie-designware.c | 902 ++++++++++++++++++++++++++++++++ drivers/pci/dwc/pcie-designware.h | 86 +++ drivers/pci/dwc/pcie-hisi.c | 326 ++++++++++++ drivers/pci/dwc/pcie-qcom.c | 753 ++++++++++++++++++++++++++ drivers/pci/dwc/pcie-spear13xx.c | 299 +++++++++++ drivers/pci/host/Kconfig | 113 ---- drivers/pci/host/Makefile | 12 - drivers/pci/host/pci-dra7xx.c | 525 ------------------- drivers/pci/host/pci-exynos.c | 629 ---------------------- drivers/pci/host/pci-imx6.c | 757 --------------------------- drivers/pci/host/pci-keystone-dw.c | 560 -------------------- drivers/pci/host/pci-keystone.c | 444 ---------------- drivers/pci/host/pci-keystone.h | 63 --- drivers/pci/host/pci-layerscape.c | 284 ---------- drivers/pci/host/pcie-armada8k.c | 254 --------- drivers/pci/host/pcie-artpec6.c | 283 ---------- drivers/pci/host/pcie-designware-plat.c | 126 ----- drivers/pci/host/pcie-designware.c | 902 -------------------------------- drivers/pci/host/pcie-designware.h | 86 --- drivers/pci/host/pcie-hisi.c | 326 ------------ drivers/pci/host/pcie-qcom.c | 753 -------------------------- drivers/pci/host/pcie-spear13xx.c | 299 ----------- 37 files changed, 6446 insertions(+), 6427 deletions(-) commit 005c3490e9db23738d91e02788606c0fe4734723 Author: Kalle Valo Date: Tue Feb 21 21:47:06 2017 +0200 Revert "ath10k: Search SMBIOS for OEM board file extension" This reverts commit f2593cb1b29185d38db706cbcbe22ed538720ae1. Paul reported that this patch with older board-2.bin ath10k initialisation fails on Dell XPS 13: ath10k_pci 0000:3a:00.0: failed to fetch board data for bus=pci,vendor=168c, device=003e,subsystem-vendor=1a56,subsystem-device=1535,variant=RV_0520 from ath10k/QCA6174/hw3.0/board-2.bin The reason is that the older board-2.bin does not have the variant version of the image name and ath10k does not fallback to the older naming scheme. Reported-by: Paul Menzel Link: https://bugzilla.kernel.org/show_bug.cgi?id=185621#c9 Fixes: f2593cb1b291 ("ath10k: Search SMBIOS for OEM board file extension") Signed-off-by: Kalle Valo Signed-off-by: David S. Miller drivers/net/wireless/ath/ath10k/core.c | 84 ++-------------------------------- drivers/net/wireless/ath/ath10k/core.h | 19 -------- 2 files changed, 3 insertions(+), 100 deletions(-) commit 656795c8873f93956a031d5db6fb08cf6168ebb0 Merge: 7ce7d89 a782b5f Author: Bjorn Helgaas Date: Tue Feb 21 14:59:14 2017 -0600 Merge branch 'for-linus' into pci/host-designware * for-linus: PCI: designware: Check for iATU unroll only on platforms that use ATU commit c9341ee0af4df0af8b727873ef851227345defed Merge: 7a771ce 61841be Author: Linus Torvalds Date: Tue Feb 21 12:49:56 2017 -0800 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security layer updates from James Morris: "Highlights: - major AppArmor update: policy namespaces & lots of fixes - add /sys/kernel/security/lsm node for easy detection of loaded LSMs - SELinux cgroupfs labeling support - SELinux context mounts on tmpfs, ramfs, devpts within user namespaces - improved TPM 2.0 support" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (117 commits) tpm: declare tpm2_get_pcr_allocation() as static tpm: Fix expected number of response bytes of TPM1.2 PCR Extend tpm xen: drop unneeded chip variable tpm: fix misspelled "facilitate" in module parameter description tpm_tis: fix the error handling of init_tis() KEYS: Use memzero_explicit() for secret data KEYS: Fix an error code in request_master_key() sign-file: fix build error in sign-file.c with libressl selinux: allow changing labels for cgroupfs selinux: fix off-by-one in setprocattr tpm: silence an array overflow warning tpm: fix the type of owned field in cap_t tpm: add securityfs support for TPM 2.0 firmware event log tpm: enhance read_log_of() to support Physical TPM event log tpm: enhance TPM 2.0 PCR extend to support multiple banks tpm: implement TPM 2.0 capability to get active PCR banks tpm: fix RC value check in tpm2_seal_trusted tpm_tis: fix iTPM probe via probe_itpm() function tpm: Begin the process to deprecate user_read_timer tpm: remove tpm_read_index and tpm_write_index from tpm.h ... commit f83f3c515654474e19c7fc86e3b06564bb5cb4d4 Author: Tejun Heo Date: Sun Feb 12 05:33:02 2017 +0900 kernfs: fix locking around kernfs_ops->release() callback The release callback may be called from two places - file release operation and kernfs open file draining. kernfs_open_file->mutex is used to synchronize the two callsites. This unfortunately leads to possible circular locking because of->mutex is used to protect the usual kernfs operations which may use locking constructs which are held while removing and thus draining kernfs files. @of->mutex is for synchronizing concurrent kernfs access operations and all we need here is synchronization between the releaes and drain paths. As the drain path has to grab kernfs_open_file_mutex anyway, let's use the mutex to synchronize the release operation instead. Signed-off-by: Tejun Heo Reported-and-tested-by: Tony Lindgren Fixes: 0e67db2f9fe9 ("kernfs: add kernfs_ops->open/release() callbacks") Acked-by: Greg Kroah-Hartman fs/kernfs/file.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) commit 0d4ec7849f5a197d46c062a49f47ed326dd0388c Author: Jessica Yu Date: Mon Feb 13 11:43:15 2017 -0800 MAINTAINERS: add tree for modules Add git tree url for modules. Signed-off-by: Jessica Yu MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit a5544880aff90baf1bd4443ac7ff65182213ffcd Author: Luis R. Rodriguez Date: Fri Feb 10 14:06:22 2017 -0800 module: fix memory leak on early load_module() failures While looking for early possible module loading failures I was able to reproduce a memory leak possible with kmemleak. There are a few rare ways to trigger a failure: o we've run into a failure while processing kernel parameters (parse_args() returns an error) o mod_sysfs_setup() fails o we're a live patch module and copy_module_elf() fails Chances of running into this issue is really low. kmemleak splat: unreferenced object 0xffff9f2c4ada1b00 (size 32): comm "kworker/u16:4", pid 82, jiffies 4294897636 (age 681.816s) hex dump (first 32 bytes): 6d 65 6d 73 74 69 63 6b 30 00 00 00 00 00 00 00 memstick0....... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc+0x4a/0xa0 [] __kmalloc_track_caller+0x126/0x230 [] kstrdup+0x31/0x60 [] kstrdup_const+0x24/0x30 [] kvasprintf_const+0x7a/0x90 [] kobject_set_name_vargs+0x21/0x90 [] dev_set_name+0x47/0x50 [] memstick_check+0x95/0x33c [memstick] [] process_one_work+0x1f3/0x4b0 [] worker_thread+0x48/0x4e0 [] kthread+0xc9/0xe0 [] ret_from_fork+0x1f/0x40 [] 0xffffffffffffffff Cc: stable # v2.6.30 Fixes: e180a6b7759a ("param: fix charp parameters set via sysfs") Reviewed-by: Miroslav Benes Reviewed-by: Aaron Tomlin Reviewed-by: Rusty Russell Acked-by: Kees Cook Signed-off-by: Luis R. Rodriguez Signed-off-by: Jessica Yu kernel/module.c | 1 + 1 file changed, 1 insertion(+) commit 082edf0ab1e83fe42d98ea7b6c1a64a896efce70 Author: Phil Reid Date: Fri Feb 17 09:44:57 2017 +0800 rtc: ds3232: Add regmap max_register definition. Add the max_register to the regmap_config definition. This allows dumping of the device's registers via the regmap debugfs interface. Signed-off-by: Phil Reid Signed-off-by: Alexandre Belloni drivers/rtc/rtc-ds3232.c | 2 ++ 1 file changed, 2 insertions(+) commit ca4b0a6de8a8ed9834942a5ba0c6a7cd80877320 Author: Phil Reid Date: Fri Feb 17 09:44:56 2017 +0800 rtc: ds3232: Cleanup whitespace around register and bit definitions. Whitespace was a combination of spaces and tabs. Use spaces and align register / bit definitions. Signed-off-by: Phil Reid Signed-off-by: Alexandre Belloni drivers/rtc/rtc-ds3232.c | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) commit 0500ce589aa7b5325af161d3c992ffb6be138ff9 Author: H Hartley Sweeten Date: Wed Feb 15 09:35:27 2017 -0700 rtc: m48t86: remove unused platform_data All users of this driver have been updated to allow the driver to manage it's own resources and do the read/write operations internally. The m48t86_ops are no longer used. Remove the platform_data header and the support code in the driver. Signed-off-by: H Hartley Sweeten Signed-off-by: Alexandre Belloni drivers/rtc/rtc-m48t86.c | 51 ++++++++++++-------------------- include/linux/platform_data/rtc-m48t86.h | 16 ---------- 2 files changed, 19 insertions(+), 48 deletions(-) commit 8ccbd360068af1993a9359f1d31db70cf5eb8825 Author: H Hartley Sweeten Date: Wed Feb 15 09:35:25 2017 -0700 ARM: Orion5x: ts78xx: allow rtc-m48t86 to manage it's own resources The rtc-m48t86 driver can now handle it's own resources and do the read/write operations internally. Pass the necessary resources to the driver and remove the m48t86_ops platform data. Signed-off-by: H Hartley Sweeten Acked-By: Alexander Clouter Signed-off-by: Alexandre Belloni arch/arm/mach-orion5x/ts78xx-setup.c | 29 +++++++---------------------- 1 file changed, 7 insertions(+), 22 deletions(-) commit 5e8bb41c514506358241c5eef09900b126190f54 Author: H Hartley Sweeten Date: Wed Feb 15 09:35:24 2017 -0700 ARM: Orion5x: ts78xx: remove RTC detection The rtc-m48t86 driver now handles the RTC detection. Remove the redundant code from the platform. Signed-off-by: H Hartley Sweeten Acked-By: Alexander Clouter Signed-off-by: Alexandre Belloni arch/arm/mach-orion5x/ts78xx-setup.c | 51 +++++++++--------------------------- 1 file changed, 12 insertions(+), 39 deletions(-) commit 7a771ceac771d009f7203c40b256b0608d7ea2f8 Merge: e67bd12 d67a5f4 Author: Linus Torvalds Date: Tue Feb 21 12:11:41 2017 -0800 Merge tag 'dm-4.11-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper updates from Mike Snitzer: - Fix dm-raid transient device failure processing and other smaller tweaks. - Add journal support to the DM raid target to close the 'write hole' on raid 4/5/6. - Fix dm-cache corruption, due to rounding bug, when cache exceeds 2TB. - Add 'metadata2' feature to dm-cache to separate the dirty bitset out from other cache metadata. This improves speed of shutting down a large cache device (which implies writing out dirty bits). - Fix a memory leak during dm-stats data structure destruction. - Fix a DM multipath round-robin path selector performance regression that was caused by less precise balancing across all paths. - Lastly, introduce a DM core fix for a long-standing DM snapshot deadlock that is rooted in the complexity of the device stack used in conjunction with block core maintaining bios on current->bio_list to manage recursion in generic_make_request(). A more comprehensive fix to block core (and its hook in the cpu scheduler) would be wonderful but this DM-specific fix is pragmatic considering how difficult it has been to make progress on a generic fix. * tag 'dm-4.11-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: (22 commits) dm: flush queued bios when process blocks to avoid deadlock dm round robin: revert "use percpu 'repeat_count' and 'current_path'" dm stats: fix a leaked s->histogram_boundaries array dm space map metadata: constify dm_space_map structures dm cache metadata: use cursor api in blocks_are_clean_separate_dirty() dm persistent data: add cursor skip functions to the cursor APIs dm cache metadata: use dm_bitset_new() to create the dirty bitset in format 2 dm bitset: add dm_bitset_new() dm cache metadata: name the cache block that couldn't be loaded dm cache metadata: add "metadata2" feature dm cache metadata: use bitset cursor api to load discard bitset dm bitset: introduce cursor api dm btree: use GFP_NOFS in dm_btree_del() dm space map common: memcpy the disk root to ensure it's arch aligned dm block manager: add unlikely() annotations on dm_bufio error paths dm cache: fix corruption seen when using cache > 2TB dm raid: cleanup awkward branching in raid_message() option processing dm raid: use mddev rather than rdev->mddev dm raid: use read_disk_sb() throughout dm raid: add raid4/5/6 journaling support ... commit e67bd12d6036ae3de9eeb0ba52e43691264ec850 Merge: cdc1947 8c7cdbf Author: Linus Torvalds Date: Tue Feb 21 12:04:54 2017 -0800 Merge tag 'mmc-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC updates from Ulf Hansson: "MMC core: - Add support for Marvell SD8787 Wifi/BT chip - Improve UHS support for SDIO - Invent MMC_CAP_3_3V_DDR and a DT binding for eMMC DDR 3.3V mode - Detect Auto BKOPS enable bit - Export eMMC device lifetime information through sysfs - First take to slim down the public mmc headers to avoid abuse - Re-factoring of the mmc block device driver to prepare for blkmq - Cleanup code for the mmc block device driver - Clarify and cleanup code dealing with data requests - Cleanup some code by converting to ida_simple_ functions - Cleanup code dealing with card quirks - Cleanup private and public mmc header files MMC host: - Don't rely on public mmc headers to include non-mmc related headers - meson: Add support for eMMC HS400 mode - meson: Various cleanups and improvements - omap_hsmmc: Use the proper provided busy timeout from the core - sunxi: Enable new timings for the A64 MMC controllers - sunxi: Improvements for clock management - tmio: Improvements for SDIO interrupts - mxs-mmc: Add CMD23 support - sdhci-msm: Enable HS400 enhanced strobe mode support - sdhci-msm: Correct HS400 tuning sequence - sdhci-acpi: Support deferred probe - sdhci-pci: Add support for eMMC HS200 tuning mode on AMD - mediatek: Correct the implementation of card busy detection - dw_mmc: Initial support for ZX mmc controller - sh_mobile_sdhi: Enable support for eMMC HS200 mode - sh_mmcif: Various cleanups and improvements" * tag 'mmc-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: (145 commits) mmc: core: add mmc prefix for blk_fixups mmc: core: move all quirks together into quirks.h mmc: core: improve the quirks for sdio devices mmc: core: move some sdio IDs out of quirks file mmc: core: change quirks.c to be a header file mmc: sdhci-cadence: fix bit shift of read data from PHY port mmc: Adding AUTO_BKOPS_EN bit set for Auto BKOPS support mmc: MAN_BKOPS_EN inverse debug message logic mmc: meson-gx: add support for HS400 mode mmc: meson-gx: remove unneeded checks in remove mmc: meson-gx: reduce bounce buffer size mmc: meson-gx: set max block count and request size mmc: meson-gx: improve interrupt handling mmc: meson-gx: improve meson_mmc_irq_thread mmc: meson-gx: improve meson_mmc_clk_set mmc: meson-gx: minor improvements in meson_mmc_set_ios mmc: meson: Assign the minimum clk rate as close to 400KHz as possible mmc: core: start to break apart mmc_start_areq() mmc: block: respect bool returned from blk_end_request() mmc: block: return errorcode from mmc_sd_num_wr_blocks() ... commit 4c5d7bc63775b40631b75f6c59a3a3005455262d Author: Kees Cook Date: Tue Feb 14 12:38:07 2017 -0800 usercopy: Add tests for all get_user() sizes The existing test was only exercising native unsigned long size get_user(). For completeness, we should check all sizes. But we must skip some 32-bit architectures that don't implement a 64-bit get_user(). These new tests actually uncovered a bug in ARM's 64-bit get_user() zeroing. Signed-off-by: Kees Cook lib/test_user_copy.c | 89 ++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 76 insertions(+), 13 deletions(-) commit cccd9fb9ec960e343b2f354c4613e49f5a1d8371 Author: Jan Kara Date: Tue Feb 21 18:09:48 2017 +0100 block: Revalidate i_bdev reference in bd_aquire() When a device gets removed, block device inode unhashed so that it is not used anymore (bdget() will not find it anymore). Later when a new device gets created with the same device number, we create new block device inode. However there may be file system device inodes whose i_bdev still points to the original block device inode and thus we get two active block device inodes for the same device. They will share the same gendisk so the only visible differences will be that page caches will not be coherent and BDIs will be different (the old block device inode still points to unregistered BDI). Fix the problem by checking in bd_acquire() whether i_bdev still points to active block device inode and re-lookup the block device if not. That way any open of a block device happening after the old device has been removed will get correct block device inode. Tested-by: Lekshmi Pillai Acked-by: Tejun Heo Signed-off-by: Jan Kara Signed-off-by: Jens Axboe fs/block_dev.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit d06e05c026ab58121dc6ab37c11f855ff642531e Author: Jan Kara Date: Tue Feb 21 18:09:47 2017 +0100 block: Unhash also block device inode for the whole device Iteration over partitions in del_gendisk() omits part0. Add bdev_unhash_inode() call for the whole device. Otherwise if the device number gets reused, bdev inode will be still associated with the old (stale) bdi. Tested-by: Lekshmi Pillai Acked-by: Tejun Heo Signed-off-by: Jan Kara Signed-off-by: Jens Axboe block/genhd.c | 1 + 1 file changed, 1 insertion(+) commit 4b8c861a7c79806fb9ee564c87f517dc26fc2d1e Author: Jan Kara Date: Tue Feb 21 18:09:46 2017 +0100 block: Move bdev_unhash_inode() after invalidate_partition() Move bdev_unhash_inode() after invalidate_partition() as invalidate_partition() looks up bdev and it cannot find the right bdev inode after bdev_unhash_inode() is called. Thus invalidate_partition() would not invalidate page cache of the previously used bdev. Also use part_devt() when calling bdev_unhash_inode() instead of manually creating the device number. Tested-by: Lekshmi Pillai Acked-by: Tejun Heo Signed-off-by: Jan Kara Signed-off-by: Jens Axboe block/genhd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 6330a2d0b465527d621a9d95cad6b2fc0a959f13 Author: Josef Bacik Date: Wed Feb 15 16:49:48 2017 -0500 nbd: cleanup workqueue on error properly If we fail to register the blockdev we need to make sure to destroy the recv workqueue. Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit e544541b0765c341174613b416d4b074fa7571c2 Author: Josef Bacik Date: Mon Feb 13 10:39:47 2017 -0500 nbd: set the logical and physical blocksize properly We noticed when trying to do O_DIRECT to an export on the server side that we were getting requests smaller than the 4k sectorsize of the device. This is because the client isn't setting the logical and physical blocksizes properly for the underlying device. Fix this up by setting the queue blocksizes and then calling bd_set_size. Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 38 +++++++++++++++----------------------- 1 file changed, 15 insertions(+), 23 deletions(-) commit 9442b739207aab6b1053abf858a238e7642fbcd1 Author: Josef Bacik Date: Tue Feb 7 17:10:22 2017 -0500 nbd: cleanup ioctl handling Break the ioctl handling out into helper functions, some of these things are getting pretty big and unwieldy. Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 269 ++++++++++++++++++++++++++-------------------------- 1 file changed, 132 insertions(+), 137 deletions(-) commit ee5242360424b9b967454e9183767323d10cf985 Author: Christoph Hellwig Date: Tue Feb 21 10:04:55 2017 +0100 scsi: zero per-cmd driver data before each I/O Without this drivers that don't clear the state themselves can see off effects. For example Hyper-V VMs using the storvsc driver will often hang during boot due to uncleared Test Unit Ready failures. Fixes: e9c787e6 ("scsi: allocate scsi_cmnd structures as part of struct request") Signed-off-by: Christoph Hellwig Reported-by: Dexuan Cui Tested-by: Dexuan Cui Reviewed-by: Bart Van Assche Signed-off-by: Jens Axboe drivers/scsi/scsi_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cdc194705d26fdd7fc5446b5d830f2bbe2b22c30 Merge: 772c8f6 d1da522 Author: Linus Torvalds Date: Tue Feb 21 11:51:42 2017 -0800 Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI updates from James Bottomley: "This update includes the usual round of major driver updates (ncr5380, ufs, lpfc, be2iscsi, hisi_sas, storvsc, cxlflash, aacraid, megaraid_sas, ...). There's also an assortment of minor fixes and the major update of switching a bunch of drivers to pci_alloc_irq_vectors from Christoph" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (188 commits) scsi: megaraid_sas: handle dma_addr_t right on 32-bit scsi: megaraid_sas: array overflow in megasas_dump_frame() scsi: snic: switch to pci_irq_alloc_vectors scsi: megaraid_sas: driver version upgrade scsi: megaraid_sas: Change RAID_1_10_RMW_CMDS to RAID_1_PEER_CMDS and set value to 2 scsi: megaraid_sas: Indentation and smatch warning fixes scsi: megaraid_sas: Cleanup VD_EXT_DEBUG and SPAN_DEBUG related debug prints scsi: megaraid_sas: Increase internal command pool scsi: megaraid_sas: Use synchronize_irq to wait for IRQs to complete scsi: megaraid_sas: Bail out the driver load if ld_list_query fails scsi: megaraid_sas: Change build_mpt_mfi_pass_thru to return void scsi: megaraid_sas: During OCR, if get_ctrl_info fails do not continue with OCR scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool scsi: megaraid_sas: Remove unused pd_index from megasas_build_ld_nonrw_fusion scsi: megaraid_sas: megasas_return_cmd does not memset IO frame to zero scsi: megaraid_sas: max_fw_cmds are decremented twice, remove duplicate scsi: megaraid_sas: update can_queue only if the new value is less scsi: megaraid_sas: Change max_cmd from u32 to u16 in all functions scsi: megaraid_sas: set pd_after_lb from MR_BuildRaidContext and initialize pDevHandle to MR_DEVHANDLE_INVALID scsi: megaraid_sas: latest controller OCR capability from FW before sending shutdown DCMD ... commit ace0c791e6c3cf5ef37cad2df69f0d90ccc40ffb Author: Eric W. Biederman Date: Mon Feb 20 18:17:03 2017 +1300 proc/sysctl: Don't grab i_lock under sysctl_lock. Konstantin Khlebnikov writes: > This patch has locking problem. I've got lockdep splat under LTP. > > [ 6633.115456] ====================================================== > [ 6633.115502] [ INFO: possible circular locking dependency detected ] > [ 6633.115553] 4.9.10-debug+ #9 Tainted: G L > [ 6633.115584] ------------------------------------------------------- > [ 6633.115627] ksm02/284980 is trying to acquire lock: > [ 6633.115659] (&sb->s_type->i_lock_key#4){+.+...}, at: [] igrab+0x1e/0x80 > [ 6633.115834] but task is already holding lock: > [ 6633.115882] (sysctl_lock){+.+...}, at: [] unregister_sysctl_table+0x6b/0x110 > [ 6633.116026] which lock already depends on the new lock. > [ 6633.116026] > [ 6633.116080] > [ 6633.116080] the existing dependency chain (in reverse order) is: > [ 6633.116117] > -> #2 (sysctl_lock){+.+...}: > -> #1 (&(&dentry->d_lockref.lock)->rlock){+.+...}: > -> #0 (&sb->s_type->i_lock_key#4){+.+...}: > > d_lock nests inside i_lock > sysctl_lock nests inside d_lock in d_compare > > This patch adds i_lock nesting inside sysctl_lock. Al Viro replied: > Once ->unregistering is set, you can drop sysctl_lock just fine. So I'd > try something like this - use rcu_read_lock() in proc_sys_prune_dcache(), > drop sysctl_lock() before it and regain after. Make sure that no inodes > are added to the list ones ->unregistering has been set and use RCU list > primitives for modifying the inode list, with sysctl_lock still used to > serialize its modifications. > > Freeing struct inode is RCU-delayed (see proc_destroy_inode()), so doing > igrab() is safe there. Since we don't drop inode reference until after we'd > passed beyond it in the list, list_for_each_entry_rcu() should be fine. I agree with Al Viro's analsysis of the situtation. Fixes: d6cffbbe9a7e ("proc/sysctl: prune stale dentries during unregistering") Reported-by: Konstantin Khlebnikov Tested-by: Konstantin Khlebnikov Suggested-by: Al Viro Signed-off-by: "Eric W. Biederman" fs/proc/proc_sysctl.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) commit 772c8f6f3bbd3ceb94a89373473083e3e1113554 Merge: fd4a61e 818551e Author: Linus Torvalds Date: Tue Feb 21 10:57:33 2017 -0800 Merge tag 'for-4.11/linus-merge-signed' of git://git.kernel.dk/linux-block Pull block layer updates from Jens Axboe: - blk-mq scheduling framework from me and Omar, with a port of the deadline scheduler for this framework. A port of BFQ from Paolo is in the works, and should be ready for 4.12. - Various fixups and improvements to the above scheduling framework from Omar, Paolo, Bart, me, others. - Cleanup of the exported sysfs blk-mq data into debugfs, from Omar. This allows us to export more information that helps debug hangs or performance issues, without cluttering or abusing the sysfs API. - Fixes for the sbitmap code, the scalable bitmap code that was migrated from blk-mq, from Omar. - Removal of the BLOCK_PC support in struct request, and refactoring of carrying SCSI payloads in the block layer. This cleans up the code nicely, and enables us to kill the SCSI specific parts of struct request, shrinking it down nicely. From Christoph mainly, with help from Hannes. - Support for ranged discard requests and discard merging, also from Christoph. - Support for OPAL in the block layer, and for NVMe as well. Mainly from Scott Bauer, with fixes/updates from various others folks. - Error code fixup for gdrom from Christophe. - cciss pci irq allocation cleanup from Christoph. - Making the cdrom device operations read only, from Kees Cook. - Fixes for duplicate bdi registrations and bdi/queue life time problems from Jan and Dan. - Set of fixes and updates for lightnvm, from Matias and Javier. - A few fixes for nbd from Josef, using idr to name devices and a workqueue deadlock fix on receive. Also marks Josef as the current maintainer of nbd. - Fix from Josef, overwriting queue settings when the number of hardware queues is updated for a blk-mq device. - NVMe fix from Keith, ensuring that we don't repeatedly mark and IO aborted, if we didn't end up aborting it. - SG gap merging fix from Ming Lei for block. - Loop fix also from Ming, fixing a race and crash between setting loop status and IO. - Two block race fixes from Tahsin, fixing request list iteration and fixing a race between device registration and udev device add notifiations. - Double free fix from cgroup writeback, from Tejun. - Another double free fix in blkcg, from Hou Tao. - Partition overflow fix for EFI from Alden Tondettar. * tag 'for-4.11/linus-merge-signed' of git://git.kernel.dk/linux-block: (156 commits) nvme: Check for Security send/recv support before issuing commands. block/sed-opal: allocate struct opal_dev dynamically block/sed-opal: tone down not supported warnings block: don't defer flushes on blk-mq + scheduling blk-mq-sched: ask scheduler for work, if we failed dispatching leftovers blk-mq: don't special case flush inserts for blk-mq-sched blk-mq-sched: don't add flushes to the head of requeue queue blk-mq: have blk_mq_dispatch_rq_list() return if we queued IO or not block: do not allow updates through sysfs until registration completes lightnvm: set default lun range when no luns are specified lightnvm: fix off-by-one error on target initialization Maintainers: Modify SED list from nvme to block Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN uapi: sed-opal fix IOW for activate lsp to use correct struct cdrom: Make device operations read-only elevator: fix loading wrong elevator type for blk-mq devices cciss: switch to pci_irq_alloc_vectors block/loop: fix race between I/O and set_status blk-mq-sched: don't hold queue_lock when calling exit_icq block: set make_request_fn manually in blk_mq_update_nr_hw_queues ... commit fd4a61e08aa79f2b7835b25c6f94f27bd2d65990 Author: Mark Brown Date: Tue Feb 21 09:29:01 2017 -0800 sched/core: Fix build paravirt build on arm and arm64 Commit 004172bdad64 ("sched/core: Remove unnecessary #include headers") removed the inclusion of asm/paravirt.h which is used to get declarations of paravirt_steal_rq_enabled and paravirt_steal_clock. It is implicitly included on x86 but not on arm and arm64 breaking the build if paravirtualization is used. Since things from that header are used directly fix the build by putting the direct inclusion back. Signed-off-by: Mark Brown Signed-off-by: Linus Torvalds kernel/sched/core.c | 3 +++ 1 file changed, 3 insertions(+) commit e623a9e9dec29ae811d11f83d0074ba254aba374 Author: Maxime Jayat Date: Tue Feb 21 18:35:51 2017 +0100 net: socket: fix recvmmsg not returning error from sock_error Commit 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path"), changed the exit path of recvmmsg to always return the datagrams variable and modified the error paths to set the variable to the error code returned by recvmsg if necessary. However in the case sock_error returned an error, the error code was then ignored, and recvmmsg returned 0. Change the error path of recvmmsg to correctly return the error code of sock_error. The bug was triggered by using recvmmsg on a CAN interface which was not up. Linux 4.6 and later return 0 in this case while earlier releases returned -ENETDOWN. Fixes: 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path") Signed-off-by: Maxime Jayat Signed-off-by: David S. Miller net/socket.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 1faaa78f36cb2915ae89138ba5846f87ade85dcb Author: Tobias Klauser Date: Tue Feb 21 15:27:28 2017 +0100 bnxt_en: use eth_hw_addr_random() Use eth_hw_addr_random() to set a random MAC address in order to make sure bp->dev->addr_assign_type will be properly set to NET_ADDR_RANDOM. Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d54fef315399e0b16f8ae2b41167f34f8df12e88 Merge: 559c59b 9d876e7 Author: David S. Miller Date: Tue Feb 21 13:30:15 2017 -0500 Merge branch 'bpf-unlocking-fix' Daniel Borkmann says: ==================== BPF fix with regards to unlocking This set fixes the issue Eric was reporting recently [1]. First patch is a prerequisite discussed with Laura that is needed for the later fix in the second one. I've tested this extensively and it does not reproduce anymore on my side after the fix. Thanks & sorry about that! [1] https://www.spinics.net/lists/netdev/msg421877.html ==================== Signed-off-by: David S. Miller commit 9d876e79df6a2f364b9f2737eacd72ceb27da53a Author: Daniel Borkmann Date: Tue Feb 21 16:09:34 2017 +0100 bpf: fix unlocking of jited image when module ronx not set Eric and Willem reported that they recently saw random crashes when JIT was in use and bisected this to 74451e66d516 ("bpf: make jited programs visible in traces"). Issue was that the consolidation part added bpf_jit_binary_unlock_ro() that would unlock previously made read-only memory back to read-write. However, DEBUG_SET_MODULE_RONX cannot be used for this to test for presence of set_memory_*() functions. We need to use ARCH_HAS_SET_MEMORY instead to fix this; also add the corresponding bpf_jit_binary_lock_ro() to filter.h. Fixes: 74451e66d516 ("bpf: make jited programs visible in traces") Reported-by: Eric Dumazet Reported-by: Willem de Bruijn Bisected-by: Eric Dumazet Signed-off-by: Daniel Borkmann Tested-by: Willem de Bruijn Signed-off-by: David S. Miller arch/arm64/net/bpf_jit_comp.c | 2 +- arch/s390/net/bpf_jit_comp.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- include/linux/filter.h | 13 +++++++++++-- 4 files changed, 14 insertions(+), 5 deletions(-) commit d2852a2240509e512712e25de2d0796cda435ecb Author: Daniel Borkmann Date: Tue Feb 21 16:09:33 2017 +0100 arch: add ARCH_HAS_SET_MEMORY config Currently, there's no good way to test for the presence of set_memory_ro/rw/x/nx() helpers implemented by archs such as x86, arm, arm64 and s390. There's DEBUG_SET_MODULE_RONX and DEBUG_RODATA, however both don't really reflect that: set_memory_*() are also available even when DEBUG_SET_MODULE_RONX is turned off, and DEBUG_RODATA is set by parisc, but doesn't implement above functions. Thus, add ARCH_HAS_SET_MEMORY that is selected by mentioned archs, where generic code can test against this. This also allows later on to move DEBUG_SET_MODULE_RONX out of the arch specific Kconfig to define it only once depending on ARCH_HAS_SET_MEMORY. Suggested-by: Laura Abbott Signed-off-by: Daniel Borkmann Signed-off-by: David S. Miller arch/Kconfig | 4 ++++ arch/arm/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/s390/Kconfig | 1 + arch/x86/Kconfig | 1 + 5 files changed, 8 insertions(+) commit 559c59b238ebb7d39b732b6b08a59693b972e75c Author: Eric Dumazet Date: Tue Feb 21 08:20:56 2017 -0800 net: napi_watchdog() can use napi_schedule_irqoff() hrtimer handlers run with masked hard IRQ, we can therefore use napi_schedule_irqoff() Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 29869d66870a715177bfb505f66a7e0e8bcc89c3 Author: Eric Dumazet Date: Tue Feb 21 06:21:47 2017 -0800 tcp: Revert "tcp: tcp_probe: use spin_lock_bh()" This reverts commit e70ac171658679ecf6bea4bbd9e9325cd6079d2b. jtcp_rcv_established() is in fact called with hard irq being disabled. Initial bug report from Ricardo Nabinger Sanchez [1] still needs to be investigated, but does not look like a TCP bug. [1] https://www.spinics.net/lists/netdev/msg420960.html Signed-off-by: Eric Dumazet Reported-by: kernel test robot Cc: Ricardo Nabinger Sanchez Signed-off-by: David S. Miller net/ipv4/tcp_probe.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d4af4c0ad0a4d070ef756010a2a10d96ff53d73d Author: Tobias Klauser Date: Tue Feb 21 14:04:59 2017 +0100 net/hsr: use eth_hw_addr_random() Use eth_hw_addr_random() to set a random MAC address in order to make sure dev->addr_assign_type will be properly set to NET_ADDR_RANDOM. Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller net/hsr/hsr_device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 32cc1bb3cdac937d8199013512c79ead259e4b63 Merge: b3bdc3a d315880 Author: David S. Miller Date: Tue Feb 21 13:16:17 2017 -0500 Merge branch 'mvpp2-next' Thomas Petazzoni says: ==================== net: mvpp2: misc improvements and preparation patches This series contains a number of fixes, misc improvements and preparation patches for an upcoming series that adds support for the new PPv2.2 network controller to the mvpp2 driver. The most significant improvements are: - Switching to using build_skb(), which is necessary for the upcoming PPv2.2 support, but anyway a good improvement to the current mvpp2 driver (supporting PPv2.1). - Making the driver build on 64-bit platforms. Changes since v3: - Addition of a patch "net: mvpp2: fix DMA address calculation in mvpp2_txq_inc_put()", which fixes a bug in the driver in the calculation of DMA addresses. This bug was found using DMA_API_DEBUG. - Modify the "net: mvpp2: switch to build_skb() in the RX path" patch to recalculate the fragment size when the MTU is changed in mvpp2_bm_update_mtu(). - Added Acked-by from Russell King on all patches, except: * "net: mvpp2: fix DMA address calculation in mvpp2_txq_inc_put()", because it's a new patch * "net: mvpp2: switch to build_skb() in the RX path" because I modified it since the v3. - Rebased on top of 4.10. Changes since v2: - Fix remaining 64-bit build warning, reported by David Miller. - Adjust how bit mask related definitions are done in "net: mvpp2: simplify MVPP2_PRS_RI_* definitions" according to Russell King suggestions. - Add a patch "net: mvpp2: remove useless arguments in mvpp2_rx_{pkts,time}_coal_set", suggested by Russell King. - Rework mvpp2_rx_time_coal_set() implementation to avoid overflows and rounding errors. I've used the implementation suggested by Russell King. Changes since v1: - This series is split as a separate series from the larger patch set adding support for PPv2.2 in the mvpp2 driver, as requested by David Miller. - Rebased on top of v4.10-rc1. ==================== Signed-off-by: David S. Miller commit d3158807e8d6d4877c36dba3d3c64d9c6671c1bc Author: Thomas Petazzoni Date: Tue Feb 21 11:28:13 2017 +0100 net: mvpp2: enable building on 64-bit platforms The mvpp2 is going to be extended to support the Marvell Armada 7K/8K platform, which is ARM64. As a preparation to this work, this commit enables building the mvpp2 driver on ARM64, by: - Adjusting the Kconfig dependency - Fixing the types used in the driver so that they are 32/64-bits compliant. We use dma_addr_t for DMA addresses, and unsigned long for virtual addresses. It is worth mentioning that after this commit, the driver is for now still only used on 32-bits platforms, and will only work on 32-bits platforms. Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/Kconfig | 3 +-- drivers/net/ethernet/marvell/mvpp2.c | 31 ++++++++++++++++++------------- 2 files changed, 19 insertions(+), 15 deletions(-) commit 0e0372816b9cbd22c82e3e7cd36e8e74c58ba641 Author: Thomas Petazzoni Date: Tue Feb 21 11:28:12 2017 +0100 net: mvpp2: switch to build_skb() in the RX path This commit adapts the mvpp2 RX path to use the build_skb() method. Not only build_skb() is now the recommended mechanism, but it also simplifies the addition of support for the PPv2.2 variant. Indeed, without build_skb(), we have to keep track for each RX descriptor of the physical address of the packet buffer, and the virtual address of the SKB. However, in PPv2.2 running on 64 bits platform, there is not enough space in the descriptor to store the virtual address of the SKB. So having to take care only of the address of the packet buffer, and building the SKB upon reception helps in supporting PPv2.2. The implementation is fairly straightforward: - mvpp2_skb_alloc() is renamed to mvpp2_buf_alloc() and no longer allocates a SKB. Instead, it allocates a buffer using the new mvpp2_frag_alloc() function, with enough space for the data and SKB. - The initialization of the RX buffers in mvpp2_bm_bufs_add() as well as the refill of the RX buffers in mvpp2_rx_refill() is adjusted accordingly. - Finally, the mvpp2_rx() is modified to use build_skb(). Signed-off-by: Thomas Petazzoni Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 79 ++++++++++++++++++++++++++---------- 1 file changed, 57 insertions(+), 22 deletions(-) commit 8138affc4999bbe4ca5ed805b36f80b56354339e Author: Thomas Petazzoni Date: Tue Feb 21 11:28:11 2017 +0100 net: mvpp2: simplify MVPP2_PRS_RI_* definitions Some of the MVPP2_PRS_RI_* definitions use the ~(value) syntax, which doesn't compile nicely on 64-bit. Moreover, those definitions are in fact unneeded, since they are always used in combination with a bit mask that ensures only the appropriate bits are modified. Therefore, such definitions should just be set to 0x0. In addition, as suggested by Russell King, we change the _MASK definitions to also use the BIT() macro so that it is clear they are related to the values defined afterwards. For example: #define MVPP2_PRS_RI_L2_CAST_MASK 0x600 #define MVPP2_PRS_RI_L2_UCAST ~(BIT(9) | BIT(10)) #define MVPP2_PRS_RI_L2_MCAST BIT(9) #define MVPP2_PRS_RI_L2_BCAST BIT(10) becomes #define MVPP2_PRS_RI_L2_CAST_MASK (BIT(9) | BIT(10)) #define MVPP2_PRS_RI_L2_UCAST 0x0 #define MVPP2_PRS_RI_L2_MCAST BIT(9) #define MVPP2_PRS_RI_L2_BCAST BIT(10) Because the values (MVPP2_PRS_RI_L2_UCAST, MVPP2_PRS_RI_L2_MCAST and MVPP2_PRS_RI_L2_BCAST) are always applied with MVPP2_PRS_RI_L2_CAST_MASK, and therefore there is no need for MVPP2_PRS_RI_L2_UCAST to be defined as ~(BIT(9) | BIT(10)). It fixes the following warnings when building the driver on a 64-bit platform (which is not possible as of this commit, but will be enabled in a follow-up commit): drivers/net/ethernet/marvell/mvpp2.c: In function ‘mvpp2_prs_mac_promisc_set’: drivers/net/ethernet/marvell/mvpp2.c:524:33: warning: large integer implicitly truncated to unsigned type [-Woverflow] #define MVPP2_PRS_RI_L2_UCAST ~(BIT(9) | BIT(10)) ^ drivers/net/ethernet/marvell/mvpp2.c:1459:33: note: in expansion of macro ‘MVPP2_PRS_RI_L2_UCAST’ mvpp2_prs_sram_ri_update(&pe, MVPP2_PRS_RI_L2_UCAST, Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 31d7677b91307e2771b6922fd9920542a92d376d Author: Thomas Petazzoni Date: Tue Feb 21 11:28:10 2017 +0100 net: mvpp2: fix indentation of MVPP2_EXT_GLOBAL_CTRL_DEFAULT Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a8c249a71dca2992001ad582797c03fca0488d00 Author: Thomas Petazzoni Date: Tue Feb 21 11:28:09 2017 +0100 net: mvpp2: remove unused register definitions Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 4 ---- 1 file changed, 4 deletions(-) commit 3eb2d9982288fbbbdc671af0fee4b9eb71d11b75 Author: Thomas Petazzoni Date: Tue Feb 21 11:28:08 2017 +0100 net: mvpp2: simplify mvpp2_bm_bufs_add() The mvpp2_bm_bufs_add() currently creates a fake cookie by calling mvpp2_bm_cookie_pool_set(), just to be able to call mvpp2_pool_refill(). But all what mvpp2_pool_refill() does is extract the pool ID from the cookie, and call mvpp2_bm_pool_put() with this ID. Instead of doing this convoluted thing, just call mvpp2_bm_pool_put() directly, since we have the BM pool ID. Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 7ef7e1d949cd517d30a3cc6c7f48bd017d81af6b Author: Thomas Petazzoni Date: Tue Feb 21 11:28:07 2017 +0100 net: mvpp2: drop useless fields in mvpp2_bm_pool and related code This commit drops dead code from the mvpp2 driver. The 'in_use' and 'in_use_thresh' fields of 'struct mvpp2_bm_pool' are incremented/decremented/initialized in various places. But they are only used in one place: if (is_recycle && (atomic_read(&bm_pool->in_use) < bm_pool->in_use_thresh)) return 0; However 'is_recycle', passed as argument to mvpp2_rx_refill() is always false. So in fact, this code is never reached, and the 'is_recycle' argument is useless. So let's drop this code. Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) commit 5dfa9e8337b1c8a7e291929e676c167b6ea953e6 Author: Thomas Petazzoni Date: Tue Feb 21 11:28:06 2017 +0100 net: mvpp2: remove unused 'tx_skb' field of 'struct mvpp2_tx_queue' This commit remove a field of 'struct mvpp2_tx_queue' that is not used anywhere. Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 3 --- 1 file changed, 3 deletions(-) commit 36fb7435b6ac4d288a2d4deea8934f9456ab46b6 Author: Thomas Petazzoni Date: Tue Feb 21 11:28:05 2017 +0100 net: mvpp2: release reference to txq_cpu[] entry after unmapping The mvpp2_txq_bufs_free() function is called upon TX completion to DMA unmap TX buffers, and free the corresponding SKBs. It gets the references to the SKB to free and the DMA buffer to unmap from a per-CPU txq_pcpu data structure. However, the code currently increments the pointer to the next entry before doing the DMA unmap and freeing the SKB. It does not cause any visible problem because for a given SKB the TX completion is guaranteed to take place on the CPU where the TX was started. However, it is much more logical to increment the pointer to the next entry once the current entry has been completely unmapped/released. Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit ab42676af052e6d3502b31c2dc6b07af08ff126f Author: Thomas Petazzoni Date: Tue Feb 21 11:28:04 2017 +0100 net: mvpp2: handle too large value in mvpp2_rx_time_coal_set() When configuring the MVPP2_ISR_RX_THRESHOLD_REG with the RX coalescing time threshold, we do not check for the maximum allowed value supported by the driver, which means we might overflow and use a bogus value. This commit adds a check for this situation, and if a value higher than what is supported by the hardware is provided, then we use the maximum value supported by the hardware. In order to achieve this in a way that avoids overflow and rounding errors, we introduce two utility functions mvpp2_usec_to_cycles() and cycles_to_usec(). Many thanks to Russell King for suggesting this implementation. Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) commit f8b0d5f8cc10f43642f97db6b37d60d765cff34a Author: Thomas Petazzoni Date: Tue Feb 21 11:28:03 2017 +0100 net: mvpp2: handle too large value handling in mvpp2_rx_pkts_coal_set() Currently, mvpp2_rx_pkts_coal_set() does the following to avoid setting a too large value for the RX coalescing by packet number: val = (pkts & MVPP2_OCCUPIED_THRESH_MASK); This means that if you set a value that is slightly higher the the maximum number of packets, you in fact get a very low value. It makes a lot more sense to simply check if the value is too high, and if it's too high, limit it to the maximum possible value. Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit d63f9e41f981722b11f42ea2b19798c00fcae0f9 Author: Thomas Petazzoni Date: Tue Feb 21 11:28:02 2017 +0100 net: mvpp2: remove useless arguments in mvpp2_rx_{pkts, time}_coal_set As noticed by Russell King, the last argument of mvpp2_rx_{pkts,time}_coal_set() is useless, since the packet/time coalescing value is already stored in the 'struct mvpp2_rx_queue *' passed as argument to these functions. So passing the packet/time value as an additional argument, and setting them again in the mvpp2_rx_queue structure is useles. This commit therefore gets rid of this additional argument, assuming the caller has assigned the appropriate value to rxq->pkts_coal or rxq->time_coal before calling the respective functions. Signed-off-by: Thomas Petazzoni Acked-by: Russell King Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) commit 239a3b663647869330955ec59caac0100ef9b60a Author: Thomas Petazzoni Date: Tue Feb 21 11:28:01 2017 +0100 net: mvpp2: fix DMA address calculation in mvpp2_txq_inc_put() When TX descriptors are filled in, the buffer DMA address is split between the tx_desc->buf_phys_addr field (high-order bits) and tx_desc->packet_offset field (5 low-order bits). However, when we re-calculate the DMA address from the TX descriptor in mvpp2_txq_inc_put(), we do not take tx_desc->packet_offset into account. This means that when the DMA address is not aligned on a 32 bytes boundary, we end up calling dma_unmap_single() with a DMA address that was not the one returned by dma_map_single(). This inconsistency is detected by the kernel when DMA_API_DEBUG is enabled. We fix this problem by properly calculating the DMA address in mvpp2_txq_inc_put(). Cc: Signed-off-by: Thomas Petazzoni Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b3bdc3acbb44d74d0b7ba4d97169577a2b46dc88 Author: Lee Ryder Date: Tue Feb 21 17:40:45 2017 +0800 macsec: fix validation failed in asynchronous operation. MACSec test failed when asynchronous crypto operations is used. It encounters packet validation failed since macsec_skb_cb(skb)->valid is always 'false'. This patch adds missing "macsec_skb_cb(skb)->valid = true" in macsec_decrypt_done() when "err == 0". Signed-off-by: Ryder Lee Signed-off-by: David S. Miller drivers/net/macsec.c | 3 +++ 1 file changed, 3 insertions(+) commit 51c6b429c0c95e67edd1cb0b548c5cf6a6604763 Author: Linus Lüssing Date: Mon Feb 13 20:44:31 2017 +0100 batman-adv: Fix transmission of final, 16th fragment Trying to split and transmit a unicast packet in 16 parts will fail for the final fragment: After having sent the 15th one with a frag_packet.no index of 14, we will increase the the index to 15 - and return with an error code immediately, even though one more fragment is due for transmission and allowed. Fixing this issue by moving the check before incrementing the index. While at it, adding an unlikely(), because the check is actually more of an assertion. Fixes: ee75ed88879a ("batman-adv: Fragment and send skbs larger than mtu") Signed-off-by: Linus Lüssing Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich net/batman-adv/fragmentation.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 248e23b50e2da0753f3b5faa068939cbe9f8a75a Author: Sven Eckelmann Date: Sun Feb 12 11:26:33 2017 +0100 batman-adv: Fix double free during fragment merge error The function batadv_frag_skb_buffer was supposed not to consume the skbuff on errors. This was followed in the helper function batadv_frag_insert_packet when the skb would potentially be inserted in the fragment queue. But it could happen that the next helper function batadv_frag_merge_packets would try to merge the fragments and fail. This results in a kfree_skb of all the enqueued fragments (including the just inserted one). batadv_recv_frag_packet would detect the error in batadv_frag_skb_buffer and try to free the skb again. The behavior of batadv_frag_skb_buffer (and its helper batadv_frag_insert_packet) must therefore be changed to always consume the skbuff to have a common behavior and avoid the double kfree_skb. Fixes: 610bfc6bc99b ("batman-adv: Receive fragmented packets and merge") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich net/batman-adv/fragmentation.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 8ccde4c562076f280c0321c549d822448b64e565 Author: Gao Feng Date: Tue Feb 21 17:09:19 2017 +0800 net: sock: Use USEC_PER_SEC macro instead of literal 1000000 The USEC_PER_SEC is used once in sock_set_timeout as the max value of tv_usec. But there are other similar codes which use the literal 1000000 in this file. It is minor cleanup to keep consitent. Signed-off-by: Gao Feng Signed-off-by: David S. Miller net/core/sock.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f6b10209b90d48a84f886ab2b317b5d2cbfe3143 Author: Jason Wang Date: Tue Feb 21 16:46:28 2017 +0800 virtio-net: switch to use build_skb() for small buffer This patch switch to use build_skb() for small buffer which can have better performance for both TCP and XDP (since we can work at page before skb creation). It also remove lots of XDP codes since both mergeable and small buffer use page frag during refill now. Before | After XDP_DROP(xdp1) 64B : 11.1Mpps | 14.4Mpps Tested with xdp1/xdp2/xdp_ip_tx_tunnel and netperf. Signed-off-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/virtio_net.c | 138 ++++++++++++++++++++++------------------------- 1 file changed, 63 insertions(+), 75 deletions(-) commit ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32 Author: Paolo Abeni Date: Tue Feb 21 09:33:18 2017 +0100 ip: fix IP_CHECKSUM handling The skbs processed by ip_cmsg_recv() are not guaranteed to be linear e.g. when sending UDP packets over loopback with MSGMORE. Using csum_partial() on [potentially] the whole skb len is dangerous; instead be on the safe side and use skb_checksum(). Thanks to syzkaller team to detect the issue and provide the reproducer. v1 -> v2: - move the variable declaration in a tighter scope Fixes: ad6f939ab193 ("ip: Add offset parameter to ip_cmsg_recv") Reported-by: Andrey Konovalov Signed-off-by: Paolo Abeni Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/ip_sockglue.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 8dcd81a993f4f65d22dfecb4360204b428c36cff Author: Roopa Prabhu Date: Mon Feb 20 08:41:16 2017 -0800 vxlan: remove unused variable saddr in neigh_reduce silences the below warning: drivers/net/vxlan.c: In function ‘neigh_reduce’: drivers/net/vxlan.c:1599:25: warning: variable ‘saddr’ set but not used [-Wunused-but-set-variable] Signed-off-by: Roopa Prabhu Signed-off-by: David S. Miller drivers/net/vxlan.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 8bcdc4f3a20be949df54b67e5ae2734daabb5792 Author: Roopa Prabhu Date: Mon Feb 20 08:29:19 2017 -0800 vxlan: add changelink support This patch adds changelink rtnl op support for vxlan netdevs. code changes involve: - refactor vxlan_newlink into vxlan_nl2conf to be used by vxlan_newlink and vxlan_changelink - vxlan_nl2conf and vxlan_dev_configure take a changelink argument to isolate changelink checks and updates. - Allow changing only a few attributes: - return -EOPNOTSUPP for attributes that cannot be changed for now. Incremental patches can make the non-supported one available in the future if needed. Signed-off-by: Roopa Prabhu Signed-off-by: David S. Miller drivers/net/vxlan.c | 383 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 270 insertions(+), 113 deletions(-) commit 5594e88a440bb75ce6e7fe045b254503420df6d8 Author: H Hartley Sweeten Date: Wed Feb 15 09:35:26 2017 -0700 ARM: ep93xx: ts72xx: allow rtc-m48t86 to manage its own resources The rtc-m48t86 driver can now handle its own resources and do the read/write operations internally. Pass the necessary resources to the driver and remove the m48t86_ops platform data. Remove the, then unnecessary, static remapping for the registers. Signed-off-by: H Hartley Sweeten Signed-off-by: Alexandre Belloni arch/arm/mach-ep93xx/ts72xx.c | 40 ++++++++++------------------------------ arch/arm/mach-ep93xx/ts72xx.h | 11 ----------- 2 files changed, 10 insertions(+), 41 deletions(-) commit d1892e4ec96aad4b733dfab3ed989718f04f03e9 Author: Tobias Klauser Date: Mon Feb 20 16:32:06 2017 +0100 rtnl: simplify error return path in rtnl_create_link() There is only one possible error path which reaches the err label, so return ERR_PTR(-ENOMEM) directly if alloc_netdev_mqs() fails. This also allows to omit the err variable. Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller net/core/rtnetlink.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit 3ea07127d9367250321df33bf9fee2ada362400c Author: H Hartley Sweeten Date: Wed Feb 15 09:35:23 2017 -0700 rtc: m48t86: verify that the RTC is actually present The RTC is an optional feature at purchase time on some Technologic Systems boards. Verify that it actually exists by checking if the last two bytes of the NVRAM can be changed. Signed-off-by: H Hartley Sweeten Signed-off-by: Alexandre Belloni drivers/rtc/rtc-m48t86.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) commit 7e6a69ee954caf8dd8c98f70c8ee894c8ebfdcf0 Author: Mike Leach Date: Fri Feb 17 19:13:10 2017 +0000 arm64: dts: juno: update definition for programmable replicator Juno platforms have a programmable replicator splitting the trace output to TPIU and ETR. Currently this is not being programmed as it is being treated as a none-programmable replicator - which is the default operational mode for these devices. The TPIU in the system is enabled by default, and this combination is causing back-pressure in the trace system resulting in overflows at the source. Replaces the existing definition with one that defines the programmable replicator, using the "qcom,coresight-replicator1x" driver that provides the correct functionality for CoreSight programmable replicators. Reviewed-and-Tested-by: Mathieu Poirier Signed-off-by: Mike Leach Signed-off-by: Sudeep Holla arch/arm64/boot/dts/arm/juno-base.dtsi | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 9761a2469dc287c6d75ca148f4fc483becbcad88 Author: Dan Carpenter Date: Sun Feb 19 00:34:59 2017 +0300 sunrpc: silence uninitialized variable warning kstrtouint() can return a couple different error codes so the check for "ret == -EINVAL" is wrong and static analysis tools correctly complain that we can use "num" without initializing it. It's not super harmful because we check the bounds. But it's also easy enough to fix. Signed-off-by: Dan Carpenter Signed-off-by: Anna Schumaker net/sunrpc/xprtsock.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 9763dd6f8160dc9cc239fc2427c8173073204457 Merge: 70fcf5c c548a1c Author: Linus Torvalds Date: Tue Feb 21 07:46:34 2017 -0800 Merge tag 'gfs2-4.11.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 Pull GFS2 updates from Robert Peterson: "We've got eight GFS2 patches for this merge window: - Andy Price submitted a patch to make gfs2_write_full_page a static function. - Dan Carpenter submitted a patch to fix a ERR_PTR thinko. Three patches fix bugs related to deleting very large files, which cause GFS2 to run out of journal space: - The first one prevents GFS2 delete operation from requesting too much journal space. - The second one fixes a problem whereby GFS2 can hang because it wasn't taking journal space demand into its calculations. - The third one wakes up IO waiters when a flush is done to restart processes stuck waiting for journal space to become available. The final three patches are a performance improvement related to spin_lock contention between multiple writers: - The "tr_touched" variable was switched to a flag to be more atomic and eliminate the possibility of some races. - Function meta_lo_add was moved inline with its only caller to make the code more readable and efficient. - Contention on the gfs2_log_lock spinlock was greatly reduced by avoiding the lock altogether in cases where we don't really need it: buffers that already appear in the appropriate metadata list for the journal. Many thanks to Steve Whitehouse for the ideas and principles behind these patches" * tag 'gfs2-4.11.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Make gfs2_write_full_page static GFS2: Reduce contention on gfs2_log_lock GFS2: Inline function meta_lo_add GFS2: Switch tr_touched to flag in transaction GFS2: Wake up io waiters whenever a flush is done GFS2: Made logd daemon take into account log demand GFS2: Limit number of transaction blocks requested for truncates GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next commit 1ad651154b0dfccde5a83fafbe81cff19791f359 Merge: 8a3ec58 067fdeb Author: Vinod Koul Date: Tue Feb 21 21:14:35 2017 +0530 Merge branch 'topic/zx' into for-linus commit 8a3ec58382bfb5e9c6b63f47e1bd6335aafc980e Merge: 25036f2 5df4eb4 Author: Vinod Koul Date: Tue Feb 21 21:14:27 2017 +0530 Merge branch 'topic/stm32-dma' into for-linus commit 25036f2a7377d7135ce9848d58d14b5bc061541d Merge: e4e48c4 15c6066 Author: Vinod Koul Date: Tue Feb 21 21:14:07 2017 +0530 Merge branch 'topic/ste' into for-linus commit 70fcf5c339b12743133050842252e20cfd6d42b5 Merge: 2bfe01e 6c71100 Author: Linus Torvalds Date: Tue Feb 21 07:44:03 2017 -0800 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull UDF fixes and cleanups from Jan Kara: "Several small UDF fixes and cleanups and a small cleanup of fanotify code" * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fanotify: simplify the code of fanotify_merge udf: simplify udf_ioctl() udf: fix ioctl errors udf: allow implicit blocksize specification during mount udf: check partition reference in udf_read_inode() udf: atomically read inode size udf: merge module informations in super.c udf: remove next_epos from udf_update_extent_cache() udf: Factor out trimming of crtime udf: remove empty condition udf: remove unneeded line break udf: merge bh free udf: use pointer for kernel_long_ad argument udf: use __packed instead of __attribute__ ((packed)) udf: Make stat on symlink report symlink length as st_size fs/udf: make #ifdef UDF_PREALLOCATE unconditional fs: udf: Replace CURRENT_TIME with current_time() commit e4e48c47d15df1dd5f74d3b5e8fc4c7817f45133 Merge: b802c84 f7c799e Author: Vinod Koul Date: Tue Feb 21 21:13:57 2017 +0530 Merge branch 'topic/intel' into for-linus commit 783112f7401ff449d979530209b3f6c2594fdb4e Author: Christoph Hellwig Date: Mon Feb 20 07:21:33 2017 +0100 nfsd: special case truncates some more Both the NFS protocols and the Linux VFS use a setattr operation with a bitmap of attributes to set to set various file attributes including the file size and the uid/gid. The Linux syscalls never mix size updates with unrelated updates like the uid/gid, and some file systems like XFS and GFS2 rely on the fact that truncates don't update random other attributes, and many other file systems handle the case but do not update the other attributes in the same transaction. NFSD on the other hand passes the attributes it gets on the wire more or less directly through to the VFS, leading to updates the file systems don't expect. XFS at least has an assert on the allowed attributes, which caught an unusual NFS client setting the size and group at the same time. To handle this issue properly this splits the notify_change call in nfsd_setattr into two separate ones. Signed-off-by: Christoph Hellwig Cc: stable@vger.kernel.org Tested-by: Chuck Lever Signed-off-by: J. Bruce Fields fs/nfsd/vfs.c | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) commit e7cd7ef58e1fedb09b16720919869a81d7a2b867 Author: Jaehoon Chung Date: Mon Feb 13 17:26:13 2017 +0900 PCI: exynos: Support the PHY generic framework Switch the pci-exynos driver to generic PHY framework. At the same time backward compatibility is preserved: Warning will be printed for old DTB. Refer to the binding file: - Documentation/devicetree/bindings/pci/samsung,exynos5440-pcie.txt Signed-off-by: Jaehoon Chung Signed-off-by: Bjorn Helgaas Reviewed-by: Pankaj Dubey Reviewed-by: Alim Akhtar Acked-by: Krzysztof Kozlowski Acked-by: Jingoo Han drivers/pci/host/pci-exynos.c | 54 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 50 insertions(+), 4 deletions(-) commit 34f80c7ddfffe262bf04fb03e198e64de4cec7fc Author: Jaehoon Chung Date: Mon Feb 13 17:26:12 2017 +0900 Documentation: binding: Modify the exynos5440 PCIe binding According to using PHY framework, updates the exynos5440-pcie binding. For maintaining backward compatibility, leaves the current dt-binding. (It should be deprecated.) Recommends to use the PHY Framework and "config" property to follow the designware-pcie binding. If you use the old way, can see "missing *config* reg space" message. Because the getting configuration space address from range is old way. NOTE: When use the "config" property, first name of 'reg-names' must be set to "elbi". Otherwise driver can't maintain the backward capability. Signed-off-by: Jaehoon Chung Signed-off-by: Bjorn Helgaas Reviewed-by: Pankaj Dubey Reviewed-by: Alim Akhtar Acked-by: Rob Herring .../bindings/pci/samsung,exynos5440-pcie.txt | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) commit cf0adb8e281b69801fb8faef18c14443d9d41d3c Author: Jaehoon Chung Date: Mon Feb 13 17:26:11 2017 +0900 phy: phy-exynos-pcie: Add support for Exynos PCIe PHY Add support for Generic PHY framework about Exynos SoCs. Current Exynos PCIe driver doesn't use the PHY framework, which makes it difficult to upstream the other Exynos variants because of different PHY registers. Move the codes relevant to PHY from Exnyos PCIe driver to PHY Exynos PCIe driver. [bhelgaas: depend on "OF && (ARCH_EXYNOS || COMPILE_TEST)", update copyright year, both per Vivek] Signed-off-by: Jaehoon Chung Acked-by: Krzysztof Kozlowski Reviewed-by: Jingoo Han Reviewed-by: Pankaj Dubey Reviewed-by: Vivek Gautam Signed-off-by: Bjorn Helgaas drivers/phy/Kconfig | 8 ++ drivers/phy/Makefile | 1 + drivers/phy/phy-exynos-pcie.c | 285 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 294 insertions(+) commit ad8ec41afa98615a4154eee0121bcf8276695327 Author: Jaehoon Chung Date: Mon Feb 13 17:26:10 2017 +0900 Documentation: samsung-phy: Add exynos-pcie-phy binding Add the exynos-pcie-phy binding for Exynos PCIe PHY. This is for using generic PHY framework. Signed-off-by: Jaehoon Chung Signed-off-by: Bjorn Helgaas Acked-by: Rob Herring Documentation/devicetree/bindings/phy/samsung-phy.txt | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 3498d8694d41af701c51289e7caf3ffefc7bfb6b Author: Linus Walleij Date: Tue Feb 21 14:19:45 2017 +0100 gpio: reintroduce devm_get_gpiod_from_child() We need to keep this API around for the merge window to avoid nasty build problems in the merges. Cc: Lee Jones Suggested-by: Greg Kroah-Hartman Signed-off-by: Linus Walleij include/linux/gpio/consumer.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 3ef767e5cbd405abfd01339c7e5daaf98e037be2 Merge: 4eba8b7 40b446a Author: Pablo Neira Ayuso Date: Tue Feb 21 14:01:05 2017 +0100 Merge branch 'master' of git://blackhole.kfki.hu/nf Jozsef Kadlecsik says: ==================== ipset patches for nf Please apply the next patches for ipset in your nf branch. Both patches should go into the stable kernel branches as well, because these are important bugfixes: * Sometimes valid entries in hash:* types of sets were evicted due to a typo in an index. The wrong evictions happen when entries are deleted from the set and the bucket is shrinked. Bug was reported by Eric Ewanco and the patch fixes netfilter bugzilla id #1119. * Fixing of a null pointer exception when someone wants to add an entry to an empty list type of set and specifies an add before/after option. The fix is from Vishwanath Pai. ==================== Signed-off-by: Pablo Neira Ayuso commit 4eba8b78e1390f46828e00d6fa4d651c3d219894 Author: Liping Zhang Date: Sat Feb 18 10:35:47 2017 +0800 netfilter: nfnetlink: remove static declaration from err_list Otherwise, different subsys will race to access the err_list, with holding the different nfnl_lock(subsys_id). But this will not happen now, since ->call_batch is only implemented by nftables, so the err_list is protected by nfnl_lock(NFNL_SUBSYS_NFTABLES). Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nfnetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ba896a05ad9375912ccebdac9623aab97845600f Author: Ken-ichirou MATSUZAWA Date: Thu Feb 16 18:20:33 2017 +0900 netfilter: nfnetlink_queue: fix NFQA_VLAN_MAX definition Should be - 1 as in other _MAX definitions. Signed-off-by: Ken-ichirou MATSUZAWA Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/nfnetlink_queue.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dd0fd8bca1850ddadf5d33a9ed28f3707cd98ac7 Author: Waiman Long Date: Mon Feb 20 13:36:04 2017 -0500 x86/kvm: Provide optimized version of vcpu_is_preempted() for x86-64 It was found when running fio sequential write test with a XFS ramdisk on a KVM guest running on a 2-socket x86-64 system, the %CPU times as reported by perf were as follows: 69.75% 0.59% fio [k] down_write 69.15% 0.01% fio [k] call_rwsem_down_write_failed 67.12% 1.12% fio [k] rwsem_down_write_failed 63.48% 52.77% fio [k] osq_lock 9.46% 7.88% fio [k] __raw_callee_save___kvm_vcpu_is_preempt 3.93% 3.93% fio [k] __kvm_vcpu_is_preempted Making vcpu_is_preempted() a callee-save function has a relatively high cost on x86-64 primarily due to at least one more cacheline of data access from the saving and restoring of registers (8 of them) to and from stack as well as one more level of function call. To reduce this performance overhead, an optimized assembly version of the the __raw_callee_save___kvm_vcpu_is_preempt() function is provided for x86-64. With this patch applied on a KVM guest on a 2-socket 16-core 32-thread system with 16 parallel jobs (8 on each socket), the aggregrate bandwidth of the fio test on an XFS ramdisk were as follows: I/O Type w/o patch with patch -------- --------- ---------- random read 8141.2 MB/s 8497.1 MB/s seq read 8229.4 MB/s 8304.2 MB/s random write 1675.5 MB/s 1701.5 MB/s seq write 1681.3 MB/s 1699.9 MB/s There are some increases in the aggregated bandwidth because of the patch. The perf data now became: 70.78% 0.58% fio [k] down_write 70.20% 0.01% fio [k] call_rwsem_down_write_failed 69.70% 1.17% fio [k] rwsem_down_write_failed 59.91% 55.42% fio [k] osq_lock 10.14% 10.14% fio [k] __kvm_vcpu_is_preempted The assembly code was verified by using a test kernel module to compare the output of C __kvm_vcpu_is_preempted() and that of assembly __raw_callee_save___kvm_vcpu_is_preempt() to verify that they matched. Suggested-by: Peter Zijlstra Signed-off-by: Waiman Long Acked-by: Peter Zijlstra (Intel) Signed-off-by: Paolo Bonzini arch/x86/kernel/asm-offsets_64.c | 9 +++++++++ arch/x86/kernel/kvm.c | 24 ++++++++++++++++++++++++ 2 files changed, 33 insertions(+) commit 6c62985d576c8a816f528c39204207b9f449d923 Author: Waiman Long Date: Mon Feb 20 13:36:03 2017 -0500 x86/paravirt: Change vcp_is_preempted() arg type to long The cpu argument in the function prototype of vcpu_is_preempted() is changed from int to long. That makes it easier to provide a better optimized assembly version of that function. For Xen, vcpu_is_preempted(long) calls xen_vcpu_stolen(int), the downcast from long to int is not a problem as vCPU number won't exceed 32 bits. Signed-off-by: Waiman Long Acked-by: Peter Zijlstra (Intel) Signed-off-by: Paolo Bonzini arch/x86/include/asm/paravirt.h | 2 +- arch/x86/include/asm/qspinlock.h | 2 +- arch/x86/kernel/kvm.c | 2 +- arch/x86/kernel/paravirt-spinlocks.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) commit 96794e4ed4d758272c486e1529e431efb7045265 Author: Chao Peng Date: Tue Feb 21 03:50:01 2017 -0500 KVM: VMX: use correct vmcs_read/write for guest segment selector/base Guest segment selector is 16 bit field and guest segment base is natural width field. Fix two incorrect invocations accordingly. Without this patch, build fails when aggressive inlining is used with ICC. Cc: stable@vger.kernel.org Signed-off-by: Chao Peng Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b7ffc44d5b2ea163899d09289ca7743d5c32e926 Author: Andy Lutomirski Date: Mon Feb 20 08:56:14 2017 -0800 x86/kvm/vmx: Defer TR reload after VM exit Intel's VMX is daft and resets the hidden TSS limit register to 0x67 on VMX reload, and the 0x67 is not configurable. KVM currently reloads TR using the LTR instruction on every exit, but this is quite slow because LTR is serializing. The 0x67 limit is entirely harmless unless ioperm() is in use, so defer the reload until a task using ioperm() is actually running. Here's some poorly done benchmarking using kvm-unit-tests: Before: cpuid 1313 vmcall 1195 mov_from_cr8 11 mov_to_cr8 17 inl_from_pmtimer 6770 inl_from_qemu 6856 inl_from_kernel 2435 outl_to_kernel 1402 After: cpuid 1291 vmcall 1181 mov_from_cr8 11 mov_to_cr8 16 inl_from_pmtimer 6457 inl_from_qemu 6209 inl_from_kernel 2339 outl_to_kernel 1391 Signed-off-by: Andy Lutomirski [Force-reload TR in invalidate_tss_limit. - Paolo] Signed-off-by: Paolo Bonzini arch/x86/include/asm/desc.h | 48 +++++++++++++++++++++++++++++++++++++++++++++ arch/x86/kernel/ioport.c | 5 +++++ arch/x86/kernel/process.c | 10 ++++++++++ arch/x86/kvm/vmx.c | 23 +++++++++------------- 4 files changed, 72 insertions(+), 14 deletions(-) commit d3273deac9c0cdae32eb46f928487433eaa37f87 Author: Andy Lutomirski Date: Mon Feb 20 08:56:13 2017 -0800 x86/asm/64: Drop __cacheline_aligned from struct x86_hw_tss Historically, the entire TSS + io bitmap structure was cacheline aligned, but commit ca241c75037b ("x86: unify tss_struct") changed it (presumably inadvertently) so that the fixed-layout hardware part is cacheline-aligned and the io bitmap is after the padding. This wastes 24 bytes (the hardware part should be 104 bytes, but this pads it to 128 bytes) and, serves no purpose, and causes sizeof(struct x86_hw_tss) to have a confusing value. Drop the pointless alignment. Signed-off-by: Andy Lutomirski Signed-off-by: Paolo Bonzini arch/x86/include/asm/processor.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8c2e41f7ae1234c192ef497472ad306227c77c03 Author: Andy Lutomirski Date: Mon Feb 20 08:56:12 2017 -0800 x86/kvm/vmx: Simplify segment_base() Use actual pointer types for pointers (instead of unsigned long) and replace hardcoded constants with the appropriate self-documenting macros. The function is still a bit messy, but this seems a lot better than before to me. This is mostly borrowed from a patch by Thomas Garnier. Cc: Thomas Garnier Cc: Jim Mattson Cc: Radim Krčmář Cc: Paolo Bonzini Signed-off-by: Andy Lutomirski Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) commit e28baeadcf0d657c6b6e849ae1b4faccb4faf326 Author: Andy Lutomirski Date: Mon Feb 20 08:56:11 2017 -0800 x86/kvm/vmx: Get rid of segment_base() on 64-bit kernels It was a bit buggy (it didn't list all segment types that needed 64-bit fixups), but the bug was irrelevant because it wasn't called in any interesting context on 64-bit kernels and was only used for data segents on 32-bit kernels. To avoid confusion, make it explicitly 32-bit only. Cc: Thomas Garnier Cc: Jim Mattson Cc: Radim Krčmář Cc: Paolo Bonzini Signed-off-by: Andy Lutomirski Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit e0c230634af99967da79a6ed1faecc720fb623ca Author: Andy Lutomirski Date: Mon Feb 20 08:56:10 2017 -0800 x86/kvm/vmx: Don't fetch the TSS base from the GDT The current CPU's TSS base is a foregone conclusion, so there's no need to parse it out of the segment tables. This should save a couple cycles (as STR is surely microcoded and poorly optimized) but, more importantly, it's a cleanup and it means that segment_base() will never be called on 64-bit kernels. Cc: Thomas Garnier Cc: Jim Mattson Cc: Radim Krčmář Cc: Paolo Bonzini Signed-off-by: Andy Lutomirski Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit 4f53ab14285802b298261f8b52af322039d1dfd0 Author: Andy Lutomirski Date: Mon Feb 20 08:56:09 2017 -0800 x86/asm: Define the kernel TSS limit in a macro Rather than open-coding the kernel TSS limit in set_tss_desc(), make it a real macro near the TSS layout definition. This is purely a cleanup. Cc: Thomas Garnier Cc: Jim Mattson Signed-off-by: Andy Lutomirski Signed-off-by: Paolo Bonzini arch/x86/include/asm/desc.h | 10 +--------- arch/x86/include/asm/processor.h | 10 ++++++++++ 2 files changed, 11 insertions(+), 9 deletions(-) commit 3dbbaf200f532e01e56168b8339f2981f2cb1d67 Author: Michael Roth Date: Mon Feb 20 19:12:18 2017 -0600 powerpc/pseries: Advertise Hot Plug Event support to firmware With the inclusion of commit 333f7b76865b ("powerpc/pseries: Implement indexed-count hotplug memory add") and commit 753843471cbb ("powerpc/pseries: Implement indexed-count hotplug memory remove"), we now have complete handling of the RTAS hotplug event format as described by PAPR via ACR "PAPR Changes for Hotplug RTAS Events". This capability is indicated by byte 6, bit 2 (5 in IBM numbering) of architecture option vector 5, and allows for greater control over cpu/memory/pci hot plug/unplug operations. Existing pseries kernels will utilize this capability based on the existence of the /event-sources/hot-plug-events DT property, so we only need to advertise it via CAS and do not need a corresponding FW_FEATURE_* value to test for. Signed-off-by: Michael Roth Signed-off-by: Michael Ellerman arch/powerpc/include/asm/prom.h | 1 + arch/powerpc/kernel/prom_init.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) commit 171ed0fcd8966d82c45376f1434678e7b9d4d9b1 Author: Andrew Donnellan Date: Mon Feb 6 12:07:17 2017 +1100 cxl: fix nested locking hang during EEH hotplug Commit 14a3ae34bfd0 ("cxl: Prevent read/write to AFU config space while AFU not configured") introduced a rwsem to fix an invalid memory access that occurred when someone attempts to access the config space of an AFU on a vPHB whilst the AFU is deconfigured, such as during EEH recovery. It turns out that it's possible to run into a nested locking issue when EEH recovery fails and a full device hotplug is required. cxl_pci_error_detected() deconfigures the AFU, taking a writer lock on configured_rwsem. When EEH recovery fails, the EEH code calls pci_hp_remove_devices() to remove the device, which in turn calls cxl_remove() -> cxl_pci_remove_afu() -> pci_deconfigure_afu(), which tries to grab the writer lock that's already held. Standard rwsem semantics don't express what we really want to do here and don't allow for nested locking. Fix this by replacing the rwsem with an atomic_t which we can control more finely. Allow the AFU to be locked multiple times so long as there are no readers. Fixes: 14a3ae34bfd0 ("cxl: Prevent read/write to AFU config space while AFU not configured") Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: Andrew Donnellan Acked-by: Frederic Barrat Signed-off-by: Michael Ellerman drivers/misc/cxl/cxl.h | 5 +++-- drivers/misc/cxl/main.c | 3 +-- drivers/misc/cxl/pci.c | 11 +++++++++-- drivers/misc/cxl/vphb.c | 18 ++++++++++++++---- 4 files changed, 27 insertions(+), 10 deletions(-) commit 8a5897fec98e1f1fa045ccad87817eeb24579953 Merge: 2bfe01e 68ba323 Author: Ingo Molnar Date: Tue Feb 21 09:05:29 2017 +0100 Merge tag 'perf-core-for-mingo-4.11-20170220' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: New features: - Make -a/--all-cpus be the default target in 'perf record' and 'perf stat', just like it is with 'perf trace' (Jiri Olsa) - Introduce -q/--quiet to the 'annotate', 'diff' and 'report', fix up its behaviour in 'record'. This makes the output more compact by elliminating headers, leaving just the histogram lines (Namhyung Kim) Fixes: - Handle offline/absent CPUs (Jan Stancek) Infrastructure changes: - Filter out -specs=/a/b/c from CC options when building the python support, allowing that feature to be built with clang (Arnaldo Carvalho de Melo) - Fix DEBUG=1 build with clang (Arnaldo Carvalho de Melo) Trivial changes: - Fix spelling of 'preempt' in a libtraceevent function name (Steven Rostedt) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit ef1d75263fdafc3ff4018512fce8607ae61d7985 Merge: d5adbfc 992edf3 Author: Zhang Rui Date: Tue Feb 21 15:50:23 2017 +0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal into thermal-soc commit 5e48dc0aa4d9daf93e9bff2a274473623a134ec8 Author: Douglas Miller Date: Tue Feb 7 07:40:44 2017 -0600 powerpc/xmon: Dump memory in CPU endian format Extend the dump command to allow display of 2, 4, and 8 byte words in CPU endian format. Also adds dump command for "1 byte values" for the sake of symmetry. New commands are: d1 dump 1 byte values d2 dump 2 byte values d4 dump 4 byte values d8 dump 8 byte values Signed-off-by: Michael Ellerman Signed-off-by: Douglas Miller Acked-by: Balbir Singh arch/powerpc/xmon/xmon.c | 58 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 55 insertions(+), 3 deletions(-) commit 017b29c38c0dc8aece778b44fad32adf8862c188 Author: Jason Wang Date: Mon Feb 20 11:50:20 2017 +0800 virito-net: set queues after reset during xdp_set We set queues before reset which will cause a crash[1]. This is because is_xdp_raw_buffer_queue() depends on the old xdp queue pairs number to do the correct detection. So fix this by - passing xdp queue pairs and current queue pairs to virtnet_reset() - change vi->xdp_qp after reset but before refill, to make sure both free_unused_bufs() and refill can make correct detection of XDP. - remove the duplicated queue pairs setting before virtnet_reset() since we will do it inside virtnet_reset() [1] [ 74.328168] general protection fault: 0000 [#1] SMP [ 74.328625] Modules linked in: nfsd xfs libcrc32c virtio_net virtio_pci [ 74.329117] CPU: 0 PID: 2849 Comm: xdp2 Not tainted 4.10.0-rc7+ #499 [ 74.329577] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.1-0-g8891697-prebuilt.qemu-project.org 04/01/2014 [ 74.330424] task: ffff88007a894000 task.stack: ffffc90004388000 [ 74.330844] RIP: 0010:skb_release_head_state+0x28/0x80 [ 74.331298] RSP: 0018:ffffc9000438b8d0 EFLAGS: 00010206 [ 74.331676] RAX: 0000000000000000 RBX: ffff88007ad96300 RCX: 0000000000000000 [ 74.332217] RDX: ffff88007fc137a8 RSI: ffff88007fc0db28 RDI: 0001bf00000001be [ 74.332758] RBP: ffffc9000438b8d8 R08: 000000000005008f R09: 00000000000005f9 [ 74.333274] R10: ffff88007d001700 R11: ffffffff820a8a4d R12: ffff88007ad96300 [ 74.333787] R13: 0000000000000002 R14: ffff880036604000 R15: 000077ff80000000 [ 74.334308] FS: 00007fc70d8a7b40(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000 [ 74.334891] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.335314] CR2: 00007fff4144a710 CR3: 000000007ab56000 CR4: 00000000003406f0 [ 74.335830] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.336373] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.336895] Call Trace: [ 74.337086] skb_release_all+0xd/0x30 [ 74.337356] consume_skb+0x2c/0x90 [ 74.337607] free_unused_bufs+0x1ff/0x270 [virtio_net] [ 74.337988] ? vp_synchronize_vectors+0x3b/0x60 [virtio_pci] [ 74.338398] virtnet_xdp+0x21e/0x440 [virtio_net] [ 74.338741] dev_change_xdp_fd+0x101/0x140 [ 74.339048] do_setlink+0xcf4/0xd20 [ 74.339304] ? symcmp+0xf/0x20 [ 74.339529] ? mls_level_isvalid+0x52/0x60 [ 74.339828] ? mls_range_isvalid+0x43/0x50 [ 74.340135] ? nla_parse+0xa0/0x100 [ 74.340400] rtnl_setlink+0xd4/0x120 [ 74.340664] ? cpumask_next_and+0x30/0x50 [ 74.340966] rtnetlink_rcv_msg+0x7f/0x1f0 [ 74.341259] ? sock_has_perm+0x59/0x60 [ 74.341586] ? napi_consume_skb+0xe2/0x100 [ 74.342010] ? rtnl_newlink+0x890/0x890 [ 74.342435] netlink_rcv_skb+0x92/0xb0 [ 74.342846] rtnetlink_rcv+0x23/0x30 [ 74.343277] netlink_unicast+0x162/0x210 [ 74.343677] netlink_sendmsg+0x2db/0x390 [ 74.343968] sock_sendmsg+0x33/0x40 [ 74.344233] SYSC_sendto+0xee/0x160 [ 74.344482] ? SYSC_bind+0xb0/0xe0 [ 74.344806] ? sock_alloc_file+0x92/0x110 [ 74.345106] ? fd_install+0x20/0x30 [ 74.345360] ? sock_map_fd+0x3f/0x60 [ 74.345586] SyS_sendto+0x9/0x10 [ 74.345790] entry_SYSCALL_64_fastpath+0x1a/0xa9 [ 74.346086] RIP: 0033:0x7fc70d1b8f6d [ 74.346312] RSP: 002b:00007fff4144a708 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 74.346785] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fc70d1b8f6d [ 74.347244] RDX: 000000000000002c RSI: 00007fff4144a720 RDI: 0000000000000003 [ 74.347683] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 74.348544] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff4144bd90 [ 74.349082] R13: 0000000000000002 R14: 0000000000000002 R15: 00007fff4144cda0 [ 74.349607] Code: 00 00 00 55 48 89 e5 53 48 89 fb 48 8b 7f 58 48 85 ff 74 0e 40 f6 c7 01 74 3d 48 c7 43 58 00 00 00 00 48 8b 7b 68 48 85 ff 74 05 ff 0f 74 20 48 8b 43 60 48 85 c0 74 14 65 8b 15 f3 ab 8d 7e [ 74.351008] RIP: skb_release_head_state+0x28/0x80 RSP: ffffc9000438b8d0 [ 74.351625] ---[ end trace fe6e19fd11cfc80b ]--- Fixes: 2de2f7f40ef9 ("virtio_net: XDP support for adjust_head") Cc: John Fastabend Signed-off-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/virtio_net.c | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) commit 1763413ac2c15f80fa2c2e308ecbf1a1b550a4c3 Author: Michael Walle Date: Mon Feb 20 16:54:18 2017 +0100 dpaa_eth: implement ioctl() for PHY-related ops This commit adds the ndo_do_ioctl() callback which allows the userspace to access PHY registers, for example. This will make mii-diag and similar tools work. Signed-off-by: Michael Walle Signed-off-by: David S. Miller drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 2cf8a897116a4433ca579aff8b0813d8fb2c4473 Author: Philippe Reynes Date: Mon Feb 20 22:59:13 2017 +0100 net: qualcomm: qca: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/qca_debug.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit 836dacdd5b932f8ed8ca9f90e7b7e6751f478627 Merge: 5a4dcdc 1708639 Author: David S. Miller Date: Mon Feb 20 21:59:16 2017 -0500 Merge branch 'bnxt_en-probe-and-open-bugs' Michael Chan says: ==================== bnxt_en: Fix probe and open bugs. Fix 3 issues related to bnxt_init_one() and bnxt_open(). Don't probe bridge devices and fixup some error code paths. ==================== Signed-off-by: David S. Miller commit 17086399c113d933e1202697f85b8f0f82fcb8ce Author: Sathya Perla Date: Mon Feb 20 19:25:18 2017 -0500 bnxt_en: fix pci cleanup in bnxt_init_one() failure path In the bnxt_init_one() failure path, bar1 and bar2 are not being unmapped. This commit fixes this issue. Reorganize the code so that bnxt_init_one()'s failure path and bnxt_remove_one() can call the same function to do the PCI cleanup. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 76 ++++++++++++++++--------------- 1 file changed, 39 insertions(+), 37 deletions(-) commit daf1f1e7841138cb0e48d52c8573a5f064d8f495 Author: Michael Chan Date: Mon Feb 20 19:25:17 2017 -0500 bnxt_en: Fix NULL pointer dereference in a failure path during open. If bnxt_hwrm_ring_free() is called during a failure path in bnxt_open(), it is possible that the completion rings have not been allocated yet. In that case, the completion doorbell has not been initialized, and calling bnxt_disable_int() will crash. Fix it by checking that the completion ring has been initialized before writing to the completion ring doorbell. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 4e00338a61998de3502d0428c4f71ffc69772316 Author: Ray Jui Date: Mon Feb 20 19:25:16 2017 -0500 bnxt_en: Reject driver probe against all bridge devices There are additional SoC devices that use the same device ID for bridge and NIC devices. The bnxt driver should reject probe against all bridge devices since it's meant to be used with only endpoint devices. Signed-off-by: Ray Jui Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2bfe01eff4307409b95859e860261d0907149b61 Merge: cab7076 ae6f8dd Author: Linus Torvalds Date: Mon Feb 20 18:38:47 2017 -0800 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull CIFS/SMB3 updates from Steve French: "Includes support for a critical SMB3 security feature: per-share encryption from Pavel, and a cleanup from Jean Delvare. Will have another cifs/smb3 merge next week" * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: CIFS: Allow to switch on encryption with seal mount option CIFS: Add capability to decrypt big read responses CIFS: Decrypt and process small encrypted packets CIFS: Add copy into pages callback for a read operation CIFS: Add mid handle callback CIFS: Add transform header handling callbacks CIFS: Encrypt SMB3 requests before sending CIFS: Enable encryption during session setup phase CIFS: Add capability to transform requests before sending CIFS: Separate RFC1001 length processing for SMB2 read CIFS: Separate SMB2 sync header processing CIFS: Send RFC1001 length in a separate iov CIFS: Make send_cancel take rqst as argument CIFS: Make SendReceive2() takes resp iov CIFS: Separate SMB2 header structure CIFS: Fix splice read for non-cached files cifs: Add soft dependencies cifs: Only select the required crypto modules cifs: Simplify SMB2 and SMB311 dependencies commit cab7076a185e1e27f6879325e4da762424c3f1c9 Merge: 6c24337 e9be2ac Author: Linus Torvalds Date: Mon Feb 20 18:24:39 2017 -0800 Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 updates from Ted Ts'o: "For this cycle we add support for the shutdown ioctl, which is primarily used for testing, but which can be useful on production systems when a scratch volume is being destroyed and the data on it doesn't need to be saved. This found (and we fixed) a number of bugs with ext4's recovery to corrupted file system --- the bugs increased the amount of data that could be potentially lost, and in the case of the inline data feature, could cause the kernel to BUG. Also included are a number of other bug fixes, including in ext4's fscrypt, DAX, inline data support" * tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (26 commits) ext4: rename EXT4_IOC_GOINGDOWN to EXT4_IOC_SHUTDOWN ext4: fix fencepost in s_first_meta_bg validation ext4: don't BUG when truncating encrypted inodes on the orphan list ext4: do not use stripe_width if it is not set ext4: fix stripe-unaligned allocations dax: assert that i_rwsem is held exclusive for writes ext4: fix DAX write locking ext4: add EXT4_IOC_GOINGDOWN ioctl ext4: add shutdown bit and check for it ext4: rename s_resize_flags to s_ext4_flags ext4: return EROFS if device is r/o and journal replay is needed ext4: preserve the needs_recovery flag when the journal is aborted jbd2: don't leak modified metadata buffers on an aborted journal ext4: fix inline data error paths ext4: move halfmd4 into hash.c directly ext4: fix use-after-iput when fscrypt contexts are inconsistent jbd2: fix use after free in kjournald2() ext4: fix data corruption in data=journal mode ext4: trim allocation requests to group size ext4: replace BUG_ON with WARN_ON in mb_find_extent() ... commit 6c24337f22115d669e24ce990842dab667371b4d Merge: 786856b 6f69f0e Author: Linus Torvalds Date: Mon Feb 20 18:22:31 2017 -0800 Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt Pull fscrypt updates from Ted Ts'o: "Various cleanups for the file system encryption feature" * tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt: fscrypt: constify struct fscrypt_operations fscrypt: properly declare on-stack completion fscrypt: split supp and notsupp declarations into their own headers fscrypt: remove redundant assignment of res fscrypt: make fscrypt_operations.key_prefix a string fscrypt: remove unused 'mode' member of fscrypt_ctx ext4: don't allow encrypted operations without keys fscrypt: make test_dummy_encryption require a keyring key fscrypt: factor out bio specific functions fscrypt: pass up error codes from ->get_context() fscrypt: remove user-triggerable warning messages fscrypt: use EEXIST when file already uses different policy fscrypt: use ENOTDIR when setting encryption policy on nondirectory fscrypt: use ENOKEY when file cannot be created w/o key commit 786856b6d111a30d51c98526cc7a283ecc73f00f Merge: 43e31e4 d3e1b61 Author: Linus Torvalds Date: Mon Feb 20 18:06:09 2017 -0800 Merge tag 'device-properties-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull device property updates from Rafael J. Wysocki: "Generic device properties framework updates for v4.11-rc1 Allow built-in (static) device properties to be declared as constant, make it possible to save memory by discarding alternative (but unused) built-in (static) property sets and add support for automatic handling of built-in properties to the I2C code" * tag 'device-properties-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: i2c: allow specify device properties in i2c_board_info device property: export code duplicating array of property entries device property: constify property arrays values device property: allow to constify properties commit 943db62c316c578f8e2cc6fb81a5f641096b29bf Author: Nathan Fontenot Date: Wed Feb 15 13:45:30 2017 -0500 powerpc/pseries: Revert 'Auto-online hotplugged memory' This reverts commit ec999072442a ("powerpc/pseries: Auto-online hotplugged memory"), and 9dc512819e4b ("powerpc: Fix unused function warning 'lmb_to_memblock'"). Using the auto-online acpability does online added memory but does not update the associated device struct to indicate that the memory is online. This causes the pseries memory DLPAR code to fail when trying to remove a LMB that was previously removed and added back. This happens when validating that the LMB is removable. This patch reverts to the previous behavior of calling device_online() to online the LMB when it is DLPAR added and moves the lmb_to_memblock() routine out of CONFIG_MEMORY_HOTREMOVE now that we call it for add. Fixes: ec999072442a ("powerpc/pseries: Auto-online hotplugged memory") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Nathan Fontenot Signed-off-by: Michael Ellerman arch/powerpc/configs/pseries_defconfig | 1 - arch/powerpc/platforms/pseries/hotplug-memory.c | 52 ++++++++++++++++++------- 2 files changed, 37 insertions(+), 16 deletions(-) commit 43e31e40473a00c936ffb9c2eebedc0566c92e89 Merge: 02c3de1 ac18c0c Author: Linus Torvalds Date: Mon Feb 20 17:55:15 2017 -0800 Merge tag 'acpi-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI updates from Rafael Wysocki: "These update the ACPICA code in the kernel to upstream revision 20170119, which among other things updates copyright notices in all of the ACPICA files, fix a couple of issues in the ACPI EC and button drivers, fix modalias handling for non-discoverable devices with DT-compatible identification strings, add a suspend quirk for one platform and fix a message in the APEI code. Specifics: - Update of the ACPICA code in the kernel to upstream revision 20170119 including: + Fixes related to the handling of the bit width and bit offset fields in Generic Address Structure (Lv Zheng) + ACPI resources handling fix related to invalid resource descriptors (Bob Moore) + Fix to enable implicit result conversion for several ASL library functions (Bob Moore) + Support for method invocations as target operands in AML (Bob Moore) + Fix to use a correct operand type for DeRefOf() in some situations (Bob Moore) + Utilities updates (Bob Moore, Lv Zheng) + Disassembler/debugger updates (David Box, Lv Zheng) + Build fixes (Colin Ian King, Lv Zheng) + Update of copyright notices in all files (Bob Moore) - Fix for modalias handling for SPI and I2C devices with DT-compatible identification strings (Dan O'Donovan) - Fixes for the ACPI EC and button drivers (Lv Zheng) - ACPI processor handling fix related to CPU hotplug (online/offline) on x86 (Vitaly Kuznetsov) - Suspend quirk to save/restore NVS memory over S3 transitions for Lenovo G50-45 (Zhang Rui) - Message formatting fix for the ACPI APEI code (Colin Ian King)" * tag 'acpi-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (32 commits) ACPICA: Update version to 20170119 ACPICA: Tools: Update common signon, remove compilation bit width ACPICA: Source tree: Update copyright notices to 2017 ACPICA: Linuxize: Restore and fix Intel compiler build x86/ACPI: keep x86_cpu_to_acpiid mapping valid on CPU hotplug spi: acpi: Initialize modalias from of_compatible i2c: acpi: Initialize info.type from of_compatible ACPI / bus: Introduce acpi_of_modalias() equiv of of_modalias_node() ACPI: save NVS memory for Lenovo G50-45 ACPI, APEI, EINJ: fix malformed newline escape ACPI / button: Remove lid_init_state=method mode ACPI / button: Change default behavior to lid_init_state=open ACPI / EC: Use busy polling mode when GPE is not enabled ACPI / EC: Remove old CLEAR_ON_RESUME quirk ACPICA: Update version to 20161222 ACPICA: Parser: Update parse info table for some operators ACPICA: Fix a problem with recent extra support for control method invocations ACPICA: Parser: Allow method invocations as target operands ACPICA: Fix for implicit result conversion for the ToXXX functions ACPICA: Resources: Not a valid resource if buffer length too long .. commit 02c3de1105228e367320e7fdeffbf511904f398c Merge: 7aa7d60 eee77a8 Author: Linus Torvalds Date: Mon Feb 20 17:41:31 2017 -0800 Merge tag 'pm-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management updates from Rafael Wysocki: "The majority of changes go into the Operating Performance Points (OPP) framework and cpufreq this time, followed by devfreq and some scattered updates all over. The OPP changes are mostly related to switching over from RCU-based synchronization, that turned out to be overly complicated and problematic, to reference counting using krefs. In the cpufreq land there are core cleanups, documentation updates, a new driver for Broadcom BMIPS SoCs, a new cpufreq-dt sub-driver for TI SoCs that require special handling, ARM64 SoCs support for the qoriq driver, intel_pstate updates, powernv driver update and assorted fixes. The devfreq changes are mostly fixes related to the sysfs interface and some Exynos drivers updates. Apart from that, the cpuidle menu governor will support per-CPU PM QoS constraints for the wakeup latency now, some bugs in the wakeup IRQs framework are fixed, the generic power domains framework should handle asynchronous invocations of *noirq suspend/resume callbacks from now on, the analyze_suspend.py script is updated and there is a new tool for intel_pstate diagnostics. Specifics: - Operating Performance Points (OPP) framework fixes, cleanups and switch over from RCU-based synchronization to reference counting using krefs (Viresh Kumar, Wei Yongjun, Dave Gerlach) - cpufreq core cleanups and documentation updates (Viresh Kumar, Rafael Wysocki) - New cpufreq driver for Broadcom BMIPS SoCs (Markus Mayer) - New cpufreq-dt sub-driver for TI SoCs requiring special handling, like in the AM335x, AM437x, DRA7x, and AM57x families, along with new DT bindings for it (Dave Gerlach, Paul Gortmaker) - ARM64 SoCs support for the qoriq cpufreq driver (Tang Yuantian) - intel_pstate driver updates including a new sysfs knob to control the driver's operation mode and fixes related to the no_turbo sysfs knob and the hardware-managed P-states feature support (Rafael Wysocki, Srinivas Pandruvada) - New interface to export ultra-turbo frequencies for the powernv cpufreq driver (Shilpasri Bhat) - Assorted fixes for cpufreq drivers (Arnd Bergmann, Dan Carpenter, Wei Yongjun) - devfreq core fixes, mostly related to the sysfs interface exported by it (Chanwoo Choi, Chris Diamand) - Updates of the exynos-bus and exynos-ppmu devfreq drivers (Chanwoo Choi) - Device PM QoS extension to support CPUs and support for per-CPU wakeup (device resume) latency constraints in the cpuidle menu governor (Alex Shi) - Wakeup IRQs framework fixes (Grygorii Strashko) - Generic power domains framework update including a fix to make it handle asynchronous invocations of *noirq suspend/resume callbacks correctly (Ulf Hansson, Geert Uytterhoeven) - Assorted fixes and cleanups in the core suspend/hibernate code, PM QoS framework and x86 ACPI idle support code (Corentin Labbe, Geert Uytterhoeven, Geliang Tang, John Keeping, Nick Desaulniers) - Update of the analyze_suspend.py script is updated to version 4.5 offering multiple improvements (Todd Brandt) - New tool for intel_pstate diagnostics using the pstate_sample tracepoint (Doug Smythies)" * tag 'pm-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (85 commits) MAINTAINERS: cpufreq: add bmips-cpufreq.c PM / QoS: Fix memory leak on resume_latency.notifiers PM / Documentation: Spelling s/wrtie/write/ PM / sleep: Fix test_suspend after sleep state rework cpufreq: CPPC: add ACPI_PROCESSOR dependency cpufreq: make ti-cpufreq explicitly non-modular cpufreq: Do not clear real_cpus mask on policy init tools/power/x86: Debug utility for intel_pstate driver AnalyzeSuspend: fix drag and zoom bug in javascript PM / wakeirq: report a wakeup_event on dedicated wekup irq PM / wakeirq: Fix spurious wake-up events for dedicated wakeirqs PM / wakeirq: Enable dedicated wakeirq for suspend cpufreq: dt: Don't use generic platdev driver for ti-cpufreq platforms cpufreq: ti: Add cpufreq driver to determine available OPPs at runtime Documentation: dt: add bindings for ti-cpufreq PM / OPP: Expose _of_get_opp_desc_node as dev_pm_opp API cpufreq: qoriq: Don't look at clock implementation details cpufreq: qoriq: add ARM64 SoCs support PM / Domains: Provide dummy governors if CONFIG_PM_GENERIC_DOMAINS=n cpufreq: brcmstb-avs-cpufreq: remove unnecessary platform_set_drvdata() ... commit 7aa7d608112baf63a0b1278955f9619427373807 Merge: 85adbcd fb3d769 Author: Linus Torvalds Date: Mon Feb 20 17:31:23 2017 -0800 Merge tag 'leds_for_4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds Pull LED updates from Jacek Anaszewski: "New features and improvements: - add new optional brightness_hw_changed attribute for the LEDs that may have their brightness level changed autonomously (outside of kernel control) by hardware / firmware. The attribute supports userspace notifications through POLLPRI events - add led_brightness_hw_mon tool that demonstrates how to use the aforementioned feature - add LED_ON enum for LEDs that can be only turned on/off, and don't allow setting other brightness levels - allow for adjusting heartbeat trigger blink brightness level Fixes and cleanups: - avoid harmless maybe-uninitialized warning in leds-ktd2692.c - add context to the existing example entries in common LED bindings to make the documentation more clear" * tag 'leds_for_4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds: leds: ledtrig-heartbeat: Make top brightness adjustable tools/leds: Add led_hw_brightness_mon program leds: class: Add new optional brightness_hw_changed attribute leds: ktd2692: avoid harmless maybe-uninitialized warning leds: add LED_ON brightness as boolean value DT: leds: Improve examples by adding some context commit 85adbcd54f0982040c8cc7a086f01554b8f64427 Merge: f790bd9 57f22cd Author: Linus Torvalds Date: Mon Feb 20 17:26:11 2017 -0800 Merge tag 'spi-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi updates from Mark Brown: "This release is mainly a collection of driver specific updates, including a few nice cleanups to make drivers use more core features. - automatically use the parent device to allocate DMA buffers if there wasn't an explicitly configured device. - fixes for leaks on allocation. - a small piece of the start of SPI slave support, a feature that's been on the cards for over a decade!" * tag 'spi-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: (55 commits) spi: spi-ti-qspi: Fix error handling spi: spi-ti-qspi: Fix error handling spi: lantiq-ssc: activate under COMPILE_TEST spi: armada-3700: Remove spi_master_put in a3700_spi_remove() spi: ti-qspi: revise ti_qspi_probe() failure flow spi: spi-ep93xx: simplify GPIO chip selects spi: rspi: Replaces "n" by "len" in qspi_transfer_*() spi: rspi: Fixes bogus received byte in qspi_transfer_in() spi: bcm-qspi: Remove unnecessary platform_set_drvdata() spi: bcm-qspi: Fix bcm_qspi_bspi_read() performance spi: lantiq-ssc: add support for Lantiq SSC SPI controller spi: s3c64xx: fix inconsistency between binding and driver spi: armada-3700: Remove .owner field for driver spi: bcm-qspi: Added mspi read fallback in bcm_qspi_flash_read() spi: fix device-node leaks spi: mediatek: Only do dma for 4-byte aligned buffers spi: When no dma_chan map buffers with spi_master's parent spi: pca2xx-pci: Allow MSI spi: pxa2xx: Prepare for edge-triggered interrupts spi: pxa2xx: Add support for Intel Gemini Lake ... commit f790bd9c8e826434ab6c326b225276ed0f73affe Merge: b3de5ad fad9cd4 Author: Linus Torvalds Date: Mon Feb 20 17:23:57 2017 -0800 Merge tag 'regulator-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator updates from Mark Brown: "Quite a lot of work going on the core this release, mainly around system initialization, but a quiet release for drivers: - fixes for registration of multiple regulators on a PMIC from Javier Martinez Canillas and Jon Hunter. - cleanups to the regulator_get() code from Dmitry Torokhov - lots of constifcation of structs from Bhumika Goyal - support for Motorola CPCAP regulators from Tony Lindgren" * tag 'regulator-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: (52 commits) regulator: core: Resolve supplies before disabling unused regulators regulator: Fix regulator_summary for deviceless consumers regulator: tps65086: Fix DT node referencing in of_parse_cb regulator: tps65086: Fix expected switch DT node names regulator: core: simplify _regulator_get() regulator: core: have regulator_dev_lookup() return ERR_PTR-encoded errors regulator: gpio: correct default type regulator: cpcap: Add basic regulator support regulator: core: fix typo in regulator_bulk_disable() regulator: core: optimize devm_regulator_bulk_get() regulator: core: simplify regulator_bulk_force_disable() regulator: core: have _regulator_get() accept get_type argument regulator: core: remove dead code in _regulator_get() regulator: rn5t618: constify regulator_ops structure regulator: rc5t583-regulator: constify regulator_ops structure regulator: pv88090-regulator: constify regulator_ops structure regulator: pv88080-regulator: constify regulator_ops structure regulator: pv88060-regulator: constify regulator_ops structure regulator: pfuze100-regulator: constify regulator_ops structure regulator: pcf50633-regulator: constify regulator_ops structure ... commit b3de5ad688f0f52457e73767f95a640ab4158d0d Merge: 27a67e0 90e51e6 Author: Linus Torvalds Date: Mon Feb 20 17:20:34 2017 -0800 Merge tag 'regmap-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap Pull regmap updates from Mark Brown: "For v4.11 activity on the regmap API has literally doubled, there are two patches this release: - fixes from Charles Keepax to make the kerneldoc generate correctly - a cleanup from Geliang Tang using rb_entry() rather than open coding it with container_of()" * tag 'regmap-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap: regmap: Fixup the kernel-doc comments on functions/structures regmap: use rb_entry() commit 27a67e0f983567574ef659520d930f82cf65125a Merge: 59da2a0 53f724b Author: Linus Torvalds Date: Mon Feb 20 17:16:43 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID updates from Jiri Kosina: - a lot of Wacom driver updates; most notably second generation Intuos Pro is now supported, code from Aaron Armstrong Skomra and Jason Gerecke - Surface 3 and 4 Type Cover Pro support from Daniel Keller, Dennis Chen and Yuta Kobayashi - hid-rmi is now generic transport driver, used by synaptics-rmi4; Support the Lenovo Thinkpad X1 Tablet dock follows on top, from Andrew Duggan - a few misc bugfixes and improvements here and there * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: (29 commits) HID: intel-ish-hid: constify device_type structure HID: wacom: Bluetooth IRQ for Intuos Pro should handle prox/range HID: intel-ish-hid: ipc: check FW status to distinguish ISH resume paths HID: multitouch: fix LG Melfas touchscreen HID: wacom: don't apply generic settings to old devices HID: wacom: generic: support LEDs HID: wacom: generic: support generic touch switch HID: wacom: generic: add vendor defined touch HID: wacom: generic: add support for touchring HID: wacom: generic: remove input_event_flag HID: wacom: Support 2nd-gen Intuos Pro's Bluetooth classic interface HID: wacom: Move WAC_CMD_* into wacom_wac.h HID: wacom: Enable HID_GENERIC codepath for Bluetooth devices HID: wacom: do not attempt to switch mode while in probe HID: wacom: remove warning while disconnecting devices HID: wacom: release the resources before leaving despite devm HID: whitespace cleanup HID: multitouch: enable Surface 3 Type Cover Pro to report multitouch data HID: rmi: Support the Lenovo Thinkpad X1 Tablet dock using hid-rmi HID: rmi: Handle all Synaptics touchpads using hid-rmi ... commit 59da2a0630b8db5fa71fa5ca0052fd3fe3766d94 Merge: ebb4949 372e2db Author: Linus Torvalds Date: Mon Feb 20 17:13:23 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching Pull livepatching updates from Jiri Kosina: - removal of dead code (Kamalesh Babulal) - documentation update (Miroslav Benes) * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching: livepatch: doc: remove the limitation for schedule() patching powerpc/livepatch: Remove klp_write_module_reloc() stub commit ebb4949eb32ff500602f960525592fc4e614c5a7 Merge: 937b5b5 8d2932d Author: Linus Torvalds Date: Mon Feb 20 16:42:43 2017 -0800 Merge tag 'iommu-updates-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU UPDATES from Joerg Roedel: - KVM PCIe/MSI passthrough support on ARM/ARM64 - introduction of a core representation for individual hardware iommus - support for IOMMU privileged mappings as supported by some ARM IOMMUS - 16-bit SID support for ARM-SMMUv2 - stream table optimization for ARM-SMMUv3 - various fixes and other small improvements * tag 'iommu-updates-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (61 commits) vfio/type1: Fix error return code in vfio_iommu_type1_attach_group() iommu: Remove iommu_register_instance interface iommu/exynos: Make use of iommu_device_register interface iommu/mediatek: Make use of iommu_device_register interface iommu/msm: Make use of iommu_device_register interface iommu/arm-smmu: Make use of the iommu_register interface iommu: Add iommu_device_set_fwnode() interface iommu: Make iommu_device_link/unlink take a struct iommu_device iommu: Add sysfs bindings for struct iommu_device iommu: Introduce new 'struct iommu_device' iommu: Rename struct iommu_device iommu: Rename iommu_get_instance() iommu: Fix static checker warning in iommu_insert_device_resv_regions iommu: Avoid unnecessary assignment of dev->iommu_fwspec iommu/mediatek: Remove bogus 'select' statements iommu/dma: Remove bogus dma_supported() implementation iommu/ipmmu-vmsa: Restrict IOMMU Domain Geometry to 32-bit address space iommu/vt-d: Don't over-free page table directories iommu/vt-d: Tylersburg isoch identity map check is done too late. iommu/vt-d: Fix some macros that are incorrectly specified in intel-iommu ... commit 937b5b5ddd2f685b4962ec19502e641bb5741c12 Merge: c945d02 3dfe330 Author: Linus Torvalds Date: Mon Feb 20 16:39:47 2017 -0800 Merge tag 'm68k-for-v4.11-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k updates from Geert Uytterhoeven: - kernel message modernizations and cleanups - defconfig updates - cleanups * tag 'm68k-for-v4.11-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k/sun3: Remove dead code in paging_init() m68k/include: Modernize printing of kernel messages m68k/mm: Modernize printing of kernel messages m68k/mm: sun3 - Modernize printing of kernel messages m68k/kernel: Modernize printing of kernel messages m68k/sun3x: Modernize printing of kernel messages m68k/sun3: Modernize printing of kernel messages m68k/q40: Modernize printing of kernel messages m68k/mvme16x: Modernize printing of kernel messages m68k/mvme147: Modernize printing of kernel messages m68k/bvme6000: Modernize printing of kernel messages m68k/68000: Modernize printing of kernel messages m68k/atari: Modernize printing of kernel messages m68k: Delete an unnecessary variable assignment in sys_cacheflush() m68k/mac: Clean up interrupt debug macros and printk statements m68k/mac: Remove SHUTUP_SONIC interrupt hack m68k/mac: Improve NMI handler m68k/defconfig: Update defconfigs for v4.10-rc1 m68k/mac: Remove unneeded linux/miscdevice.h include commit c945d0227d86ddc3485290fa5da1a7d2c9b759de Merge: 8b5abde d48085f Author: Linus Torvalds Date: Mon Feb 20 16:26:57 2017 -0800 Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 platform updates from Ingo Molnar: "Misc platform updates: SGI UV4 support additions, intel-mid Merrifield enhancements and purge of old code" * 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (21 commits) x86/platform/UV/NMI: Fix uneccessary kABI breakage x86/platform/UV: Clean up the NMI code to match current coding style x86/platform/UV: Ensure uv_system_init is called when necessary x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source x86/platform/UV: Verify NMI action is valid, default is standard x86/platform/UV: Add basic CPU NMI health check x86/platform/UV: Add Support for UV4 Hubless NMIs x86/platform/UV: Add Support for UV4 Hubless systems x86/platform/UV: Clean up the UV APIC code x86/platform/intel-mid: Move watchdog registration to arch_initcall() x86/platform/intel-mid: Don't shadow error code of mp_map_gsi_to_irq() x86/platform/intel-mid: Allocate RTC interrupt for Merrifield x86/ioapic: Return suitable error code in mp_map_gsi_to_irq() x86/platform/UV: Fix 2 socket config problem x86/platform/UV: Fix panic with missing UVsystab support x86/platform/intel-mid: Enable RTC on Intel Merrifield x86/platform/intel: Remove PMIC GPIO block support x86/platform/intel-mid: Make intel_scu_device_register() static x86/platform/intel-mid: Enable GPIO keys on Merrifield x86/platform/intel-mid: Get rid of duplication of IPC handler ... commit 8b5abde16bdc939d0602ea37bef0184a396ca9ea Merge: a25a1d6 025205f Author: Linus Torvalds Date: Mon Feb 20 15:57:19 2017 -0800 Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 mm updates from Ingo Molnar: "A laundry list of changes: KASAN improvements/fixes for ptdump, a self-test fix, PAT cleanup and wbinvd() avoidance, removal of stale code and documentation updates" * 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm/ptdump: Add address marker for KASAN shadow region x86/mm/ptdump: Optimize check for W+X mappings for CONFIG_KASAN=y x86/mm/pat: Use rb_entry() x86/mpx: Re-add MPX to selftests Makefile x86/mm: Remove CONFIG_DEBUG_NX_TEST x86/mm/cpa: Avoid wbinvd() for PREEMPT x86/mm: Improve documentation for low-level device I/O functions commit bd8562626c8e170691d6457fe4e8dfb45607a48d Author: Rafael J. Wysocki Date: Mon Feb 20 15:28:13 2017 +0100 docs / driver-api: Fix structure references in device_link.rst The format of the structure references in device_link.rst is incorrect, because it doesn't cause proper references to the struct data types to be generated (for struct dev_pm_domain in particular). Fix that by using the :c:type:`struct name ` convention for encoding references to struct data types. Fixes: aad800403a87 (Documentation/core-api/device_link: Add initial documentation) Signed-off-by: Rafael J. Wysocki Signed-off-by: Jonathan Corbet Documentation/driver-api/device_link.rst | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit e3941cd9f59d1d5508c29eb1712a732722885ee7 Author: Rafael J. Wysocki Date: Mon Feb 20 15:26:21 2017 +0100 PM / docs: Fix structure references in device.rst There is a better way to represent structure references than it was done in device.rst by commit 730c4c053012 (PM / sleep / docs: Convert PM notifiers document to reST), which is to use "struct name" as a link caption (e.g. :c:type:`struct device `). That will cause sphinx to generate a proper reference to the data type in question (struct device in the example above) and "struct name" will work as the link in the HTML output. Fix device.rst by using that convention where applicable. Fixes: 730c4c053012 (PM / sleep / docs: Convert PM notifiers document to reST) Signed-off-by: Rafael J. Wysocki Signed-off-by: Jonathan Corbet Documentation/driver-api/pm/devices.rst | 72 +++++++++++++++++---------------- 1 file changed, 38 insertions(+), 34 deletions(-) commit a25a1d6c24ab50ee9dd26869912df5724d7ef48e Merge: 280d7a1 f26483e Author: Linus Torvalds Date: Mon Feb 20 15:30:51 2017 -0800 Merge branch 'x86-microcode-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 microcode updates from Ingo Molnar: "The main changes are further simplification and unification of the code between the AMD and Intel microcode loaders, plus other simplifications - by Borislav Petkov" * 'x86-microcode-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/microcode/AMD: Remove struct cont_desc.eq_id x86/microcode/AMD: Remove AP scanning optimization x86/microcode/AMD: Simplify saving from initrd x86/microcode/AMD: Unify load_ucode_amd_ap() x86/microcode/AMD: Check patch level only on the BSP x86/microcode: Remove local vendor variable x86/microcode/AMD: Use find_microcode_in_initrd() x86/microcode/AMD: Get rid of global this_equiv_id x86/microcode: Decrease CPUID use x86/microcode/AMD: Rework container parsing x86/microcode/AMD: Extend the container struct x86/microcode/AMD: Shorten function parameter's name x86/microcode/AMD: Clean up find_equiv_id() x86/microcode: Convert to bare minimum MSR accessors x86/MSR: Carve out bare minimum accessors commit 6e11617fcff3688f70650a3e40addb0043dda137 Merge: 722c5ac a1b5359 Author: Dmitry Torokhov Date: Mon Feb 20 15:16:02 2017 -0800 Merge branch 'next' into for-linus Prepare input updates for 4.11 merge window. commit a1b5359271e5c77d5ec8a575b379a6ba3e867097 Author: Javier Martinez Canillas Date: Mon Feb 20 15:06:39 2017 -0800 Input: zet6223 - export OF device ID as module aliases The I2C core always reports a MODALIAS of the form i2c: even if the device was registered via OF, this means that exporting the OF device ID table device aliases in the module is not needed. But in order to change how the core reports modaliases to user-space, it's better to export it. Before this patch: $ modinfo drivers/input/touchscreen/zet6223.ko | grep alias alias: i2c:zet6223 After this patch: $ modinfo drivers/input/touchscreen/zet6223.ko | grep alias alias: of:N*T*Czeitec,zet6223C* alias: of:N*T*Czeitec,zet6223 alias: i2c:zet6223 Signed-off-by: Javier Martinez Canillas Signed-off-by: Dmitry Torokhov drivers/input/touchscreen/zet6223.c | 1 + 1 file changed, 1 insertion(+) commit 280d7a1edef214eefb1cb34915c73767355dd1b3 Merge: 8a9365a 9729017 Author: Linus Torvalds Date: Mon Feb 20 15:03:51 2017 -0800 Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fpu updates from Ingo Molnar: "The main changes relate to fixes between (lack of) CPUID and FPU detection that should only affect old or weird CPUs, by Andy Lutomirski" * 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/fpu: Fix the "Giving up, no FPU found" test x86/fpu: Fix CPUID-less FPU detection x86/fpu: Fix "x86/fpu: Legacy x87 FPU detected" message x86/cpu: Re-apply forced caps every time CPU caps are re-read x86/cpu: Factor out application of forced CPU caps x86/cpu: Add X86_FEATURE_CPUID x86/fpu/xstate: Move XSAVES state init to a function commit 51ec502a32665fed66c7f03799ede4023b212536 Author: Bart Van Assche Date: Tue Feb 14 16:25:54 2017 -0800 target: Delete tmr from list before processing This patch does an explicit list_del_init(tmr->tmr_list) in core_tmr_drain_tmr_list() before starting processing of outstanding TMRs to abort, instead of explicitly checking which TMR descriptor matches the caller. Signed-off-by: Bart Van Assche Cc: Hannes Reinecke Cc: Christoph Hellwig Cc: David Disseldorp Signed-off-by: Nicholas Bellinger drivers/target/target_core_tmr.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit 8a9365a4725a4d6265a416dd63bff937e300308e Merge: 2891e8e 3bba73b Author: Linus Torvalds Date: Mon Feb 20 14:37:08 2017 -0800 Merge branch 'x86-cpufeature-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cpufeature updates from Ingo Molnar: "The main changes in this cycle were related to enable ring-3 MONITOR/MWAIT instructions support on supported CPUs, by Grzegorz Andrejczuk and Piotr Luc" * 'x86-cpufeature-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/cpufeature: Move RING3MWAIT feature to avoid conflicts x86/cpufeature: Enable RING3MWAIT for Knights Mill x86/cpufeature: Enable RING3MWAIT for Knights Landing x86/cpufeature: Add RING3MWAIT to CPU features x86/elf: Add HWCAP2 to expose ring 3 MONITOR/MWAIT x86/msr: Add MSR_MISC_FEATURE_ENABLES and RING3MWAIT bit x86/cpufeature: Add AVX512_VPOPCNTDQ feature commit 2891e8e66787a6a5dadad017d1c8a8f23d8658af Merge: 292d386 07d495d Author: Linus Torvalds Date: Mon Feb 20 14:34:23 2017 -0800 Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cleanups from Ingo Molnar: "Two small cleanups" * 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/traps: Get rid of unnecessary preempt_disable/preempt_enable_no_resched x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 commit 758e99fefe1d9230111296956335cd35995c0eaf Author: Christoph Hellwig Date: Mon Feb 20 17:04:42 2017 -0500 nfsd: minor nfsd_setattr cleanup Simplify exit paths, size_change use. Signed-off-by: Christoph Hellwig Cc: stable@kernel.org Signed-off-by: J. Bruce Fields fs/nfsd/vfs.c | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) commit 60709c093ed39aadb0f09972ebbc96dc34eb372e Merge: 7323f0d 0839ffb Author: J. Bruce Fields Date: Mon Feb 20 12:24:00 2017 -0500 nfsd: merge stable fix into main nfsd branch commit 5a4dcdcac8e591e235943998caffdf6ac421a422 Merge: 8676ea8 65ed2ff Author: David S. Miller Date: Mon Feb 20 17:11:56 2017 -0500 Merge branch 'qed-bug-fixes' Yuval Mintz says: ==================== qed*: Bug fixes This is a respin of the series with same name for net-next instead of net [only patch #10 is changed]. The 3 first patches here are a repost of ("qed: RoCE infrastructure fixes"). The fourth is an additional RoCE-related infrastructure fix, and the latter contain various fixes to qed/qede. Please consider applying these to `net-next'. ==================== Signed-off-by: David S. Miller commit 65ed2ffd640578166e4ec149573bcf1d10f81b81 Author: Mintz, Yuval Date: Mon Feb 20 22:43:39 2017 +0200 qed*: Fix link indication race Driver changes the link properties via communication with the management firmware, and re-reads the resulting link status when it receives an indication that the link has changed. However, there are certain scenarios where such indications might be missing, and so driver also re-reads the current link results without attention in several places. Specifically, it does so during load and when resetting the link. This creates a race where driver might reflect incorrect link status - e.g., when explicit reading of the link status is switched by attention with the changed configuration. Correct this flow by a lock syncronizing the handling of the link indications [both explicit requests and attention]. Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_main.c | 12 +++++++++--- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 18 ++++++++++++++---- drivers/net/ethernet/qlogic/qed/qed_mcp.h | 6 ++++++ drivers/net/ethernet/qlogic/qed/qed_sriov.h | 1 + drivers/net/ethernet/qlogic/qed/qed_vf.c | 3 +++ drivers/net/ethernet/qlogic/qede/qede_main.c | 5 ----- 6 files changed, 33 insertions(+), 12 deletions(-) commit 85750d74fba5a7c31309c038c5f9f019edc6ea31 Author: Mintz, Yuval Date: Mon Feb 20 22:43:38 2017 +0200 qed: Don't allocate SBs using main PTT Flows accessing registers require the flow to hold a PTT entry. To protect 'major' load/unload flows a main_ptt is pre-allocated to guarantee such flows wouldn't be blocked by PTT being unavailable. Status block initialization currently uses the main_ptt which is incorrect, as this flow might run concurrently to others [E.g., loading qedr while toggling qede]. That would have dire effects as it means registers' access to device breaks and further read/writes might access incorrect addresses. Instead, when initializing status blocks acquire/release a PTT as part of the flow. Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_main.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) commit afe981d664aeeebc8d1bcbd7d2070b5432edaecb Author: Sudarsana Reddy Kalluru Date: Mon Feb 20 22:43:37 2017 +0200 qede: Prevent index problems in loopback test Driver currently utilizes the same loop variable in two nested loops. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 33b2fbd0a8d3c556b802d8753ac5bb3e8f90e988 Author: Mintz, Yuval Date: Mon Feb 20 22:43:36 2017 +0200 qed: Reflect PF link when initializing VF VF learns of the current link state via its bulletin board, which might reflect either the physical link state or some user-configured logical state. Whenever the physical link changes or whnever such a configuration is explicitly made by user the PF driver would update the bulletin that the VF reads. But if neither has happened - i.e., PF still hasn't got a physical link up and no additional configuration was done the VF wouldn't have a valid link information available. Simply reflect the physical link state whenever the VF is initialized. The user could then affect it however he wants. Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_sriov.c | 90 ++++++++++++++++------------- 1 file changed, 51 insertions(+), 39 deletions(-) commit 885185dfc49bde35b45046bb6b7384eca68e404f Author: Mintz, Yuval Date: Mon Feb 20 22:43:35 2017 +0200 qede: Free netdevice only after stoping slowpath qed needs to be informed of the removal of the qede interface prior to its actual removal, as qede has some registered callbacks that might get called async to the removal flow. Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_main.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 0e0b80a9a7181cbdbb965a6b4750574932106e31 Author: Mintz, Yuval Date: Mon Feb 20 22:43:34 2017 +0200 qede: Initialize lock and slowpath workqueue early Need to make sure the slowpath workqueue and the qede lock are ready for the registration of the netdevice, as once registered there's no guarantee those wouldn't be used. Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_main.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit c2dedf8773e873474535bd4a158609b9eda5403d Author: Ram Amrani Date: Mon Feb 20 22:43:33 2017 +0200 qed: Reserve doorbell BAR space for present CPUs Reserving doorbell BAR space according to the currently active CPUs may result in a bug if disabled CPUs are later enabled but no doorbell space was reserved for them. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 300c0d7c232da572cb640f3bc803554f74e08f69 Author: Ram Amrani Date: Mon Feb 20 22:43:32 2017 +0200 qed: Don't free a QP more than once If QP is in reset state then there are no resources to free so avoid freeing any. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_roce.c | 49 ++++++++++++++++-------------- 1 file changed, 27 insertions(+), 22 deletions(-) commit c5212b943d4b52a7d9e0d9f747e7ad59c50d31f1 Author: Ram Amrani Date: Mon Feb 20 22:43:31 2017 +0200 qed: Read queue state before releasing buffer Currently the state is read only after the buffers are relesed. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_roce.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 670dde55c6f182b8a159f0484be92b89d82107e1 Author: Ram Amrani Date: Mon Feb 20 22:43:30 2017 +0200 qed: Release CQ resource under lock on failure The CQ resource pool is protected by a spin lock. When a CQ creation fails it now deallocates under that lock as well. Signed-off-by: Ram Amrani Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_roce.c | 2 ++ 1 file changed, 2 insertions(+) commit 8676ea8f3f9b7dc93544477821f107004c0366cf Merge: 45ee244 e399553 Author: David S. Miller Date: Mon Feb 20 17:11:11 2017 -0500 Merge branch 'aquantia-next' Pavel Belous says: ==================== net: ethernet: aquantia: improvements and fixes The following patchset contains improvements and fixes for aQuantia AQtion ethernet driver from net-next tree. Most fixes are based on the comments from Lino Sanfilippo. Sanity testing was performed on real HW. No regression found. v1->v2: 1)Removed buffers copying. 2)Fixed dma error handling. v2->v3: 1)Fixes for aq_ndev_change_mtu: -Use core MTU checking for min_mtu. -Removed extra new_mtu assigment. 2)Reverse XMAS tree in aq_ring_rx_fill. v3->v4: 1)Use ndev->reg_state instead "is_ndev_registered" flag. ==================== Signed-off-by: David S. Miller commit e399553d233678687ce4b149c822194d17e07675 Author: Pavel Belous Date: Mon Feb 20 22:36:50 2017 +0300 net: ethernet: aquantia: Copying tx buffers is not needed. This fix removes copying of tx biffers. Now we use ring->buff_fing directly. Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 170 +++++++++++++---------- drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 19 --- drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 3 - 3 files changed, 97 insertions(+), 95 deletions(-) commit 89b643889b1f56d8b53728f6153a4237c849784b Author: Pavel Belous Date: Mon Feb 20 22:36:49 2017 +0300 net: ethernet: aquantia: Fixed memory allocation if AQ_CFG_RX_FRAME_MAX > 1 page. We should allocate the number of pages based on the config parameter AQ_CFG_RX_FRAME_MAX. Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit c0788f7463f138bb1d30552b3edac442781b4e11 Author: Pavel Belous Date: Mon Feb 20 22:36:48 2017 +0300 net: ethernet: aquantia: Fixed incorrect buff->len calculation. rxd_wb->pkt_len is the total length of the packet. If we received a large packet (with length > AQ_CFG_RX_FRAME_MAX) then we will get multiple buffers. We need to fix the length of the last buffer. Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_a0.c | 4 ++-- drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 55629109d934b2c1b25457424fa72eb94e8c2a26 Author: Pavel Belous Date: Mon Feb 20 22:36:47 2017 +0300 net: ethernet: aquantia: Call netdev_register after all initialized. netdev_register should be called when everything is initialized. Also we should use net_device->reg_state field instead own "is_ndev_registered" flag to avoid any race. Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 10 +++++----- drivers/net/ethernet/aquantia/atlantic/aq_nic_internal.h | 1 - 2 files changed, 5 insertions(+), 6 deletions(-) commit df9000ef9609c8a5e57783d0667ba7f39f52ed1e Author: Pavel Belous Date: Mon Feb 20 22:36:46 2017 +0300 net: ethernet: aquantia: Null pointer check for aq_nic_ndev_alloc. We should check for a null pointer for aq_nic_ndev_alloc instead netdev_priv. Signed-off-by: Pavel Belous Reviewed-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit b350d7b8b8c99d67dc9a21eeeb1f3564c5213cbd Author: Pavel Belous Date: Mon Feb 20 22:36:45 2017 +0300 net: ethernet: aquantia: Using NETDEV_TX_OK instead 0. Use NETDEV_TX_OK as the return value for successful transmission. Signed-off-by: Pavel Belous Reviewed-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d5919aeba1cc7a2b90210256d617625fceaf4e06 Author: Pavel Belous Date: Mon Feb 20 22:36:44 2017 +0300 net: ethernet: aquantia: Fixed missing rtnl_unlock. rtnl_unlock should be called if error occurred. Signed-off-by: Pavel Belous Reviewed-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 362f37b28ba52115be9b30134375b199ac612df4 Author: Pavel Belous Date: Mon Feb 20 22:36:43 2017 +0300 net: ethernet: aquantia: Superfluous initialization of "err". Fixed superfluous initialization of err. Signed-off-by: Pavel Belous Reviewed-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_main.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit 14861e9de2c2ffe404fb41cc34150f09a39acb44 Author: Pavel Belous Date: Mon Feb 20 22:36:42 2017 +0300 net: ethernet: aquantia: Using module_pci_driver. Remove boilerplate code by using macro module_pci_driver. Signed-off-by: Pavel Belous Reviewed-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_main.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) commit 5513e16421cb9538f4e394734e4b96ea0d857b23 Author: Pavel Belous Date: Mon Feb 20 22:36:41 2017 +0300 net: ethernet: aquantia: Fixes for aq_ndev_change_mtu 1)Removed unnecessary comparsion "old_mtu == new_mtu". This check is not needed. Function aq_ndev_change_mtu wont be called if mtu has not changed. 2)Removed extra assignment ndev->mtu = new_mtu; This assignment already done inside __dev_set_mtu(). 3)Use core MTU checking for min_mtu. Signed-off-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_main.c | 12 +----------- drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 1 + 2 files changed, 2 insertions(+), 11 deletions(-) commit 15e32a5e1e016f40712c3c843c84078385c49db2 Author: Pavel Belous Date: Mon Feb 20 22:36:40 2017 +0300 net: ethernet: aquantia: Removed busy_count field. busy_count field and is_busy flag is not needed at all. Signed-off-by: Pavel Belous Reviewed-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 11 ----------- drivers/net/ethernet/aquantia/atlantic/aq_utils.h | 1 - 2 files changed, 12 deletions(-) commit 99e5582730eb18c5ab4402ba1edc73ec3fd5ba2b Author: Pavel Belous Date: Mon Feb 20 22:36:39 2017 +0300 net: ethernet: aquantia: Removed extra assignment for skb->dev. This assignment is not needed. Signed-off-by: Pavel Belous Reviewed-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 1 - 1 file changed, 1 deletion(-) commit 292d38674301c6fbee3965e446bd1c8a6672a400 Merge: 4abaa80 5773ebf Author: Linus Torvalds Date: Mon Feb 20 14:04:37 2017 -0800 Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 boot updates from Ingo Molnar: "Misc updates: - fix e820 error handling - convert page table setup code from assembly to C - fix kexec environment bug - ... plus small cleanups" * 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/kconfig: Remove misleading note regarding hibernation and KASLR x86/boot: Fix KASLR and memmap= collision x86/e820/32: Fix e820_search_gap() error handling on x86-32 x86/boot/32: Convert the 32-bit pgtable setup code from assembly to C x86/e820: Make e820_search_gap() static and remove unused variables commit 4abaa800fdc6303dc63d3f11080a31a6cf42f34d Merge: 4cee9fe 6606021 Author: Linus Torvalds Date: Mon Feb 20 14:03:03 2017 -0800 Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 asm update from Ingo Molnar: "This adds a new SYSRET testcase" * 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: selftests/x86: Add a selftest for SYSRET to noncanonical addresses commit 4cee9fe53e4d181b608c7758090ed492b45d6801 Merge: 42e1b14 543113d Author: Linus Torvalds Date: Mon Feb 20 14:01:21 2017 -0800 Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 apic changes from Ingo Molnar: "The main changes in this cycle were: - Re-activate the hw IRQ resend mechanism that was downgraded to a sw-resend unintentionally. (Ruslan Ruslichenko) - Avoid sporadic spurious hrtimer interrupts (Frederic Weisbecker)" [ Let's see if the io_apic retrigger ends up surviving this release, it got reverted last time because it found problems elsewhere - Linus ] * 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/apic: Fix a typo in a comment line x86/ioapic: Restore IO-APIC irq_chip retrigger callback x86/apic: Implement set_state_oneshot_stopped() callback x86/apic: Fix typos in comments commit e3b88ee95b4e4bf3e9729a4695d695b9c7c296c8 Author: Bart Van Assche Date: Tue Feb 14 16:25:45 2017 -0800 target: Fix handling of aborted failed commands If a target driver (e.g. tcm_qla2xxx) calls transport_generic_request_failure() to report that receiving data has failed and that SCSI command has already been aborted by the initiator, ensure that the SCSI status ABORTED is sent back to the initiator instead of the sense code provided by the target driver. Signed-off-by: Bart Van Assche Cc: Hannes Reinecke Cc: Christoph Hellwig Cc: David Disseldorp Signed-off-by: Nicholas Bellinger drivers/target/target_core_transport.c | 3 +++ 1 file changed, 3 insertions(+) commit 42e1b14b6e1455ece2ccbe474c25388d0230a590 Merge: 828cad8 95cb64c Author: Linus Torvalds Date: Mon Feb 20 13:23:30 2017 -0800 Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking updates from Ingo Molnar: "The main changes in this cycle were: - Implement wraparound-safe refcount_t and kref_t types based on generic atomic primitives (Peter Zijlstra) - Improve and fix the ww_mutex code (Nicolai Hähnle) - Add self-tests to the ww_mutex code (Chris Wilson) - Optimize percpu-rwsems with the 'rcuwait' mechanism (Davidlohr Bueso) - Micro-optimize the current-task logic all around the core kernel (Davidlohr Bueso) - Tidy up after recent optimizations: remove stale code and APIs, clean up the code (Waiman Long) - ... plus misc fixes, updates and cleanups" * 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (50 commits) fork: Fix task_struct alignment locking/spinlock/debug: Remove spinlock lockup detection code lockdep: Fix incorrect condition to print bug msgs for MAX_LOCKDEP_CHAIN_HLOCKS lkdtm: Convert to refcount_t testing kref: Implement 'struct kref' using refcount_t refcount_t: Introduce a special purpose refcount type sched/wake_q: Clarify queue reinit comment sched/wait, rcuwait: Fix typo in comment locking/mutex: Fix lockdep_assert_held() fail locking/rtmutex: Flip unlikely() branch to likely() in __rt_mutex_slowlock() locking/rwsem: Reinit wake_q after use locking/rwsem: Remove unnecessary atomic_long_t casts jump_labels: Move header guard #endif down where it belongs locking/atomic, kref: Implement kref_put_lock() locking/ww_mutex: Turn off __must_check for now locking/atomic, kref: Avoid more abuse locking/atomic, kref: Use kref_get_unless_zero() more locking/atomic, kref: Kill kref_sub() locking/atomic, kref: Add kref_read() locking/atomic, kref: Add KREF_INIT() ... commit 34371d236eab28933eefc0d77bd1e3df62fc585b Author: Takashi Sakamoto Date: Tue Feb 21 05:09:19 2017 +0900 ALSA: usb-audio: localize function without external linkage When accessed inner a file, functions should have static qualifier for local-linkage. This commit fixes the bug. Sparse generated below warning. sound/usb/mixer_us16x08.c:1043:32: warning: symbol 'snd_us16x08_create_meter_store' was not declared. Should it be static? Fixes: d2bb390a2081 ("ALSA: usb-audio: Tascam US-16x08 DSP mixer quirk") Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/usb/mixer_us16x08.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 828cad8ea05d194d8a9452e0793261c2024c23a2 Merge: 60c906b bb3bac2 Author: Linus Torvalds Date: Mon Feb 20 12:52:55 2017 -0800 Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler updates from Ingo Molnar: "The main changes in this (fairly busy) cycle were: - There was a class of scheduler bugs related to forgetting to update the rq-clock timestamp which can cause weird and hard to debug problems, so there's a new debug facility for this: which uncovered a whole lot of bugs which convinced us that we want to keep the debug facility. (Peter Zijlstra, Matt Fleming) - Various cputime related updates: eliminate cputime and use u64 nanoseconds directly, simplify and improve the arch interfaces, implement delayed accounting more widely, etc. - (Frederic Weisbecker) - Move code around for better structure plus cleanups (Ingo Molnar) - Move IO schedule accounting deeper into the scheduler plus related changes to improve the situation (Tejun Heo) - ... plus a round of sched/rt and sched/deadline fixes, plus other fixes, updats and cleanups" * 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (85 commits) sched/core: Remove unlikely() annotation from sched_move_task() sched/autogroup: Rename auto_group.[ch] to autogroup.[ch] sched/topology: Split out scheduler topology code from core.c into topology.c sched/core: Remove unnecessary #include headers sched/rq_clock: Consolidate the ordering of the rq_clock methods delayacct: Include sched/core: Clean up comments sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in milliseconds sched/clock: Add dummy clear_sched_clock_stable() stub function sched/cputime: Remove generic asm headers sched/cputime: Remove unused nsec_to_cputime() s390, sched/cputime: Remove unused cputime definitions powerpc, sched/cputime: Remove unused cputime definitions s390, sched/cputime: Make arch_cpu_idle_time() to return nsecs ia64, sched/cputime: Remove unused cputime definitions ia64: Convert vtime to use nsec units directly ia64, sched/cputime: Move the nsecs based cputime headers to the last arch using it sched/cputime: Remove jiffies based cputime sched/cputime, vtime: Return nsecs instead of cputime_t to account sched/cputime: Complete nsec conversion of tick based accounting ... commit 60c906bab124a0627fba04c9ca5e61bba4747c0c Merge: 7f4eb0a 9026cc8 Author: Linus Torvalds Date: Mon Feb 20 12:47:44 2017 -0800 Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RAS updates from Ingo Molnar: "The main changes in this cycle were: - Assign notifier chain priorities for all RAS related handlers to make the ordering explicit (Borislav Petkov) - Improve the AMD MCA banks sysfs output (Yazen Ghannam) - Various cleanups and restructuring of the x86 RAS code (Borislav Petkov)" * 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/ras, EDAC, acpi: Assign MCE notifier handlers a priority x86/ras: Get rid of mce_process_work() EDAC/mce/amd: Dump TSC value EDAC/mce/amd: Unexport amd_decode_mce() x86/ras/amd/inj: Change dependency x86/ras: Flip the TSC-adding logic x86/ras/amd: Make sysfs names of banks more user-friendly x86/ras/therm_throt: Do not log a fake MCE for thermal events x86/ras/inject: Make it depend on X86_LOCAL_APIC=y commit 02ed051fe1fd2fc8dbafec23ddd4814936121650 Author: Takashi Sakamoto Date: Tue Feb 21 05:09:17 2017 +0900 ALSA: usb-audio: localize one-referrer variable When accessed by one referrer inner a file, variables should have static qualifier to declare local-linkage. This commit fixes the bug. Sparse generated below warnings. sound/usb/mixer_us16x08.c:156:13: warning: duplicate const sound/usb/mixer_us16x08.c:156:18: warning: symbol 'route_names' was not declared. Should it be static? Fixes: d2bb390a2081 ("ALSA: usb-audio: Tascam US-16x08 DSP mixer quirk") Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/usb/mixer_us16x08.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4e25d30c8ddeae6ad0b68440aacadaacb14f8538 Merge: d2bb390a 141dee7 Author: Takashi Iwai Date: Mon Feb 20 21:43:40 2017 +0100 Merge tag 'asoc-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Updates for v4.11 Another release that's mainly focused on drivers rather than core changes, highlights include: - A huge batch of updates to the Intel drivers, mainly around DisplayPort and HDMI with some additional board support too. - Channel mapping support for HDMI. - Support for AllWinner A31 and A33, Everest Semiconductor ES8328, Nuvoton NAU8540. commit e9be2ac7c09cabcbbbb12b0869e49b7a715d6fb5 Author: Theodore Ts'o Date: Mon Feb 20 15:34:59 2017 -0500 ext4: rename EXT4_IOC_GOINGDOWN to EXT4_IOC_SHUTDOWN It's very likely the file system independent ioctl name will be FS_IOC_SHUTDOWN, so let's use the same name for the ext4 ioctl name. Signed-off-by: Theodore Ts'o fs/ext4/ext4.h | 2 +- fs/ext4/ioctl.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) commit 7f4eb0a6d5a76ee054acd7255c05b8d5ca31c5d9 Merge: 32e2d7c 0c8967c Author: Linus Torvalds Date: Mon Feb 20 12:21:13 2017 -0800 Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf updates from Ingo Molnar: "On the kernel side the main changes in this cycle were: - Add Intel Kaby Lake CPU support (Srinivas Pandruvada) - AMD uncore driver updates for fam17 (Janakarajan Natarajan) - Intel/PT updates and core events optimizations and cleanups (Alexander Shishkin) - cgroups events fixes (David Carrillo-Cisneros) - kprobes improvements (Masami Hiramatsu) - ... plus misc fixes and updates. On the tooling side the main changes were: - Support clang build in tools/{perf,lib/{bpf,traceevent,api}} with CC=clang, to, for instance, take advantage of better warnings (Arnaldo Carvalho de Melo): - Introduce the 'delta-abs' 'perf diff' compute method, that orders the histogram entries by the absolute value of the percentage delta for a function in two perf.data files, i.e. the functions that changed the most (increase or decrease in samples) comes first (Namhyung Kim) - Add support for parsing Intel uncore vendor event files and add uncore vendor events for the Intel server processors (Haswell, Broadwell, IvyBridge), Xeon Phi (Knights Landing) and Broadwell DE (Andi Kleen) - Introduce 'perf ftrace' a perf front end to the kernel's ftrace function and function_graph tracer, defaulting to the "function_graph" tracer, more work will be done in reviving this effort, forward porting it from its initial patch submission (Namhyung Kim) - Add 'e' and 'c' hotkeys to expand/collapse call chains for a single hist entry in the 'perf report' and 'perf top' TUI (Jiri Olsa) - Account thread wait time (off CPU time) separately: sleep, iowait and preempt, based on the prev_state of the last event, show the breakdown when using "perf sched timehist --state" (Namhyumg Kim) - Add more triggers to switch the output file (perf.data.TIMESTAMP). Now, in addition to switching to a different output file when receiving a SIGUSR2, one can also specify file size and time based triggers: perf record -a --switch-output=signal is equivalent to what we had before: perf record -a --switch-output While we can also ask for the file to be "sliced" by size, taking into account that that will happen only when we get woken up by the kernel, i.e. one has to take into account the --mmap-pages (the size of the perf mmap ring buffer): perf record -a --switch-output=2G will break the perf.data output into multiple files limited to 2GB of samples, right when generating the output. For time based samples, alert() will be used, so to have 1 minute limited perf.data output files: perf record -a --switch-output=1m (Jiri Olsa) - Improve 'perf trace' (Arnaldo Carvalho de Melo) - 'perf kallsyms' toy tool to look for extended symbol information on the running kernel and demonstrate the machine/thread/symbol APIs for use in other tools, such as 'perf probe' (Arnaldo Carvalho de Melo) - ... plus tons of other changes, see the shortlog and Git log for details" * 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (131 commits) perf tools: Add missing parse_events_error() prototype perf pmu: Fix check for unset alias->unit array perf tools: Be consistent on the type of map->symbols[] interator perf intel pt decoder: clang has no -Wno-override-init perf evsel: Do not put a variable sized type not at the end of a struct perf probe: Avoid accessing uninitialized 'map' variable perf tools: Do not put a variable sized type not at the end of a struct perf record: Do not put a variable sized type not at the end of a struct perf tests: Synthesize struct instead of using field after variable sized type perf bench numa: Make sure dprintf() is not defined Revert "perf bench futex: Sanitize numeric parameters" tools lib subcmd: Make it an error to pass a signed value to OPTION_UINTEGER tools: Set the maximum optimization level according to the compiler being used tools: Suppress request for warning options not existent in clang samples/bpf: Reset global variables samples/bpf: Ignore already processed ELF sections samples/bpf: Add missing header perf symbols: dso->name is an array, no need to check it against NULL perf tests record: No need to test an array against NULL perf symbols: No need to check if sym->name is NULL ... commit 32e2d7c8afb35d59fbf7d96619538427568ecb68 Merge: f7458a5 b3879a4 Author: Linus Torvalds Date: Mon Feb 20 11:47:11 2017 -0800 Merge branch 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI updates from Ingo Molnar: "The main changes in this cycle were: - Changes to the EFI init code to establish whether secure boot authentication was performed at boot time. (Josh Boyer, David Howells) - Wire up the UEFI memory attributes table for x86. This eliminates any runtime memory regions that are both writable and executable, on recent firmware versions. (Sai Praneeth) - Move the BGRT init code to an earlier stage so that we can still use efi_mem_reserve(). (Dave Young) - Preserve debug symbols in the ARM/arm64 UEFI stub (Ard Biesheuvel) - Code deduplication work and various other cleanups (Lukas Wunner) - ... plus various other fixes and cleanups" * 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/libstub: Make file I/O chunking x86-specific efi: Print the secure boot status in x86 setup_arch() efi: Disable secure boot if shim is in insecure mode efi: Get and store the secure boot status efi: Add SHIM and image security database GUID definitions arm/efi: Allow invocation of arbitrary runtime services x86/efi: Allow invocation of arbitrary runtime services efi/libstub: Preserve .debug sections after absolute relocation check efi/x86: Add debug code to print cooked memmap efi/x86: Move the EFI BGRT init code to early init code efi: Use typed function pointers for the runtime services table efi/esrt: Fix typo in pr_err() message x86/efi: Add support for EFI_MEMORY_ATTRIBUTES_TABLE efi: Introduce the EFI_MEM_ATTR bit and set it from the memory attributes table efi: Make EFI_MEMORY_ATTRIBUTES_TABLE initialization common across all architectures x86/efi: Deduplicate efi_char16_printk() efi: Deduplicate efi_file_size() / _read() / _close() commit f7458a5d631df2ecdbfe4a606053aba19913cc41 Merge: 575260e a8709fa Author: Linus Torvalds Date: Mon Feb 20 11:21:17 2017 -0800 Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RCU updates from Ingo Molnar: "The RCU changes in this cycle are: - Dynticks updates, consolidating open-coded counter accesses into a well-defined API - SRCU updates: Simplify algorithm, add formal verification - Documentation updates - Miscellaneous fixes - Torture-test updates Most of the diffstat comes from the relatively large documentation update" * 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (42 commits) srcu: Reduce probability of SRCU ->unlock_count[] counter overflow rcutorture: Add CBMC-based formal verification for SRCU srcu: Force full grace-period ordering srcu: Implement more-efficient reader counts rcu: Adjust FQS offline checks for exact online-CPU detection rcu: Check cond_resched_rcu_qs() state less often to reduce GP overhead rcu: Abstract extended quiescent state determination rcu: Abstract dynticks extended quiescent state enter/exit operations rcu: Add lockdep checks to synchronous expedited primitives rcu: Eliminate unused expedited_normal counter llist: Clarify comments about when locking is needed rcu: Fix comment in rcu_organize_nocb_kthreads() rcu: Enable RCU tracepoints by default to aid in debugging rcu: Make rcu_cpu_starting() use its "cpu" argument rcu: Add comment headers to expedited-grace-period counter functions rcu: Don't wake rcuc/X kthreads on NOCB CPUs rcu: Re-enable TASKS_RCU for User Mode Linux rcu: Once again use NMI-based stack traces in stall warnings rcu: Remove short-term CPU kicking rcu: Add long-term CPU kicking ... commit 575260e3f8f8ac72dc0c41a4a20190d1a5f2b887 Merge: 1cd4027 0cad93c Author: Linus Torvalds Date: Mon Feb 20 11:19:09 2017 -0800 Merge branch 'core-debugobjects-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull debugobjects updates from Ingo Molnar: "A number of scalability improvements by Waimang Long" * 'core-debugobjects-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: debugobjects: Improve variable naming debugobjects: Reduce contention on the global pool_lock debugobjects: Scale thresholds with # of CPUs debugobjects: Track number of kmem_cache_alloc/kmem_cache_free done commit 1cd4027cfe33390dc3f442aea8e7caeeeaa861a1 Merge: 20dcfe1 3900dea Author: Linus Torvalds Date: Mon Feb 20 10:52:23 2017 -0800 Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq updates from Thomas Gleixner: "This update provides: - Yet another two irq controller chip drivers - A few updates and fixes for GICV3 - A resource managed function for interrupt allocation - Fixes, updates and enhancements all over the place" * 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/qcom: Fix error handling genirq: Clarify logic calculating bogus irqreturn_t values genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg genirq/devres: Use dev_name(dev) as default for devname genirq: Fix /proc/interrupts output alignment irqdesc: Add a resource managed version of irq_alloc_descs() irqchip/gic-v3-its: Zero command on allocation irqchip/gic-v3-its: Fix command buffer allocation irqchip/mips-gic: Fix local interrupts irqchip: Add a driver for Cortina Gemini irqchip: DT bindings for Cortina Gemini irqchip irqchip/gic-v3: Remove duplicate definition of GICD_TYPER_LPIS irqchip/gic-v3-its: Rename MAPVI to MAPTI irqchip/gic-v3-its: Drop deprecated GITS_BASER_TYPE_CPU irqchip/gic-v3-its: Refactor command encoding irqchip/gic-v3-its: Enable cacheable attribute Read-allocate hints irqchip/qcom: Add IRQ combiner driver ACPI: Add support for ResourceSource/IRQ domain mapping ACPI: Generic GSI: Do not attempt to map non-GSI IRQs during bus scan irq/platform-msi: Fix comment about maximal MSIs commit e3ccc921b7d8fd1fcd10a00720e09823d8078666 Author: Alexandre Belloni Date: Thu Feb 16 18:27:59 2017 +0100 i2c: at91: ensure state is restored after suspending When going to suspend, the I2C registers may be lost because the power to VDDcore is cut. Restore them when resuming. Signed-off-by: Alexandre Belloni Acked-by: Ludovic Desroches Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-at91.c | 3 +++ 1 file changed, 3 insertions(+) commit ababb08938df7ac245d30a58b95b94ecf8dc04fc Author: Stefan Wahren Date: Thu Feb 16 21:20:45 2017 +0000 i2c: bcm2835: Avoid possible NULL ptr dereference Since commit e2474541032d ("bcm2835: Fix hang for writing messages larger than 16 bytes") the interrupt handler is prone to a possible NULL pointer dereference. This could happen if an interrupt fires before curr_msg is set by bcm2835_i2c_xfer_msg() and randomly occurs on the RPi 3. Even this is an unexpected behavior the driver must handle that with an error instead of a crash. Reported-by: Peter Robinson Fixes: e2474541032d ("bcm2835: Fix hang for writing messages larger than 16 bytes") Signed-off-by: Stefan Wahren Acked-by: Noralf Trønnes Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-bcm2835.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 0297ffa69cab614f508ef5d9abdb4c0ffd709795 Author: Shardar Shariff Md Date: Mon Feb 20 17:52:34 2017 +0100 i2c: Add Tegra BPMP I2C proxy driver Add Tegra BPMP I2C driver. The BPMP is the boot and power management processor embedded in Tegra SoCs. In newer SoC versions, access to one of the I2C busses goes via the BPMP, requiring a different "proxy" I2C driver that accesses the bus via the real I2C driver embedded in the BPMP firmware. Signed-off-by: Shardar Shariff Md Signed-off-by: Thierry Reding Signed-off-by: Wolfram Sang drivers/i2c/busses/Kconfig | 11 ++ drivers/i2c/busses/Makefile | 1 + drivers/i2c/busses/i2c-tegra-bpmp.c | 346 ++++++++++++++++++++++++++++++++++++ 3 files changed, 358 insertions(+) commit 6a405f7c5d0e9d67163f25fad7fde9e70a9837bb Author: Stephen Warren Date: Mon Feb 20 17:52:33 2017 +0100 dt-bindings: Add Tegra186 BPMP I2C binding In Tegra186, the BPMP (Boot and Power Management Processor) owns certain HW devices, such as the I2C controller for the power management I2C bus. Software running on other CPUs must perform IPC to the BPMP in order to execute transactions on that I2C bus. This binding describes an I2C bus that is accessed in such a fashion. Signed-off-by: Stephen Warren Reviewed-by: Simon Glass Signed-off-by: Tom Warren Acked-by: Rob Herring Acked-by: Jon Hunter Signed-off-by: Thierry Reding Signed-off-by: Wolfram Sang .../bindings/i2c/nvidia,tegra186-bpmp-i2c.txt | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) commit 20dcfe1b7df4072a3c13bdb7506f7138125d0099 Merge: c9b9f20 336a9cd Author: Linus Torvalds Date: Mon Feb 20 10:06:32 2017 -0800 Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer updates from Thomas Gleixner: "Nothing exciting, just the usual pile of fixes, updates and cleanups: - A bunch of clocksource driver updates - Removal of CONFIG_TIMER_STATS and the related /proc file - More posix timer slim down work - A scalability enhancement in the tick broadcast code - Math cleanups" * 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) hrtimer: Catch invalid clockids again math64, tile: Fix build failure clocksource/drivers/arm_arch_timer:: Mark cyclecounter __ro_after_init timerfd: Protect the might cancel mechanism proper timer_list: Remove useless cast when printing time: Remove CONFIG_TIMER_STATS clocksource/drivers/arm_arch_timer: Work around Hisilicon erratum 161010101 clocksource/drivers/arm_arch_timer: Introduce generic errata handling infrastructure clocksource/drivers/arm_arch_timer: Remove fsl-a008585 parameter clocksource/drivers/arm_arch_timer: Add dt binding for hisilicon-161010101 erratum clocksource/drivers/ostm: Add renesas-ostm timer driver clocksource/drivers/ostm: Document renesas-ostm timer DT bindings clocksource/drivers/tcb_clksrc: Use 32 bit tcb as sched_clock clocksource/drivers/gemini: Add driver for the Cortina Gemini clocksource: add DT bindings for Cortina Gemini clockevents: Add a clkevt-of mechanism like clksrc-of tick/broadcast: Reduce lock cacheline contention timers: Omit POSIX timer stuff from task_struct when disabled x86/timer: Make delay() work during early bootup delay: Add explanation of udelay() inaccuracy ... commit c9b9f207b90468bf9583f7ed71c15d0142bbf9b1 Merge: 345fb0a 744cc30 Author: Linus Torvalds Date: Mon Feb 20 10:00:10 2017 -0800 Merge tag 'for-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply Pull power supply and reset updates from Sebastian Reichel: "New drivers: - sbs-charger driver - max14656_charger_detector - axp20x_ac_power New chip/feature support" - axp20x_usb_power: add AXP223 support - tps65217: add usb charger support - qcom_smbb: support otg regulator - at91-reset: add samx7 support Dropped drivers: - intel_mid_battery (platform was dropped) Fixes: - at91-poweroff: avoid wearing off LPDDR memory - replace deprecated extcon API - lots of cleanup and style fixes - misc minor functionality fixes" * tag 'for-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply: (84 commits) power: supply: add AC power supply driver for AXP20X and AXP22X PMICs dt-bindings: power: supply: add AXP20X/AXP22X AC power supply power: supply: axp20x_usb_power: use IIO channels when available power: supply: max14656: Export I2C and OF device ID as module aliases power: supply: bq2415x: check for NULL acpi_id to avoid null pointer dereference power: supply: bq24190_charger: Adjust formatting power: supply: bq24190_charger: Handle fault before status on interrupt power: supply: bq24190_charger: Don't read fault register outside irq_handle_thread() power: supply: bq24190_charger: Call power_supply_changed() for relevant component power: supply: bq24190_charger: Install irq_handler_thread() at end of probe() power: supply: bq24190_charger: Call set_mode_host() on pm_resume() power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING power: supply: qcom_smbb: add regulator dependency power: reset: at91-reset: remove leftover platform_device_id power: reset: at91-reset: add samx7 support power: supply: max14656: fix platform_no_drv_owner.cocci warnings power: supply: pcf50633-charger: Compress return logic into one line. power: supply: ab8500_btemp: Compress return logic into one line. power: reset: at91-poweroff: timely shutdown LPDDR memories ARM: at91: define LPDDR types ... commit 345fb0a9a6340ba0b3b714d62f877fde88c8a755 Merge: 507b500 75bf2f6 Author: Linus Torvalds Date: Mon Feb 20 09:54:46 2017 -0800 Merge tag 'edac_for_4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp Pull EDAC updates from Borislav Petkov: - Make amd64_edac still load on a machine with unpopulated nodes + cleanups (Yazen Ghannam) - Expose per-DIMM error counts in sysfs (Aaron Miller) - Add T2080 l2-cache support to mpc85xx (Chris Packham) - Random other small improvements/cleanups/fixlets * tag 'edac_for_4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp: EDAC, mce_amd: Print IPID and Syndrome on a separate line EDAC, amd64: Bump driver version MAINTAINERS, EDAC: Update email for Thor Thayer EDAC, fsl_ddr: Make locally used symbols static EDAC, mpc85xx: Add T2080 l2-cache support EDAC, amd64: Add x86cpuid sanity check during init EDAC, amd64: Don't treat ECC disabled as failure EDAC: Add routine to check if MC devices list is empty EDAC, amd64: Remove unused printing macros EDAC, amd64: Rework messages in ecc_enabled() EDAC, amd64: Move global code out of instance functions EDAC, amd64: Free unused memory when init_one_instance() fails EDAC, mce_amd: Give more context to deferred error message EDAC, i7300: Test for the second channel properly EDAC, sb_edac: Get rid of ->show_interleave_mode() EDAC: Expose per-DIMM error counts in sysfs EDAC, amd64: Save and return err code from probe_one_instance() EDAC, i82975x: Add ioremap_nocache() error handling EDAC: Fix typos in enum mem_type comments EDAC: Make dev_attr_sdram_scrub_rate static commit 507b500726fa501b9411493d969a99236f2b10e1 Merge: ce1bf97 2f1736f Author: Linus Torvalds Date: Mon Feb 20 09:52:08 2017 -0800 Merge tag 'hwmon-for-linus-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon updates from Guenter Roeck: - new driver for stts751 - it87: Added support for IT8622E and IT8792E; improved support for other chips - lm70: Added support for TMP122/124 - use permission-specific DEVICE_ATTR variants where possible - fixed overflows in various drivers - minor improvements in various drivers * tag 'hwmon-for-linus-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: (95 commits) hwmon: (sht15) Add device tree support devicetree: add lm90 thermal_zone sensor support hwmon: (it87) Add support for IT8792E hwmon: (it87) Do not overwrite bit 2..6 of pwm control registers hwmon: (it87) Fix pwm4 detection for IT8620 and IT8628 hwmon: (it87) Ensure that pwm control cache is current before updating values hwmon: (it87) Improve IT8622 support hwmon: (it87) Add support for IT8622E hwmon: (it87) Add feature flag indicating that VIN3 is connected to 5V DT: add binding documentation for STTS751 hwmon: new driver for ST stts751 thermal sensor hwmon: Register thermal zone only if 'dev' parameter was provided hwmon: Relax name attribute validation for new APIs hwmon: Update documentation to clarify rules for the 'name' attribute hwmon: Make name attribute mandatory for new APIs hwmon: (lm70) Add support for TI TMP122/124 hwmon: (lm70) Utilize dev_warn instead of pr_warn hwmon: (ltc4151) Export OF device ID table as module aliases hwmon: (adc128d818) Preserve operation mode hwmon: (adc128d818) Support operation modes 1-3 ... commit ce1bf97965abb7faaa98b6bd89201855159471c8 Merge: c470abd d91f6ce Author: Linus Torvalds Date: Mon Feb 20 09:23:03 2017 -0800 Merge tag 'for-linus-20170212' of git://git.infradead.org/linux-mtd Pull MTD updates from Brian Norris: "MTD updates for 4.11: General: - new kernel API for retrieving max bad blocks per die (not used yet) - track (and expose via sysfs) a partition's device tree node - support a "label" device tree property for naming an MTD NAND: - sunxi: avoid busy-waiting for NAND events - ifc: fix ECC handling on IFC v1.0 - OX820: add explicit dependency on ARCH_OXNAS in Kconfig - core: add a new manufacture ID and fix a kernel-doc warning - fsmc: kill pdata support - lpc32xx_slc: remove unneeded NULL check - support dynamic "max bad blocks" detection via ONFI SPI NOR: - add support for the 4-byte address instruction set - add support for new memory parts - add support to S3AN memories - add support to the Intel SPI controller - add support to the Aspeed AST2400 and AST2550 controllers - support max SPI message sizes in m25p80_read() - fixes for the Candence and Freescale QSPI drivers Other: - add support for Gemini flash probing - bcm47xxsflash: add support for reading outside memory-mapped window - bcm47xxparts: extend to support multiple TRX partitions - misc fixes and typos Extra note: we've pulled in an MFD subtree from Lee Jones as a dependency for a new Intel SPI NOR driver" [ Kudos to Brian for sending pull request a week early: "I refuse to acknowledge the existence of 4.10-rc8 and am therefore sending our MTD changes for 4.11 now" which is all good ] * tag 'for-linus-20170212' of git://git.infradead.org/linux-mtd: (52 commits) mtd: aspeed: remove redundant dev_err call in aspeed_smc_probe() dt-bindings: mtd: add a common label property to all mtd devices mtd: name the mtd device with an optional label property mtd: physmap_of: fixup gemini/versatile dependencies mtd: spi-nor: cqspi: remove redundant dead code on error return check Documentation: mtk-quadspi: update DT bindings mtd: fsl-quadspi: Rename SEQID_QUAD_READ to SEQID_READ mtd:fsl-quadspi:use the property fields of SPI-NOR mtd: spi-nor: Add support for gd25q16 mtd: spi-nor: Fix S3AN addressing calculation mtd: aspeed: fix compile warning in aspeed_smc_read_from_ahb() mtd: spi-nor: add dt support for Everspin MRAMs mtd: spi-nor: Add lock/unlock support for f25l32pa mtd: spi-nor: add a stateless method to support memory size above 128Mib mtd: spi-nor: rename SPINOR_OP_* macros of the 4-byte address op codes mtd: m25p80: consider max message size in m25p80_read mtd: spi-nor: bindings for the Aspeed memory controllers mtd: aspeed: add memory controllers for the Aspeed AST2400 SoC mtd: spi-nor: add memory controllers for the Aspeed AST2500 SoC mtd: spi-nor: remove WARN_ONCE() message in spi_nor_write() ... commit eb994594bc22220976f367c03ffa141580aa45e4 Author: Andrew Jeffery Date: Tue Feb 21 01:53:00 2017 +1030 ipmi: bt-bmc: Use a regmap for register access The registers for the bt-bmc device live under the Aspeed LPC controller. Devicetree bindings have recently been introduced for the LPC controller where the "host" portion of the LPC register space is described as a syscon device. Future devicetrees describing the bt-bmc device should nest its node under the appropriate "simple-mfd", "syscon" compatible node. This change allows the bt-bmc driver to function with both syscon and non-syscon- based devicetree descriptions by always using a regmap for register access, either retrieved from the parent syscon device or instantiated if none exists. Signed-off-by: Andrew Jeffery Reviewed-by: Cédric Le Goater Signed-off-by: Corey Minyard drivers/char/ipmi/Kconfig | 3 +- drivers/char/ipmi/bt-bmc.c | 80 ++++++++++++++++++++++++++++++++++------------ 2 files changed, 61 insertions(+), 22 deletions(-) commit 06ce521af9558814b8606c0476c54497cf83a653 Author: Paolo Bonzini Date: Tue Jan 24 11:56:21 2017 +0100 kvm: fix page struct leak in handle_vmon handle_vmon gets a reference on VMXON region page, but does not release it. Release the reference. Found by syzkaller; based on a patch by Dmitry. Reported-by: Dmitry Vyukov Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 45ee2440a33f1c8768cd37a365154343eb5589e3 Author: Philippe Reynes Date: Sun Feb 19 23:21:41 2017 +0100 net: qlogic: qlge: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qlge/qlge_ethtool.c | 36 ++++++++++++++----------- 1 file changed, 21 insertions(+), 15 deletions(-) commit 49cef10ffaeadc9cbb056e9219b3cbaa33ecafca Author: Philippe Reynes Date: Sun Feb 19 23:06:01 2017 +0100 net: qlogic: qlcnic: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c | 94 ++++++++------- .../net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.h | 6 +- .../net/ethernet/qlogic/qlcnic/qlcnic_ethtool.c | 132 +++++++++++---------- 3 files changed, 123 insertions(+), 109 deletions(-) commit e8846a56083aa05f4155c627531ecdcc299cc411 Merge: c1ceee5 0bc3827 Author: David S. Miller Date: Mon Feb 20 11:18:50 2017 -0500 Merge branch 'nfp-next' Jakub Kicinski says: ==================== nfp: expose more firmware and hw debug info This series is mostly a result of flash firmware team requesting access to some of the information and data necessary for debugging firmware problems. Patch 1 adds a missing error message. Patch 2 prints manufacturing info to logs in case PCI VPD capability is not programmed correctly. Patches 3 and 4 allow reporting NSP ABI version in ethtool -i. Patch 5 allows dumping flash application logs. Patches 6 and 7 provides a way of application firmwares to declare limited SR-IOV support. v2: put some of the code in patch 7 in #ifdef CONFIG_PCI_SRIOV (Yuval). ==================== Signed-off-by: David S. Miller commit 0bc3827f8c9f74b5335667d70309cefa12ec14ae Author: Jakub Kicinski Date: Sun Feb 19 11:58:14 2017 -0800 nfp: allow application firmware to limit number of SR-IOV VFs Some application firmware projects may choose to limit the number of VFs available below what is specified in PCI capability to be able to reuse the PCIe interface resources. There may also be projects which use cases don't require SR-IOV support at all and therefore don't want to spend time implementing/testing it. Check nfd_vf_cfg_max_vfs firmware symbol to see if application firmware is reporting how many VFs it supports. This mechanism is an opt-in, if symbol is not present we will only look at the PCI capability values. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_main.c | 25 +++++++++++++++++++++++++ drivers/net/ethernet/netronome/nfp/nfp_main.h | 2 ++ 2 files changed, 27 insertions(+) commit 372d504575cbefb34be6a934cc3d3ceb62e0892c Author: Jakub Kicinski Date: Sun Feb 19 11:58:13 2017 -0800 nfp: return nfp_rtsym_read_le() errors correctly nfp_rtsym_read_le() has an out parameter for error codes. We have to use that instead of returning errors directly. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfpcore/nfp_rtsym.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit af623682ac2eba96769f9ba2270438c1f9438d7c Author: Jakub Kicinski Date: Sun Feb 19 11:58:12 2017 -0800 nfp: add very basic access to NSP logs Allow dumping "arm.diag" resource with ethtool -w. This resource should contain a text log of the NSP (control processor) application. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_net.h | 2 + .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 76 ++++++++++++++++++++++ drivers/net/ethernet/netronome/nfp/nfpcore/nfp.h | 1 + 3 files changed, 79 insertions(+) commit bd5ca062ba7d24bcc28f637aa90056f642a35dfa Author: Jakub Kicinski Date: Sun Feb 19 11:58:11 2017 -0800 nfp: report NSP ABI version in ethtool FW version ethtool_drvinfo->fw_version can cantain multiple FW strings. We already report NFD ABI version there, add NSP ABI version if available (i.e. on PF) with 'sp:' prefix. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_net.h | 4 ++++ .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 25 ++++++++++++++++++++-- drivers/net/ethernet/netronome/nfp/nfp_net_main.c | 1 + drivers/net/ethernet/netronome/nfp/nfpcore/nfp.h | 3 +++ .../net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 10 +++++++++ 5 files changed, 41 insertions(+), 2 deletions(-) commit 368b1d1c49f651ba513090623f2891a695fe9fbb Author: Jakub Kicinski Date: Sun Feb 19 11:58:10 2017 -0800 nfp: store NSP ABI version in state structure We read the status register on each NSP open, we can store the NSP ABI version in the state structure so that we don't have to read it again. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller .../net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 27 +++++++++++----------- 1 file changed, 13 insertions(+), 14 deletions(-) commit 64db09ed1fc2c4491cca4219850fab4d0460c952 Author: Jakub Kicinski Date: Sun Feb 19 11:58:09 2017 -0800 nfp: report manufacturing info on load Report card manufacturing information when driver loads. These identify the version of the board and its subcomponents. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_main.c | 7 +++++++ 1 file changed, 7 insertions(+) commit a9c83f7bc7c121c99457553f8d1c3e231a9ba6df Author: Jakub Kicinski Date: Sun Feb 19 11:58:08 2017 -0800 nfp: refactor NSP initialization and add error message When acquiring NSP communication resource fails user is left with "probe failed with error -2" PCI code message but no info on what caused the problem. Some development boards may not have NSP FW in the flash image. Help users with a more verbouse message. While at it move the whole NSP init to a separate function to keep .probe() callback nice and simple. Signed-off-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_main.c | 59 ++++++++++++++++----------- 1 file changed, 36 insertions(+), 23 deletions(-) commit c1ceee5efe80a2f03071a39a7df19b69dee21eae Merge: 24045a0 8f91566 Author: David S. Miller Date: Mon Feb 20 11:15:11 2017 -0500 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: bluetooth-next 2017-02-19 Here's a set of Bluetooth patches for the 4.11 kernel: - New USB IDs to the btusb driver - Race fix in btmrvl driver - Added out-of-band wakeup support to the btusb driver - NULL dereference fix to bt_sock_recvmsg Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit 24045a03b8796e3e1ddb370dfe4bc592a9f5f301 Author: David Ahern Date: Mon Feb 20 08:03:30 2017 -0800 net: mpls: Add support for netconf Add netconf support to MPLS. Allows userpsace to learn and be notified of changes to 'input' enable setting per interface. Acked-by: Nicolas Dichtel Signed-off-by: David Ahern Acked-by: Robert Shearman Signed-off-by: David S. Miller include/uapi/linux/netconf.h | 1 + include/uapi/linux/rtnetlink.h | 2 + net/mpls/af_mpls.c | 212 ++++++++++++++++++++++++++++++++++++++++- net/mpls/internal.h | 2 +- 4 files changed, 214 insertions(+), 3 deletions(-) commit 0eb8af4916a540c362a2950e5ab54eca32eb7d58 Author: Miklos Szeredi Date: Mon Feb 20 16:51:23 2017 +0100 vfs: use helper for calling f_op->fsync() Signed-off-by: Miklos Szeredi fs/sync.c | 2 +- include/linux/fs.h | 6 ++++++ ipc/shm.c | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) commit f74ac01520c9f6d89bbc3c6931a72f757b742f86 Author: Miklos Szeredi Date: Mon Feb 20 16:51:23 2017 +0100 mm: use helper for calling f_op->mmap() Signed-off-by: Miklos Szeredi drivers/gpu/drm/i915/i915_gem_dmabuf.c | 2 +- drivers/gpu/drm/vgem/vgem_drv.c | 2 +- fs/coda/file.c | 2 +- include/linux/fs.h | 5 +++++ ipc/shm.c | 2 +- mm/mmap.c | 2 +- mm/nommu.c | 4 ++-- 7 files changed, 12 insertions(+), 7 deletions(-) commit bb7462b6fd64e40809a857223bf7f0e628969f87 Author: Miklos Szeredi Date: Mon Feb 20 16:51:23 2017 +0100 vfs: use helpers for calling f_op->{read,write}_iter() Signed-off-by: Miklos Szeredi drivers/block/loop.c | 4 ++-- fs/aio.c | 4 ++-- fs/read_write.c | 12 ++++++------ fs/splice.c | 2 +- include/linux/fs.h | 12 ++++++++++++ 5 files changed, 23 insertions(+), 11 deletions(-) commit 0f78d06ac1e9b470cbd8f913ee1688c8b2c8feb3 Author: Miklos Szeredi Date: Mon Feb 20 16:51:23 2017 +0100 vfs: pass type instead of fn to do_{loop,iter}_readv_writev() Signed-off-by: Miklos Szeredi fs/read_write.c | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) commit 7687a7a4435f4b32d8e775a7b6b25aea3a25d25a Author: Miklos Szeredi Date: Mon Feb 20 16:51:23 2017 +0100 vfs: extract common parts of {compat_,}do_readv_writev() Signed-off-by: Miklos Szeredi fs/read_write.c | 80 +++++++++++++++++++++------------------------------------ 1 file changed, 29 insertions(+), 51 deletions(-) commit 766a957df9f51479cb5c7212d19b282da5ca6f07 Author: Christophe Jaillet Date: Sun Feb 19 10:35:05 2017 +0100 qlcnic: Fix a memory leak in error handling path If 'dma_alloc_coherent()' fails, we should release resources allocated so far, just as done in all other cases in this function. Signed-off-by: Christophe JAILLET Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 177c8d1c96eb9851210313922a12ae8b0b63d8c0 Author: Christophe Jaillet Date: Sun Feb 19 10:19:57 2017 +0100 net: mvpp2: Fix a memory leak in error handling path if 'devm_kzalloc()' fails, we should release resources allocated so far, just as done a few lines below. Signed-off-by: Christophe JAILLET Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 3608b13ccc51d06e499dfe12b27f134de1286e28 Author: Eric Dumazet Date: Sat Feb 18 10:34:18 2017 -0800 mlx4: reduce OOM risk on arches with large pages Since mlx4 NIC are used on PowerPC with 64K pages, we need to adapt MLX4_EN_ALLOC_PREFER_ORDER definition. Otherwise, a fragment sitting in an out of order TCP queue can hold 0.5 Mbytes and it is a serious OOM risk. Fixes: 51151a16a60f ("mlx4: allow order-0 memory allocations in RX path") Signed-off-by: Eric Dumazet Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b9ef4ab36d23f7332ccd7ba9debc6749cb436288 Merge: e716953 83a0c6e Author: David S. Miller Date: Mon Feb 20 10:29:29 2017 -0500 Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 40GbE Intel Wired LAN Driver Updates 2017-02-18 This series contains updates to i40e and i40evf only. Alan fixes a bug in which the driver is unable to exit overflow promiscuous mode after having added "too many" mac filters. Ractored the '%*ph' printk format specifier to instead use the print_hex_dump(). Josh adds enabling multicast magic packet wakeup by adding calls to the mac_address_write admin q function during power down to update the PRTPM_SAH/SAL registers with the MC_MAG_EN bit. Jake remove a duplicate call i40e_update_link_info(), since it does not need to call it twice. Fixes and issue where we calculating the wrong switch id on big endian platforms. Avoided sparse warning, by doing a typecast to ensure the value is of the type expected by csum_replace_by_diff(). Mitch fixes a memory leak by freeing resources during i40e_remove(). Cleans up some code confusion by adding a proper code comment. Carolyn fixes a bug introduced with the addition of the per queue ITR feature support in ethtool. Cleans up a duplicate device id from the PCI table. Harshitha fixes a bug which causes the 'Link Detected' field in ethtool to report the correct link status. Benjamin Poirier from SuSE applies a fix ec13ee80145c ("virtio_net: invoke softirqs after __napi_schedule") to i40e driver as well. ==================== Signed-off-by: David S. Miller commit e71695307114335be1ed912f4a347396c2ed0e69 Author: Michael S. Tsirkin Date: Sun Feb 19 07:17:17 2017 +0200 ptr_ring: fix race conditions when resizing Resizing currently drops consumer lock. This can cause entries to be reordered, which isn't good in itself. More importantly, consumer can detect a false ring empty condition and block forever. Further, nesting of consumer within producer lock is problematic for tun, since it produces entries in a BH, which causes a lock order reversal: CPU0 CPU1 ---- ---- consume: lock(&(&r->consumer_lock)->rlock); resize: local_irq_disable(); lock(&(&r->producer_lock)->rlock); lock(&(&r->consumer_lock)->rlock); produce: lock(&(&r->producer_lock)->rlock); To fix, nest producer lock within consumer lock during resize, and keep consumer lock during the whole swap operation. Reported-by: Dmitry Vyukov Cc: stable@vger.kernel.org Cc: "David S. Miller" Acked-by: Jason Wang Signed-off-by: Michael S. Tsirkin Signed-off-by: David S. Miller include/linux/ptr_ring.h | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) commit d4e854ccd6410687bf82af3fe49d2df9793d80b4 Author: Philippe Reynes Date: Sun Feb 19 00:19:04 2017 +0100 net: qlogic: qla3xxx: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qla3xxx.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) commit f74f92bed642033307cda00a0549a02fb6710a04 Author: Colin Ian King Date: Sat Feb 18 23:41:46 2017 +0000 fsl/fman: fix spelling mistake in variable name en_tsu_err_exeption trivial fix to spelling mistake, en_tsu_err_exeption should be en_tsu_err_exception Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fman/fman_dtsec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit d4105267a1409b739907c09b895ac0e39980b367 Merge: 93a66e9 4ea0c32 Author: David S. Miller Date: Mon Feb 20 10:26:10 2017 -0500 Merge branch 'sctp-MSG_MORE' Xin Long says: ==================== sctp: support MSG_MORE flag when sending msg This patch is to add support for MSG_MORE on sctp. Patch 1/2 is an improvement ahead of patch 2/2 to solve the close block problem mentioned in https://patchwork.ozlabs.org/patch/372404/. ==================== Signed-off-by: David S. Miller commit 4ea0c32f5f42f7ef33a7ecfb9b61ff0cad9b3c08 Author: Xin Long Date: Sun Feb 19 01:52:46 2017 +0800 sctp: add support for MSG_MORE This patch is to add support for MSG_MORE on sctp. It adds force_delay in sctp_datamsg to save MSG_MORE, and sets it after creating datamsg according to the send flag. sctp_packet_can_append_data then uses it to decide if the chunks of this msg will be sent at once or delay it. Note that unlike [1], this patch saves MSG_MORE in datamsg, instead of in assoc. As sctp enqueues the chunks first, then dequeue them one by one. If it's saved in assoc,the current msg's send flag (MSG_MORE) may affect other chunks' bundling. Since last patch, sctp flush out queue once assoc state falls into SHUTDOWN_PENDING, the close block problem mentioned in [1] has been solved as well. [1] https://patchwork.ozlabs.org/patch/372404/ Signed-off-by: Xin Long Signed-off-by: David S. Miller include/net/sctp/structs.h | 1 + net/sctp/output.c | 9 +++------ net/sctp/socket.c | 1 + 3 files changed, 5 insertions(+), 6 deletions(-) commit b7018d0b63003c0474451991797113605f26ee81 Author: Xin Long Date: Sun Feb 19 01:52:45 2017 +0800 sctp: flush out queue once assoc state falls into SHUTDOWN_PENDING This patch is to flush out queue when assoc state falls into SHUTDOWN_PENDING if there are still chunks in it, so that the data can be sent out as soon as possible before sending SHUTDOWN chunk. When sctp supports MSG_MORE flag in next patch, this improvement can also solve the problem that the chunks with MSG_MORE flag may be stuck in queue when closing an assoc. Signed-off-by: Xin Long Signed-off-by: David S. Miller net/sctp/sm_sideeffect.c | 4 ++++ 1 file changed, 4 insertions(+) commit 93a66e93c7d8775f33c0d65e3fdeb209c1d4a8c9 Author: Harald Welte Date: Sat Feb 18 13:58:00 2017 +0100 GTP: Add some basic documentation about drivers/net/gtp.c In order to clarify what the module actually does, and how to use it, let's add some basic documentation to the kernel tree, together with pointers to related specs and projects. Signed-off-by: Harald Welte Acked-by: Andreas Schultz Signed-off-by: David S. Miller Documentation/networking/gtp.txt | 135 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) commit eb36bedf28be6d986bdbcfa375bab08ffa45efd8 Author: Lino Sanfilippo Date: Sat Feb 18 12:27:12 2017 +0100 net: aquantia: remove function aq_ring_tx_deinit Both functions aq_ring_rx_deinit() and aq_ring_tx_clean() are almost identical aside from an additional check in the latter. Move that check from the function into its caller and replace aq_ring_rx_deinit() with aq_ring_rx_deinit(). By doing this also adjust the functions return value from int to void since it can never fail. Signed-off-by: Lino Sanfilippo Tested-by: Pavel Belous Signed-off-by: David S. Miller drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 33 +----------------------- drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 3 +-- drivers/net/ethernet/aquantia/atlantic/aq_vec.c | 14 ++++++---- 3 files changed, 11 insertions(+), 39 deletions(-) commit 90a6c997bd8bb836809eda5efb6406d8c58c0924 Author: Lino Sanfilippo Date: Sat Feb 18 12:19:41 2017 +0100 net: ena: remove superfluous check in ena_remove() The check in ena_remove() for the pci driver data not being NULL is not needed, since it is always set in the probe() function. Remove the superfluous check. Signed-off-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/amazon/ena/ena_netdev.c | 6 ------ 1 file changed, 6 deletions(-) commit 2317c6b51e4249dbfa093e1b88cab0a9f0564b7f Author: Jarno Rajahalme Date: Fri Feb 17 18:11:58 2017 -0800 openvswitch: Set event bit after initializing labels. Connlabels are included in conntrack netlink event messages only if the IPCT_LABEL bit is set in the event cache (see ctnetlink_conntrack_event()). Set it after initializing labels for a new connection. Found upon further system testing, where it was noticed that labels were missing from the conntrack events. Fixes: 193e30967897 ("openvswitch: Do not trigger events for unconfirmed connections.") Signed-off-by: Jarno Rajahalme Acked-by: Pravin B Shelar Signed-off-by: David S. Miller net/openvswitch/conntrack.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 5ed3fea0d6ffcef494b111ade0910a4ff149c331 Merge: cd2b708 25149ef Author: David S. Miller Date: Mon Feb 20 10:15:12 2017 -0500 Merge branch 'phy-unbind-crash' Florian Fainelli says: ==================== net: phy: Fix PHY unbind crash This fixes crashes when the PHY driver is no longer bound to the device. There is still a fair amount of work to be done to get the unbind -> bind sequent to result in a functional state, but that will be net-next material. These two problems existed for as long as PHYLIB as been around. ==================== Signed-off-by: David S. Miller commit 25149ef9d25cafc4f4fe9f4461f18f876f397417 Author: Florian Fainelli Date: Fri Feb 17 16:07:34 2017 -0800 net: phy: Check phydev->drv There are number of function calls, originating from user-space, typically through the Ethernet driver that can make us crash by dereferencing phydev->drv which will be NULL once we unbind the driver from the PHY. There are still functional issues that prevent an unbind then rebind to work, but these will be addressed separately. Suggested-by: Russell King Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy.c | 26 ++++++++++++++++++++++---- drivers/net/phy/phy_device.c | 6 +++--- include/linux/phy.h | 3 +++ 3 files changed, 28 insertions(+), 7 deletions(-) commit 7b9a88a390dacb37b051a7b09b9a08f546edf5eb Author: Florian Fainelli Date: Fri Feb 17 16:07:33 2017 -0800 net: phy: Fix PHY unbind crash The PHY library does not deal very well with bind and unbind events. The first thing we would see is that we were not properly canceling the PHY state machine workqueue, so we would be crashing while dereferencing phydev->drv since there is no driver attached anymore. Suggested-by: Russell King Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy_device.c | 2 ++ 1 file changed, 2 insertions(+) commit 68ba32352d51474d163d58e084b62a12bb610b21 Author: Namhyung Kim Date: Fri Feb 17 17:17:42 2017 +0900 perf record: Honor --quiet option properly It should call perf_quiet_option() to suppress messages. Signed-off-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Cc: kernel-team@lge.com Link: http://lkml.kernel.org/r/20170217081742.17417-7-namhyung@kernel.org [ Fix merge clash with 483635a9d080 ("perf record: Add -a as default target") ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-record.c | 2 ++ 1 file changed, 2 insertions(+) commit eddaef88961bbf2c0301f3216689d51fa7d0d472 Author: Namhyung Kim Date: Fri Feb 17 17:17:41 2017 +0900 perf annotate: Add -q/--quiet option The -q/--quiet option is to suppress any message. Sometimes users just want to see the numbers and it can be used for that case. Signed-off-by: Namhyung Kim Suggested-and-Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Peter Zijlstra Cc: kernel-team@lge.com Link: http://lkml.kernel.org/r/20170217081742.17417-6-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-annotate.txt | 4 ++++ tools/perf/builtin-annotate.c | 4 ++++ 2 files changed, 8 insertions(+) commit 63b42fce864a468ee02e6647474c4df9bfdc6166 Author: Namhyung Kim Date: Fri Feb 17 17:17:40 2017 +0900 perf diff: Add -q/--quiet option The -q/--quiet option is to suppress any message. Sometimes users just want to see the numbers and it can be used for that case. Committer notes: Before: # perf diff | head -10 Failed to open /tmp/perf-6678.map, continuing without symbols Failed to open /tmp/perf-6678.map, continuing without symbols Failed to open /tmp/perf-2646.map, continuing without symbols # Event 'cycles' # # Baseline Delta Abs Shared Object Symbol # ........ ......... .......................... ............................................ # 5.36% -1.76% [kernel.vmlinux] [k] intel_idle 2.80% +1.48% firefox [.] 0x00000000000101fe 57.12% -1.25% libxul.so [.] 0x00000000009bea92 1.36% -1.11% [kernel.vmlinux] [k] __schedule 4.26% -1.00% perf-6678.map [.] 0x00007fac4b0e9320 After: # perf diff -q | head -10 5.36% -1.76% [kernel.vmlinux] [k] intel_idle 2.80% +1.48% firefox [.] 0x00000000000101fe 57.12% -1.25% libxul.so [.] 0x00000000009bea92 1.36% -1.11% [kernel.vmlinux] [k] __schedule 4.26% -1.00% perf-6678.map [.] 0x00007fac4b0e9320 1.86% +0.95% [kernel.vmlinux] [k] update_blocked_averages 0.80% -0.70% [kernel.vmlinux] [k] native_sched_clock 0.74% -0.58% [kernel.vmlinux] [k] native_write_msr 0.76% -0.56% qemu-system-x86_64 [.] 0x00000000002395c0 +0.54% libpulsecommon-10.0.so [.] 0x000000000002d91b # Signed-off-by: Namhyung Kim Suggested-and-Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Peter Zijlstra Cc: kernel-team@lge.com Link: http://lkml.kernel.org/r/20170217081742.17417-5-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-diff.txt | 4 ++++ tools/perf/builtin-diff.c | 14 ++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) commit 27fafab59a60b6f02491f2ff44cafd4f2335e487 Author: Namhyung Kim Date: Fri Feb 17 17:17:39 2017 +0900 perf report: Add -q/--quiet option The -q/--quiet option is to suppress any message. Sometimes users just want to see the numbers and it can be used for that case. Before: $ perf report | head -15 Failed to open /lib/modules/3.19.3-3-ARCH/kernel/fs/ext4/ext4.ko.gz, continuing without symbols Failed to open /lib/modules/3.19.3-3-ARCH/kernel/fs/jbd2/jbd2.ko.gz, continuing without symbols Failed to open /tmp/perf-14507.map, continuing without symbols ... # To display the perf.data header info, please use --header/--header-only options. # # # Total Lost Samples: 0 # # Samples: 39K of event 'cycles' # Event count (approx.): 30444796573 # # Overhead Command Shared Object Symbol # ........ ........... ................... ......................... # 9.28% swapper [kernel.vmlinux] [k] intel_idle 5.64% swapper [kernel.vmlinux] [k] native_write_msr_safe 1.93% swapper [kernel.vmlinux] [k] __switch_to 1.89% swapper [kernel.vmlinux] [k] menu_select 1.75% sched-pipe [kernel.vmlinux] [k] __switch_to After: $ perf report -q | head 9.28% swapper [kernel.vmlinux] [k] intel_idle 5.64% swapper [kernel.vmlinux] [k] native_write_msr_safe 1.93% swapper [kernel.vmlinux] [k] __switch_to 1.89% swapper [kernel.vmlinux] [k] menu_select 1.75% sched-pipe [kernel.vmlinux] [k] __switch_to 1.67% swapper [kernel.vmlinux] [k] cpu_startup_entry 1.48% sched-pipe [kernel.vmlinux] [k] enqueue_entity 1.46% swapper [kernel.vmlinux] [k] __schedule 1.36% swapper [kernel.vmlinux] [k] native_read_tsc 1.34% sched-pipe [kernel.vmlinux] [k] __schedule Signed-off-by: Namhyung Kim Suggested-and-Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Peter Zijlstra Cc: kernel-team@lge.com Link: http://lkml.kernel.org/r/20170217081742.17417-4-namhyung@kernel.org [ Removed builtin-report.c verbose > 0 hunk added to the previous patch ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-report.txt | 4 ++++ tools/perf/builtin-report.c | 19 +++++++++++++++---- 2 files changed, 19 insertions(+), 4 deletions(-) commit bb963e16507ca7670f0bb47ccaada8874b2ba6a1 Author: Namhyung Kim Date: Fri Feb 17 17:17:38 2017 +0900 perf utils: Check verbose flag properly It now can have negative value to suppress the message entirely. So it needs to check it being positive. Signed-off-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Cc: kernel-team@lge.com Link: http://lkml.kernel.org/r/20170217081742.17417-3-namhyung@kernel.org [ Adjust fuzz on tools/perf/util/pmu.c, add > 0 checks in many other places ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-diff.c | 2 +- tools/perf/builtin-mem.c | 4 ++-- tools/perf/builtin-record.c | 2 +- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-sched.c | 12 ++++++------ tools/perf/builtin-stat.c | 6 +++--- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +++--- tools/perf/pmu-events/json.c | 2 +- tools/perf/tests/attr.c | 2 +- tools/perf/tests/builtin-test.c | 2 +- tools/perf/tests/code-reading.c | 2 +- tools/perf/tests/fdarray.c | 2 +- tools/perf/tests/llvm.c | 2 +- tools/perf/tests/parse-events.c | 2 +- tools/perf/tests/perf-record.c | 4 ++-- tools/perf/tests/python-use.c | 2 +- tools/perf/tests/thread-map.c | 6 +++--- tools/perf/tests/vmlinux-kallsyms.c | 2 +- tools/perf/ui/browsers/map.c | 6 +++--- tools/perf/ui/hist.c | 2 +- tools/perf/util/annotate.c | 2 +- tools/perf/util/dso.c | 2 +- tools/perf/util/hist.c | 6 +++--- tools/perf/util/pmu.c | 8 ++++---- tools/perf/util/probe-event.c | 2 +- tools/perf/util/sort.c | 8 ++++---- tools/perf/util/stat.c | 2 +- tools/perf/util/symbol-elf.c | 2 +- 29 files changed, 52 insertions(+), 52 deletions(-) commit 80df1988201ac6648609eba13d48aef9f7974c10 Author: Namhyung Kim Date: Fri Feb 17 17:17:37 2017 +0900 perf utils: Add perf_quiet_option() The perf_quiet_option() is to suppress all messages. It's intended to be called just after parsing options. Signed-off-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Cc: kernel-team@lge.com Link: http://lkml.kernel.org/r/20170217081742.17417-2-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/debug.c | 17 +++++++++++++++++ tools/perf/util/debug.h | 1 + 2 files changed, 18 insertions(+) commit 53f724b2432a9f97a941251772f2b0d195e2d282 Merge: f3287a9 12be9f7 fe6cc17 d193c16 c7821d0 7021b60 a48324d Author: Jiri Kosina Date: Mon Feb 20 15:01:57 2017 +0100 Merge branches 'for-4.10/upstream-fixes', 'for-4.11/intel-ish', 'for-4.11/mayflash', 'for-4.11/microsoft', 'for-4.11/rmi', 'for-4.11/upstream' and 'for-4.11/wacom' into for-linus commit ac18c0c4e2b1f84fc11d013cd7363377ae4cde43 Merge: a74d1ca c3a696b ecb10b6 d222678 Author: Rafael J. Wysocki Date: Mon Feb 20 14:28:51 2017 +0100 Merge branches 'acpi-ec', 'acpi-button' and 'acpi-apei' * acpi-ec: ACPI / EC: Use busy polling mode when GPE is not enabled ACPI / EC: Remove old CLEAR_ON_RESUME quirk * acpi-button: ACPI / button: Remove lid_init_state=method mode ACPI / button: Change default behavior to lid_init_state=open * acpi-apei: ACPI, APEI, EINJ: fix malformed newline escape commit a74d1cafc22e100a9b59c50943ca09c37e03dce8 Merge: 014f403 0c6543f cbc00c1 febf240 Author: Rafael J. Wysocki Date: Mon Feb 20 14:28:03 2017 +0100 Merge branches 'acpi-bus', 'acpi-sleep' and 'acpi-processor' * acpi-bus: spi: acpi: Initialize modalias from of_compatible i2c: acpi: Initialize info.type from of_compatible ACPI / bus: Introduce acpi_of_modalias() equiv of of_modalias_node() * acpi-sleep: ACPI: save NVS memory for Lenovo G50-45 * acpi-processor: x86/ACPI: keep x86_cpu_to_acpiid mapping valid on CPU hotplug commit 014f40393ebc4ad4167d415597bad0636e5e21f9 Merge: 7089db8 0974721 Author: Rafael J. Wysocki Date: Mon Feb 20 14:27:08 2017 +0100 Merge branch 'acpica' * acpica: (22 commits) ACPICA: Update version to 20170119 ACPICA: Tools: Update common signon, remove compilation bit width ACPICA: Source tree: Update copyright notices to 2017 ACPICA: Linuxize: Restore and fix Intel compiler build ACPICA: Update version to 20161222 ACPICA: Parser: Update parse info table for some operators ACPICA: Fix a problem with recent extra support for control method invocations ACPICA: Parser: Allow method invocations as target operands ACPICA: Fix for implicit result conversion for the ToXXX functions ACPICA: Resources: Not a valid resource if buffer length too long ACPICA: Utilities: Update debug output ACPICA: Disassembler: Add Switch/Case disassembly support ACPICA: EFI: Add efihello demo application ACPICA: MSVC: Fix MSVC6 build issues ACPICA: Linux-specific header: Add support for s390x compilation ACPICA: Hardware: Add sleep register hooks ACPICA: Macro header: Fix some typos in comments ACPICA: Hardware: Sort access bit width algorithm ACPICA: Utilities: Add power of two rounding support ACPICA: Hardware: Add access_width/bit_offset support in acpi_hw_write() ... commit eee77a8a0d268b936b1641fd7d55efaa17c351d6 Merge: fccddb2 48385dd Author: Rafael J. Wysocki Date: Mon Feb 20 14:26:34 2017 +0100 Merge branch 'pm-tools' * pm-tools: tools/power/x86: Debug utility for intel_pstate driver AnalyzeSuspend: fix drag and zoom bug in javascript scripts: analyze_suspend.py: Update to upstream v4.5 scripts: analyze_suspend.py: Update to upstream v4.4 scripts: analyze_suspend.py: Update to upstream v4.3 commit fccddb25e1ec96bd11cd0fc6aa097899a9a8b44b Merge: 58339fe 00bb399 Author: Rafael J. Wysocki Date: Mon Feb 20 14:26:13 2017 +0100 Merge branch 'pm-sleep' * pm-sleep: PM / Documentation: Spelling s/wrtie/write/ PM / sleep: Fix test_suspend after sleep state rework PM / Hibernate: Use rb_entry() instead of container_of() commit 58339feae7133f1be6228b7ab56a147712aa0a92 Merge: 41ef3d1 09bb6e9 e84b4a8 16d0bf1 Author: Rafael J. Wysocki Date: Mon Feb 20 14:26:02 2017 +0100 Merge branches 'pm-core', 'pm-qos' and 'pm-domains' * pm-core: PM / wakeirq: report a wakeup_event on dedicated wekup irq PM / wakeirq: Fix spurious wake-up events for dedicated wakeirqs PM / wakeirq: Enable dedicated wakeirq for suspend * pm-qos: PM / QoS: Fix memory leak on resume_latency.notifiers PM / QoS: Remove unneeded linux/miscdevice.h include * pm-domains: PM / Domains: Provide dummy governors if CONFIG_PM_GENERIC_DOMAINS=n PM / Domains: Fix asynchronous execution of *noirq() callbacks PM / Domains: Correct comment in irq_safe_dev_in_no_sleep_domain() PM / Domains: Rename functions in genpd for power on/off commit 41ef3d1df037a429703db503e98fa948ee34b895 Merge: ad7eec4 23b017a Author: Rafael J. Wysocki Date: Mon Feb 20 14:23:40 2017 +0100 Merge branch 'pm-devfreq' * pm-devfreq: PM / devfreq: Modify the device name as devfreq(X) for sysfs PM / devfreq: Simplify the sysfs name of devfreq-event device PM / devfreq: Remove unnecessary separate _remove_devfreq() PM / devfreq: Fix wrong trans_stat of passive devfreq device PM / devfreq: Fix available_governor sysfs PM / devfreq: exynos-ppmu: Show the registred device for ppmu device PM / devfreq: Fix the wrong description for userspace governor PM / devfreq: Fix the checkpatch warnings PM / devfreq: exynos-bus: Print the real clock rate of bus PM / devfreq: exynos-ppmu: Use the regmap interface to handle the registers PM / devfreq: exynos-bus: Add the detailed correlation for Exynos5433 PM / devfreq: Don't delete sysfs group twice commit ad7eec4244a8c6b53a0d38d6fd674e9d2c92897f Merge: f6cbe34 37efa4b Author: Rafael J. Wysocki Date: Mon Feb 20 14:23:21 2017 +0100 Merge branch 'pm-cpuidle' * pm-cpuidle: CPU / PM: expose pm_qos_resume_latency for CPUs cpuidle/menu: add per CPU PM QoS resume latency consideration cpuidle/menu: stop seeking deeper idle if current state is deep enough ACPI / idle: small formatting fixes commit f6cbe34f52dedd67d156b3d5dd76eb43791ea34a Merge: 64f758a 20bb550 Author: Rafael J. Wysocki Date: Mon Feb 20 14:23:00 2017 +0100 Merge branch 'pm-cpufreq' * pm-cpufreq: (28 commits) MAINTAINERS: cpufreq: add bmips-cpufreq.c cpufreq: CPPC: add ACPI_PROCESSOR dependency cpufreq: make ti-cpufreq explicitly non-modular cpufreq: Do not clear real_cpus mask on policy init cpufreq: dt: Don't use generic platdev driver for ti-cpufreq platforms cpufreq: ti: Add cpufreq driver to determine available OPPs at runtime Documentation: dt: add bindings for ti-cpufreq cpufreq: qoriq: Don't look at clock implementation details cpufreq: qoriq: add ARM64 SoCs support cpufreq: brcmstb-avs-cpufreq: remove unnecessary platform_set_drvdata() cpufreq: s3c2416: double free on driver init error path MIPS: BMIPS: enable CPUfreq cpufreq: bmips-cpufreq: CPUfreq driver for Broadcom's BMIPS SoCs BMIPS: Enable prerequisites for CPUfreq in MIPS Kconfig. MIPS: BMIPS: Update defconfig cpufreq: Fix typos in comments cpufreq: intel_pstate: Calculate guaranteed performance for HWP cpufreq: intel_pstate: Make HWP limits compatible with legacy cpufreq: intel_pstate: Lower frequency than expected under no_turbo cpufreq: intel_pstate: Operation mode control from sysfs ... commit 64f758a07a8cdb5c2a08e0d3dfec323af1d2bac3 Merge: 7089db8 0764c60 Author: Rafael J. Wysocki Date: Mon Feb 20 14:22:50 2017 +0100 Merge branch 'pm-opp' * pm-opp: (24 commits) PM / OPP: Expose _of_get_opp_desc_node as dev_pm_opp API PM / OPP: Make _find_opp_table_unlocked() static PM / OPP: Update Documentation to remove RCU specific bits PM / OPP: Simplify dev_pm_opp_get_max_volt_latency() PM / OPP: Simplify _opp_set_availability() PM / OPP: Move away from RCU locking PM / OPP: Take kref from _find_opp_table() PM / OPP: Update OPP users to put reference PM / OPP: Add 'struct kref' to struct dev_pm_opp PM / OPP: Use dev_pm_opp_get_opp_table() instead of _add_opp_table() PM / OPP: Take reference of the OPP table while adding/removing OPPs PM / OPP: Return opp_table from dev_pm_opp_set_*() routines PM / OPP: Add 'struct kref' to OPP table PM / OPP: Add per OPP table mutex PM / OPP: Split out part of _add_opp_table() and _remove_opp_table() PM / OPP: Don't expose srcu_head to register notifiers PM / OPP: Rename dev_pm_opp_get_suspend_opp() and return OPP rate PM / OPP: Don't allocate OPP table from _opp_allocate() PM / OPP: Rename and split _dev_pm_opp_remove_table() PM / OPP: Add light weight _opp_free() routine ... commit 8312593a55941a0fae2b09731a4f91d87bd796db Merge: c470abd 3c2a769 a8d4c82 c4158ff Author: Ingo Molnar Date: Mon Feb 20 14:16:58 2017 +0100 Merge branches 'x86/cache', 'x86/debug' and 'x86/irq' into x86/urgent Pick up simple singular commits from their topic branches. Signed-off-by: Ingo Molnar commit 42f82367df2cb2b71ceead6164e4415851c51fa4 Author: Colin Ian King Date: Mon Feb 20 13:51:07 2017 +0100 video: fbdev: fsl-diu-fb: fix spelling mistake "palette" trivial fix to spelling mistakes of "palette" Signed-off-by: Colin Ian King Acked-by: Timur Tabi Signed-off-by: Bartlomiej Zolnierkiewicz drivers/video/fbdev/fsl-diu-fb.c | 4 ++-- include/linux/fsl-diu-fb.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 580203f10e0e060c35a526c3c67d6c1a44109664 Author: Arnd Bergmann Date: Mon Feb 20 13:51:07 2017 +0100 fbdev: ssd1307fb: include linux/gpio/consumer.h Changing this driver to the gpiod API requires the use of the new-style header, depending on the configuration: drivers/video/fbdev/ssd1307fb.c: In function 'ssd1307fb_probe': drivers/video/fbdev/ssd1307fb.c:569:15: error: implicit declaration of function 'devm_gpiod_get_optional';did you mean 'devm_regulator_get_optional'? [-Werror=implicit-function-declaration] drivers/video/fbdev/ssd1307fb.c:570:11: error: 'GPIOD_OUT_LOW' undeclared (first use in this function) Fixes: 72db33355c14 ("fbdev: ssd1307fb: Start to use gpiod API for reset gpio") Cc: Tomi Valkeinen Cc: Jyri Sarha Cc: LABBE Corentin Signed-off-by: Arnd Bergmann Signed-off-by: Bartlomiej Zolnierkiewicz drivers/video/fbdev/ssd1307fb.c | 1 + 1 file changed, 1 insertion(+) commit df963ea8a082d31521a120e8e31a29ad8a1dc215 Author: Jeff Layton Date: Tue Feb 14 10:09:40 2017 -0500 ceph: remove req from unsafe list when unregistering it There's no reason a request should ever be on a s_unsafe list but not in the request tree. Cc: stable@vger.kernel.org Link: http://tracker.ceph.com/issues/18474 Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/mds_client.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit b9942bc9d3c70d359496a1a0afc528d4ab89be46 Author: Bhumika Goyal Date: Sat Feb 11 12:14:38 2017 +0530 rbd: constify device_type structure Declare device_type structure as const as it is only stored in the type field of a device structure. This field is of type const, so add const to the declaration of device_type structure. File size before: text data bss dec hex filename 61546 11610 208 73364 11e94 drivers/block/rbd.o File size after: text data bss dec hex filename 61610 11578 208 73396 11eb4 drivers/block/rbd.o Signed-off-by: Bhumika Goyal Signed-off-by: Ilya Dryomov drivers/block/rbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d24b98e3a9c66b16ed029e1b2bcdf3c90e9d82d9 Author: Martin Schwidefsky Date: Mon Feb 20 09:51:36 2017 +0100 s390/syscall: fix single stepped system calls Fix PER tracing of system calls after git commit 34525e1f7e8dc478 "s390: store breaking event address only for program checks" broke it. Signed-off-by: Martin Schwidefsky arch/s390/kernel/entry.S | 1 + 1 file changed, 1 insertion(+) commit 50a0d46c98b72cde3c6945f066c0adf31e4e8590 Author: Paul Gortmaker Date: Thu Feb 9 09:48:10 2017 -0500 s390/zcrypt: make ap_bus explicitly non-modular The Makefile in drivers/s390 has: obj-y += cio/ block/ char/ crypto/ net/ scsi/ virtio/ and the Makefile in crypto/ has: ap-objs := ap_bus.o ap_card.o ap_queue.o meaning that it currently is not being built as a module by anyone. Lets remove the modular code that is essentially orphaned, so that when reading the driver there is no doubt it is builtin-only. Since module_init translates to device_initcall in the non-modular case, the init ordering remains unchanged with this commit. Also note that MODULE_ALIAS is a no-op for non-module builds. We also delete the MODULE_LICENSE tag etc. since all that information is already contained at the top of the file in the comments. We replace module.h with moduleparam.h since the file does declare some module parameters even though it is not modular itself. Signed-off-by: Paul Gortmaker Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.c | 54 +++----------------------------------------- 1 file changed, 3 insertions(+), 51 deletions(-) commit 260021e21b8fcc375984ac7733f93509bf9ad100 Author: Harald Freudenberger Date: Fri Feb 17 08:12:10 2017 +0100 s390/zcrypt: Removed unneeded debug feature directory creation. The ap bus code and the zcrypt api had invocations to the debug feature debugfs_create_dir() call but never populated these directories in any way. Removed this unneeded code. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.c | 3 --- drivers/s390/crypto/zcrypt_api.c | 3 --- 2 files changed, 6 deletions(-) commit 61841be6358c03e864ad4c386c9a102edbba9cb8 Author: Jarkko Sakkinen Date: Wed Feb 15 20:02:28 2017 +0200 tpm: declare tpm2_get_pcr_allocation() as static There's no need to export tpm2_get_pcr_alloation() because it is only a helper function for tpm2_auto_startup(). For the same reason it does not make much sense to maintain documentation for it. Signed-off-by: Jarkko Sakkinen drivers/char/tpm/tpm.h | 1 - drivers/char/tpm/tpm2-cmd.c | 94 ++++++++++++++++++++++----------------------- 2 files changed, 45 insertions(+), 50 deletions(-) commit 6c696d8560e74cd42458931375875d62ae88c6ae Author: Ilya Dryomov Date: Wed Jan 25 18:16:23 2017 +0100 rbd: kill obj_request->object_name and rbd_segment_name_cache Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 79 ++++----------------------------------------- include/linux/ceph/osdmap.h | 7 ---- 2 files changed, 7 insertions(+), 79 deletions(-) commit a90bb0c1d47dc1195bc6ac753b34a52535089f80 Author: Ilya Dryomov Date: Wed Jan 25 18:16:23 2017 +0100 rbd: store and use obj_request->object_no object_no can be trivially formatted into an object name. We already store object names in OSD requests with special care to avoid dynamic allocations for short names. Storing a name in obj_request, obtained as below (!), is a waste and will be removed in the next commit. name = kmem_cache_alloc(rbd_segment_name_cache, ...); snprintf(name, ...); obj_request->object_name = kstrdup(name); kmem_cache_free(rbd_segment_name_cache, name); ... ceph_oid_aprintf(..., "%s", obj_request->object_name); Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) commit 223768d02e2ca5c1747099e03cf949c17aebffd2 Author: Ilya Dryomov Date: Wed Jan 25 18:16:23 2017 +0100 rbd: RBD_V{1,2}_DATA_FORMAT macros ... and also fix up the comment -- format 1 data objects have always been 12 hex digits long. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 6 ++---- drivers/block/rbd_types.h | 7 ++++--- 2 files changed, 6 insertions(+), 7 deletions(-) commit bc81207ea9fc01896cbc102f025f1ebb2c4bae1d Author: Ilya Dryomov Date: Wed Jan 25 18:16:23 2017 +0100 rbd: factor out __rbd_osd_req_create() Factor OSD request allocation and initialization code out into __rbd_osd_req_create(). Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 103 ++++++++++++++++++++-------------------------------- 1 file changed, 40 insertions(+), 63 deletions(-) commit 67e2b65274e3c5fc9100544c1f90adcc85dbe597 Author: Ilya Dryomov Date: Wed Jan 25 18:16:22 2017 +0100 rbd: set offset and length outside of rbd_obj_request_create() The allocation doesn't depend on offset and length. Both offset and length can be changed after obj_request is allocated, too. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) commit 7e97332ea9caad3b7c6d86bc3b982e17eda2f736 Author: Ilya Dryomov Date: Wed Jan 25 18:16:22 2017 +0100 rbd: support for data-pool feature Add support for RBD_FEATURE_DATA_POOL feature. rbd_dev->layout.pool_id now stores the data pool id. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) commit 263423f8adf4acbdc4fd26ed5b35f4a6408bc0ab Author: Ilya Dryomov Date: Wed Jan 25 18:16:22 2017 +0100 rbd: introduce rbd_init_layout() Rather than initializing layout fields with some made up values in __rbd_dev_create(), move the initialization into rbd_init_layout() and call it after the header is actually populated. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) commit 5bc3fb177548503735bcc35fe98475d883740ecb Author: Ilya Dryomov Date: Wed Jan 25 18:16:22 2017 +0100 rbd: use rbd_obj_bytes() more Returning u64 doesn't make sense: max header->obj_order is 25 and ceph_file_layout::object_size is u32. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 03acf083355ffeb89b9269d205004d6d888fff99 Author: Ilya Dryomov Date: Wed Jan 25 18:16:22 2017 +0100 rbd: remove now unused rbd_obj_request_wait() and helpers Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 38 -------------------------------------- 1 file changed, 38 deletions(-) commit ecd4a68a26a2159b9f7233c6e892c94c90074cb0 Author: Ilya Dryomov Date: Wed Jan 25 18:16:21 2017 +0100 rbd: switch rbd_obj_method_sync() to ceph_osdc_call() As explained in the previous commit, rbd_obj_request machinery (and rbd_osd_req_create() in particular) shouldn't be used for working with metadata objects. Switch to the recently added ceph_osdc_call(). It assumes single pages for outbound and inbound buffers, but that's OK - none of the callers need more than that. These pages need to be allocated (messenger is in dire need of proper iterator interface!), but we are swapping for pages[] and pagelist allocations in the existing code. Kill class_name argument - all rbd methods are under "rbd". Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 162 ++++++++++++++++++++++------------------------------ 1 file changed, 67 insertions(+), 95 deletions(-) commit 2544a02090aa76ffb8069e6bf23d886e34d9c8da Author: Ilya Dryomov Date: Wed Jan 25 18:16:21 2017 +0100 libceph: pass reply buffer length through ceph_osdc_call() To spare checking for "this reply fits into a page, but does it fit into my buffer?" in some callers, osd_req_op_cls_response_data_pages() needs to know how big it is. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman net/ceph/cls_lock_client.c | 2 +- net/ceph/osd_client.c | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) commit fe5478e0f6694312ad17dea7083296c1aea0a049 Author: Ilya Dryomov Date: Wed Jan 25 18:16:21 2017 +0100 rbd: do away with obj_request in rbd_obj_read_sync() rbd_obj_request machinery is completely unnecessary here; all that's being done is fetching a metadata object - no striping, cloning, etc. More importantly, rbd_osd_req_create() grabs pool id from layout and that is becoming a data pool id. Kill offset argument - all metadata objects are small and read in full. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 81 +++++++++++++++++++++-------------------------------- 1 file changed, 32 insertions(+), 49 deletions(-) commit 431a02cd82dd028f650d588f7cedc78643c5c86a Author: Ilya Dryomov Date: Wed Jan 25 18:16:21 2017 +0100 rbd: initialize rbd_dev->header_oloc early No reason to delay it until image_id is known. This will be required by some rbd_obj_method_sync() callers, after rbd_obj_method_sync() is changed to take oloc. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 24dca799fdbeeb0c955ef2f56a37461e6566aa07 Author: Ilya Dryomov Date: Wed Jan 25 18:16:21 2017 +0100 rbd: kill rbd_image_header::{crypt_type,comp_type} Image format 1 is deprecated and format 2 doesn't have these. Also, __rbd_dev_create() takes care of zeroing (or otherwise initializing) format 2 specific fields. Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 9 --------- drivers/block/rbd_types.h | 3 --- 2 files changed, 12 deletions(-) commit 848d796c8c918e2d60060992786f82754f539cd4 Author: Ilya Dryomov Date: Wed Jan 25 18:16:21 2017 +0100 rbd: use kstrndup() in rbd_header_from_disk() Signed-off-by: Ilya Dryomov Reviewed-by: Jason Dillaman drivers/block/rbd.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit 083a51fbc57ca848ab087692f3cc97898fd88b54 Author: Ilya Dryomov Date: Thu Feb 9 16:14:52 2017 +0100 libceph: bump CEPH_PG_MAX_SIZE to 32 ... to accommodate potentially very wide EC pools. This increases the size of a typical rbd ceph_osd_request by ~12% (from 1040 to 1168 bytes), but I'd rather go future proof here. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil include/linux/ceph/rados.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ef9324bb11357c02a4f0529b806341e5b768d872 Author: Ilya Dryomov Date: Wed Feb 8 18:57:48 2017 +0100 libceph: don't go through with the mapping if the PG is too wide With EC overwrites maturing, the kernel client will be getting exposed to potentially very wide EC pools. While "min(pi->size, X)" works fine when the cluster is stable and happy, truncating OSD sets interferes with resend logic (ceph_is_new_interval(), etc). Abort the mapping if the pool is too wide, assigning the request to the homeless session. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/osdmap.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 743efcffffc6620ab44ea9ec67c7e4e28dfa7742 Author: Ilya Dryomov Date: Tue Jan 31 15:55:06 2017 +0100 crush: merge working data and scratch Much like Arlo Guthrie, I decided that one big pile is better than two little piles. Reflects ceph.git commit 95c2df6c7e0b22d2ea9d91db500cf8b9441c73ba. Signed-off-by: Ilya Dryomov include/linux/ceph/osdmap.h | 3 +-- include/linux/crush/mapper.h | 14 +++++++++++++- net/ceph/crush/mapper.c | 17 +++++++---------- net/ceph/osdmap.c | 14 ++++++++------ 4 files changed, 29 insertions(+), 19 deletions(-) commit 66a0e2d579dbec5c676cfe446234ffebb267c564 Author: Ilya Dryomov Date: Tue Jan 31 15:55:06 2017 +0100 crush: remove mutable part of CRUSH map Then add it to the working state. It would be very nice if we didn't have to take a lock to calculate a crush placement. By moving the permutation array into the working data, we can treat the CRUSH map as immutable. Reflects ceph.git commit cbcd039651c0569551cb90d26ce27e1432671f2a. Signed-off-by: Ilya Dryomov include/linux/ceph/osdmap.h | 1 + include/linux/crush/crush.h | 41 +++++++-- include/linux/crush/mapper.h | 4 +- net/ceph/crush/crush.c | 5 -- net/ceph/crush/mapper.c | 206 +++++++++++++++++++++++++++++-------------- net/ceph/osdmap.c | 47 ++++++++-- 6 files changed, 218 insertions(+), 86 deletions(-) commit 1b6a78b5b91cdc07cc0b940b458e90c86835cf73 Author: Ilya Dryomov Date: Tue Jan 31 15:55:06 2017 +0100 libceph: add osdmap_set_crush() helper Simplify osdmap_decode() and osdmap_apply_incremental() a bit. Signed-off-by: Ilya Dryomov net/ceph/osdmap.c | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) commit 19def166f3781edb4c68c3c68fcb8199eed2d605 Author: Stafford Horne Date: Sun Feb 5 16:07:32 2017 +0900 libceph: remove unneeded stddef.h include This was causing a build failure for openrisc when using musl and gcc 5.4.0 since the file is not available in the toolchain. It doesnt seem this is needed and removing it does not cause any build warnings for me. Signed-off-by: Stafford Horne Signed-off-by: Ilya Dryomov net/ceph/snapshot.c | 2 -- 1 file changed, 2 deletions(-) commit 5eb9f6040f3854c5b92c60fd211dc0235ef25ca8 Author: Jeff Layton Date: Mon Jan 30 09:47:25 2017 -0500 ceph: do a LOOKUP in d_revalidate instead of GETATTR In commit c3f4688a08f (ceph: don't set req->r_locked_dir in ceph_d_revalidate), we changed the code to do a GETATTR instead of a LOOKUP as the parent info isn't strictly necessary to revalidate the dentry. What we missed there though is that in order to update the lease on the dentry after revalidating it, we _do_ need parent info. Change ceph_d_revalidate back to doing a LOOKUP instead of a GETATTR so that we can get the parent info in order to update the lease from ceph_fill_trace. Note that we set req->r_parent here, but we cannot set the CEPH_MDS_R_PARENT_LOCKED flag as we can't guarantee that it is. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/dir.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit cdde7c43513de7d8baec3ad7f6a01a177e00e968 Author: Jeff Layton Date: Fri Jan 27 13:07:10 2017 -0500 ceph: call update_dentry_lease even when r_locked dir is not set We don't really require that the parent be locked in order to update the lease on a dentry. Lease info is protected by the d_lock. In the event that the parent is not locked in ceph_fill_trace, and we have both parent and target info, go ahead and update the dentry lease. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/inode.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit f5d55f03973f79a008bf8635452849f8ef589c23 Author: Jeff Layton Date: Fri Jan 27 09:13:57 2017 -0500 ceph: vet the target and parent inodes before updating dentry lease In a later patch, we're going to need to allow ceph_fill_trace to update the dentry's lease when the parent is not locked. This is potentially racy though -- by the time we get around to processing the trace, the parent may have already changed. Change update_dentry_lease to take a ceph_vino pointer and use that to ensure that the dentry's parent still matches it before updating the lease. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/inode.c | 72 ++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 24 deletions(-) commit 80d025ffede88969f6adf7266fbdedfd5641148a Author: Jeff Layton Date: Thu Jan 26 16:14:18 2017 -0500 ceph: don't update_dentry_lease unless we actually got one This if block updates the dentry lease even in the case where the MDS didn't grant one. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3dd69aabcef3d835446a9a1e11d2eab0e6e35e95 Author: Jeff Layton Date: Tue Jan 31 10:28:26 2017 -0500 ceph: add a new flag to indicate whether parent is locked struct ceph_mds_request has an r_locked_dir pointer, which is set to indicate the parent inode and that its i_rwsem is locked. In some critical places, we need to be able to indicate the parent inode to the request handling code, even when its i_rwsem may not be locked. Most of the code that operates on r_locked_dir doesn't require that the i_rwsem be locked. We only really need it to handle manipulation of the dcache. The rest (filling of the inode, updating dentry leases, etc.) already has its own locking. Add a new r_req_flags bit that indicates whether the parent is locked when doing the request, and rename the pointer to "r_parent". For now, all the places that set r_parent also set this flag, but that will change in a later patch. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/dir.c | 21 ++++++++++++++------- fs/ceph/export.c | 3 ++- fs/ceph/file.c | 3 ++- fs/ceph/inode.c | 13 +++++++------ fs/ceph/mds_client.c | 24 ++++++++++++------------ fs/ceph/mds_client.h | 3 ++- 6 files changed, 39 insertions(+), 28 deletions(-) commit bc2de10dc4da5036ada3381775bd966f0c21c603 Author: Jeff Layton Date: Wed Feb 1 13:49:09 2017 -0500 ceph: convert bools in ceph_mds_request to a new r_req_flags field Currently, we have a bunch of bool flags in struct ceph_mds_request. We need more flags though, but each bool takes (at least) a byte. Those add up over time. Merge all of the existing bools in this struct into a single unsigned long, and use the set/test/clear_bit macros to manipulate them. These are atomic operations, but that is required here to prevent load/modify/store races. The existing flags are protected by different locks, so we can't rely on them for that purpose. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/debugfs.c | 2 +- fs/ceph/dir.c | 4 ++-- fs/ceph/inode.c | 18 +++++++++--------- fs/ceph/mds_client.c | 47 +++++++++++++++++++++++++---------------------- fs/ceph/mds_client.h | 12 ++++++++---- 5 files changed, 45 insertions(+), 38 deletions(-) commit f5a03b080450784e671998921feb62fd3846c953 Author: Jeff Layton Date: Tue Jan 31 11:06:13 2017 -0500 ceph: drop session argument to ceph_fill_trace Just get it from r_session since that's what's always passed in. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/inode.c | 4 ++-- fs/ceph/mds_client.c | 2 +- fs/ceph/super.h | 3 +-- 3 files changed, 4 insertions(+), 5 deletions(-) commit 6fffaef954c432f6ddb42ec1064087e8ed704ca8 Author: Jeff Layton Date: Tue Jan 31 10:55:38 2017 -0500 ceph: remove "Debugging hook" from ceph_fill_trace Keeping around commented out code is just asking for it to bitrot and makes viewing the code under cscope more confusing. If we really need this, then we can revert this patch and put it under a Kconfig option. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/inode.c | 34 ---------------------------------- 1 file changed, 34 deletions(-) commit c1944fedd8c492ce1c1a99ca9064dcc7bafa80e9 Author: Yan, Zheng Date: Sun Jan 29 22:15:47 2017 +0800 ceph: avoid calling ceph_renew_caps() infinitely __ceph_caps_mds_wanted() ignores caps from stale session. So the return value of __ceph_caps_mds_wanted() can keep the same across ceph_renew_caps(). This causes try_get_cap_refs() to keep calling ceph_renew_caps(). The fix is ignore the session valid check for the try_get_cap_refs() case. If session is stale, just let the caps requester sleep. Signed-off-by: Yan, Zheng fs/ceph/caps.c | 6 +++--- fs/ceph/file.c | 2 +- fs/ceph/super.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) commit 00f06cba53f53f3f7be8ac4f9ba2c2f6a94bca6f Author: Yan, Zheng Date: Tue Jan 24 10:02:32 2017 +0800 ceph: make sure flushing inode in proper session's cap_flushing list when flushing inode's auth cap changes, we need to move it into the new auth cap session's cap_flushing list Signed-off-by: Yan, Zheng fs/ceph/caps.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit d641df819db8b80198fd85d9de91137e8a823b07 Author: Yan, Zheng Date: Thu Jan 19 11:21:29 2017 +0800 ceph: update readpages osd request according to size of pages add_to_page_cache_lru() can fails, so the actual pages to read can be smaller than the initial size of osd request. We need to update osd request size in that case. Signed-off-by: Yan, Zheng Reviewed-by: Jeff Layton fs/ceph/addr.c | 1 + net/ceph/osd_client.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) commit 24c149ad6914d349d8b64749f20f3f8ea5031fe0 Author: Jeff Layton Date: Thu Jan 12 14:42:40 2017 -0500 ceph: fix bogus endianness change in ceph_ioctl_set_layout sparse says: fs/ceph/ioctl.c:100:28: warning: cast to restricted __le64 preferred_osd is a __s64 so we don't need to do any conversion. Also, just remove the cast in ceph_ioctl_get_layout as it's not needed. Signed-off-by: Jeff Layton Reviewed-by: Sage Weil Signed-off-by: Ilya Dryomov fs/ceph/ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7fea24c6d4a553c59937ae4fef95c730a88125cb Author: Ilya Dryomov Date: Mon Jan 16 14:35:17 2017 +0100 libceph: include linux/sched.h into crypto.c directly Currently crypto.c gets linux/sched.h indirectly through linux/slab.h from linux/kasan.h. Include it directly for memalloc_noio_*() inlines. Signed-off-by: Ilya Dryomov net/ceph/crypto.c | 1 + 1 file changed, 1 insertion(+) commit d24cdcd3e40a6825135498e11c20c7976b9bf545 Author: Arnd Bergmann Date: Mon Jan 16 12:06:09 2017 +0100 libceph: use BUG() instead of BUG_ON(1) I ran into this compile warning, which is the result of BUG_ON(1) not always leading to the compiler treating the code path as unreachable: include/linux/ceph/osdmap.h: In function 'ceph_can_shift_osds': include/linux/ceph/osdmap.h:62:1: error: control reaches end of non-void function [-Werror=return-type] Using BUG() here avoids the warning. Signed-off-by: Arnd Bergmann Signed-off-by: Ilya Dryomov include/linux/ceph/osdmap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit eb65b919b914e65485fd8134912066f4fafc4f1e Author: Yan, Zheng Date: Thu Jan 12 17:18:00 2017 +0800 ceph: avoid updating mds_wanted too frequently user space may open/close single file frequently. It's not good to send a clientcaps message to mds for each open/close syscall. Signed-off-by: Yan, Zheng fs/ceph/caps.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 7c94ba27903c3c46c5829e96efb7c2a8ab7510e9 Author: Andreas Gerstmayr Date: Tue Jan 10 14:17:56 2017 +0100 ceph: set io_pages bdi hint This patch sets the io_pages bdi hint based on the rsize mount option. Without this patch large buffered reads (request size > max readahead) are processed sequentially in chunks of the readahead size (i.e. read requests are sent out up to the readahead size, then the do_generic_file_read() function waits until the first page is received). With this patch read requests are sent out at once up to the size specified in the rsize mount option (default: 64 MB). Signed-off-by: Andreas Gerstmayr Acked-by: Jeff Layton Signed-off-by: Yan, Zheng Documentation/filesystems/ceph.txt | 5 ++--- fs/ceph/super.c | 8 ++++++++ fs/ceph/super.h | 4 ++-- 3 files changed, 12 insertions(+), 5 deletions(-) commit 0fbc5360bf433ffeccbb94ef806d637049899741 Author: Colin Ian King Date: Thu Dec 29 20:19:32 2016 +0000 ceph: fix spelling mistake: "enabing" -> "enabling" trivial fix to spelling mistake in debug message Signed-off-by: Colin Ian King Signed-off-by: Yan, Zheng fs/ceph/cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 52953d55917e45fdf62d5e6cb37c61c32dc8d373 Author: Seraphime Kirkovski Date: Mon Dec 26 10:26:34 2016 +0100 ceph: cleanup ACCESS_ONCE -> READ_ONCE This removes the uses of ACCESS_ONCE in favor of READ_ONCE Signed-off-by: Seraphime Kirkovski Signed-off-by: Yan, Zheng fs/ceph/addr.c | 4 ++-- fs/ceph/caps.c | 2 +- fs/ceph/dir.c | 2 +- fs/ceph/inode.c | 2 +- fs/ceph/mds_client.c | 10 +++++----- 5 files changed, 10 insertions(+), 10 deletions(-) commit ca6c8ae0f7930dad7e10664e3b5bc657dd75be60 Author: Jeff Layton Date: Thu Dec 15 08:37:59 2016 -0500 ceph: pass parent inode info to ceph_encode_dentry_release if we have it If we have a parent inode reference already, then we don't need to go back up the directory tree to find one. Link: http://tracker.ceph.com/issues/18148 Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/caps.c | 11 +++++++---- fs/ceph/mds_client.c | 7 +++++-- fs/ceph/super.h | 1 + 3 files changed, 13 insertions(+), 6 deletions(-) commit adf0d68701c7f3e50f21308c76f41e60956a6832 Author: Jeff Layton Date: Thu Dec 15 08:37:58 2016 -0500 ceph: fix unsafe dcache access in ceph_encode_dentry_release Accessing d_parent requires some sort of locking or it could vanish out from under us. Since we take the d_lock anyway, use that to fetch d_parent and take a reference to it, and then use that reference to call ceph_encode_inode_release. Link: http://tracker.ceph.com/issues/18148 Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/caps.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit fd36a71762f3b0fcb9741ed24021afabec7e0c45 Author: Jeff Layton Date: Thu Dec 15 08:37:58 2016 -0500 ceph: pass parent dir ino info to build_dentry_path In the event that we have a parent inode reference in the request, we can use that instead of mucking about in the dcache. Pass any parent inode info we have down to build_dentry_path so it can make use of it. Link: http://tracker.ceph.com/issues/18148 Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/mds_client.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit c6b0b656ca24ede6657abb4a2cd910fa9c1879ba Author: Jeff Layton Date: Thu Dec 15 08:37:57 2016 -0500 ceph: clean up unsafe d_parent accesses in build_dentry_path While we hold a reference to the dentry when build_dentry_path is called, we could end up racing with a rename that changes d_parent. Handle that situation correctly, by using the rcu_read_lock to ensure that the parent dentry and inode stick around long enough to safely check ceph_snap and ceph_ino. Link: http://tracker.ceph.com/issues/18148 Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/mds_client.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 30c71233a1d4b5c23ad6652847285bf6b57086e2 Author: Jeff Layton Date: Thu Dec 15 08:37:56 2016 -0500 ceph: clean up unsafe d_parent access in __choose_mds __choose_mds exists to pick an MDS to use when issuing a call. Doing that typically involves picking an inode and using the authoritative MDS for it. In most cases, that's pretty straightforward, as we are using an inode to which we hold a reference (usually represented by r_dentry or r_inode in the request). In the case of a snapshotted directory however, we need to fetch the non-snapped parent, which involves walking back up the parents in the tree. The dentries in the snapshot dir are effectively frozen but the overall parent is _not_, and could vanish if a concurrent rename were to occur. Clean this code up and take special care to ensure the validity of the entries we're working with. First, try to use the inode in r_locked_dir if one exists. If not and all we have is r_dentry, then we have to walk back up the tree. Use the rcu_read_lock for this so we can ensure that any d_parent we find won't go away, and take extra care to deal with the possibility that the dentries could go negative. Change get_nonsnap_parent to return an inode, and take a reference to that inode before returning (if any). Change all of the other places where we set "inode" in __choose_mds to also take a reference, and then call iput on that inode before exiting the function. Link: http://tracker.ceph.com/issues/18148 Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/mds_client.c | 64 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 42 insertions(+), 22 deletions(-) commit a26d553400b30b6e0389f5c723c0fc6f7ea473da Merge: 843574a bcd3bb6 Author: Paolo Bonzini Date: Mon Feb 20 11:54:22 2017 +0100 Merge branch 'kvm-ppc-next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into HEAD Paul Mackerras writes: "Please do a pull from my kvm-ppc-next branch to get some fixes which I would like to have in 4.11. There are four small commits there; two are fixes for potential host crashes in the new HPT resizing code, and the other two are changes to printks to make KVM on PPC a little less noisy." commit 95cb64c1fe61e70685a95f6260c8e9cd219fe08c Author: Peter Zijlstra Date: Sat Feb 18 15:26:45 2017 +0100 fork: Fix task_struct alignment Stupid bug that wrecked the alignment of task_struct and causes WARN()s in the x86 FPU code on some platforms. Reported-by: Fengguang Wu Tested-by: Fengguang Wu Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: e274795ea7b7 ("locking/mutex: Fix mutex handoff") Link: http://lkml.kernel.org/r/20170218142645.GH6500@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar kernel/fork.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d2bb390a2081a36ffe906724d2848d846f2aeb29 Author: Detlef Urban Date: Mon Feb 20 09:47:59 2017 +0100 ALSA: usb-audio: Tascam US-16x08 DSP mixer quirk Add mixer quirk for Tascam US-16x08 usb interface. Even that this is an usb compliant device, the input channels and DSP functions (EQ/Compressor) aren't accessible by default. Signed-off-by: Detlef Urban Signed-off-by: Takashi Iwai sound/usb/Makefile | 1 + sound/usb/mixer_quirks.c | 5 + sound/usb/mixer_us16x08.c | 1465 +++++++++++++++++++++++++++++++++++++++++++++ sound/usb/mixer_us16x08.h | 122 ++++ 4 files changed, 1593 insertions(+) commit 9f0c18aec620bc9d82268b3cb937568dd07b43ff Author: Josh Poimboeuf Date: Wed Feb 15 12:21:17 2017 -0600 objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree modules When building a CONFIG_STACK_VALIDATION enabled kernel without the libelf devel package installed, the Makefile prints a warning: "Cannot use CONFIG_STACK_VALIDATION, please install libelf-dev, libelf-devel or elfutils-libelf-devel" But when building an out-of-tree module, the warning doesn't show. Instead it tries to use objtool, and the build fails with: /bin/sh: ./tools/objtool/objtool: No such file or directory Make sure the warning and the disabling of objtool occur in all cases, by moving the CONFIG_STACK_VALIDATION checks outside the 'ifeq ($(KBUILD_EXTMOD),)' block in the Makefile. Tested-By: Marc MERLIN Suggested-by: Jessica Yu Reported-by: Marc MERLIN Signed-off-by: Josh Poimboeuf Reviewed-by: Jessica Yu Cc: Linus Torvalds Cc: Michal Marek Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 3b27a0c85d70 ("objtool: Detect and warn if libelf is missing and don't break the build") Link: http://lkml.kernel.org/r/b3088ae4a8698143d4851965793c61fec2135b1f.1487182864.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar Makefile | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit fc0e23fad33198fc7d74227dba7bbc3a5d7755aa Merge: af67716 3bb9eca Author: Takashi Iwai Date: Mon Feb 20 08:52:50 2017 +0100 Merge branch 'for-next' into for-linus commit af5f42a7e426a87bfa69adc9b9d8930385a1ddf6 Author: Shaohua Li Date: Sun Feb 19 22:41:27 2017 -0800 md/raid1: fix a use-after-free bug Commit fd76863 (RAID1: a new I/O barrier implementation to remove resync window) introduces a user-after-free bug. Signed-off-by: Shaohua Li drivers/md/raid1.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 824e47daddbfc6ebe1006b8659f080620472a136 Author: colyli@suse.de Date: Sat Feb 18 03:05:57 2017 +0800 RAID1: avoid unnecessary spin locks in I/O barrier code When I run a parallel reading performan testing on a md raid1 device with two NVMe SSDs, I observe very bad throughput in supprise: by fio with 64KB block size, 40 seq read I/O jobs, 128 iodepth, overall throughput is only 2.7GB/s, this is around 50% of the idea performance number. The perf reports locking contention happens at allow_barrier() and wait_barrier() code, - 41.41% fio [kernel.kallsyms] [k] _raw_spin_lock_irqsave - _raw_spin_lock_irqsave + 89.92% allow_barrier + 9.34% __wake_up - 37.30% fio [kernel.kallsyms] [k] _raw_spin_lock_irq - _raw_spin_lock_irq - 100.00% wait_barrier The reason is, in these I/O barrier related functions, - raise_barrier() - lower_barrier() - wait_barrier() - allow_barrier() They always hold conf->resync_lock firstly, even there are only regular reading I/Os and no resync I/O at all. This is a huge performance penalty. The solution is a lockless-like algorithm in I/O barrier code, and only holding conf->resync_lock when it has to. The original idea is from Hannes Reinecke, and Neil Brown provides comments to improve it. I continue to work on it, and make the patch into current form. In the new simpler raid1 I/O barrier implementation, there are two wait barrier functions, - wait_barrier() Which calls _wait_barrier(), is used for regular write I/O. If there is resync I/O happening on the same I/O barrier bucket, or the whole array is frozen, task will wait until no barrier on same barrier bucket, or the whold array is unfreezed. - wait_read_barrier() Since regular read I/O won't interfere with resync I/O (read_balance() will make sure only uptodate data will be read out), it is unnecessary to wait for barrier in regular read I/Os, waiting in only necessary when the whole array is frozen. The operations on conf->nr_pending[idx], conf->nr_waiting[idx], conf-> barrier[idx] are very carefully designed in raise_barrier(), lower_barrier(), _wait_barrier() and wait_read_barrier(), in order to avoid unnecessary spin locks in these functions. Once conf-> nr_pengding[idx] is increased, a resync I/O with same barrier bucket index has to wait in raise_barrier(). Then in _wait_barrier() if no barrier raised in same barrier bucket index and array is not frozen, the regular I/O doesn't need to hold conf->resync_lock, it can just increase conf->nr_pending[idx], and return to its caller. wait_read_barrier() is very similar to _wait_barrier(), the only difference is it only waits when array is frozen. For heavy parallel reading I/Os, the lockless I/O barrier code almostly gets rid of all spin lock cost. This patch significantly improves raid1 reading peroformance. From my testing, a raid1 device built by two NVMe SSD, runs fio with 64KB blocksize, 40 seq read I/O jobs, 128 iodepth, overall throughput increases from 2.7GB/s to 4.6GB/s (+70%). Changelog V4: - Change conf->nr_queued[] to atomic_t. - Define BARRIER_BUCKETS_NR_BITS by (PAGE_SHIFT - ilog2(sizeof(atomic_t))) V3: - Add smp_mb__after_atomic() as Shaohua and Neil suggested. - Change conf->nr_queued[] from atomic_t to int. - Change conf->array_frozen from atomic_t back to int, and use READ_ONCE(conf->array_frozen) to check value of conf->array_frozen in _wait_barrier() and wait_read_barrier(). - In _wait_barrier() and wait_read_barrier(), add a call to wake_up(&conf->wait_barrier) after atomic_dec(&conf->nr_pending[idx]), to fix a deadlock between _wait_barrier()/wait_read_barrier and freeze_array(). V2: - Remove a spin_lock/unlock pair in raid1d(). - Add more code comments to explain why there is no racy when checking two atomic_t variables at same time. V1: - Original RFC patch for comments. Signed-off-by: Coly Li Cc: Shaohua Li Cc: Hannes Reinecke Cc: Johannes Thumshirn Cc: Guoqing Jiang Reviewed-by: Neil Brown Signed-off-by: Shaohua Li drivers/md/raid1.c | 165 ++++++++++++++++++++++++++++++++++++----------------- drivers/md/raid1.h | 31 +++++----- 2 files changed, 130 insertions(+), 66 deletions(-) commit fd76863e37fef26fe05547fddfa6e3d05e1682e6 Author: colyli@suse.de Date: Sat Feb 18 03:05:56 2017 +0800 RAID1: a new I/O barrier implementation to remove resync window 'Commit 79ef3a8aa1cb ("raid1: Rewrite the implementation of iobarrier.")' introduces a sliding resync window for raid1 I/O barrier, this idea limits I/O barriers to happen only inside a slidingresync window, for regular I/Os out of this resync window they don't need to wait for barrier any more. On large raid1 device, it helps a lot to improve parallel writing I/O throughput when there are background resync I/Os performing at same time. The idea of sliding resync widow is awesome, but code complexity is a challenge. Sliding resync window requires several variables to work collectively, this is complexed and very hard to make it work correctly. Just grep "Fixes: 79ef3a8aa1" in kernel git log, there are 8 more patches to fix the original resync window patch. This is not the end, any further related modification may easily introduce more regreassion. Therefore I decide to implement a much simpler raid1 I/O barrier, by removing resync window code, I believe life will be much easier. The brief idea of the simpler barrier is, - Do not maintain a global unique resync window - Use multiple hash buckets to reduce I/O barrier conflicts, regular I/O only has to wait for a resync I/O when both them have same barrier bucket index, vice versa. - I/O barrier can be reduced to an acceptable number if there are enough barrier buckets Here I explain how the barrier buckets are designed, - BARRIER_UNIT_SECTOR_SIZE The whole LBA address space of a raid1 device is divided into multiple barrier units, by the size of BARRIER_UNIT_SECTOR_SIZE. Bio requests won't go across border of barrier unit size, that means maximum bio size is BARRIER_UNIT_SECTOR_SIZE<<9 (64MB) in bytes. For random I/O 64MB is large enough for both read and write requests, for sequential I/O considering underlying block layer may merge them into larger requests, 64MB is still good enough. Neil also points out that for resync operation, "we want the resync to move from region to region fairly quickly so that the slowness caused by having to synchronize with the resync is averaged out over a fairly small time frame". For full speed resync, 64MB should take less then 1 second. When resync is competing with other I/O, it could take up a few minutes. Therefore 64MB size is fairly good range for resync. - BARRIER_BUCKETS_NR There are BARRIER_BUCKETS_NR buckets in total, which is defined by, #define BARRIER_BUCKETS_NR_BITS (PAGE_SHIFT - 2) #define BARRIER_BUCKETS_NR (1<> BARRIER_UNIT_SECTOR_BITS, BARRIER_BUCKETS_NR_BITS); } Here sector_nr is the start sector number of a bio. - Single bio won't go across boundary of a I/O barrier unit If a request goes across boundary of barrier unit, it will be split. A bio may be split in raid1_make_request() or raid1_sync_request(), if sectors returned by align_to_barrier_unit_end() is smaller than original bio size. Comparing to single sliding resync window, - Currently resync I/O grows linearly, therefore regular and resync I/O will conflict within a single barrier units. So the I/O behavior is similar to single sliding resync window. - But a barrier unit bucket is shared by all barrier units with identical barrier uinit index, the probability of conflict might be higher than single sliding resync window, in condition that writing I/Os always hit barrier units which have identical barrier bucket indexs with the resync I/Os. This is a very rare condition in real I/O work loads, I cannot imagine how it could happen in practice. - Therefore we can achieve a good enough low conflict rate with much simpler barrier algorithm and implementation. There are two changes should be noticed, - In raid1d(), I change the code to decrease conf->nr_pending[idx] into single loop, it looks like this, spin_lock_irqsave(&conf->device_lock, flags); conf->nr_queued[idx]--; spin_unlock_irqrestore(&conf->device_lock, flags); This change generates more spin lock operations, but in next patch of this patch set, it will be replaced by a single line code, atomic_dec(&conf->nr_queueud[idx]); So we don't need to worry about spin lock cost here. - Mainline raid1 code split original raid1_make_request() into raid1_read_request() and raid1_write_request(). If the original bio goes across an I/O barrier unit size, this bio will be split before calling raid1_read_request() or raid1_write_request(), this change the code logic more simple and clear. - In this patch wait_barrier() is moved from raid1_make_request() to raid1_write_request(). In raid_read_request(), original wait_barrier() is replaced by raid1_read_request(). The differnece is wait_read_barrier() only waits if array is frozen, using different barrier function in different code path makes the code more clean and easy to read. Changelog V4: - Add alloc_r1bio() to remove redundant r1bio memory allocation code. - Fix many typos in patch comments. - Use (PAGE_SHIFT - ilog2(sizeof(int))) to define BARRIER_BUCKETS_NR_BITS. V3: - Rebase the patch against latest upstream kernel code. - Many fixes by review comments from Neil, - Back to use pointers to replace arraries in struct r1conf - Remove total_barriers from struct r1conf - Add more patch comments to explain how/why the values of BARRIER_UNIT_SECTOR_SIZE and BARRIER_BUCKETS_NR are decided. - Use get_unqueued_pending() to replace get_all_pendings() and get_all_queued() - Increase bucket number from 512 to 1024 - Change code comments format by review from Shaohua. V2: - Use bio_split() to split the orignal bio if it goes across barrier unit bounday, to make the code more simple, by suggestion from Shaohua and Neil. - Use hash_long() to replace original linear hash, to avoid a possible confilict between resync I/O and sequential write I/O, by suggestion from Shaohua. - Add conf->total_barriers to record barrier depth, which is used to control number of parallel sync I/O barriers, by suggestion from Shaohua. - In V1 patch the bellowed barrier buckets related members in r1conf are allocated in memory page. To make the code more simple, V2 patch moves the memory space into struct r1conf, like this, - int nr_pending; - int nr_waiting; - int nr_queued; - int barrier; + int nr_pending[BARRIER_BUCKETS_NR]; + int nr_waiting[BARRIER_BUCKETS_NR]; + int nr_queued[BARRIER_BUCKETS_NR]; + int barrier[BARRIER_BUCKETS_NR]; This change is by the suggestion from Shaohua. - Remove some inrelavent code comments, by suggestion from Guoqing. - Add a missing wait_barrier() before jumping to retry_write, in raid1_make_write_request(). V1: - Original RFC patch for comments Signed-off-by: Coly Li Cc: Johannes Thumshirn Cc: Guoqing Jiang Reviewed-by: Neil Brown Signed-off-by: Shaohua Li drivers/md/raid1.c | 473 +++++++++++++++++++++++++++++------------------------ drivers/md/raid1.h | 57 ++++--- 2 files changed, 294 insertions(+), 236 deletions(-) commit a311e738b6d81febae21f0447c5b31752f0d1634 Author: Michael Ellerman Date: Fri Feb 17 17:34:13 2017 +1100 powerpc/powernv: Make PCI non-optional Bare metal systems without PCI don't exist, so there's no real point in making PCI optional, it just breaks the build from time to time. In fact the build is broken now if you turn off PCI_MSI but enable KVM. Using select for PCI is OK because we (powerpc) define config PCI, and it has no dependencies. Selecting PCI_MSI is slightly fishy, because it's in drivers/pci and it is user-visible, but its only dependency is PCI, so selecting it can't actually lead to breakage. Signed-off-by: Michael Ellerman Acked-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit cd2b708750582e327789d8fb07c6eb5f79f7759f Author: Xin Long Date: Fri Feb 17 16:35:24 2017 +0800 sctp: check duplicate node before inserting a new transport sctp has changed to use rhlist for transport rhashtable since commit 7fda702f9315 ("sctp: use new rhlist interface on sctp transport rhashtable"). But rhltable_insert_key doesn't check the duplicate node when inserting a node, unlike rhashtable_lookup_insert_key. It may cause duplicate assoc/transport in rhashtable. like: client (addr A, B) server (addr X, Y) connect to X INIT (1) ------------> connect to Y INIT (2) ------------> INIT_ACK (1) <------------ INIT_ACK (2) <------------ After sending INIT (2), one transport will be created and hashed into rhashtable. But when receiving INIT_ACK (1) and processing the address params, another transport will be created and hashed into rhashtable with the same addr Y and EP as the last transport. This will confuse the assoc/transport's lookup. This patch is to fix it by returning err if any duplicate node exists before inserting it. Fixes: 7fda702f9315 ("sctp: use new rhlist interface on sctp transport rhashtable") Reported-by: Fabio M. Di Nitto Signed-off-by: Xin Long Signed-off-by: David S. Miller net/sctp/input.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 7e1392fb94a7f35421eca52bedead284429f4fed Author: David Daney Date: Fri Feb 17 12:04:12 2017 -0800 of_mdio: Add "broadcom,bcm5241" to the whitelist. Some Cavium dev boards have firmware which doesn't supply a proper ethernet-phy-ieee802.3-c22" compatible property. Restore these boards to working order by whitelisting this compatible value. Signed-off-by: David Daney Acked-by: Florian Fainelli Signed-off-by: David S. Miller drivers/of/of_mdio.c | 1 + 1 file changed, 1 insertion(+) commit d4ff816e9707572c1c83def42f32105ddcabe1c0 Author: david.wu Date: Fri Feb 17 20:55:11 2017 +0800 net: ethernet: stmmac: dwmac-rk: Add RK3328 gmac support Add constants and callback functions for the dwmac on rk3328 socs. As can be seen, the base structure is the same, only registers and the bits in them moved slightly. Signed-off-by: david.wu Signed-off-by: David S. Miller .../devicetree/bindings/net/rockchip-dwmac.txt | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 117 +++++++++++++++++++++ 2 files changed, 118 insertions(+) commit a4d69a4c3ca6be699ed8cdc4683381ce44b85c90 Author: Xin Long Date: Fri Feb 17 16:41:45 2017 +0800 sctp: sctp_transport_dst_check should check if transport pmtu is dst mtu Now when sending a packet, sctp_transport_dst_check will check if dst is obsolete by calling ipv4/ip6_dst_check. But they return obsolete only when adding a new cache, after that when the cache's pmtu is updated again, it will not trigger transport->dst/pmtu's update. It can be reproduced by reducing route's pmtu twice. At the 1st time client will add a new cache, and transport->pathmtu gets updated as sctp_transport_dst_check finds it's obsolete. But at the 2nd time, cache's mtu is updated, sctp client will never send out any packet, because transport->pmtu has no chance to update. This patch is to fix this by also checking if transport pmtu is dst mtu in sctp_transport_dst_check, so that transport->pmtu can be updated on time. Signed-off-by: Xin Long Signed-off-by: David S. Miller include/net/sctp/sctp.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 585396bc804d4e59d9591054ec12637d1698284c Merge: 61845d2 d884aa6 Author: David S. Miller Date: Sun Feb 19 18:18:01 2017 -0500 Merge branch 'sctp-rcv-side-stream-reconf-ssn-reset-req-chunk' Xin Long says: ==================== sctp: add receiver-side procedures for stream reconf ssn reset request chunk Patch 3/7 and 4/7 are to implement receiver-side procedures for the Outgoing and Incoming SSN Reset Request Parameter described in rfc6525 section 5.2.2 and 5.2.3 Patch 1/7 and 2/7 are ahead of them to define some apis. Patch 5/7-7/7 are to add the process of reconf chunk event in rx path. Note that with this patchset, asoc->reconf_enable has no chance yet to be set, until the patch "sctp: add get and set sockopt for reconf_enable" is applied in the future. As we can not just enable it when sctp is not capable of processing reconf chunk yet. v1->v2: - re-split the patchset and make sure it has no dead codes for review. - rename the titles of the commits and improve some changelogs. - drop __packed from some structures in patch 1/7. - fix some kbuild warnings in patch 3/7 by initializing str_p = NULL. - sctp_chunk_lookup_strreset_param changes to return sctp_paramhdr_t * and uses sctp_strreset_tsnreq to access request_seq in patch 3/7. - use __u in uapi sctp.h in patch 1/7. - do str_list endian conversion when generating stream_reset_event in patch 2/7. - remove str_list endian conversion, pass resp_seq param with network endian to lookup_strreset_param in 3/7. - move str_list endian conversion out of sctp_make_strreset_req, so that sctp_make_strreset_req can be used more conveniently to process inreq in patch 4/7. - remove sctp_merge_reconf_chunk and not support response with multiparam in patch 6/7. ==================== Signed-off-by: David S. Miller commit d884aa635be6247a1bc5b0fa60d8a16b5f48e279 Author: Xin Long Date: Fri Feb 17 12:45:43 2017 +0800 sctp: add reconf chunk event This patch is to add reconf chunk event based on the sctp event frame in rx path, it will call sctp_sf_do_reconf to process the reconf chunk. Signed-off-by: Xin Long Signed-off-by: David S. Miller include/net/sctp/constants.h | 3 +++ net/sctp/sm_statetable.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) commit 2040d3d7a36265d4a26af4e19a6a8a6154ab4bcc Author: Xin Long Date: Fri Feb 17 12:45:42 2017 +0800 sctp: add reconf chunk process This patch is to add a function to process the incoming reconf chunk, in which it verifies the chunk, and traverses the param and process it with the right function one by one. sctp_sf_do_reconf would be the process function of reconf chunk event. Signed-off-by: Xin Long Signed-off-by: David S. Miller include/net/sctp/sm.h | 1 + net/sctp/sm_statefuns.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) commit ea62504373fa9ff3ced27e07e1eac041888ecc46 Author: Xin Long Date: Fri Feb 17 12:45:41 2017 +0800 sctp: add a function to verify the sctp reconf chunk This patch is to add a function sctp_verify_reconf to do some length check and multi-params check for sctp stream reconf according to rfc6525 section 3.1. Signed-off-by: Xin Long Signed-off-by: David S. Miller include/net/sctp/sm.h | 3 +++ net/sctp/sm_make_chunk.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) commit 16e1a91965b02fe24d24e8b8d7b2245d29ed6a70 Author: Xin Long Date: Fri Feb 17 12:45:40 2017 +0800 sctp: implement receiver-side procedures for the Incoming SSN Reset Request Parameter This patch is to implement Receiver-Side Procedures for the Incoming SSN Reset Request Parameter described in rfc6525 section 5.2.3. It's also to move str_list endian conversion out of sctp_make_strreset_req, so that sctp_make_strreset_req can be used more conveniently to process inreq. Signed-off-by: Xin Long Signed-off-by: David S. Miller include/net/sctp/sm.h | 4 +++ net/sctp/sm_make_chunk.c | 8 +----- net/sctp/stream.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 7 deletions(-) commit 81054476453640159149cb6704e834893e16736b Author: Xin Long Date: Fri Feb 17 12:45:39 2017 +0800 sctp: implement receiver-side procedures for the Outgoing SSN Reset Request Parameter This patch is to implement Receiver-Side Procedures for the Outgoing SSN Reset Request Parameter described in rfc6525 section 5.2.2. Note that some checks must be after request_seq check, as even those checks fail, strreset_inseq still has to be increase by 1. Signed-off-by: Xin Long Signed-off-by: David S. Miller include/net/sctp/sm.h | 6 +++ net/sctp/stream.c | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 119 insertions(+) commit 35ea82d611da59f8bea44a37996b3b11bb1d3fd7 Author: Xin Long Date: Fri Feb 17 12:45:38 2017 +0800 sctp: add support for generating stream ssn reset event notification This patch is to add Stream Reset Event described in rfc6525 section 6.1.1. Signed-off-by: Xin Long Signed-off-by: David S. Miller include/net/sctp/ulpevent.h | 4 ++++ include/uapi/linux/sctp.h | 16 ++++++++++++++++ net/sctp/ulpevent.c | 29 +++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+) commit bd4b9f8b4af7be15fd162276ec9a2a1d49f10270 Author: Xin Long Date: Fri Feb 17 12:45:37 2017 +0800 sctp: add support for generating stream reconf resp chunk This patch is to define Re-configuration Response Parameter described in rfc6525 section 4.4. As optional fields are only for SSN/TSN Reset Request Parameter, it uses another function to make that. Signed-off-by: Xin Long Signed-off-by: David S. Miller include/linux/sctp.h | 24 ++++++++++++++++ include/net/sctp/sm.h | 7 +++++ net/sctp/sm_make_chunk.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) commit 61845d2072150e896f2f18f1d879956e453ee8fd Author: Jason Wang Date: Fri Feb 17 11:33:09 2017 +0800 virtio-net: batch stats updating We already have counters for sent/recv packets and sent/recv bytes. Doing a batched update to reduce the number of u64_stats_update_begin/end(). Take care not to bother with stats update when called speculatively. Cc: Willem de Bruijn Signed-off-by: Jason Wang Signed-off-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/virtio_net.c | 47 +++++++++++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 16 deletions(-) commit f5a57723371f11ff953c4ba71184dc00e65469fc Author: Eric Dumazet Date: Thu Feb 16 15:23:27 2017 -0800 mlx4: fix potential divide by 0 in mlx4_en_auto_moderation() 1) In the case where rate == priv->pkt_rate_low == priv->pkt_rate_high, mlx4_en_auto_moderation() does a divide by zero. 2) We want to properly change the moderation parameters if rx_frames was changed (like in ethtool -C eth0 rx-frames 16) Signed-off-by: Eric Dumazet Reviewed-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) commit 1786dbf3702e33ce3afd2d3dbe630bd04b1d2e58 Author: Dmitry V. Levin Date: Thu Feb 16 18:05:45 2017 +0300 uapi: fix linux/rds.h userspace compilation error On the kernel side, sockaddr_storage is #define'd to __kernel_sockaddr_storage. Replacing struct sockaddr_storage with struct __kernel_sockaddr_storage defined by fixes the following linux/rds.h userspace compilation error: /usr/include/linux/rds.h:226:26: error: field 'dest_addr' has incomplete type struct sockaddr_storage dest_addr; Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/rds.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit feb0869d90e51ce8b6fd8a46588465b1b5a26d09 Author: Dmitry V. Levin Date: Thu Feb 16 18:05:13 2017 +0300 uapi: fix linux/rds.h userspace compilation errors Consistently use types from linux/types.h to fix the following linux/rds.h userspace compilation errors: /usr/include/linux/rds.h:106:2: error: unknown type name 'uint8_t' uint8_t name[32]; /usr/include/linux/rds.h:107:2: error: unknown type name 'uint64_t' uint64_t value; /usr/include/linux/rds.h:117:2: error: unknown type name 'uint64_t' uint64_t next_tx_seq; /usr/include/linux/rds.h:118:2: error: unknown type name 'uint64_t' uint64_t next_rx_seq; /usr/include/linux/rds.h:121:2: error: unknown type name 'uint8_t' uint8_t transport[TRANSNAMSIZ]; /* null term ascii */ /usr/include/linux/rds.h:122:2: error: unknown type name 'uint8_t' uint8_t flags; /usr/include/linux/rds.h:129:2: error: unknown type name 'uint64_t' uint64_t seq; /usr/include/linux/rds.h:130:2: error: unknown type name 'uint32_t' uint32_t len; /usr/include/linux/rds.h:135:2: error: unknown type name 'uint8_t' uint8_t flags; /usr/include/linux/rds.h:139:2: error: unknown type name 'uint32_t' uint32_t sndbuf; /usr/include/linux/rds.h:144:2: error: unknown type name 'uint32_t' uint32_t rcvbuf; /usr/include/linux/rds.h:145:2: error: unknown type name 'uint64_t' uint64_t inum; /usr/include/linux/rds.h:153:2: error: unknown type name 'uint64_t' uint64_t hdr_rem; /usr/include/linux/rds.h:154:2: error: unknown type name 'uint64_t' uint64_t data_rem; /usr/include/linux/rds.h:155:2: error: unknown type name 'uint32_t' uint32_t last_sent_nxt; /usr/include/linux/rds.h:156:2: error: unknown type name 'uint32_t' uint32_t last_expected_una; /usr/include/linux/rds.h:157:2: error: unknown type name 'uint32_t' uint32_t last_seen_una; /usr/include/linux/rds.h:164:2: error: unknown type name 'uint8_t' uint8_t src_gid[RDS_IB_GID_LEN]; /usr/include/linux/rds.h:165:2: error: unknown type name 'uint8_t' uint8_t dst_gid[RDS_IB_GID_LEN]; /usr/include/linux/rds.h:167:2: error: unknown type name 'uint32_t' uint32_t max_send_wr; /usr/include/linux/rds.h:168:2: error: unknown type name 'uint32_t' uint32_t max_recv_wr; /usr/include/linux/rds.h:169:2: error: unknown type name 'uint32_t' uint32_t max_send_sge; /usr/include/linux/rds.h:170:2: error: unknown type name 'uint32_t' uint32_t rdma_mr_max; /usr/include/linux/rds.h:171:2: error: unknown type name 'uint32_t' uint32_t rdma_mr_size; /usr/include/linux/rds.h:212:9: error: unknown type name 'uint64_t' typedef uint64_t rds_rdma_cookie_t; /usr/include/linux/rds.h:215:2: error: unknown type name 'uint64_t' uint64_t addr; /usr/include/linux/rds.h:216:2: error: unknown type name 'uint64_t' uint64_t bytes; /usr/include/linux/rds.h:221:2: error: unknown type name 'uint64_t' uint64_t cookie_addr; /usr/include/linux/rds.h:222:2: error: unknown type name 'uint64_t' uint64_t flags; /usr/include/linux/rds.h:228:2: error: unknown type name 'uint64_t' uint64_t cookie_addr; /usr/include/linux/rds.h:229:2: error: unknown type name 'uint64_t' uint64_t flags; /usr/include/linux/rds.h:234:2: error: unknown type name 'uint64_t' uint64_t flags; /usr/include/linux/rds.h:240:2: error: unknown type name 'uint64_t' uint64_t local_vec_addr; /usr/include/linux/rds.h:241:2: error: unknown type name 'uint64_t' uint64_t nr_local; /usr/include/linux/rds.h:242:2: error: unknown type name 'uint64_t' uint64_t flags; /usr/include/linux/rds.h:243:2: error: unknown type name 'uint64_t' uint64_t user_token; /usr/include/linux/rds.h:248:2: error: unknown type name 'uint64_t' uint64_t local_addr; /usr/include/linux/rds.h:249:2: error: unknown type name 'uint64_t' uint64_t remote_addr; /usr/include/linux/rds.h:252:4: error: unknown type name 'uint64_t' uint64_t compare; /usr/include/linux/rds.h:253:4: error: unknown type name 'uint64_t' uint64_t swap; /usr/include/linux/rds.h:256:4: error: unknown type name 'uint64_t' uint64_t add; /usr/include/linux/rds.h:259:4: error: unknown type name 'uint64_t' uint64_t compare; /usr/include/linux/rds.h:260:4: error: unknown type name 'uint64_t' uint64_t swap; /usr/include/linux/rds.h:261:4: error: unknown type name 'uint64_t' uint64_t compare_mask; /usr/include/linux/rds.h:262:4: error: unknown type name 'uint64_t' uint64_t swap_mask; /usr/include/linux/rds.h:265:4: error: unknown type name 'uint64_t' uint64_t add; /usr/include/linux/rds.h:266:4: error: unknown type name 'uint64_t' uint64_t nocarry_mask; /usr/include/linux/rds.h:269:2: error: unknown type name 'uint64_t' uint64_t flags; /usr/include/linux/rds.h:270:2: error: unknown type name 'uint64_t' uint64_t user_token; /usr/include/linux/rds.h:274:2: error: unknown type name 'uint64_t' uint64_t user_token; /usr/include/linux/rds.h:275:2: error: unknown type name 'int32_t' int32_t status; Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/rds.h | 104 +++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 52 deletions(-) commit bcb41c6bced1ee778d23c53a6b4807fb08cf5540 Author: Dmitry V. Levin Date: Thu Feb 16 18:04:46 2017 +0300 uapi: fix linux/mroute.h userspace compilation errors Include to fix the following linux/mroute.h userspace compilation errors: /usr/include/linux/mroute.h:58:18: error: field 'vifc_lcl_addr' has incomplete type struct in_addr vifc_lcl_addr; /* Local interface address */ /usr/include/linux/mroute.h:61:17: error: field 'vifc_rmt_addr' has incomplete type struct in_addr vifc_rmt_addr; /* IPIP tunnel addr */ /usr/include/linux/mroute.h:72:17: error: field 'mfcc_origin' has incomplete type struct in_addr mfcc_origin; /* Origin of mcast */ /usr/include/linux/mroute.h:73:17: error: field 'mfcc_mcastgrp' has incomplete type struct in_addr mfcc_mcastgrp; /* Group in question */ /usr/include/linux/mroute.h:84:17: error: field 'src' has incomplete type struct in_addr src; /usr/include/linux/mroute.h:85:17: error: field 'grp' has incomplete type struct in_addr grp; /usr/include/linux/mroute.h:109:17: error: field 'im_src' has incomplete type struct in_addr im_src,im_dst; /usr/include/linux/mroute.h:109:24: error: field 'im_dst' has incomplete type struct in_addr im_src,im_dst; Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/mroute.h | 1 + 1 file changed, 1 insertion(+) commit 72aa107df6a275cf03359934ca5799a2be7a1bf7 Author: Dmitry V. Levin Date: Thu Feb 16 18:04:29 2017 +0300 uapi: fix linux/mroute6.h userspace compilation errors Include to fix the following linux/mroute6.h userspace compilation errors: /usr/include/linux/mroute6.h:80:22: error: field 'mf6cc_origin' has incomplete type struct sockaddr_in6 mf6cc_origin; /* Origin of mcast */ /usr/include/linux/mroute6.h:81:22: error: field 'mf6cc_mcastgrp' has incomplete type struct sockaddr_in6 mf6cc_mcastgrp; /* Group in question */ /usr/include/linux/mroute6.h:91:22: error: field 'src' has incomplete type struct sockaddr_in6 src; /usr/include/linux/mroute6.h:92:22: error: field 'grp' has incomplete type struct sockaddr_in6 grp; /usr/include/linux/mroute6.h:132:18: error: field 'im6_src' has incomplete type struct in6_addr im6_src, im6_dst; /usr/include/linux/mroute6.h:132:27: error: field 'im6_dst' has incomplete type struct in6_addr im6_src, im6_dst; Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/mroute6.h | 1 + 1 file changed, 1 insertion(+) commit 6c07ec0fa5712b01d0967cf74129fa9b4d234af8 Author: Dmitry V. Levin Date: Thu Feb 16 18:04:14 2017 +0300 uapi: fix linux/ipv6_route.h userspace compilation errors Include to fix the following linux/ipv6_route.h userspace compilation errors: /usr/include/linux/ipv6_route.h:42:19: error: field 'rtmsg_dst' has incomplete type struct in6_addr rtmsg_dst; /usr/include/linux/ipv6_route.h:43:19: error: field 'rtmsg_src' has incomplete type struct in6_addr rtmsg_src; /ust/include/linux/ipv6_route.h:44:19: error: field 'rtmsg_gateway' has incomplete type struct in6_addr rtmsg_gateway; Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/ipv6_route.h | 1 + 1 file changed, 1 insertion(+) commit 249168ad07cd23b5201dd2f09fd450ae4176f96c Author: Thomas Falcon Date: Wed Feb 15 12:18:00 2017 -0600 ibmvnic: Make CRQ interrupt tasklet wait for all capabilities crqs After sending device capability queries and requests to the vNIC Server, an interrupt is triggered and the responses are written to the driver's CRQ response buffer. Since the interrupt can be triggered before all responses are written and visible to the partition, there is a danger that the interrupt handler or tasklet can terminate before all responses are read, resulting in a failure to initialize the device. To avoid this scenario, when capability commands are sent, we set a flag that will be checked in the following interrupt tasklet that will handle the capability responses from the server. Once all responses have been handled, the flag is disabled; and the tasklet is allowed to terminate. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 16 ++++++++++++++-- drivers/net/ethernet/ibm/ibmvnic.h | 1 + 2 files changed, 15 insertions(+), 2 deletions(-) commit 901e040aa341d5b2c38fd65a473e953f7ca0bc0b Author: Thomas Falcon Date: Wed Feb 15 12:17:59 2017 -0600 ibmvnic: Use common counter for capabilities checks Two different counters were being used for capabilities requests and queries. These commands are not called at the same time so there is no reason a single counter cannot be used. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 71 ++++++++++++++++++++------------------ drivers/net/ethernet/ibm/ibmvnic.h | 3 +- 2 files changed, 39 insertions(+), 35 deletions(-) commit 6c267b3dea09aebe84752cfedcab140c908830bb Author: Thomas Falcon Date: Wed Feb 15 12:17:58 2017 -0600 ibmvnic: Handle processing of CRQ messages in a tasklet Create a tasklet to process queued commands or messages received from firmware instead of processing them in the interrupt handler. Note that this handler does not process network traffic, but communications related to resource allocation and device settings. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 18 +++++++++++++++++- drivers/net/ethernet/ibm/ibmvnic.h | 1 + 2 files changed, 18 insertions(+), 1 deletion(-) commit 1e128c81290a419ab9ec8b09fe989f1c6c15a0f4 Author: Arun Easi Date: Wed Feb 15 06:28:22 2017 -0800 qed: Add support for hardware offloaded FCoE. This adds the backbone required for the various HW initalizations which are necessary for the FCoE driver (qedf) for QLogic FastLinQ 4xxxx line of adapters - FW notification, resource initializations, etc. Signed-off-by: Arun Easi Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/Kconfig | 3 + drivers/net/ethernet/qlogic/qed/Makefile | 1 + drivers/net/ethernet/qlogic/qed/qed.h | 11 + drivers/net/ethernet/qlogic/qed/qed_cxt.c | 98 +- drivers/net/ethernet/qlogic/qed/qed_cxt.h | 3 + drivers/net/ethernet/qlogic/qed/qed_dcbx.c | 13 +- drivers/net/ethernet/qlogic/qed/qed_dcbx.h | 5 +- drivers/net/ethernet/qlogic/qed/qed_dev.c | 205 ++++- drivers/net/ethernet/qlogic/qed/qed_dev_api.h | 42 + drivers/net/ethernet/qlogic/qed/qed_fcoe.c | 1014 +++++++++++++++++++++ drivers/net/ethernet/qlogic/qed/qed_fcoe.h | 87 ++ drivers/net/ethernet/qlogic/qed/qed_hsi.h | 781 +++++++++++++++- drivers/net/ethernet/qlogic/qed/qed_hw.c | 3 + drivers/net/ethernet/qlogic/qed/qed_ll2.c | 25 + drivers/net/ethernet/qlogic/qed/qed_ll2.h | 2 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 7 + drivers/net/ethernet/qlogic/qed/qed_mcp.c | 3 + drivers/net/ethernet/qlogic/qed/qed_mcp.h | 1 + drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 8 + drivers/net/ethernet/qlogic/qed/qed_sp.h | 4 + drivers/net/ethernet/qlogic/qed/qed_sp_commands.c | 3 + include/linux/qed/common_hsi.h | 10 +- include/linux/qed/fcoe_common.h | 715 +++++++++++++++ include/linux/qed/qed_fcoe_if.h | 145 +++ include/linux/qed/qed_if.h | 41 +- 25 files changed, 3211 insertions(+), 19 deletions(-) commit 3bb9eca913025ed05c0510de831c67b7bef652c5 Author: Bhumika Goyal Date: Sun Feb 19 15:51:30 2017 +0530 ALSA: emu10k1: constify snd_emux_operators structure Declare snd_emux_operators structure as const as it is only copied into another structure. So, snd_emux_operators structures having this property can be made const. Signed-off-by: Bhumika Goyal Reviewed-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/pci/emu10k1/emu10k1_callback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ad5b55761956427f61ed9c96961bf9c5cd4f92dc Author: Alban Browaeys Date: Mon Feb 6 23:50:33 2017 +0100 netfilter: xt_hashlimit: Fix integer divide round to zero. Diving the divider by the multiplier before applying to the input. When this would "divide by zero", divide the multiplier by the divider first then multiply the input by this value. Currently user2creds outputs zero when input value is bigger than the number of slices and lower than scale. This as then user input is applied an integer divide operation to a number greater than itself (scale). That rounds up to zero, then we multiply zero by the credits slice size. iptables -t filter -I INPUT --protocol tcp --match hashlimit --hashlimit 40/second --hashlimit-burst 20 --hashlimit-mode srcip --hashlimit-name syn-flood --jump RETURN thus trigger the overflow detection code: xt_hashlimit: overflow, try lower: 25000/20 (25000 as hashlimit avg and 20 the burst) Here: 134217 slices of (HZ * CREDITS_PER_JIFFY) size. 500000 is user input value 1000000 is XT_HASHLIMIT_SCALE_v2 gives: 0 as user2creds output Setting burst to "1" typically solve the issue ... but setting it to "40" does too ! This is on 32bit arch calling into revision 2 of hashlimit. Signed-off-by: Alban Browaeys Signed-off-by: Pablo Neira Ayuso net/netfilter/xt_hashlimit.c | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) commit 40b446a1d8af17274746ff7079aa0a618dffbac3 Author: Vishwanath Pai Date: Thu Feb 16 20:55:45 2017 +0100 netfilter: ipset: Null pointer exception in ipset list:set If we use before/after to add an element to an empty list it will cause a kernel panic. $> cat crash.restore create a hash:ip create b hash:ip create test list:set timeout 5 size 4 add test b before a $> ipset -R < crash.restore Executing the above will crash the kernel. Signed-off-by: Vishwanath Pai Reviewed-by: Josh Hunt Signed-off-by: Jozsef Kadlecsik net/netfilter/ipset/ip_set_list_set.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 50054a9223aaf79985c55ef7dd090ced15581567 Author: Jozsef Kadlecsik Date: Thu Feb 16 20:47:30 2017 +0100 Fix bug: sometimes valid entries in hash:* types of sets were evicted Wrong index was used and therefore when shrinking a hash bucket at deleting an entry, valid entries could be evicted as well. Thanks to Eric Ewanco for the thorough bugreport. Fixes netfilter bugzilla #1119 Signed-off-by: Jozsef Kadlecsik net/netfilter/ipset/ip_set_hash_gen.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 57f22cd29cf1b4ff2aea8505eae2d3ed71ca5de4 Merge: e2a3b0d 7abfe04 45e861a Author: Mark Brown Date: Sun Feb 19 16:41:17 2017 +0000 Merge remote-tracking branches 'spi/topic/ti-qspi' and 'spi/topic/topcliff-pch' into spi-next commit e2a3b0df8dea7585a2e64861f3ab7bcbc2a04386 Merge: 2016d52 23e291c ffcfae3 72bc7ae e7ad4a7 c2e51ac Author: Mark Brown Date: Sun Feb 19 16:41:05 2017 +0000 Merge remote-tracking branches 'spi/topic/rockchip', 'spi/topic/rspi', 'spi/topic/s3c64xx', 'spi/topic/sh-msiof' and 'spi/topic/slave' into spi-next commit 2016d52a381c8cfc4e126d96817eb49a30abae37 Merge: 3470650 66459c5 30fb272 9c4f044 797236f 64e02cb Author: Mark Brown Date: Sun Feb 19 16:41:01 2017 +0000 Merge remote-tracking branches 'spi/topic/imx', 'spi/topic/lantiq-ssc', 'spi/topic/mpc52xx', 'spi/topic/ppc4xx' and 'spi/topic/pxa2xx' into spi-next commit 34706500579b958d8e0560952aa52740e56878de Merge: 244a60c e70002c 55f0cd3 9c6a3af 102ecc47 Author: Mark Brown Date: Sun Feb 19 16:40:59 2017 +0000 Merge remote-tracking branches 'spi/topic/dw', 'spi/topic/ep93xx', 'spi/topic/falcon' and 'spi/topic/fsl-lpspi' into spi-next commit 244a60c28d62282808aaf5be1b6be965a16848cd Merge: 3490462 e92f005 91829a9 973f7dd e360e72 Author: Mark Brown Date: Sun Feb 19 16:40:55 2017 +0000 Merge remote-tracking branches 'spi/topic/armada', 'spi/topic/ath79', 'spi/topic/bcm-qspi' and 'spi/topic/bcm53xx' into spi-next commit 3490462378944c7e137657d0d66bb707303cfc96 Merge: 42af2f5 1ce2486 Author: Mark Brown Date: Sun Feb 19 16:40:55 2017 +0000 Merge remote-tracking branch 'spi/topic/dma' into spi-next commit 42af2f5c52daec0c182af66984927ef64885bbcc Merge: e0afd0f 8324147 Author: Mark Brown Date: Sun Feb 19 16:40:55 2017 +0000 Merge remote-tracking branch 'spi/topic/core' into spi-next commit e0afd0facfa921db8d5757709600a136d9cbba6c Merge: d2f68a0 e18a80a ad16d4a 379f831 Author: Mark Brown Date: Sun Feb 19 16:40:53 2017 +0000 Merge remote-tracking branches 'spi/fix/pxa2xx', 'spi/fix/rspi' and 'spi/fix/s3c64xx' into spi-linus commit d2f68a055ca34fb05a89687dadf32b8f14801618 Merge: 69973b8 52cc720 Author: Mark Brown Date: Sun Feb 19 16:40:52 2017 +0000 Merge tag 'spi-fix-v4.10-rc4' into spi-linus spi: Fixes for v4.10 The usual small smattering of driver specific fixes. A few bits that stand out here: - The R-Car patches adding fallbacks are just adding new compatible strings to the driver so that device trees are written in a more robustly future proof fashion, this isn't strictly a fix but it's just new IDs and it's better to get it into mainline sooner to improve the ABI. - The DesignWare "switch to new API part 2" patch is actually a misleadingly titled fix for a bit that got missed in the original conversion. # gpg: Signature made Thu 19 Jan 2017 14:54:15 GMT # gpg: using RSA key ADE668AA675718B59FE29FEA24D68B725D5487D0 # gpg: issuer "broonie@kernel.org" # gpg: key 0D9EACE2CD7BEEBC: no public key for trusted key - skipped # gpg: key 0D9EACE2CD7BEEBC marked as ultimately trusted # gpg: key CCB0A420AF88CD16: no public key for trusted key - skipped # gpg: key CCB0A420AF88CD16 marked as ultimately trusted # gpg: key 162614E316005C11: no public key for trusted key - skipped # gpg: key 162614E316005C11 marked as ultimately trusted # gpg: key A730C53A5621E907: no public key for trusted key - skipped # gpg: key A730C53A5621E907 marked as ultimately trusted # gpg: key 276568D75C6153AD: no public key for trusted key - skipped # gpg: key 276568D75C6153AD marked as ultimately trusted # gpg: Good signature from "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] commit fad9cd45edf558b5886219d58986a88a83926bbf Merge: 0755fad 33f0698 66d228a b4c2e15 Author: Mark Brown Date: Sun Feb 19 16:40:41 2017 +0000 Merge remote-tracking branches 'regulator/topic/s2mpa01', 'regulator/topic/supplies' and 'regulator/topic/tps65217' into regulator-next commit 0755fad8a6af3fe5f218f55c6d0aa45ee684d2df Merge: 56590d7 d4fdf5e 36fe20c 14a1699 fb74036 243842b Author: Mark Brown Date: Sun Feb 19 16:40:37 2017 +0000 Merge remote-tracking branches 'regulator/topic/pv88080', 'regulator/topic/pv88090', 'regulator/topic/qcom-smd', 'regulator/topic/rc5t583' and 'regulator/topic/rn5t618' into regulator-next commit 56590d75c35f8431b3438e869026fb19665ab410 Merge: cecc279 a180df7 00804e6 0be7943 e505385 ea51874 Author: Mark Brown Date: Sun Feb 19 16:40:35 2017 +0000 Merge remote-tracking branches 'regulator/topic/pbias', 'regulator/topic/pcap', 'regulator/topic/pcf50633', 'regulator/topic/pfuze100' and 'regulator/topic/pv88060' into regulator-next commit cecc2795a7a440dc264916a0f8000a320fa9fcc0 Merge: 84e58d1 0301987 88c9d47 85214c9 6e09f4a 0e5a768 Author: Mark Brown Date: Sun Feb 19 16:40:32 2017 +0000 Merge remote-tracking branches 'regulator/topic/max77802', 'regulator/topic/max8907', 'regulator/topic/max8925', 'regulator/topic/max8952' and 'regulator/topic/palmas' into regulator-next commit 84e58d19ec8ca1256cc082c3cd009ef997a7afe8 Merge: 250320b f9e93ac 18c6c42 634dc7a 404826c b68f907 Author: Mark Brown Date: Sun Feb 19 16:40:30 2017 +0000 Merge remote-tracking branches 'regulator/topic/ltc3676', 'regulator/topic/max14577', 'regulator/topic/max77620', 'regulator/topic/max77686' and 'regulator/topic/max77693' into regulator-next commit 250320b070364e26847207fcf15db2da86a2c985 Merge: 56eff61 0ad4c07 71880ab 17db9f3 dc83c94 c093c3a Author: Mark Brown Date: Sun Feb 19 16:40:28 2017 +0000 Merge remote-tracking branches 'regulator/topic/cpcap', 'regulator/topic/fan53555', 'regulator/topic/gpio', 'regulator/topic/hi655x' and 'regulator/topic/lp8755' into regulator-next commit 56eff61990a959441b2cd1a44c4f5163edb21c43 Merge: f88140a ca7734a 2773ead ef306e4 20f860c Author: Mark Brown Date: Sun Feb 19 16:40:26 2017 +0000 Merge remote-tracking branches 'regulator/topic/anatop', 'regulator/topic/arizona', 'regulator/topic/as3711' and 'regulator/topic/bcm590xx' into regulator-next commit f88140af481e9b5af33cb3b0c5450cddab42d22d Merge: 401c424 b9f1932 32cb5d3 2abf29a 1ed1da3 bb24b9d Author: Mark Brown Date: Sun Feb 19 16:40:24 2017 +0000 Merge remote-tracking branches 'regulator/topic/88pm800', 'regulator/topic/88pm8607', 'regulator/topic/aat2870', 'regulator/topic/act8945a' and 'regulator/topic/ad5938' into regulator-next commit 401c42429caa8e374d17abcbc92505dd6b2e2a18 Merge: 0fe3f97 a4d7641 Author: Mark Brown Date: Sun Feb 19 16:40:23 2017 +0000 Merge remote-tracking branch 'regulator/topic/core' into regulator-next commit 0fe3f971fc83bfd709b70f8ac822ad6db4a05c9e Merge: 1c35539 e42a46b 6308f17 Author: Mark Brown Date: Sun Feb 19 16:40:22 2017 +0000 Merge remote-tracking branches 'regulator/fix/debugfs' and 'regulator/fix/tps65086' into regulator-linus commit 1c35539cd76848bc65d791c6741e3f0195901f5f Merge: 6b80562 3827b64 Author: Mark Brown Date: Sun Feb 19 16:40:21 2017 +0000 Merge remote-tracking branch 'regulator/fix/core' into regulator-linus commit 6b80562d514032502a43b72346153a03fe01c3f6 Merge: 69973b8 206c472 Author: Mark Brown Date: Sun Feb 19 16:40:20 2017 +0000 Merge tag 'regulator-fix-v4.10-rc6' into regulator-linus regulator: Fixes for v4.10 Three changes here, two run of the mill driver specific fixes and a change from Mark Rutland which reverts some new device specific ACPI binding code which was added during the merge window as there are concerns about this sending the wrong signal about usage of regulators in ACPI systems. # gpg: Signature made Fri 03 Feb 2017 11:48:10 GMT # gpg: using RSA key ADE668AA675718B59FE29FEA24D68B725D5487D0 # gpg: issuer "broonie@kernel.org" # gpg: key 0D9EACE2CD7BEEBC: no public key for trusted key - skipped # gpg: key 0D9EACE2CD7BEEBC marked as ultimately trusted # gpg: key CCB0A420AF88CD16: no public key for trusted key - skipped # gpg: key CCB0A420AF88CD16 marked as ultimately trusted # gpg: key 162614E316005C11: no public key for trusted key - skipped # gpg: key 162614E316005C11 marked as ultimately trusted # gpg: key A730C53A5621E907: no public key for trusted key - skipped # gpg: key A730C53A5621E907 marked as ultimately trusted # gpg: key 276568D75C6153AD: no public key for trusted key - skipped # gpg: key 276568D75C6153AD marked as ultimately trusted # gpg: Good signature from "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] commit 141dee78c40ac2c43aa4ff306688d625e1c731de Merge: ebfa3dc af4b654 66ead50 Author: Mark Brown Date: Sun Feb 19 16:37:07 2017 +0000 Merge remote-tracking branches 'asoc/topic/wm8753' and 'asoc/topic/zte' into asoc-next commit ebfa3dccd2ee17383e68b9c516c47068457a4de7 Merge: 166729f 03303da fd34045 98856d5 dfa5def c9b0bdc Author: Mark Brown Date: Sun Feb 19 16:37:01 2017 +0000 Merge remote-tracking branches 'asoc/topic/tlv320aic3x', 'asoc/topic/topology', 'asoc/topic/wm0010', 'asoc/topic/wm8731' and 'asoc/topic/wm8741' into asoc-next commit 166729f37da174f4ad967ebfc3e6f1517d247e61 Merge: a564394 c7f87f9 df3b573 9c1852b e984fd6 c97c460 Author: Mark Brown Date: Sun Feb 19 16:36:54 2017 +0000 Merge remote-tracking branches 'asoc/topic/rt5665', 'asoc/topic/rt5677', 'asoc/topic/samsung', 'asoc/topic/simple' and 'asoc/topic/sunxi' into asoc-next commit a564394660a0d7c6b5423b5d41ae6d0a2fd21191 Merge: 8237d99 e98aa52 4a312c9 cec5582 13861a4 969f751 Author: Mark Brown Date: Sun Feb 19 16:36:48 2017 +0000 Merge remote-tracking branches 'asoc/topic/rt5514', 'asoc/topic/rt5640', 'asoc/topic/rt5645', 'asoc/topic/rt5659' and 'asoc/topic/rt5660' into asoc-next commit 8237d99c3b1b8112d1eb7a7f763b5a9afde847ae Merge: a701802 80691c8 b6e643a eaae2ea Author: Mark Brown Date: Sun Feb 19 16:36:44 2017 +0000 Merge remote-tracking branches 'asoc/topic/pxa', 'asoc/topic/qcom' and 'asoc/topic/rockchip' into asoc-next commit a701802c4e724a9592c3da9893449fbc82b0cfc6 Merge: 64c37d5 9fe78b2 ee9dc31 c1644e3 1e561f6 9834ffd Author: Mark Brown Date: Sun Feb 19 16:36:35 2017 +0000 Merge remote-tracking branches 'asoc/topic/max9867', 'asoc/topic/mtk', 'asoc/topic/nau8540', 'asoc/topic/nau8825' and 'asoc/topic/omap' into asoc-next commit 64c37d50ad68442b0fcaec0afe7431a39391d1cb Merge: 96f0e8a bfe48df 1c445a4 Author: Mark Brown Date: Sun Feb 19 16:36:32 2017 +0000 Merge remote-tracking branches 'asoc/topic/img' and 'asoc/topic/max98090' into asoc-next commit 96f0e8a5b0979255e64ee8431f8287a41dc79140 Merge: 59acd5d e21ab17 245c5c7b d61b23d 4957b55 b07609ce Author: Mark Brown Date: Sun Feb 19 16:36:23 2017 +0000 Merge remote-tracking branches 'asoc/topic/dwc', 'asoc/topic/es8328', 'asoc/topic/fsl', 'asoc/topic/fsl-sai' and 'asoc/topic/graph' into asoc-next commit 59acd5dfcc1e786273beba2edb8645eb3ef01285 Merge: b7707a8 3f81d9a d6075c2 8abab35 Author: Mark Brown Date: Sun Feb 19 16:36:18 2017 +0000 Merge remote-tracking branches 'asoc/topic/davinci', 'asoc/topic/debugfs' and 'asoc/topic/doc' into asoc-next commit b7707a8be6a79b7ea2103c92da5ed5a56e9ba26d Merge: a2d6428 ca8c7f2 8480ac5 31489c0 ac29a8f Author: Mark Brown Date: Sun Feb 19 16:36:13 2017 +0000 Merge remote-tracking branches 'asoc/topic/atmel', 'asoc/topic/chmap', 'asoc/topic/cq93vc' and 'asoc/topic/da7218' into asoc-next commit a2d64282dd11520d2e967b871e35b798ece05298 Merge: 99d3509 1d00734 d589d8b fc1e65c 30cd849 acff07d Author: Mark Brown Date: Sun Feb 19 16:35:51 2017 +0000 Merge remote-tracking branches 'asoc/topic/adau17x1', 'asoc/topic/adsp', 'asoc/topic/ak4642', 'asoc/topic/amd' and 'asoc/topic/arizona' into asoc-next commit 99d35094559ab5b09266d4e993899efa7bff0b2b Merge: 715d525 826e83d Author: Mark Brown Date: Sun Feb 19 16:35:48 2017 +0000 Merge remote-tracking branch 'asoc/topic/rcar' into asoc-next commit 715d525b413cde6e86caf0a744287d7b71395d1e Merge: 16b5711 fc25914 Author: Mark Brown Date: Sun Feb 19 16:35:47 2017 +0000 Merge remote-tracking branch 'asoc/topic/pcm3168a' into asoc-next commit 16b5711485b0eba250451b3a85ab869939f20c7d Merge: c7bb6d8 7ba8ba3 Author: Mark Brown Date: Sun Feb 19 16:35:45 2017 +0000 Merge remote-tracking branch 'asoc/topic/intel' into asoc-next commit c7bb6d8060eec4f3806b88796fbf46db1e73d900 Merge: 4ae8be8 9bfa24e Author: Mark Brown Date: Sun Feb 19 16:35:44 2017 +0000 Merge remote-tracking branch 'asoc/topic/dmaengine' into asoc-next commit 4ae8be8ea9f7b46f339b8481c265256ffd412567 Merge: 39bc30f 96241ba Author: Mark Brown Date: Sun Feb 19 16:35:41 2017 +0000 Merge remote-tracking branch 'asoc/topic/component' into asoc-next commit 39bc30f25329ad16d67760581183ab7828f495cc Merge: bd85d18 bcb8c27 ebad64d Author: Mark Brown Date: Sun Feb 19 16:35:37 2017 +0000 Merge remote-tracking branches 'asoc/fix/fsl-mxs-saif' and 'asoc/fix/sunxi' into asoc-linus commit bd85d189b33bda263bc59602de86391f476a3093 Merge: 5bf3db1 ef30da1c5 Author: Mark Brown Date: Sun Feb 19 16:35:36 2017 +0000 Merge remote-tracking branch 'asoc/fix/rcar' into asoc-linus commit 5bf3db18db32d57c269c21e73df6a3621a30f6fc Merge: 19532a2 f12f5c8 Author: Mark Brown Date: Sun Feb 19 16:35:34 2017 +0000 Merge remote-tracking branch 'asoc/fix/intel' into asoc-linus commit 19532a24773a7a7a988ffbab805b05ad7e564115 Merge: 389dcb9 639467c Author: Mark Brown Date: Sun Feb 19 16:35:33 2017 +0000 Merge remote-tracking branch 'asoc/fix/dapm' into asoc-linus commit 389dcb9df652856294774f0ddc66a3c5bb5f1794 Merge: 69973b8 42e0ebd Author: Mark Brown Date: Sun Feb 19 16:35:15 2017 +0000 Merge tag 'asoc-fix-v4.10-rc3' into asoc-linus ASoC: Fixes for v4.10 As well as the usual smattering of driver specific fixes collected since the merge window this has one particularly important fix to the core for handling of aux_devs which was broken during the merge window by some of the componentization refactoring. # gpg: Signature made Wed 11 Jan 2017 17:26:37 GMT # gpg: using RSA key ADE668AA675718B59FE29FEA24D68B725D5487D0 # gpg: issuer "broonie@kernel.org" # gpg: key 0D9EACE2CD7BEEBC: no public key for trusted key - skipped # gpg: key 0D9EACE2CD7BEEBC marked as ultimately trusted # gpg: key CCB0A420AF88CD16: no public key for trusted key - skipped # gpg: key CCB0A420AF88CD16 marked as ultimately trusted # gpg: key 162614E316005C11: no public key for trusted key - skipped # gpg: key 162614E316005C11 marked as ultimately trusted # gpg: key A730C53A5621E907: no public key for trusted key - skipped # gpg: key A730C53A5621E907 marked as ultimately trusted # gpg: key 276568D75C6153AD: no public key for trusted key - skipped # gpg: key 276568D75C6153AD marked as ultimately trusted # gpg: Good signature from "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] # gpg: aka "Mark Brown " [ultimate] commit 7abfe04c47d97243a7aeeb8fe211a15687bff67f Author: Christophe JAILLET Date: Sat Feb 18 10:42:02 2017 +0100 spi: spi-ti-qspi: Fix error handling 'dma_request_chan_by_mask()' can not return NULL. Try to keep the logic in 'no_dma:' by resetting 'qspi->rx_chan' in case of error. Signed-off-by: Christophe JAILLET Signed-off-by: Mark Brown drivers/spi/spi-ti-qspi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f787d1debf63f78a15b2d1c79e7f1788c4fadfa0 Merge: 4e33e34 00ea1ce Author: David S. Miller Date: Sun Feb 19 11:18:46 2017 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net commit 30fb27239f987c53429f24297f5d46e28d0e16ed Author: Christophe JAILLET Date: Sat Feb 18 10:42:02 2017 +0100 spi: spi-ti-qspi: Fix error handling 'dma_request_chan_by_mask()' can not return NULL. Try to keep the logic in 'no_dma:' by resetting 'qspi->rx_chan' in case of error. Signed-off-by: Christophe JAILLET Signed-off-by: Mark Brown drivers/spi/spi-ti-qspi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 582c97f6868cf70720a17d2421d317333f3ad597 Author: Hauke Mehrtens Date: Sat Feb 18 17:06:48 2017 +0100 spi: lantiq-ssc: activate under COMPILE_TEST This driver should compile on all platforms, activate it under compile test. The Lantiq specific parts are under ifdef and should be removed when Lantiq platform supports common clock framework. Signed-off-by: Hauke Mehrtens Signed-off-by: Mark Brown drivers/spi/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e92f0051c0c65d7bee989884a233cfcd80303bdf Author: Wei Yongjun Date: Sun Feb 5 15:49:40 2017 +0000 spi: armada-3700: Remove spi_master_put in a3700_spi_remove() The call to spi_master_put() in a3700_spi_remove() is redundant since the master is registered using devm_spi_register_master() and no reference hold by using spi_master_get() in a3700_spi_remove(). This is detected by Coccinelle semantic patch. Fixes: 5762ab71eb24 ("spi: Add support for Armada 3700 SPI Controller") Signed-off-by: Wei Yongjun Signed-off-by: Mark Brown drivers/spi/spi-armada-3700.c | 1 - 1 file changed, 1 deletion(-) commit c97c4604c008f3d489cc3201de80e313aeb501d6 Author: Wei Yongjun Date: Mon Feb 6 15:22:24 2017 +0000 ASoC: sun4i-spdif: drop unnessary snd_soc_unregister_component() It's not necessary to unregister a component registered with devm_snd_soc_register_component(). Also removed pointness clk_disable_unprepare() from error path and snd_soc_unregister_platform() from the remove. Fixes: f8260afa444b ("ASoC: sunxi: Add support for the SPDIF block") Signed-off-by: Wei Yongjun Acked-by: Maxime Ripard Signed-off-by: Mark Brown sound/soc/sunxi/sun4i-spdif.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) commit 9294000d6d895ad609f3cc4aff98c9c6175b466f Author: Bart Van Assche Date: Tue Feb 14 10:56:36 2017 -0800 IB/srp: Drain the send queue before destroying a QP A quote from the IB spec: However, if the Consumer does not wait for the Affiliated Asynchronous Last WQE Reached Event, then WQE and Data Segment leakage may occur. Therefore, it is good programming practice to tear down a QP that is associated with an SRQ by using the following process: * Put the QP in the Error State; * wait for the Affiliated Asynchronous Last WQE Reached Event; * either: * drain the CQ by invoking the Poll CQ verb and either wait for CQ to be empty or the number of Poll CQ operations has exceeded CQ capacity size; or * post another WR that completes on the same CQ and wait for this WR to return as a WC; * and then invoke a Destroy QP or Reset QP. Signed-off-by: Bart Van Assche Cc: Christoph Hellwig Cc: Israel Rukshin Cc: Max Gurtovoy Cc: Laurence Oberman Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) commit f039f44fc331a7c6f828dfed97d5df0588602fd8 Author: Bart Van Assche Date: Tue Feb 14 10:56:35 2017 -0800 IB/core: Add support for draining IB_POLL_DIRECT completion queues Signed-off-by: Bart Van Assche Cc: Steve Wise Cc: Chuck Lever Cc: Christoph Hellwig Cc: Max Gurtovoy Reviewed-by: Steve Wise Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/cq.c | 4 ++-- drivers/infiniband/core/verbs.c | 35 +++++++++++++++-------------------- 2 files changed, 17 insertions(+), 22 deletions(-) commit b02c15360b17dde352fbf4003e20dabcd3ae9157 Author: Bart Van Assche Date: Tue Feb 14 10:56:34 2017 -0800 IB/srp: Improve an error path Avoid that the following message is printed if login fails: scsi host0: ib_srp: Sending CM DREQ failed Signed-off-by: Bart Van Assche Cc: Israel Rukshin Cc: Max Gurtovoy Cc: Laurence Oberman Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a7139ca80f7cd79e034a5c5f9c242bfb0471545c Author: Bart Van Assche Date: Tue Feb 14 10:56:33 2017 -0800 IB/srp: Make a diagnostic message more informative Report the destination port GID if connecting fails. Signed-off-by: Bart Van Assche Cc: Israel Rukshin Cc: Max Gurtovoy Cc: Laurence Oberman Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 93c76dbb749eb0c791c2680f8fdaeae51240fdf5 Author: Bart Van Assche Date: Tue Feb 14 10:56:32 2017 -0800 IB/srp: Document locking conventions Use lockdep_assert_held() statements to verify at run-time whether the proper locks are held. Signed-off-by: Bart Van Assche Cc: Israel Rukshin Cc: Max Gurtovoy Cc: Laurence Oberman Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 5 +++++ 1 file changed, 5 insertions(+) commit 0a6fdbdeb1c25e31763c1fb333fa2723a7d2aba6 Author: Bart Van Assche Date: Tue Feb 14 10:56:31 2017 -0800 IB/srp: Fix race conditions related to task management Avoid that srp_process_rsp() overwrites the status information in ch if the SRP target response timed out and processing of another task management function has already started. Avoid that issuing multiple task management functions concurrently triggers list corruption. This patch prevents that the following stack trace appears in the system log: WARNING: CPU: 8 PID: 9269 at lib/list_debug.c:52 __list_del_entry_valid+0xbc/0xc0 list_del corruption. prev->next should be ffffc90004bb7b00, but was ffff8804052ecc68 CPU: 8 PID: 9269 Comm: sg_reset Tainted: G W 4.10.0-rc7-dbg+ #3 Call Trace: dump_stack+0x68/0x93 __warn+0xc6/0xe0 warn_slowpath_fmt+0x4a/0x50 __list_del_entry_valid+0xbc/0xc0 wait_for_completion_timeout+0x12e/0x170 srp_send_tsk_mgmt+0x1ef/0x2d0 [ib_srp] srp_reset_device+0x5b/0x110 [ib_srp] scsi_ioctl_reset+0x1c7/0x290 scsi_ioctl+0x12a/0x420 sd_ioctl+0x9d/0x100 blkdev_ioctl+0x51e/0x9f0 block_ioctl+0x38/0x40 do_vfs_ioctl+0x8f/0x700 SyS_ioctl+0x3c/0x70 entry_SYSCALL_64_fastpath+0x18/0xad Signed-off-by: Bart Van Assche Cc: Israel Rukshin Cc: Max Gurtovoy Cc: Laurence Oberman Cc: Steve Feeley Cc: Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 45 ++++++++++++++++++++++++------------- drivers/infiniband/ulp/srp/ib_srp.h | 1 + 2 files changed, 30 insertions(+), 16 deletions(-) commit 6cb72bc1b40bb2c1750ee7a5ebade93bed49a5fb Author: Bart Van Assche Date: Tue Feb 14 10:56:30 2017 -0800 IB/srp: Avoid that duplicate responses trigger a kernel bug After srp_process_rsp() returns there is a short time during which the scsi_host_find_tag() call will return a pointer to the SCSI command that is being completed. If during that time a duplicate response is received, avoid that the following call stack appears: BUG: unable to handle kernel NULL pointer dereference at (null) IP: srp_recv_done+0x450/0x6b0 [ib_srp] Oops: 0000 [#1] SMP CPU: 10 PID: 0 Comm: swapper/10 Not tainted 4.10.0-rc7-dbg+ #1 Call Trace: __ib_process_cq+0x4b/0xd0 [ib_core] ib_poll_handler+0x1d/0x70 [ib_core] irq_poll_softirq+0xba/0x120 __do_softirq+0xba/0x4c0 irq_exit+0xbe/0xd0 smp_apic_timer_interrupt+0x38/0x50 apic_timer_interrupt+0x90/0xa0 RIP: srp_recv_done+0x450/0x6b0 [ib_srp] RSP: ffff88046f483e20 Signed-off-by: Bart Van Assche Cc: Israel Rukshin Cc: Max Gurtovoy Cc: Laurence Oberman Cc: Steve Feeley Cc: Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit d6c58dc40fec35ff6cdb350b53bce0fcf9143709 Author: Bart Van Assche Date: Tue Feb 14 10:56:29 2017 -0800 IB/SRP: Avoid using IB_MR_TYPE_SG_GAPS Tests have shown that the following error message is reported when using SG-GAPS registration with an mlx5 adapter: scsi host1: ib_srp: failed RECV status WR flushed (5) for CQE ffff880bd4270eb0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0f007806 2500002a ad9fafd1 scsi host1: ib_srp: reconnect succeeded mlx5_0:dump_cqe:262:(pid 7369): dump error cqe 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0f007806 25000032 00105dd0 scsi host1: ib_srp: failed FAST REG status memory management operation error (6) for CQE ffff880b92860138 Hence avoid using SG-GAPS memory registrations. Additionally, always configure the blk_queue_virt_boundary() to avoid to trigger a mapping failure when using adapters that support SG-GAPS (e.g. mlx5). Fixes: commit ad8e66b4a801 ("IB/srp: fix mr allocation when the device supports sg gaps") Fixes: commit 509c5f33f4f6 ("IB/srp: Prevent mapping failures") Reported-by: Laurence Oberman Signed-off-by: Bart Van Assche Cc: Israel Rukshin Cc: Max Gurtovoy Cc: Leon Romanovsky Cc: Mark Bloch Cc: Yuval Shaia Cc: # 4.7+ Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit 4cd33aafe45866860b7c72401297d1efcd7bd8aa Author: Christophe Jaillet Date: Sat Feb 18 12:28:15 2017 +0100 RDMA/qedr: Fix some error handling 'qedr_alloc_pbl_tbl()' can not return NULL. In qedr_init_user_queue(): - simplify the test for the return value, no need to test for NULL - propagate the error pointer if needed, otherwise 0 (success) is returned. This is spurious. In init_mr_info(): - test the return value with IS_ERR - propagate the error pointer if needed instead of an exlictit -ENOMEM. This is a no-op as the only error pointer that we can have here is already -ENOMEM Signed-off-by: Christophe JAILLET Acked-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit e57f774db1fef3d983fd77db0f48f3f39875c65f Author: Arnd Bergmann Date: Fri Feb 17 15:40:21 2017 +0100 RDMA/bnxt_re: add DCB dependency When CONFIG_DCB is disabled, we get a link error: drivers/infiniband/built-in.o: In function `bnxt_re_setup_qos': trace.c:(.text+0x155774): undefined reference to `dcb_ieee_getapp_mask' trace.c:(.text+0x155774): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `dcb_ieee_getapp_mask' trace.c:(.text+0x155794): undefined reference to `dcb_ieee_getapp_mask' trace.c:(.text+0x155794): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `dcb_ieee_getapp_mask' Like the other drivers that use this function, a Kconfig dependency is the correct fix. Signed-off-by: Arnd Bergmann Signed-off-by: Doug Ledford drivers/infiniband/hw/bnxt_re/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3ecc16c82c068885cef5697d2f056a8fc317cf45 Author: Arnd Bergmann Date: Fri Feb 17 15:38:26 2017 +0100 IB/hns: include linux/module.h I ran into a build error on arm64 randconfig testing: infiniband/hw/hns/hns_roce_main.c:539:1: error: data definition has no type or storage class [-Werror] infiniband/hw/hns/hns_roce_main.c:539:1: error: type defaults to 'int' in declaration of 'MODULE_DEVICE_TABLE' [-Werror=implicit-int] infiniband/hw/hns/hns_roce_main.c:539:1: error: parameter names (without types) in function declaration [-Werror] infiniband/hw/hns/hns_roce_main.c:979:226: error: data definition has no type or storage class [-Werror] infiniband/hw/hns/hns_roce_main.c:979:226: error: type defaults to 'int' in declaration of 'module_init' [-Werror=implicit-int] infiniband/hw/hns/hns_roce_main.c:979:1: error: parameter names (without types) in function declaration [-Werror] Including the module.h makes it build again. Fixes: 9a4435375cd1 ("IB/hns: Add driver files for hns RoCE driver") Signed-off-by: Arnd Bergmann Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_main.c | 1 + 1 file changed, 1 insertion(+) commit c67294b70b5aafa2769e8c677a044243ce974c3a Author: Yuval Shaia Date: Thu Feb 16 14:05:05 2017 +0200 IB/vmw_pvrdma: Expose vendor error to ULPs Signed-off-by: Yuval Shaia Acked-by: Adit Ranadive Signed-off-by: Doug Ledford drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7bf3976d6cfd77c956484186e8bed8f4aab677ce Author: Christoph Hellwig Date: Wed Feb 15 08:47:04 2017 +0100 vmw_pvrdma: switch to pci_alloc_irq_vectors .. and greatly clean up the irq handling boilerplate code. Signed-off-by: Christoph Hellwig Acked-by: Adit Ranadive Signed-off-by: Doug Ledford drivers/infiniband/hw/vmw_pvrdma/pvrdma.h | 8 +- drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 6 - drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 162 +++++----------------- 3 files changed, 34 insertions(+), 142 deletions(-) commit 64b2ae74e83c0294f66ab8db9c99c274fa1a5f1a Author: Arnd Bergmann Date: Tue Feb 14 22:23:07 2017 +0100 IB/hfi1: use size_t for passing array length gcc-7 produces a mysterious warning about the size argument being potentially out of range: drivers/infiniband/hw/hfi1/verbs.c: In function 'init_cntr_names': drivers/infiniband/hw/hfi1/verbs.c:1644:2: error: 'memcpy': specified size between 18446744071562067968 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=] This seems to refer to a the case where an 64-bit size_t gets truncated into a negative 'int' and subsequently turned into a high 64-bit number again. The fix is clearly to use size_t here, which matches the type that gets used for this value elsewhere. Fixes: b7481944b06e ("IB/hfi1: Show statistics counters under IB stats interface") Signed-off-by: Arnd Bergmann Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 23536dfaa3ef5b4e61272ea65ed6c1b15db022ec Author: Zhu Yanjun Date: Tue Feb 14 03:43:12 2017 -0500 IB/ipoib: Remove redudant label There are 2 labels to mark the same statements. Replace the 2 labels with one versatile labe. Cc: Joe Jin Cc: Junxiao Bi Signed-off-by: Zhu Yanjun Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/ulp/ipoib/ipoib_cm.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit c5e8f57b0b560b9cc9ea9166975858d023f81030 Author: Zhu Yanjun Date: Fri Feb 10 01:48:42 2017 -0500 IB/ipoib: remove the unnecessary memory free In the function ipoib_cm_nonsrq_init_rx, the memory is not allocated successfully. It is not necessary to free it. CC: Joe Jin CC: Junxiao Bi Signed-off-by: Zhu Yanjun Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/ulp/ipoib/ipoib_cm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit f50cccdd03ed4b22960308a5d2499519df13ee9b Author: Christoph Hellwig Date: Thu Feb 9 16:10:58 2017 +0100 IB/mthca: switch to pci_alloc_irq_vectors Trivial switch to the new API for this driver. Signed-off-by: Christoph Hellwig Signed-off-by: Doug Ledford drivers/infiniband/hw/mthca/mthca_main.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) commit 1bb0d7b781b1ca647f1ae69665c0ad1de09a1174 Author: Michael J. Ruhl Date: Wed Feb 8 05:28:31 2017 -0800 IB/hfi1: Code reuse with memdup_copy Update several usages of kmalloc/user_copy to memdup_copy and memdup_copy_nul. Reviewed-by: Dennis Dalessandro Reviewed-by: Mike Marciniszyn Signed-off-by: Michael J. Ruhl Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/debugfs.c | 39 +++++++++---------------------- drivers/infiniband/hw/hfi1/user_exp_rcv.c | 17 +++++--------- drivers/infiniband/hw/hfi1/user_sdma.c | 17 +++++++------- 3 files changed, 25 insertions(+), 48 deletions(-) commit 832666c163f04306fa6823b8974bccf7bb5e5ad3 Author: Don Hiatt Date: Wed Feb 8 05:28:25 2017 -0800 IB/hfi1, qib, rdmavt: Move AETH defines to rdma/ib_hdrs.h Rename RVT AETH defines and export in rdma/ib_hdrs.h Reviewed-by: Mike Marciniszyn Signed-off-by: Don Hiatt Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 18 +++++++++--------- drivers/infiniband/hw/hfi1/ruc.c | 2 +- drivers/infiniband/hw/hfi1/trace.c | 4 ++-- drivers/infiniband/hw/qib/qib_rc.c | 18 +++++++++--------- drivers/infiniband/hw/qib/qib_ruc.c | 2 +- drivers/infiniband/sw/rdmavt/qp.c | 7 ++++--- drivers/infiniband/sw/rdmavt/rc.c | 15 +++++++-------- include/rdma/ib_hdrs.h | 6 ++++++ include/rdma/rdmavt_qp.h | 5 ----- 9 files changed, 39 insertions(+), 38 deletions(-) commit 881fccb8640bdd3533f5a98a99991aae23a5106b Author: Don Hiatt Date: Wed Feb 8 05:28:19 2017 -0800 IB/hfi1: Add rvt_rnr_tbl_to_usec function Return usec from an index into ib_rvt_rnr_table. Reviewed-by: Mike Marciniszyn Signed-off-by: Don Hiatt Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/qp.c | 11 +++++++++++ include/rdma/rdmavt_qp.h | 1 + 2 files changed, 12 insertions(+) commit db069ecb5d4dcd297628d5ebc56dd22bdbab9729 Author: Michael J. Ruhl Date: Wed Feb 8 05:28:13 2017 -0800 IB/hfi1: Do not set physical link state if DC is in the shutdown state If the DC is in shutdown state, the set link state function will return an error. Since this is not a failure in this state, make sure to only call set link state if the DC is on. Reviewed-by: Easwar Hariharan Signed-off-by: Michael J. Ruhl Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit c27aad00d191e8ba88fe755db53b9f2b8cefc0e9 Author: Jakub Byczkowski Date: Wed Feb 8 05:27:55 2017 -0800 IB/hfi1: Modify logging frequency of DCC errors Use rate-limit state to limit number of messages logged to kernel message buffer for DCC errors. Add new macro dd_dev_info_ratelimited for that propose. Replace all dd_dev_info calls in handle_dcc_err function with rate-limited version. Reviewed-by: Dennis Dalessandro Signed-off-by: Jakub Byczkowski Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 20 +++++++++++--------- drivers/infiniband/hw/hfi1/hfi.h | 4 ++++ 2 files changed, 15 insertions(+), 9 deletions(-) commit f9215b5e536b0c598dff4041fc7d6136cd599981 Author: Mike Marciniszyn Date: Wed Feb 8 05:27:49 2017 -0800 IB/rdmavt, IB/hfi1, IB/qib: Correct ack count for passive (RTR) QPs The send complete for RC QPs mismanages the ack count when the responder side is only in RTR. A QP in that state cannot send requests, but it can be the target for operations that elicit responses. Adjust the RC completion logic to correct the count maintenance by reflecting RECV_OK in a new state test. Reviewed-by: Kaike Wan Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 2 +- drivers/infiniband/hw/qib/qib_rc.c | 2 +- include/rdma/rdmavt_qp.h | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) commit 3fc4a0906f9c49839f03de4b6500d82fa5b3254f Author: Brian Welty Date: Wed Feb 8 05:27:43 2017 -0800 IB/qib: Updates to use rdmavt's SGE helper routines Reviewed-by: Mike Marciniszyn Signed-off-by: Brian Welty Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/qib/qib_rc.c | 2 +- drivers/infiniband/hw/qib/qib_ud.c | 4 +- drivers/infiniband/hw/qib/qib_verbs.c | 95 +++-------------------------------- drivers/infiniband/hw/qib/qib_verbs.h | 2 - 4 files changed, 9 insertions(+), 94 deletions(-) commit 1198fcea8a7810d06069a85256d1ef9ec97d434b Author: Brian Welty Date: Wed Feb 8 05:27:37 2017 -0800 IB/hfi1, rdmavt: Move SGE state helper routines into rdmavt To improve code reuse, add small SGE state helper routines to rdmavt_mr.h. Leverage these in hfi1, including refactoring of hfi1_copy_sge. Reviewed-by: Mike Marciniszyn Signed-off-by: Brian Welty Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/hfi.h | 2 - drivers/infiniband/hw/hfi1/rc.c | 2 +- drivers/infiniband/hw/hfi1/ud.c | 4 +- drivers/infiniband/hw/hfi1/verbs.c | 91 ++------------------------------------ drivers/infiniband/hw/hfi1/verbs.h | 2 - include/rdma/rdmavt_mr.h | 50 +++++++++++++++++++++ 6 files changed, 57 insertions(+), 94 deletions(-) commit 0128fceaf934dbfca4537d4eb8c3a5f7e84562c8 Author: Brian Welty Date: Wed Feb 8 05:27:31 2017 -0800 IB/hfi1, rdmavt: Update copy_sge to use boolean arguments Convert copy_sge and related SGE state functions to use boolean. For determining if QP is in user mode, add helper function in rdmavt_qp.h. This is used to determine if QP needs the last byte ordering. While here, change rvt_pd.user to a boolean. Reviewed-by: Mike Marciniszyn Reviewed-by: Dean Luick Signed-off-by: Brian Welty Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 16 ++++++++-------- drivers/infiniband/hw/hfi1/ruc.c | 10 +++++----- drivers/infiniband/hw/hfi1/uc.c | 10 +++++----- drivers/infiniband/hw/hfi1/ud.c | 12 ++++++------ drivers/infiniband/hw/hfi1/verbs.c | 21 +++++++++++---------- drivers/infiniband/hw/hfi1/verbs.h | 4 ++-- drivers/infiniband/sw/rdmavt/pd.c | 2 +- include/rdma/rdma_vt.h | 2 +- include/rdma/rdmavt_qp.h | 9 +++++++++ 9 files changed, 48 insertions(+), 38 deletions(-) commit b4238e70579cb1edf32c56ee512f84cbad01ac27 Author: Venkata Sandeep Dhanalakota Date: Wed Feb 8 05:27:25 2017 -0800 IB/qib: Use new rdmavt timers Reduce qib code footprint by using the rdmavt timers. Reviewed-by: Mike Marciniszyn Reviewed-by: Brian Welty Signed-off-by: Venkata Sandeep Dhanalakota Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/qib/qib_qp.c | 1 - drivers/infiniband/hw/qib/qib_rc.c | 94 +++++++---------------------------- drivers/infiniband/hw/qib/qib_ruc.c | 45 +---------------- drivers/infiniband/hw/qib/qib_verbs.c | 1 + drivers/infiniband/hw/qib/qib_verbs.h | 2 +- 5 files changed, 21 insertions(+), 122 deletions(-) commit 56acbbfb46d9d613858de2bffcc7dee4205682b7 Author: Venkata Sandeep Dhanalakota Date: Wed Feb 8 05:27:19 2017 -0800 IB/hfi1: Use new rdmavt timers Reduce hfi1 code footprint by using the rdmavt timers. Reviewed-by: Mike Marciniszyn Reviewed-by: Brian Welty Signed-off-by: Venkata Sandeep Dhanalakota Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/qp.c | 4 - drivers/infiniband/hw/hfi1/rc.c | 194 +++---------------------------------- drivers/infiniband/hw/hfi1/ruc.c | 43 +------- drivers/infiniband/hw/hfi1/verbs.c | 1 + drivers/infiniband/hw/hfi1/verbs.h | 9 +- 5 files changed, 16 insertions(+), 235 deletions(-) commit 11a10d4bc7b2640da1fce27586a617411b70f5c5 Author: Venkata Sandeep Dhanalakota Date: Wed Feb 8 05:27:13 2017 -0800 IB/rdmavt: Adding timer logic to rdmavt To move common code across target to rdmavt for code reuse. Reviewed-by: Mike Marciniszyn Reviewed-by: Brian Welty Signed-off-by: Venkata Sandeep Dhanalakota Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/qp.c | 183 +++++++++++++++++++++++++++++++++++++- include/rdma/rdma_vt.h | 19 ++++ include/rdma/rdmavt_qp.h | 6 ++ 3 files changed, 206 insertions(+), 2 deletions(-) commit 696513e8cf39ccb8ee8010fd2157f095b3af6a91 Author: Brian Welty Date: Wed Feb 8 05:27:07 2017 -0800 IB/hfi1, qib, rdmavt: Move AETH credit functions into rdmavt Add rvt_compute_aeth() and rvt_get_credit() as shared functions in rdmavt, moved from hfi1/qib logic. Reviewed-by: Dennis Dalessandro Signed-off-by: Brian Welty Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/common.h | 4 - drivers/infiniband/hw/hfi1/qp.c | 137 ------------------------ drivers/infiniband/hw/hfi1/qp.h | 16 --- drivers/infiniband/hw/hfi1/rc.c | 40 +++---- drivers/infiniband/hw/hfi1/trace.c | 4 +- drivers/infiniband/hw/hfi1/verbs.h | 9 -- drivers/infiniband/hw/qib/qib_common.h | 4 - drivers/infiniband/hw/qib/qib_qp.c | 134 ----------------------- drivers/infiniband/hw/qib/qib_rc.c | 40 +++---- drivers/infiniband/hw/qib/qib_verbs.h | 4 - drivers/infiniband/sw/rdmavt/Makefile | 4 +- drivers/infiniband/sw/rdmavt/rc.c | 190 +++++++++++++++++++++++++++++++++ include/rdma/rdmavt_qp.h | 31 ++++++ 13 files changed, 265 insertions(+), 352 deletions(-) commit beb5a0426794c9698c4e0349c626d819b5f3b2c7 Author: Brian Welty Date: Wed Feb 8 05:27:01 2017 -0800 IB/hfi1, qib, rdmavt: Move two IB event functions into rdmavt Add rvt_rc_error() and rvt_comm_est() as shared functions in rdmavt, moved from hfi1/qib logic. Reviewed-by: Dennis Dalessandro Signed-off-by: Brian Welty Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/qp.c | 13 ------------ drivers/infiniband/hw/hfi1/qp.h | 6 ------ drivers/infiniband/hw/hfi1/rc.c | 27 ++++--------------------- drivers/infiniband/hw/hfi1/ruc.c | 2 +- drivers/infiniband/hw/hfi1/uc.c | 4 ++-- drivers/infiniband/hw/hfi1/ud.c | 4 ++-- drivers/infiniband/hw/hfi1/verbs.h | 2 -- drivers/infiniband/hw/qib/qib_rc.c | 38 +++++------------------------------ drivers/infiniband/hw/qib/qib_ruc.c | 2 +- drivers/infiniband/hw/qib/qib_uc.c | 15 +++----------- drivers/infiniband/hw/qib/qib_ud.c | 4 ++-- drivers/infiniband/hw/qib/qib_verbs.h | 2 -- drivers/infiniband/sw/rdmavt/qp.c | 38 +++++++++++++++++++++++++++++++++++ include/rdma/rdmavt_qp.h | 2 ++ 14 files changed, 60 insertions(+), 99 deletions(-) commit c03c08d50b3d44cd331319b4b2882315413ee281 Author: Sebastian Sanchez Date: Wed Feb 8 05:26:55 2017 -0800 IB/hfi1: Check upper-case EFI variables The EFI variable that provides board ID is named by the PCI address of the device, which is published in upper-case, while the HFI1 driver reads the EFI variable in lower-case. This prevents returning the correct board id when queried through sysfs. Read EFI variables in upper-case if the lower-case read fails. Reviewed-by: Easwar Hariharan Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/efivar.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) commit 76327627be1d9bd6a360b645ac7675c02a39096f Author: Sebastian Sanchez Date: Wed Feb 8 05:26:49 2017 -0800 IB/hfi1: Reduce oversized fields in struct hfi1_packet Some fields in struct hfi1_packet are oversized. Reduce them. Reviewed-by: Mike Marciniszyn Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/hfi.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit d7c76e91aa6c10775ea172263828c3119e4335a0 Author: Mike Marciniszyn Date: Wed Feb 8 05:26:43 2017 -0800 IB/hfi1: Add additional fields to qp_stats The r_psn and s_rnr_retry are missing. Add with this patch. Reviewed-by: Kaike Wan Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/qp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit b448bf9a0df6093dbadac36979a55ce4e012a677 Author: Sebastian Sanchez Date: Wed Feb 8 05:26:37 2017 -0800 IB/hfi1: Allocate context data on memory node There are some memory allocation calls in hfi1_create_ctxtdata() that do not use the numa function parameter. This can cause cache lines to be filled over QPI. Reviewed-by: Mike Marciniszyn Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/init.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 338adfdddf6abe89726e1146ad3102ce9663a634 Author: Sebastian Sanchez Date: Wed Feb 8 05:26:31 2017 -0800 IB/rdmavt: Use per-CPU reference count for MRs Having per-CPU reference count for each MR prevents cache-line bouncing across the system. Thus, it prevents bottlenecks. Use per-CPU reference counts per MR. The per-CPU reference count for FMRs is used in atomic mode to allow accurate testing of the busy state. Other MR types run in per-CPU mode MR until they're freed. Reviewed-by: Mike Marciniszyn Signed-off-by: Sebastian Sanchez Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/mr.c | 59 +++++++++++++++++++++++++-------------- include/rdma/rdmavt_mr.h | 10 +++---- 2 files changed, 43 insertions(+), 26 deletions(-) commit f3e862cb6894389a35d0beb10f73d62eb3317beb Author: Sebastian Sanchez Date: Wed Feb 8 05:26:25 2017 -0800 IB/hfi1: Access hfi1_ibport through rcd pointer Receive code paths use the QP's device and port number to access the struct hfi1_ibport. When an instance of struct hfi1_ctxtdata is present, it can be used to access struct hfi1_ibport through a pointer. This makes struct hfi1_ibport lookup time faster as an array doesn't have to be indexed and access fields in other cache-lines. Reviewed-by: Mike Marciniszyn Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/driver.c | 4 ++-- drivers/infiniband/hw/hfi1/hfi.h | 5 +++++ drivers/infiniband/hw/hfi1/rc.c | 10 +++++----- drivers/infiniband/hw/hfi1/uc.c | 2 +- drivers/infiniband/hw/hfi1/ud.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 4 ++-- 6 files changed, 16 insertions(+), 11 deletions(-) commit a8715b97d63718fc5c4daebc465407c259aea265 Author: Mike Marciniszyn Date: Wed Feb 8 05:26:20 2017 -0800 IB/hfi1: Correct error calldown locking The resource specific wait locking missed correcting the lock for the notify_error_qp() calldown. The code is fixed to correctly use the iowait lock field to protect the head that is protected by that lock. Fixes: Commit 4e045572e2c2 ("IB/hfi1: Add unique txwait_lock for txreq events") Reviewed-by: Sebastian Sanchez Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/qp.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) commit 39e2afa8d042a53d855137d4c5a689a6f5492b39 Author: Easwar Hariharan Date: Wed Feb 8 05:26:14 2017 -0800 IB/hfi1: Use static CTLE with Preset 6 for integrated HFIs After extended testing, it was found that the previous PCIe Gen 3 recipe, which used adaptive CTLE with Preset 4, could cause an NMI/Surprise Link Down in about 1 in 100 to 1 in 1000 power cycles on some platforms. New EV data combined with extensive empirical data indicates that the new recipe should use static CTLE with Preset 6 for all integrated silicon SKUs. Fixes: c3f8de0b334c ("IB/hfi1: Add static PCIe Gen3 CTLE tuning") Reviewed-by: Dennis Dalessandro Signed-off-by: Easwar Hariharan Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/pcie.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit eb04ff09d834c1a531d02ee0b3e4b503253df609 Author: Mike Marciniszyn Date: Wed Feb 8 05:26:08 2017 -0800 IB/hfi1: Ensure read of producer s_head is correct The read of s_head in the hfi1_make_rc_req() and qib_make_rc_req() lack the necesary barrier instuctions. Correct other ACCESS_ONCE() warnings in the same file. Reviewed-by: Ashutosh Dixit Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 7 ++++--- drivers/infiniband/hw/qib/qib_rc.c | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) commit a82a7fcd1f23497a97df237829622dfdfacf24fe Author: Mike Marciniszyn Date: Wed Feb 8 05:26:02 2017 -0800 IB/hfi1: Process qp wait list in IRQ thread periodically In the event that the IRQ thread is extremely busy, the processing of an rcd wait list can be delayed by quite a bit until the IRQ thread completes its work. The QP reset reference count wait can then appear to be stuck, thus causing up a QP destroy to emit the hung task diagnostic. Fix by processing the qp wait list periodically from the thread. The interval is a multiple (currently 4) of the MAX_PKT_RECV. Also, reduce some of the excessive inlining. The guidelines are per packet is ok inline, otherwise the choice is based on likelyhood of execution. Reviewed-by: Sebastian Sanchez Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/driver.c | 121 ++++++++++++++++++++---------------- 1 file changed, 67 insertions(+), 54 deletions(-) commit 4fcf1de5a79bfe8ee4c638bd3902d20cd59376de Author: Mike Marciniszyn Date: Wed Feb 8 05:25:56 2017 -0800 IB/hfi1: Correct defered count after processing qp_wait_list The qp_wait_list processing leaves the defered ack count at its prior value. This can result in a premature send of an ack. Fixed by unconditionally reseting the defered ack count in hfi1_send_rc_ack(). Fixes: Commit 7c091e5c0685 ("staging/rdma/hfi1: add ACK coalescing logic") Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 4 ++++ 1 file changed, 4 insertions(+) commit 8d8a47338089d96093fa5fb8a686d9faefce04a1 Author: Wei Yongjun Date: Tue Feb 7 15:15:10 2017 +0000 IB/rxe: use setup_timer to simplify the code Use setup_timer function instead of initializing timer with the function and data fields. Signed-off-by: Wei Yongjun Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_qp.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit 32f8e839edebe3310dd077439ce0e9a96e0c2352 Author: Max Gurtovoy Date: Thu Feb 2 01:55:18 2017 +0200 IB/iser: Protect completion context active_qps update As iser connections can share completion contexts, we need to protect the active_qps update each time we set it. Signed-off-by: Max Gurtovoy Acked-by: Sagi Grimberg Signed-off-by: Doug Ledford drivers/infiniband/ulp/iser/iser_verbs.c | 2 ++ 1 file changed, 2 insertions(+) commit 192539f4ce36e5b80b9eb1f4ccd759a92eed2ff9 Author: Ganesh Goudar Date: Tue Jan 31 12:00:09 2017 +0530 iw_cxgb4: clean up send_connect() Clean up send_connect() and make use of t6 specific active open request struct. Acked-by: Steve Wise Signed-off-by: Bharat Teja Signed-off-by: Ganesh Goudar Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/cm.c | 56 ++++++++++++++++++++++++++-------------- 1 file changed, 36 insertions(+), 20 deletions(-) commit 6dd7abae7110da6fa01f048baf5b679b5a4a56dd Merge: 6df6b4a 646ebd4 Author: Doug Ledford Date: Sun Feb 19 09:18:21 2017 -0500 Merge branch 'k.o/for-4.10-rc' into HEAD commit 3900dea4cda7c28d7921370bc4d22b08463ed94c Author: Christophe JAILLET Date: Sat Feb 18 09:34:34 2017 +0100 irqchip/qcom: Fix error handling 'devm_ioremap()' returns NULL on error, not an error pointer. Fixes: f20cc9b00c7b ("irqchip/qcom: Add IRQ combiner driver") Signed-off-by: Christophe JAILLET Cc: marc.zyngier@arm.com Cc: kernel-janitors@vger.kernel.org Cc: jason@lakedaemon.net Link: http://lkml.kernel.org/r/20170218083434.2289-1-christophe.jaillet@wanadoo.fr Signed-off-by: Thomas Gleixner drivers/irqchip/qcom-irq-combiner.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 762b6f00a995863afa274d6b5ffa3880dac1714b Author: Dmitry V. Levin Date: Wed Feb 15 23:04:54 2017 +0300 uapi: fix linux/target_core_user.h userspace compilation errors Consistently use types from linux/types.h to fix the following linux/target_core_user.h userspace compilation errors: /usr/include/linux/target_core_user.h:108:4: error: unknown type name 'uint32_t' uint32_t iov_cnt; /usr/include/linux/target_core_user.h:109:4: error: unknown type name 'uint32_t' uint32_t iov_bidi_cnt; /usr/include/linux/target_core_user.h:110:4: error: unknown type name 'uint32_t' uint32_t iov_dif_cnt; /usr/include/linux/target_core_user.h:111:4: error: unknown type name 'uint64_t' uint64_t cdb_off; /usr/include/linux/target_core_user.h:112:4: error: unknown type name 'uint64_t' uint64_t __pad1; /usr/include/linux/target_core_user.h:113:4: error: unknown type name 'uint64_t' uint64_t __pad2; /usr/include/linux/target_core_user.h:117:4: error: unknown type name 'uint8_t' uint8_t scsi_status; /usr/include/linux/target_core_user.h:118:4: error: unknown type name 'uint8_t' uint8_t __pad1; /usr/include/linux/target_core_user.h:119:4: error: unknown type name 'uint16_t' uint16_t __pad2; /usr/include/linux/target_core_user.h:120:4: error: unknown type name 'uint32_t' uint32_t __pad3; Signed-off-by: Dmitry V. Levin Signed-off-by: Nicholas Bellinger include/uapi/linux/target_core_user.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) commit 0ab8ac6f504d61b59856bd34e62bbfd60edd2bb0 Author: Mike Christie Date: Fri Jan 13 04:47:48 2017 -0600 target: export protocol identifier I think the transport statistics device file was supposed to show scsiTransportProtocolType. It instead shows the fabric name which is normally closer to the driver name. I was thinking I cannot change from fabric name to protocol type name incase people are expecting the driver name, so this patch adds another file proto_id that exports the SCSI protocol identifier ID. Signed-off-by: Mike Christie Signed-off-by: Nicholas Bellinger drivers/target/target_core_stat.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 6cb3216a7863fd13fb125f0867fce55c2bbd8c8e Author: Quinn Tran Date: Mon Feb 13 12:18:29 2017 -0800 qla2xxx: Fix a warning reported by the "smatch" static checker Fix the following warning reported by the "smatch" static checker: drivers/scsi/qla2xxx/qla_init.c:3910 qla2x00_alloc_fcport() warn: use 'flags' here instead of GFP_XXX? Reported-by: Dan Carpenter Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Cc: Dan Carpenter Signed-off-by: Bart Van Assche Signed-off-by: Nicholas Bellinger drivers/scsi/qla2xxx/qla_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4d65491c269729a1e3b375c45e73213f49103d33 Author: Varun Prakash Date: Fri Jan 20 16:44:33 2017 +0530 target/iscsi: Fix unsolicited data seq_end_offset calculation In case of unsolicited data for the first sequence seq_end_offset must be set to minimum of total data length and FirstBurstLength, so do not add cmd->write_data_done to the min of total data length and FirstBurstLength. This patch avoids that with ImmediateData=Yes, InitialR2T=No, MaxXmitDataSegmentLength < FirstBurstLength that a WRITE command with IO size above FirstBurstLength triggers sequence error messages, for example Set following parameters on target (linux-4.8.12) ImmediateData = Yes InitialR2T = No MaxXmitDataSegmentLength = 8k FirstBurstLength = 64k Log in from Open iSCSI initiator and execute dd if=/dev/zero of=/dev/sdb bs=128k count=1 oflag=direct Error messages on target Command ITT: 0x00000035 with Offset: 65536, Length: 8192 outside of Sequence 73728:131072 while DataSequenceInOrder=Yes. Command ITT: 0x00000035, received DataSN: 0x00000001 higher than expected 0x00000000. Unable to perform within-command recovery while ERL=0. Signed-off-by: Varun Prakash [ bvanassche: Use min() instead of open-coding it / edited patch description ] Signed-off-by: Bart Van Assche Signed-off-by: Nicholas Bellinger drivers/target/iscsi/iscsi_target_erl0.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 79e57cfe00f40d509e2d007a5662db26cdbc74db Author: Varun Prakash Date: Fri Jan 13 20:53:25 2017 +0530 target/cxgbit: add T6 iSCSI DDP completion feature Chelsio T6 adapters reduce number of completion to host by generating single completion for all directly placed(DDP) iSCSI pdus in a sequence, completion contains iSCSI hdr of the last pdu in a sequence. On receiving DDP completion cxgbit driver finds iSCSI cmd using iscsit_find_cmd_from_itt_or_dump(), then updates cmd->write_data_done, cmd->next_burst_len, cmd->data_sn and calls __iscsit_check_dataout_hdr() to validate iSCSI hdr. (Update __iscsit_check_dataout_hdr parameter usage - nab) Signed-off-by: Varun Prakash Signed-off-by: Bart Van Assche Signed-off-by: Nicholas Bellinger drivers/target/iscsi/cxgbit/cxgbit_cm.c | 3 ++ drivers/target/iscsi/cxgbit/cxgbit_lro.h | 5 +- drivers/target/iscsi/cxgbit/cxgbit_main.c | 67 +++++++++++++++++------- drivers/target/iscsi/cxgbit/cxgbit_target.c | 81 +++++++++++++++++++++-------- 4 files changed, 113 insertions(+), 43 deletions(-) commit 5248788ec300f7ee738502bfc466dbb9b625247e Author: Varun Prakash Date: Fri Jan 13 20:53:24 2017 +0530 target/cxgbit: Enable DDP for T6 only if data sequence and pdu are in order Enable DDP for T6 only if DataSequenceInOrder=YES and DataPDUInOrder=YES to ensure inorder delivery of iSCSI pdus. Signed-off-by: Varun Prakash Signed-off-by: Bart Van Assche Signed-off-by: Nicholas Bellinger drivers/target/iscsi/cxgbit/cxgbit_target.c | 86 ++++++++++++++++++++--------- 1 file changed, 61 insertions(+), 25 deletions(-) commit d88b504e413e7d1471562ff9c3311dbf983e0291 Author: Varun Prakash Date: Fri Jan 13 20:53:23 2017 +0530 target/cxgbit: Use T6 specific macros to get ETH/IP hdr len Signed-off-by: Varun Prakash Signed-off-by: Bart Van Assche Signed-off-by: Nicholas Bellinger drivers/target/iscsi/cxgbit/cxgbit_cm.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 3da1110fd1ac3e11208f12c966c6de7a2c306b9d Author: Varun Prakash Date: Fri Jan 13 20:53:22 2017 +0530 target/cxgbit: use cxgb4_tp_smt_idx() to get smt idx cxgb4_tp_smt_idx() returns smt idx for T4,T5,T6 adapters. Signed-off-by: Varun Prakash Signed-off-by: Bart Van Assche Signed-off-by: Nicholas Bellinger drivers/target/iscsi/cxgbit/cxgbit_cm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9a584bf9bf0a1c608f5ed5f5e63b074bbc81a322 Author: Varun Prakash Date: Fri Jan 13 20:53:21 2017 +0530 target/iscsi: split iscsit_check_dataout_hdr() Split iscsit_check_dataout_hdr() into two functions 1. __iscsit_check_dataout_hdr() - This function validates data out hdr. 2. iscsit_check_dataout_hdr() - This function finds iSCSI cmd using iscsit_find_cmd_from_itt_or_dump(), then it calls __iscsit_check_dataout_hdr() to validate iSCSI hdr. This split is required to support Chelsio T6 iSCSI DDP completion feature. T6 adapters reduce number of completions to host by generating single completion for all directly placed(DDP) iSCSI pdus in a sequence, DDP completion contains iSCSI hdr of the last pdu in a sequence. On receiving DDP completion cxgbit driver will first find iSCSI cmd using iscsit_find_cmd_from_itt_or_dump() then updates cmd->write_data_done, cmd->next_burst_len, cmd->data_sn and calls __iscsit_check_dataout_hdr() to validate iSCSI hdr. (Move XRDSL check ahead of itt lookup / dump - nab) Signed-off-by: Varun Prakash Signed-off-by: Bart Van Assche Signed-off-by: Nicholas Bellinger drivers/target/iscsi/iscsi_target.c | 65 ++++++++++++++++++++------------ drivers/target/iscsi/iscsi_target_util.c | 1 + include/target/iscsi/iscsi_transport.h | 11 +++++- 3 files changed, 50 insertions(+), 27 deletions(-) commit 83a0c6e589017ce737720b9e05e2fa3fe4f7b860 Author: Benjamin Poirier Date: Thu Jan 12 17:04:14 2017 -0800 i40e: Invoke softirqs after napi_reschedule The following message is logged from time to time when using i40e: NOHZ: local_softirq_pending 08 i40e may schedule napi from a workqueue. Afterwards, softirqs are not run in a deterministic time frame. The problem is the same as what was described in commit ec13ee80145c ("virtio_net: invoke softirqs after __napi_schedule") and this patch applies the same fix to i40e. Signed-off-by: Benjamin Poirier Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++ 1 file changed, 2 insertions(+) commit ee847d935156b041679ad82c269796dae1afaa6b Author: Carolyn Wyborny Date: Wed Dec 21 18:04:47 2016 -0500 i40e: remove duplicate device id from PCI table Signed-off-by: Carolyn Wyborny Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 1 - 1 file changed, 1 deletion(-) commit b9c015d421946fe3675fcb9cbacd0a37f1d3263c Author: Jacob Keller Date: Mon Dec 12 15:44:17 2016 -0800 i40e: mark the value passed to csum_replace_by_diff as __wsum Fix, or rather, avoid a sparse warning caused by the fact that csum_replace_by_diff expects to receive a __wsum value. Since the calculation appears to work, simply typecast the passed paylen value to __wsum to avoid the warning. This seems pretty fishy since __wsum was obviously annotated as a separate type on purpose, so this throws the entire calculation into question. Since it currently appears to behave as expected, the typecast is probably safe. Change-ID: I4fdc5cddd589abc16098176e8a61127e761488f4 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_txrx.c | 5 +++-- drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) commit ae13670824d5adadc95a881ebfaa6fa8735218f0 Author: Harshitha Ramamurthy Date: Mon Dec 12 15:44:16 2016 -0800 i40e: Error handling for link event There exists an intermittent bug which causes the 'Link Detected' field reported by the 'ethtool ' command to be 'Yes' when in fact, there is no link. This patch fixes the problem by enabling temporary link polling when i40e_get_link_status returns an error. This causes the driver to remember that an admin queue command failed and polls, until the function returns with a success. Change-Id: I64c69b008db4017b8729f3fc27b8f65c8fe2eaa0 Signed-off-by: Harshitha Ramamurthy Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) commit 5cb259016b4258d7ac53588a01d17da1ceda84b7 Author: Jacob Keller Date: Mon Dec 12 15:44:15 2016 -0800 i40e: properly convert le16 value to CPU format This ensures that the pvid which is stored in __le16 format is converted to the CPU format. This will fix comparison issues on Big Endian platforms. Change-ID: I92c80d1315dc2a0f9f095d5a0c48d461beb052ed Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 2ae0bf501425cbddc8b992a2b65fc04d911cae8c Author: Jacob Keller Date: Mon Dec 12 15:44:14 2016 -0800 i40e: convert to cpu from le16 to generate switch_id correctly On Big Endian platforms we would incorrectly calculate the wrong switch id since we did not properly convert the le16 value into CPU format. Caught by sparse. Change-ID: I69a2f9fa064a0a91691f7d0e6fcc206adceb8e36 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 773d4023badee2e196f4125a94fe9d5a739720a0 Author: Alan Brady Date: Mon Dec 12 15:44:13 2016 -0800 i40e: refactor AQ CMD buffer debug printing This patch refactors the '%*ph' printk format specifier to instead use the print_hex_dump function, as recommended by the '%*ph' documentation. This produces better/more standardized output. Change-ID: Id56700b4e8abc40ff8c04bc8379e7df04cb4d6fd Signed-off-by: Alan Brady Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_common.c | 19 ++++++++++++------- drivers/net/ethernet/intel/i40evf/i40e_common.c | 19 ++++++++++++------- 2 files changed, 24 insertions(+), 14 deletions(-) commit 3c234c4709529298498b597bcff35f56ac866a99 Author: Carolyn Wyborny Date: Mon Dec 12 15:44:12 2016 -0800 i40e: Fix Adaptive ITR enabling This patch fixes a bug introduced with the addition of the per queue ITR feature support in ethtool. With that addition, there were functions added which converted the ITR settings to binary values. The IS_ENABLED macros that run on those values check whether a bit is set or not and with the value being binary, the bit check always returned ITR disabled which prevents any updating of the ITR rate. This patch fixes the problem by changing the functions to return the current ITR value instead and renaming it to better reflect its function. These functions now provide a value which will be accurately asessed and update the ITR as intended. Change-ID: I14f1d088d052e27f652aaa3113e186415ddea1fc Signed-off-by: Carolyn Wyborny Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_txrx.c | 12 ++++++------ drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) commit 51f38262669b88b6f5ec52cb93dc72c58d85dc1f Author: Mitch Williams Date: Mon Dec 12 15:44:11 2016 -0800 i40evf: add comment Add a comment to reduce confusion. Change-ID: I3d5819c0f3f5174680442ae54398a073d4a61f4f Signed-off-by: Mitch Williams Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40evf/i40evf_main.c | 5 +++++ 1 file changed, 5 insertions(+) commit 8a68badd12a8b708a02d54cd5aac4d07851a6d5a Author: Mitch Williams Date: Mon Dec 12 15:44:10 2016 -0800 i40evf: free rings in remove function When the i40evf_remove() calls netdev close, the device doesn't actually close - it schedules the work for the watchdog to perform. Since we're stopping the watchdog, this work doesn't get done. However, we're resetting the part, so we can free resources after the reset request has gone through. This plugs a memory leak. Change-ID: Id5335dcaf76ce00d2a4c3d26e9faf711d7f051cf Signed-off-by: Mitch Williams Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40evf/i40evf_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 03aa268b146127361c206fe3942add2adf6ce1d7 Author: Jacob Keller Date: Mon Dec 12 15:44:09 2016 -0800 i40e: remove unnecessary call to i40e_update_link_info This call is made just prior to running i40e_link_event. In i40e_link_event, we set hw->phy.get_link_info to true just prior to calling i40e_get_link_status, which conveniently runs i40e_update_link_info for us. Thus, we are running i40e_update_link_info twice, which seems like something we don't need to do... Change-ID: I36467a570f44b7546d218c99e134ff97c2709315 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 1 - 1 file changed, 1 deletion(-) commit 1d68005db4e72082f3e537d6c0cf831a71a7e2ee Author: Joshua Hay Date: Mon Dec 12 15:44:08 2016 -0800 i40e: enable mc magic pkt wakeup during power down This patch adds a call to the mac_address_write admin q function during power down to update the PRTPM_SAH/SAL registers with the MC_MAG_EN bit thus enabling multicast magic packet wakeup. A FW workaround is needed to write the multicast magic wake up enable bit in the PRTPM_SAH register. The FW expects the mac address write admin q cmd to be called first with one of the WRITE_TYPE_LAA flags and then with the multicast relevant flags. *Note: This solution only works for X722 devices currently. A PFR will clear the previously mentioned bit by default, but X722 has support for a WOL_PRESERVE_ON_PFR flag which prevents the bit from being cleared. Once other devices support this flag, this solution should work as well. Change-ID: I51bd5b8535bd9051c2676e27c999c1657f786827 Signed-off-by: Joshua Hay Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 74 ++++++++++++++++++++--- 3 files changed, 67 insertions(+), 10 deletions(-) commit a410c821c0cf50bc0b73a91435852cd04b2c7acd Author: Alan Brady Date: Mon Dec 12 15:44:07 2016 -0800 i40e: fix disable overflow promiscuous mode There exists a bug in which the driver is unable to exit overflow promiscuous mode after having added "too many" mac filters. It is expected that after triggering overflow promiscuous, removing the failed/extra filters should then disable overflow promiscuous mode. The bug exists because we were intentionally skipping the sync_vsi_filter path in cases where we were removing failed filters since they shouldn't have been added to the firmware in the first place, however we still need to go through the sync_vsi_filter code path to determine whether or not it is ok to exit overflow promiscuous mode. This patch fixes the bug by making sure we go through the sync_vsi_filter path in cases of failed filters. Change-ID: I634d249ca3e5fa50729553137c295e73e7722143 Signed-off-by: Alan Brady Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit eec11535ca3d3e2daa2c8f59fa8ce1963db98abd Author: Dan Carpenter Date: Wed Jan 18 14:13:20 2017 +0300 hfs: fix hfs_readdir() I was looking through static analysis warnings and there is a bug here that goes all the way back to the start of git. Basically we're copying the pointer and nearby garbage instead of the data the fd.key pointer is pointing to. Signed-off-by: Dan Carpenter Reviewed-by: Vyacheslav Dubeyko Signed-off-by: Al Viro fs/hfs/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b8826e506ee58873725ec3a25a2a27fefd762574 Author: Al Viro Date: Sat Feb 18 22:07:24 2017 -0500 selftest for default_file_splice_read() infoleak bug fixed in commit b9dc6f65bc5e ("fix a fencepost error in pipe_advance()") Signed-off-by: Al Viro tools/testing/selftests/Makefile | 1 + tools/testing/selftests/splice/Makefile | 8 ++++++++ tools/testing/selftests/splice/default_file_splice_read.c | 8 ++++++++ tools/testing/selftests/splice/default_file_splice_read.sh | 7 +++++++ 4 files changed, 24 insertions(+) commit 992edf395b8a8411c506f4345bc04451eba95976 Author: Vivek Gautam Date: Wed Dec 28 14:16:45 2016 +0530 thermal: mtk_thermal: Staticise a number of data variables Sparse throws following warnings: drivers/thermal/mtk_thermal.c:186:11: warning: symbol 'mt8173_bank_data' was not declared. Should it be static? drivers/thermal/mtk_thermal.c:193:11: warning: symbol 'mt8173_msr' was not declared. Should it be static? drivers/thermal/mtk_thermal.c:197:11: warning: symbol 'mt8173_adcpnp' was not declared. Should it be static? drivers/thermal/mtk_thermal.c:201:11: warning: symbol 'mt8173_mux_values' was not declared. Should it be static? drivers/thermal/mtk_thermal.c:204:11: warning: symbol 'mt2701_bank_data' was not declared. Should it be static? drivers/thermal/mtk_thermal.c:208:11: warning: symbol 'mt2701_msr' was not declared. Should it be static? drivers/thermal/mtk_thermal.c:212:11: warning: symbol 'mt2701_adcpnp' was not declared. Should it be static? drivers/thermal/mtk_thermal.c:216:11: warning: symbol 'mt2701_mux_values' was not declared. Should it be static? Make these variables as static to fix these warnings. Signed-off-by: Vivek Gautam Signed-off-by: Eduardo Valentin drivers/thermal/mtk_thermal.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 13d00b6439f1cf570ef962cf141bb3e329997265 Author: Keerthy Date: Fri Jan 6 11:31:43 2017 +0530 thermal: arm: dra752: Remove all TSHUT related definitions No configuration needs to be done for TSHUT from software. Hence remove all the unnecessary definitions. Signed-off-by: Keerthy Signed-off-by: Eduardo Valentin drivers/thermal/ti-soc-thermal/dra752-bandgap.h | 19 ---------------- .../thermal/ti-soc-thermal/dra752-thermal-data.c | 25 ---------------------- 2 files changed, 44 deletions(-) commit 96234d44ce3dc598de06b9d7431db9d186dd0d11 Author: Keerthy Date: Fri Jan 6 11:31:42 2017 +0530 thermal: arm: dra752: Remove TSHUT configuration Technical Reference Manual [1] mandates that software should not be configuring the thermal shutdown thresholds. Hence removing TSHUT_CONFIG. [1] http://www.ti.com/lit/ug/sprui30b/sprui30b.pdf Signed-off-by: Keerthy Reported-by: Ravikumar Kattekola Signed-off-by: Eduardo Valentin drivers/thermal/ti-soc-thermal/dra752-thermal-data.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 173a31271253d6ecb5358b72fa26a47e78db3e14 Author: Keerthy Date: Mon Jan 16 15:43:02 2017 +0530 thermal: ti-soc-thermal: Remove CPU_THERMAL Dependency from TI_THERMAL Currently when CPU_THERMAL is not defined the thermal sensors are not even exposed consequently no cooling is possible. CPU_THERMAL eventually depends on CPUFREQ. CPPUFREQ is not the only cooling for CPU. The thermal shutdown for critical temperatures is another cooling solution which will currently not get enabled if CPU_THERMAL is not defined. Remove this dependency so as to have the last level of thermal protection working even without CPUFREQ defined. Signed-off-by: Keerthy Signed-off-by: Eduardo Valentin drivers/thermal/ti-soc-thermal/Kconfig | 1 - 1 file changed, 1 deletion(-) commit 8b051ec37c93b28e1f1cac4c9677ff88e56930ff Author: Shailendra Verma Date: Mon Jan 30 10:34:58 2017 +0530 thermal: imx: Fix possible NULL dereference. of_device_get_match_data could return NULL, and so can cause a NULL pointer dereference later. Signed-off-by: Shailendra Verma Signed-off-by: Eduardo Valentin drivers/thermal/imx_thermal.c | 4 ++++ 1 file changed, 4 insertions(+) commit ef9b36d9101eb2d5827699a4e969c719fb8812c0 Author: Krzysztof Kozlowski Date: Sat Feb 11 22:12:00 2017 +0200 thermal: exynos: Remove parsing unused samsung,tmu_cal_mode property The property samsung,tmu_cal_mode is not used and not used. We can safely remove it. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Eduardo Valentin drivers/thermal/samsung/exynos_tmu.c | 1 - drivers/thermal/samsung/exynos_tmu.h | 1 - 2 files changed, 2 deletions(-) commit 50fdd36f336a03b9486f1cd4b0d85fcb361baf60 Author: Baoyou Xie Date: Tue Feb 7 08:56:41 2017 +0800 thermal: zx2967: add thermal driver for ZTE's zx2967 family This patch adds thermal driver for ZTE's zx2967 family. Signed-off-by: Baoyou Xie Reviewed-by: Mathieu Poirier Signed-off-by: Eduardo Valentin drivers/thermal/Kconfig | 8 ++ drivers/thermal/Makefile | 1 + drivers/thermal/zx2967_thermal.c | 258 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 267 insertions(+) commit 8f91566f99fab8f7a0d2728a1e3defb13675837a Author: Colin Ian King Date: Sat Feb 18 22:52:55 2017 +0000 btmrvl: fix spelling mistake: "actived" -> "activated" trivial fix to spelling mistake in error message Signed-off-by: Colin Ian King Signed-off-by: Marcel Holtmann drivers/bluetooth/btmrvl_sdio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e059a465cc79c510003a23b72e39d4a85bdfa00f Author: Colin Ian King Date: Fri Feb 17 19:58:10 2017 +0000 Bluetooth: hci_qca: fix spelling mistake: "Spurrious" -> "Spurious" trivial fix to spelling mistake in error message Signed-off-by: Colin Ian King Signed-off-by: Marcel Holtmann drivers/bluetooth/hci_qca.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1f47e6cbf58d10392a2158b0e33ef72ad681e40f Author: Noralf Trønnes Date: Sun Jan 22 15:23:48 2017 +0100 drm/tinydrm: Add support for Multi-Inno MI0283QT display Add driver to support the Multi-Inno MI0283QT display panel. It has an ILI9341 MIPI DBI compatible display controller. Signed-off-by: Noralf Trønnes Acked-by: Thierry Reding MAINTAINERS | 6 + drivers/gpu/drm/tinydrm/Kconfig | 8 ++ drivers/gpu/drm/tinydrm/Makefile | 3 + drivers/gpu/drm/tinydrm/mi0283qt.c | 279 +++++++++++++++++++++++++++++++++++++ include/drm/tinydrm/ili9341.h | 54 +++++++ 5 files changed, 350 insertions(+) commit 6b4e48b5a99c7fdc6886c4296798922f2545b7cb Author: Noralf Trønnes Date: Sun Jan 22 15:02:26 2017 +0100 dt-bindings: Add Multi-Inno MI0283QT binding Add device-tree binding documentation for the MI0283QT display panel. Signed-off-by: Noralf Trønnes Acked-by: Rob Herring .../bindings/display/multi-inno,mi0283qt.txt | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) commit b60c1be747418a07fbe04f8533394a64b27b6181 Author: Noralf Trønnes Date: Tue Jan 31 16:05:57 2017 +0100 dt-bindings: display/panel: Add common rotation property Display panels can be oriented many ways, especially in the embedded world. The rotation property is a way to describe this orientation. The counter clockwise direction is chosen because that's what fbdev and drm use. Signed-off-by: Noralf Trønnes Acked-by: Thierry Reding Acked-by: Rob Herring Documentation/devicetree/bindings/display/panel/panel.txt | 4 ++++ 1 file changed, 4 insertions(+) commit fbaa326df32c68dc46fb91d909ff736364910484 Author: Noralf Trønnes Date: Sun Jan 22 14:58:49 2017 +0100 of: Add vendor prefix for Multi-Inno Multi-Inno Technology Co.,Ltd is a Hong Kong based company offering LCD, LCD module products and complete panel solutions. Signed-off-by: Noralf Trønnes Acked-by: Rob Herring Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) commit 02dd95fe316936269a52d6ccb971bb956412b40a Author: Noralf Trønnes Date: Sun Jan 22 00:30:47 2017 +0100 drm/tinydrm: Add MIPI DBI support Add support for MIPI DBI compatible controllers. Interface type C option 1 and 3 are supported (SPI). Signed-off-by: Noralf Trønnes Acked-by: Thierry Reding Documentation/gpu/tinydrm.rst | 12 + drivers/gpu/drm/tinydrm/Kconfig | 3 + drivers/gpu/drm/tinydrm/Makefile | 3 + drivers/gpu/drm/tinydrm/mipi-dbi.c | 1005 ++++++++++++++++++++++++++++++++++++ include/drm/tinydrm/mipi-dbi.h | 107 ++++ 5 files changed, 1130 insertions(+) commit 9f69eb5c36a644571cca6b2f8dc5f6a7cba04a8b Author: Noralf Trønnes Date: Sun Jan 22 00:19:51 2017 +0100 drm/tinydrm: Add helper functions Add common functionality needed by many tinydrm drivers. Signed-off-by: Noralf Trønnes Acked-by: Daniel Vetter Acked-by: Thierry Reding Documentation/gpu/tinydrm.rst | 9 + drivers/gpu/drm/tinydrm/Kconfig | 2 + drivers/gpu/drm/tinydrm/core/Makefile | 2 +- drivers/gpu/drm/tinydrm/core/tinydrm-helpers.c | 460 +++++++++++++++++++++++++ include/drm/tinydrm/tinydrm-helpers.h | 100 ++++++ 5 files changed, 572 insertions(+), 1 deletion(-) commit fa201ac2c61f51d9abdaffdf994d5780dcb51703 Author: Noralf Trønnes Date: Sun Jan 22 00:15:00 2017 +0100 drm: Add DRM support for tiny LCD displays tinydrm provides helpers for very simple displays that can use CMA backed framebuffers and need flushing on changes. Signed-off-by: Noralf Trønnes Acked-by: Daniel Vetter Acked-by: Thierry Reding Documentation/gpu/index.rst | 1 + Documentation/gpu/tinydrm.rst | 21 ++ drivers/gpu/drm/Kconfig | 2 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/tinydrm/Kconfig | 8 + drivers/gpu/drm/tinydrm/Makefile | 1 + drivers/gpu/drm/tinydrm/core/Makefile | 3 + drivers/gpu/drm/tinydrm/core/tinydrm-core.c | 376 ++++++++++++++++++++++++++++ drivers/gpu/drm/tinydrm/core/tinydrm-pipe.c | 234 +++++++++++++++++ include/drm/tinydrm/tinydrm.h | 115 +++++++++ 10 files changed, 762 insertions(+) commit 6c8f9ad566ddc63da5da84c3c9e6c1bb0434c64f Merge: d11914b 75b8247 Author: Michael Ellerman Date: Sat Feb 18 21:37:14 2017 +1100 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/scottwood/linux into next Freescale updates from Scott: "Highlights include 8xx breakpoints and perf, t1042rdb display support, and board updates." commit 336a9cde10d641e70bac67d90ae91b3190c3edca Author: Marc Zyngier Date: Fri Jan 15 17:41:09 2016 +0000 hrtimer: Catch invalid clockids again commit 82e88ff1ea94 ("hrtimer: Revert CLOCK_MONOTONIC_RAW support") removed unfortunately a sanity check in the hrtimer code which was part of that MONOTONIC_RAW patch series. It would have caught the bogus usage of CLOCK_MONOTONIC_RAW in the wireless code. So bring it back. It is way too easy to take any random clockid and feed it to the hrtimer subsystem. At best, it gets mapped to a monotonic base, but it would be better to just catch illegal values as early as possible. Detect invalid clockids, map them to CLOCK_MONOTONIC and emit a warning. [ tglx: Replaced the BUG by a WARN and gracefully map to CLOCK_MONOTONIC ] Signed-off-by: Marc Zyngier Cc: Tomasz Nowicki Cc: Christoffer Dall Link: http://lkml.kernel.org/r/1452879670-16133-3-git-send-email-marc.zyngier@arm.com Signed-off-by: Thomas Gleixner kernel/time/hrtimer.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) commit 8d242e932fb7660c24b3a534197e69c241067e0d Author: Christoph Hellwig Date: Fri Feb 17 08:21:15 2017 -0800 xfs: remove XFS_ALLOCTYPE_ANY_AG and XFS_ALLOCTYPE_START_AG XFS_ALLOCTYPE_ANY_AG was only used for the RT allocator and is unused now, and XFS_ALLOCTYPE_START_AG has been unused for a while. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_alloc.c | 16 ++-------------- fs/xfs/libxfs/xfs_alloc.h | 4 ---- 2 files changed, 2 insertions(+), 18 deletions(-) commit d11914b21c4c21a294fe8937d66c1a192caa3cad Author: Nicholas Piggin Date: Wed Jan 4 04:58:28 2017 +1000 powerpc/64: Implement clear_bit_unlock_is_negative_byte() Commit b91e1302ad9b8 ("mm: optimize PageWaiters bit use for unlock_page()") added a special bitop function to speed up unlock_page(). Implement this for 64-bit powerpc. This improves the unlock_page() core code from this: li 9,1 lwsync 1: ldarx 10,0,3,0 andc 10,10,9 stdcx. 10,0,3 bne- 1b ori 2,2,0 ld 9,0(3) andi. 10,9,0x80 beqlr li 4,0 b wake_up_page_bit To this: li 10,1 lwsync 1: ldarx 9,0,3,0 andc 9,9,10 stdcx. 9,0,3 bne- 1b andi. 10,9,0x80 beqlr li 4,0 b wake_up_page_bit In a test of elapsed time for dd writing into 16GB of already-dirty pagecache on a POWER8 with 4K pages, which has one unlock_page per 4kB this patch reduced overhead by 1.1%: N Min Max Median Avg Stddev x 19 2.578 2.619 2.594 2.595 0.011 + 19 2.552 2.592 2.564 2.565 0.008 Difference at 95.0% confidence -0.030 +/- 0.006 -1.142% +/- 0.243% Signed-off-by: Nicholas Piggin [mpe: Made 64-bit only until I can test it properly on 32-bit] Signed-off-by: Michael Ellerman arch/powerpc/include/asm/bitops.h | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) commit bcd3bb63dbc87a3bbb21e95a09cd26bb6479c332 Author: Paul Mackerras Date: Sat Feb 18 08:30:44 2017 +1100 KVM: PPC: Book3S HV: Disable HPT resizing on POWER9 for now The new HPT resizing code added in commit b5baa6877315 ("KVM: PPC: Book3S HV: KVM-HV HPT resizing implementation", 2016-12-20) doesn't have code to handle the new HPTE format which POWER9 uses. Thus it would be best not to advertise it to userspace on POWER9 systems until it works properly. Also, since resize_hpt_rehash_hpte() contains BUG_ON() calls that could be hit on POWER9, let's prevent it from being called on POWER9 for now. Acked-by: David Gibson Signed-off-by: Paul Mackerras arch/powerpc/kvm/book3s_64_mmu_hv.c | 6 ++++++ arch/powerpc/kvm/powerpc.c | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) commit 20bb5505e96f00a997fa78cf60d6d9156b19d435 Author: Markus Mayer Date: Fri Feb 17 12:27:03 2017 -0800 MAINTAINERS: cpufreq: add bmips-cpufreq.c Add maintainer information for bmips-cpufreq.c. Signed-off-by: Markus Mayer Acked-by: Florian Fainelli Signed-off-by: Rafael J. Wysocki MAINTAINERS | 7 +++++++ 1 file changed, 7 insertions(+) commit e84b4a84e52d4cd8770b4242cd09df0133333f63 Author: John Keeping Date: Thu Feb 16 17:21:50 2017 +0000 PM / QoS: Fix memory leak on resume_latency.notifiers Since commit 2d984ad132a8 (PM / QoS: Introcuce latency tolerance device PM QoS type) we reassign "c" to point at qos->latency_tolerance before freeing c->notifiers, but the notifiers field of latency_tolerance is never used. Restore the original behaviour of freeing the notifiers pointer on qos->resume_latency, which is used, and fix the following kmemleak warning. unreferenced object 0xed9dba00 (size 64): comm "kworker/0:1", pid 36, jiffies 4294670128 (age 15202.983s) hex dump (first 32 bytes): 00 00 00 00 04 ba 9d ed 04 ba 9d ed 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc+0x74/0xb8 [] kmem_cache_alloc_trace+0x170/0x25c [] dev_pm_qos_constraints_allocate+0x3c/0xe4 [] __dev_pm_qos_add_request+0x84/0x1a0 [] dev_pm_qos_add_request+0x3c/0x54 [] usb_hub_create_port_device+0x110/0x2b8 [] hub_probe+0xadc/0xc80 [] usb_probe_interface+0x1b4/0x260 [] driver_probe_device+0x198/0x40c [] __device_attach_driver+0x8c/0x98 [] bus_for_each_drv+0x8c/0x9c [] __device_attach+0x98/0x138 [] device_initial_probe+0x14/0x18 [] bus_probe_device+0x30/0x88 [] device_add+0x430/0x554 [] usb_set_configuration+0x660/0x6fc Fixes: 2d984ad132a8 (PM / QoS: Introcuce latency tolerance device PM QoS type) Signed-off-by: John Keeping Signed-off-by: Rafael J. Wysocki drivers/base/power/qos.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 00bb3998829783157ccf1343abcccd38a604bc64 Author: Geert Uytterhoeven Date: Fri Feb 17 16:36:39 2017 +0100 PM / Documentation: Spelling s/wrtie/write/ Signed-off-by: Geert Uytterhoeven Signed-off-by: Rafael J. Wysocki Documentation/power/states.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8cff66791a6bfc8fb98f93e4e7c13fd06afecf7a Author: Geert Uytterhoeven Date: Fri Feb 17 14:18:44 2017 +0100 PM / sleep: Fix test_suspend after sleep state rework When passing "test_suspend=mem" to the kernel: PM: can't test 'mem' suspend state and the suspend test is not run. Commit 406e79385f3223d8 ("PM / sleep: System sleep state selection interface rework") changed pm_labels[] from a contiguous NULL-terminated array to a sparse array (with the first element unpopulated), breaking the assumptions of the iterator in setup_test_suspend(). Iterate from PM_SUSPEND_MIN to PM_SUSPEND_MAX - 1 to fix this. Fixes: 406e79385f3223d8 (PM / sleep: System sleep state selection interface rework) Signed-off-by: Geert Uytterhoeven Signed-off-by: Rafael J. Wysocki kernel/power/suspend_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 089ec2f87578b9740f0c27bcea9cc6be59c1ddb0 Author: Christoph Hellwig Date: Fri Feb 17 08:21:06 2017 -0800 xfs: simplify xfs_rtallocate_extent We can deduce the allocation type from the bno argument, and do the return without prod much simpler internally. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong [darrick: fix the macro for the non-rt build] Signed-off-by: Darrick J. Wong fs/xfs/xfs_bmap_util.c | 13 ++++--------- fs/xfs/xfs_rtalloc.c | 24 ++++++++---------------- fs/xfs/xfs_rtalloc.h | 3 +-- 3 files changed, 13 insertions(+), 27 deletions(-) commit 7323f0d2881bbd426ce6bc0a956ef9e739ffe767 Author: Kinglong Mee Date: Fri Feb 3 22:51:46 2017 +0800 NFSD: Reserve adequate space for LOCKT operation After tightening the OP_LOCKT reply size estimate, we can get warnings like: [11512.783519] RPC request reserved 124 but used 152 [11512.813624] RPC request reserved 108 but used 136 Signed-off-by: Kinglong Mee Signed-off-by: J. Bruce Fields fs/nfsd/nfs4xdr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 2282cd2c05e281120dedc665a8a6a24053c44662 Author: Kinglong Mee Date: Fri Feb 3 22:36:00 2017 +0800 NFSD: Get response size before operation for all RPCs NFSD usess PAGE_SIZE as the reply size estimate for RPCs which don't support op_rsize_bop(), A PAGE_SIZE (4096) is larger than many real response sizes, eg, access (op_encode_hdr_size + 2), seek (op_encode_hdr_size + 3). This patch just adds op_rsize_bop() for all RPCs getting response size. An overestimate is generally safe but the tighter estimates are probably better. Signed-off-by: Kinglong Mee Signed-off-by: J. Bruce Fields fs/nfsd/nfs4proc.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 63 insertions(+), 6 deletions(-) commit 827433801c3bcf21296915c42c1314fbb944b197 Author: Kinglong Mee Date: Sun Feb 5 09:57:48 2017 +0800 nfsd/callback: Drop a useless data copy when comparing sessionid Signed-off-by: Kinglong Mee Signed-off-by: J. Bruce Fields fs/nfsd/nfs4callback.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit e86a40bc7331b7b93a88edd74e6b2f738107a6f9 Author: Kinglong Mee Date: Sun Feb 5 09:57:37 2017 +0800 nfsd/callback: skip the callback tag The callback tag is NULL, and hdr->nops is unused too right now, but. But if we were to ever test with a nonzero callback tag, nops will get a bad value. Signed-off-by: Kinglong Mee Signed-off-by: J. Bruce Fields fs/nfsd/nfs4callback.c | 1 + 1 file changed, 1 insertion(+) commit f7d1ddbe7648af7460d23688c8c131342eb43b3a Author: Kinglong Mee Date: Sun Feb 5 09:57:07 2017 +0800 nfsd/callback: Cleanup callback cred on shutdown The rpccred gotten from rpc_lookup_machine_cred() should be put when state is shutdown. Signed-off-by: Kinglong Mee Signed-off-by: J. Bruce Fields fs/nfsd/nfs4callback.c | 8 ++++++++ fs/nfsd/nfs4state.c | 10 ++++++---- fs/nfsd/state.h | 1 + 3 files changed, 15 insertions(+), 4 deletions(-) commit c3821b3497aae1752cb2be72c32f650ef24c8820 Author: Kinglong Mee Date: Sun Feb 5 22:02:01 2017 +0800 nfsd/idmap: return nfserr_inval for 0-length names Tigran Mkrtchyan's new pynfs testcases for zero length principals fail: SATT16 st_setattr.testEmptyPrincipal : FAILURE Setting empty owner should return NFS4ERR_INVAL, instead got NFS4ERR_BADOWNER SATT17 st_setattr.testEmptyGroupPrincipal : FAILURE Setting empty owner_group should return NFS4ERR_INVAL, instead got NFS4ERR_BADOWNER This patch checks the principal and returns nfserr_inval directly. It could check after decoding in nfs4xdr.c, but it's simpler to do it in nfsd_map_xxxx. Signed-off-by: Kinglong Mee Signed-off-by: J. Bruce Fields fs/nfsd/nfs4idmap.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit c836fec5ce8eb0d0c08fa0ea5fb71df3290d1601 Author: Jim Qu Date: Fri Feb 10 15:59:59 2017 +0800 drm/amd/amdgpu: post card if there is real hw resetting performed Check whether we need to post rather than whether the asic is posted. There are some cases (e.g., GPU reset or resume from hibernate) where we need to force post even if the asic has been posted. Signed-off-by: Jim Qu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu.h | 5 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 22 +++++++++++++--------- drivers/gpu/drm/amd/amdgpu/cik.c | 1 + drivers/gpu/drm/amd/amdgpu/vi.c | 1 + 5 files changed, 20 insertions(+), 11 deletions(-) commit 818551e2b2c662a1b26de6b4f7d6b8411a838d18 Merge: 6010720 7520872c Author: Jens Axboe Date: Fri Feb 17 14:08:19 2017 -0700 Merge branch 'for-4.11/next' into for-4.11/linus-merge Signed-off-by: Jens Axboe commit 6010720da8aab51f33beee63b73cf88016e9b250 Merge: 2fe1e8a 8a9ae52 Author: Jens Axboe Date: Fri Feb 17 14:06:45 2017 -0700 Merge branch 'for-4.11/block' into for-4.11/linus-merge Signed-off-by: Jens Axboe commit 601109c5c74a10e6b89465cb6aa31a40d1efc8e3 Merge: 8fd4a62 998d757 Author: Dave Airlie Date: Sat Feb 18 06:35:25 2017 +1000 Merge tag 'drm-intel-next-fixes-2017-02-17' of git://anongit.freedesktop.org/git/drm-intel into drm-next i915 and GVT fixes for v4.11 merge window * tag 'drm-intel-next-fixes-2017-02-17' of git://anongit.freedesktop.org/git/drm-intel: (32 commits) drm/i915: Fix not finding the VBT when it overlaps with OPREGION_ASLE_EXT drm/i915: Pass timeout==0 on to i915_gem_object_wait_fence() drm/i915/gvt: Disable access to stolen memory as a guest drm/i915: Avoid spurious WARNs about the wrong pipe in the PPS code drm/i915: Check for timeout completion when waiting for the rq to submitted drm/i915: A hotfix for making aliasing PPGTT work for GVT-g drm/i915: Restore context and pd for ringbuffer submission after reset drm/i915: Let execlist_update_context() cover !FULL_PPGTT mode. drm/i915/lspcon: Fix resume time initialization due to unasserted HPD drm/i915/gen9+: Enable hotplug detection early drm/i915: Reject set-tiling-ioctl with stride==0 and a tiling mode drm/i915: Recreate internal objects with single page segments if dmar fails drm/i915/gvt: return error code if dma map iova failed drm/i915/gvt: optimize the inhibit context mmio load drm/i915/gvt: add sprite plane flip done support. drm/i915/gvt: add missing display part reset for vGPU reset drm/i915/gvt: Fix shadow context descriptor drm/i915/gvt: Fix alignment for GTT allocation drm/i915/gvt: fix crash at function release_shadow_wa_ctx drm/i915/gvt: enable IOMMU for gvt ... commit 483635a9d0802d5ffbe402ceac5b93ddb2acb138 Author: Jiri Olsa Date: Fri Feb 17 18:00:18 2017 +0100 perf record: Add -a as default target Running 'perf record' with no target (-a, -p, -t, etc) will now collect system wide data. Commiter notes: Testing it: [root@jouet ~]# perf record ^C[ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 1.351 MB perf.data (366 samples) ] # is equivalent to: # perf record -a ^C[ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 1.411 MB perf.data (978 samples) ] # Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20170217170018.GA15389@krava Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-record.txt | 2 +- tools/perf/builtin-record.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) commit 81efbaddd687f1b478c15665716fd545e2e4401e Author: Prarit Bhargava Date: Wed Feb 15 11:53:08 2017 -0500 PCI/MSI: Fix msi_desc->affinity memory leak when freeing MSI IRQs During device setup, msix_setup_entries() and msi_setup_entry() allocate msi_desc by calling alloc_msi_entry(). alloc_msi_entry() can also allocate a affinity cpumask. During device teardown free_msi_irqs() is called and the msi_desc is freed, but the affinity cpumask is leaked. Fix it by calling free_msi_entry() which frees both the msi_desc and the affinity cpumask. [bhelgaas: aa48b6f70886 ("genirq/MSI: Move alloc_msi_entry() from PCI into generic MSI code") moved alloc_msi_entry() from drivers/pci/msi.c to kernel/irq/msi.c and added a new corresponding free_msi_entry() interface. After aa48b6f70886, pci/msi.c used alloc_msi_entry(), but did its own kfree() instead of using free_msi_entry(). 28f4b04143c5 ("genirq/msi: Add cpumask allocation to alloc_msi_entry") added affinity to both alloc_msi_entry() and free_msi_entry(), but pci/msi.c didn't use free_msi_entry(), resulting in this leak.] Fixes: aa48b6f70886 ("genirq/MSI: Move alloc_msi_entry() from PCI into generic MSI code") Signed-off-by: Prarit Bhargava Signed-off-by: Bjorn Helgaas CC: Myron Stowe drivers/pci/msi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0d79f8b93187c771b6971acfaba67f4e2f1e0710 Author: Jiri Olsa Date: Fri Feb 17 18:00:34 2017 +0100 perf stat: Add -a as default target Boris asked for default -a option in case we monitor only uncore events. While implementing that I thought it might be actually useful to make it overall default. Running 'perf stat' will now collect system wide data. Committer note: Testing it: # perf stat ^C Performance counter stats for 'system wide': 3571.559178 cpu-clock (msec) # 4.000 CPUs utilized 3,346 context-switches # 0.937 K/sec 277 cpu-migrations # 0.078 K/sec 57,271 page-faults # 0.016 M/sec 4,535,633,835 cycles # 1.270 GHz 6,389,736,516 instructions # 1.41 insn per cycle 1,541,293,875 branches # 431.547 M/sec 14,526,396 branch-misses # 0.94% of all branches 0.892950118 seconds time elapsed # Requested-and-Acked-by: Borislav Petkov Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20170217170034.GB15389@krava Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-stat.txt | 2 +- tools/perf/builtin-stat.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) commit 4e33e34625103593a71d2bae471ce49cef62ef06 Author: Eric Dumazet Date: Fri Feb 17 09:11:42 2017 -0800 tcp: use page_ref_inc() in tcp_sendmsg() sk_page_frag_refill() allocates either a compound page or an order-0 page. We can use page_ref_inc() which is slightly faster than get_page() Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a4ecb15a2432880353d0de4a35204ab8b65b8751 Author: Cui, Cheng Date: Fri Feb 17 17:04:55 2017 +0000 tcp: accommodate sequence number to a peer's shrunk receive window caused by precision loss in window scaling Prevent sending out a left-shifted sequence number from a Linux sender in response to a peer's shrunk receive-window caused by losing least significant bits in window-scaling. Cc: "David S. Miller" Cc: Alexey Kuznetsov Cc: James Morris Cc: Hideaki YOSHIFUJI Cc: Patrick McHardy Signed-off-by: Cheng Cui Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit e606519ec3e7ec294b9c15c6248f9ea51e9eb2cb Merge: fbdf0e2 9c568fd Author: David S. Miller Date: Fri Feb 17 15:29:40 2017 -0500 Merge branch 'sfc-misc-fixes' Edward Cree says: ==================== sfc: misc. fixes Three largely unrelated fixes to increase robustness in rare edge cases. ==================== Signed-off-by: David S. Miller commit 9c568fd8844ec3986eb19b0b5d97536243d10d46 Author: Peter Dunning Date: Fri Feb 17 15:50:43 2017 +0000 sfc: do not device_attach if a reset is pending efx_start_all can return without initialising queues as a reset is pending. This means that when netif_device_attach is called, the kernel can start sending traffic without having an initialised TX queue to send to. This patch avoids this by not calling netif_device_attach if there is a pending reset. Fixes: e283546c0465 ("sfc:On MCDI timeout, issue an FLR (and mark MCDI to fail-fast)") Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/ef10.c | 8 ++++---- drivers/net/ethernet/sfc/ef10_sriov.c | 4 ++-- drivers/net/ethernet/sfc/efx.c | 10 ++++++---- drivers/net/ethernet/sfc/efx.h | 6 ++++++ drivers/net/ethernet/sfc/selftest.c | 2 +- 5 files changed, 19 insertions(+), 11 deletions(-) commit 105eac6c35a168b8b6d8e594830a1da5585b260d Author: Bert Kenward Date: Fri Feb 17 15:50:12 2017 +0000 sfc: forget filters from sw table if hw replies ENOENT on removing them If the hw doesn't think they exist, we should defer to its authority. Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/ef10.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 0ccb998bf46d8dc9799b60ea0090fb08c37e96ad Author: Jon Cooper Date: Fri Feb 17 15:49:13 2017 +0000 sfc: fix filter_id misinterpretation in edge case On EF10, hardware filter IDs are 13 bits, but in some places we store 32-bit "full filter IDs" in which higher order bits encode the filter match-priority. This could cause a filter to have a full filter ID of 0xffff, which is also the value EFX_EF10_FILTER_ID_INVALID which we use in 16-bit "short" filter IDs (without match-priority bits). This would occur if the hardware filter ID was 0x1fff and the match-priority was 7. Unfortunately, some code that checks for EFX_EF10_FILTER_ID_INVALID can be called on full filter IDs, and will WARN_ON if this ever happens. So, since we have plenty of spare bits in the full filter ID, this patch shifts the priority bits left one bit when constructing the full filter IDs, ensuring that the 0x2000 bit of a full filter ID will always be 0 and thus no full filter ID can ever equal EFX_EF10_FILTER_ID_INVALID. This patch also replaces open-coded full<->short filter ID conversions with calls to functions, thus keeping the definition of the full filter ID format in one place. Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/ef10.c | 48 +++++++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 18 deletions(-) commit 99e7138eb7897aa0ccc6661173ae2d7e79721e05 Author: Jiri Olsa Date: Fri Feb 17 15:00:56 2017 +0100 perf tools: Fail on using multiple bits long terms without value Currently we allow not to specify value for numeric terms and we set them to value 1. This was originaly meant just for single bit terms to allow user to type: $ perf record -e 'cpu/cpu-cycles,any' instead of: $ perf record -e 'cpu/cpu-cycles,any=1' However it works also for multi bits terms like: $ perf record -e 'cpu/event/' ls ... $ perf evlist -v ..., config: 0x1, ... After discussion with Peter we decided making such term usage to fail, like: $ perf record -e 'cpu/event/' ls event syntax error: 'cpu/event/' \___ no value assigned for term ... Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1487340058-10496-4-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/parse-events.c | 2 ++ tools/perf/util/parse-events.h | 2 ++ tools/perf/util/parse-events.y | 14 +++++++------- tools/perf/util/pmu.c | 13 +++++++++++-- 4 files changed, 22 insertions(+), 9 deletions(-) commit 67b49b38f7bd6f34319b540ce824d5697241b3a8 Author: Jiri Olsa Date: Fri Feb 17 15:00:55 2017 +0100 perf tools: Move new_term arguments into struct parse_events_term template We need to add yet another parameter to new_term function in following patch, so it's better to move first all the current params into template struct parse_events_term and use it as a single argument. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1487340058-10496-3-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/parse-events.c | 69 ++++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 30 deletions(-) commit fbdf0e28d061708cf18ba0f8e0db5360dc9a15b9 Author: Arnd Bergmann Date: Fri Feb 17 16:08:30 2017 +0100 vmxnet3: prevent building with 64K pages I got a warning about broken code on ARM64 with 64K pages: drivers/net/vmxnet3/vmxnet3_drv.c: In function 'vmxnet3_rq_init': drivers/net/vmxnet3/vmxnet3_drv.c:1679:29: error: large integer implicitly truncated to unsigned type [-Werror=overflow] rq->buf_info[0][i].len = PAGE_SIZE; 'len' here is a 16-bit integer, so this clearly won't work. I don't think this driver is used much on anything other than x86, so there is no need to fix this properly and we can work around it with a Kconfig dependency to forbid known-broken configurations. qemu in theory supports it on other architectures too, but presumably only for compatibility with x86 guests that also run on vmware. CONFIG_PAGE_SIZE_64KB is used on hexagon, mips, sh and tile, the other symbols are architecture-specific names for the same thing. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/Kconfig | 3 +++ 1 file changed, 3 insertions(+) commit 74179d44b6e199adaec8c7d842dc61ebefa314c5 Author: Valentin Longchamp Date: Fri Feb 17 11:31:22 2017 +0100 net/wan: add MODULE_LICENSE for fsl_ucc_hdlc It is required to build it as a module. Signed-off-by: Valentin Longchamp Signed-off-by: David S. Miller drivers/net/wan/fsl_ucc_hdlc.c | 1 + 1 file changed, 1 insertion(+) commit 8ca6e0a75a5145458e8a680edf2394375f2129da Author: Yadi Hu Date: Fri Feb 17 14:20:26 2017 -0600 PCI: altera: Extract TLP completion status correctly Previously we extracted 'Completion Status' from b14:12, but it is actually b15:13. Extract it from the correct bits. Signed-off-by: Hu Yadi Signed-off-by: Bjorn Helgaas Acked-by: Ley Foon Tan drivers/pci/host/pcie-altera.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d2c58294f5416467ae0c5d00675bce3cd19595dd Author: Zhu Yanjun Date: Fri Feb 17 04:16:22 2017 -0500 rds:Remove unnecessary ib_ring unalloc In the function rds_ib_xmit_atomic, ib_ring is not allocated successfully. As such, it is not necessary to unalloc it. Cc: Joe Jin Cc: Junxiao Bi Signed-off-by: Zhu Yanjun Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller net/rds/ib_send.c | 1 - 1 file changed, 1 deletion(-) commit 5800790a925b0aefb621ae3da86668c3a2867750 Author: Shawn Lin Date: Thu Feb 16 15:29:35 2017 +0800 PCI: rockchip: Set vendor ID from local core config space The TRM says the vendor ID in the RC's configure space can be rewritten and the value must be the same as the value read from the local core configure space. But we misread that and didn't notice it before. Actually we should only able to rewrite it from the local core configure space. Fix that issue to make lspci show the correct IP vendor infomation. Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3b4735281f67b0aa62bf74c8a1a7758c17f7158d Author: Simon Horman Date: Fri Feb 17 08:57:54 2017 +0100 nfp: Use PCI_DEVICE_ID_NETRONOME_NFP* defines Use PCI_DEVICE_ID_NETRONOME_NFP*, defined in linux/pci_ids.h, rather than replicating the same values in the NFP driver. Signed-off-by: Simon Horman Acked-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/netronome/nfp/nfp_main.c | 4 ++-- drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 4 ++-- drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cpp.h | 5 ----- 3 files changed, 4 insertions(+), 9 deletions(-) commit 806a837650501f5eee359a197824db8752fa6e6c Author: Gao Feng Date: Fri Feb 17 14:34:19 2017 +0800 pkt_sched: Remove useless qdisc_stab_lock The qdisc_stab_lock is used in qdisc_get_stab and qdisc_put_stab. These two functions are invoked in qdisc_create, qdisc_change, and qdisc_destroy which run fully under RTNL. So it already makes sure only one could access the qdisc_stab_list at the same time. Then it is unnecessary to use qdisc_stab_lock now. Signed-off-by: Gao Feng Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/sched/sch_api.c | 12 ------------ 1 file changed, 12 deletions(-) commit 88c4845d7dec835ba7ad1379e30a09658b05495d Author: David Howells Date: Fri Feb 17 18:16:21 2017 +0000 rxrpc: Change module filename to rxrpc.ko Change module filename from af-rxrpc.ko to rxrpc.ko so as to be consistent with the other protocol drivers. Also adjust the documentation to reflect this. Further, there is no longer a standalone rxkad module, as it has been merged into the rxrpc core, so get rid of references to that. Reported-by: Marc Dionne Signed-off-by: David Howells Signed-off-by: David S. Miller Documentation/filesystems/afs.txt | 34 +--------------------------------- net/rxrpc/Makefile | 12 ++++++------ 2 files changed, 7 insertions(+), 39 deletions(-) commit b5124720ed2e5b43c851a32e9acc8d29e3e780ae Author: Simon Xiao Date: Fri Feb 17 11:36:20 2017 -0800 netvsc: fix typo on statistics Return the correct tx_errors stats in netvsc. Reviewed-by: Haiyang Zhang Signed-off-by: Simon Xiao Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/netvsc_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 33be632b8443b6ac74aa293504f430604fb9abeb Author: Sinan Kaya Date: Thu Feb 16 17:01:45 2017 -0500 PCI: Add ACS quirk for Qualcomm QDF2400 and QDF2432 The Qualcomm QDF2xxx root ports don't advertise an ACS capability, but they do provide ACS-like features to disable peer transactions and validate bus numbers in requests. To be specific: * Hardware supports source validation but it will report the issue as Completer Abort instead of ACS Violation. * Hardware doesn't support peer-to-peer and each root port is a root complex with unique segment numbers. * It is not possible for one root port to pass traffic to the other root port. All PCIe transactions are terminated inside the root port. Add an ACS quirk for the QDF2400 and QDF2432 products. [bhelgaas: changelog] Signed-off-by: Sinan Kaya Signed-off-by: Bjorn Helgaas Reviewed-by: Alex Williamson drivers/pci/quirks.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) commit 025331df34f6722f86b467cb13a69326444ab1bc Author: Daniel Borkmann Date: Fri Feb 17 01:56:11 2017 +0100 rtnl: don't account unused struct ifla_port_vsi in rtnl_port_size When allocating rtnl dump messages, struct ifla_port_vsi is never dumped, so we can save header plus payload in rtnl_port_size(). Infact, attribute IFLA_PORT_VSI_TYPE and struct ifla_port_vsi are not used anywhere in the kernel. We only need to keep the nla policy should applications in user space be filling this out. Same NLA_BINARY issue exists as was fixed in 364d5716a7ad ("rtnetlink: ifla_vf_policy: fix misuses of NLA_BINARY") and others, but then again IFLA_PORT_VSI_TYPE is not used anywhere, so just add a comment that it's unused. Signed-off-by: Daniel Borkmann Signed-off-by: David S. Miller net/core/rtnetlink.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 4a9b0933bdfcd85da840284bf5a0eb17b654b9c2 Author: Haiyang Zhang Date: Mon Feb 13 18:10:11 2017 +0000 PCI: hv: Use device serial number as PCI domain Use the device serial number as the PCI domain. The serial numbers start with 1 and are unique within a VM. So names, such as VF NIC names, that include domain number as part of the name, can be shorter than that based on part of bus UUID previously. The new names will also stay same for VMs created with copied VHD and same number of devices. Signed-off-by: Haiyang Zhang Signed-off-by: Stephen Hemminger Signed-off-by: Bjorn Helgaas Reviewed-by: K. Y. Srinivasan drivers/pci/host/pci-hyperv.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 8a9ae523282f324989850fcf41312b42a2fb9296 Author: Scott Bauer Date: Fri Feb 17 13:59:40 2017 +0100 nvme: Check for Security send/recv support before issuing commands. We need to verify that the controller supports the security commands before actually trying to issue them. Signed-off-by: Scott Bauer [hch: moved the check so that we don't call into the OPAL code if not supported] Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 1 + drivers/nvme/host/nvme.h | 1 + drivers/nvme/host/pci.c | 2 +- include/linux/nvme.h | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) commit 4f1244c8298606b8fae64b4d78b820ae6b896e3c Author: Christoph Hellwig Date: Fri Feb 17 13:59:39 2017 +0100 block/sed-opal: allocate struct opal_dev dynamically Insted of bloating the containing structure with it all the time this allocates struct opal_dev dynamically. Additionally this allows moving the definition of struct opal_dev into sed-opal.c. For this a new private data field is added to it that is passed to the send/receive callback. After that a lot of internals can be made private as well. Signed-off-by: Christoph Hellwig Tested-by: Scott Bauer Reviewed-by: Scott Bauer Signed-off-by: Jens Axboe block/opal_proto.h | 23 ++++++++++ block/sed-opal.c | 101 +++++++++++++++++++++++++++++++++++++---- drivers/nvme/host/core.c | 9 ++-- drivers/nvme/host/nvme.h | 14 ++---- drivers/nvme/host/pci.c | 8 +++- include/linux/sed-opal.h | 116 ++--------------------------------------------- 6 files changed, 131 insertions(+), 140 deletions(-) commit f5b37b7c23915af93081a8711e0a0f0219063756 Author: Christoph Hellwig Date: Fri Feb 17 13:59:38 2017 +0100 block/sed-opal: tone down not supported warnings Not having OPAL or a sub-feature supported is an entirely normal condition for many drives, so don't warn about it. Keep the messages, but tone them down to debug only. Signed-off-by: Christoph Hellwig Reviewed-by: Scott Bauer Signed-off-by: Jens Axboe block/sed-opal.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 7520872c0cf4d3df6d74242c6edfb9e70a47df4d Author: Jens Axboe Date: Fri Feb 17 11:40:44 2017 -0700 block: don't defer flushes on blk-mq + scheduling For blk-mq with scheduling, we can potentially end up with ALL driver tags assigned and sitting on the flush queues. If we defer because of an inlfight data request, then we can deadlock if that data request doesn't already have a tag assigned. This fixes a deadlock with running the xfs/297 xfstest, where thousands of syncs can cause the drive queue to stall. Signed-off-by: Jens Axboe Reviewed-by: Omar Sandoval block/blk-flush.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 64765a75ef258c802f795558d00a5a1864c531fc Author: Jens Axboe Date: Fri Feb 17 11:39:26 2017 -0700 blk-mq-sched: ask scheduler for work, if we failed dispatching leftovers Usually we don't ask the scheduler for work, if we already have leftovers on the dispatch list. This is done to leave work on the scheduler side for as long as possible, for proper merging. But if we do have work leftover but didn't dispatch anything, then we should ask the scheduler since we could potentially issue requests from that. Signed-off-by: Jens Axboe Reviewed-by: Omar Sandoval block/blk-mq-sched.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit 0c2a6fe4dc3e8c24bc67cd5d0a36092834027cf0 Author: Jens Axboe Date: Fri Feb 17 11:38:36 2017 -0700 blk-mq: don't special case flush inserts for blk-mq-sched The current request insertion machinery works just fine for directly inserting flushes, so no need to special case this anymore. Signed-off-by: Jens Axboe Reviewed-by: Omar Sandoval block/blk-mq.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit c7a571b45055dba740156013fef4a7fdbe3262d9 Author: Jens Axboe Date: Fri Feb 17 11:37:14 2017 -0700 blk-mq-sched: don't add flushes to the head of requeue queue If we are currently out of driver tags, we don't want to add a new flush (without a tag) to the head of the requeue list. We want to add it to the back, behind the others that are potentially also waiting for a tag. Signed-off-by: Jens Axboe Reviewed-by: Omar Sandoval block/blk-mq-sched.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2aa0f21d5491976729087104553b7bdaef047b9d Author: Jens Axboe Date: Fri Feb 17 11:35:35 2017 -0700 blk-mq: have blk_mq_dispatch_rq_list() return if we queued IO or not Currently we're almost there, but if we dispatch nothing, then we still return success. Signed-off-by: Jens Axboe Reviewed-by: Omar Sandoval block/blk-mq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 99f18f1d2f447afe575c1ad2641050c77d244760 Author: Philippe Reynes Date: Thu Feb 16 23:28:01 2017 +0100 net: qlogic: netxen: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller .../ethernet/qlogic/netxen/netxen_nic_ethtool.c | 123 +++++++++++---------- 1 file changed, 65 insertions(+), 58 deletions(-) commit 336f8a71aa178a35b4c33130bb98331b7930337a Author: Philippe Reynes Date: Thu Feb 16 22:46:14 2017 +0100 net: hamachi: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/packetengines/hamachi.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 85e0d509654c2e2e58b29e50a883acd4c4e8807d Author: Jiri Olsa Date: Fri Feb 17 15:00:54 2017 +0100 perf build: Add special fixdep cleaning rule Ingo reported following build failure: On Sat, Feb 11, 2017 at 12:12:34PM +0100, Ingo Molnar wrote: > > So I had this oldish 32-bit 15.10 Ubuntu installation around (fully updated), and > trying to build perf gave me: > > deimos:~/tip/tools/perf> make > BUILD: Doing 'make -j4' parallel build > make[3]: *** No rule to make target '/usr/include/x86_64-linux-gnu/sys/types.h', needed by 'fixdep.o'. Stop. > Makefile:42: recipe for target 'fixdep-in.o' failed > make[2]: *** [fixdep-in.o] Error 2 > /home/mingo/tip/tools/build/Makefile.include:4: recipe for target 'fixdep' failed > make[1]: *** [fixdep] Error 2 > Makefile:68: recipe for target 'all' failed > make: *** [all] Error 2 > > Now this got a bit better after I did a 'make mrproper' in the kernel tree: > > deimos:~/tip/tools/perf> make > BUILD: Doing 'make -j4' parallel build > HOSTCC fixdep.o > /home/mingo/tip/tools/build/fixdep: 1: /home/mingo/tip/tools/build/fixdep: Syntax error: "(" unexpected > /home/mingo/tip/tools/build/Makefile.build:101: recipe for target 'fixdep.o' failed > make[3]: *** [fixdep.o] Error 2 > Makefile:42: recipe for target 'fixdep-in.o' failed > make[2]: *** [fixdep-in.o] Error 2 > /home/mingo/tip/tools/build/Makefile.include:4: recipe for target 'fixdep' failed > make[1]: *** [fixdep] Error 2 > Makefile:68: recipe for target 'all' failed > make: *** [all] Error 2 > > After some digging it turns out that my 'fixdep' binary was 64-bit: > > deimos:~/tip/tools/perf> file /home/mingo/tip/tools/build/fixdep > /home/mingo/tip/tools/build/fixdep: ELF 64-bit LSB executable, x86-64, version 1 > (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux > 2.6.32, BuildID[sha1]=d527f736b57b5ba47210fbcb562a3b52867d21c1, not stripped > > But it did not get cleaned out by 'make clean'. > > Only after I did a 'make clean' in tools/ itself, did it get built properly. It shows we don't clean up properly the fixdep objects, so adding special rule for that. Signed-off-by: Jiri Olsa Reported-by: Ingo Molnar Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1487340058-10496-2-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/build/Makefile | 4 ++-- tools/build/Makefile.include | 3 +++ tools/perf/Makefile.perf | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) commit eda7a5e88d95d8cc4315451dcfb74064773cbc02 Author: Roopa Prabhu Date: Thu Feb 16 13:38:04 2017 -0800 bridge: don't indicate expiry on NTF_EXT_LEARNED fdb entries added_by_external_learn fdb entries are added and expired by external entities like switchdev driver or external controllers. ageing is already disabled for such entries. Hence, don't indicate expiry for such fdb entries. CC: Nikolay Aleksandrov CC: Jiri Pirko CC: Ido Schimmel Signed-off-by: Roopa Prabhu Reviewed-by: Ido Schimmel Tested-by: Ido Schimmel Reviewed-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_fdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a2b4eb55ca81cd1968a942a593debddb3255d68a Merge: afcb50b 74451e66 Author: David S. Miller Date: Fri Feb 17 13:40:06 2017 -0500 Merge branch 'bpf-misc' Daniel Borkmann says: ==================== Misc BPF improvements This last series for this window adds various misc improvements to BPF, one is to mark registered map and prog types as __ro_after_init, another one for removing cBPF stubs in eBPF JITs and moving the stub to the core and last also improving JITs is to make generated images visible to the kernel and kallsyms, so they can be seen in traces. For details, please have a look at the individual patches. Thanks a lot! ==================== Signed-off-by: David S. Miller commit 74451e66d516c55e309e8d89a4a1e7596e46aacd Author: Daniel Borkmann Date: Thu Feb 16 22:24:50 2017 +0100 bpf: make jited programs visible in traces Long standing issue with JITed programs is that stack traces from function tracing check whether a given address is kernel code through {__,}kernel_text_address(), which checks for code in core kernel, modules and dynamically allocated ftrace trampolines. But what is still missing is BPF JITed programs (interpreted programs are not an issue as __bpf_prog_run() will be attributed to them), thus when a stack trace is triggered, the code walking the stack won't see any of the JITed ones. The same for address correlation done from user space via reading /proc/kallsyms. This is read by tools like perf, but the latter is also useful for permanent live tracing with eBPF itself in combination with stack maps when other eBPF types are part of the callchain. See offwaketime example on dumping stack from a map. This work tries to tackle that issue by making the addresses and symbols known to the kernel. The lookup from *kernel_text_address() is implemented through a latched RB tree that can be read under RCU in fast-path that is also shared for symbol/size/offset lookup for a specific given address in kallsyms. The slow-path iteration through all symbols in the seq file done via RCU list, which holds a tiny fraction of all exported ksyms, usually below 0.1 percent. Function symbols are exported as bpf_prog_, in order to aide debugging and attribution. This facility is currently enabled for root-only when bpf_jit_kallsyms is set to 1, and disabled if hardening is active in any mode. The rationale behind this is that still a lot of systems ship with world read permissions on kallsyms thus addresses should not get suddenly exposed for them. If that situation gets much better in future, we always have the option to change the default on this. Likewise, unprivileged programs are not allowed to add entries there either, but that is less of a concern as most such programs types relevant in this context are for root-only anyway. If enabled, call graphs and stack traces will then show a correct attribution; one example is illustrated below, where the trace is now visible in tooling such as perf script --kallsyms=/proc/kallsyms and friends. Before: 7fff8166889d bpf_clone_redirect+0x80007f0020ed (/lib/modules/4.9.0-rc8+/build/vmlinux) f5d80 __sendmsg_nocancel+0xffff006451f1a007 (/usr/lib64/libc-2.18.so) After: 7fff816688b7 bpf_clone_redirect+0x80007f002107 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fffa0575728 bpf_prog_33c45a467c9e061a+0x8000600020fb (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fffa07ef1fc cls_bpf_classify+0x8000600020dc (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff81678b68 tc_classify+0x80007f002078 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff8164d40b __netif_receive_skb_core+0x80007f0025fb (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff8164d718 __netif_receive_skb+0x80007f002018 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff8164e565 process_backlog+0x80007f002095 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff8164dc71 net_rx_action+0x80007f002231 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff81767461 __softirqentry_text_start+0x80007f0020d1 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff817658ac do_softirq_own_stack+0x80007f00201c (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff810a2c20 do_softirq+0x80007f002050 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff810a2cb5 __local_bh_enable_ip+0x80007f002085 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff8168d452 ip_finish_output2+0x80007f002152 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff8168ea3d ip_finish_output+0x80007f00217d (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff8168f2af ip_output+0x80007f00203f (/lib/modules/4.9.0-rc8+/build/vmlinux) [...] 7fff81005854 do_syscall_64+0x80007f002054 (/lib/modules/4.9.0-rc8+/build/vmlinux) 7fff817649eb return_from_SYSCALL_64+0x80007f002000 (/lib/modules/4.9.0-rc8+/build/vmlinux) f5d80 __sendmsg_nocancel+0xffff01c484812007 (/usr/lib64/libc-2.18.so) Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Cc: linux-kernel@vger.kernel.org Signed-off-by: David S. Miller Documentation/sysctl/net.txt | 12 ++ arch/arm64/net/bpf_jit_comp.c | 15 --- arch/powerpc/net/bpf_jit_comp64.c | 1 + arch/s390/net/bpf_jit_comp.c | 18 --- arch/x86/net/bpf_jit_comp.c | 15 --- include/linux/bpf.h | 4 + include/linux/filter.h | 112 ++++++++++++++++++- kernel/bpf/core.c | 223 ++++++++++++++++++++++++++++++++++++++ kernel/bpf/syscall.c | 2 + kernel/extable.c | 9 +- kernel/kallsyms.c | 61 +++++++++-- net/Kconfig | 3 +- net/core/sysctl_net_core.c | 7 ++ 13 files changed, 419 insertions(+), 63 deletions(-) commit 9383191da4e40360a5d880fbe6bb03911c61621b Author: Daniel Borkmann Date: Thu Feb 16 22:24:49 2017 +0100 bpf: remove stubs for cBPF from arch code Remove the dummy bpf_jit_compile() stubs for eBPF JITs and make that a single __weak function in the core that can be overridden similarly to the eBPF one. Also remove stale pr_err() mentions of bpf_jit_compile. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller arch/arm64/net/bpf_jit_comp.c | 5 ----- arch/powerpc/net/bpf_jit_comp64.c | 2 -- arch/s390/net/bpf_jit_comp.c | 8 -------- arch/x86/net/bpf_jit_comp.c | 8 ++------ include/linux/filter.h | 6 +----- kernel/bpf/core.c | 12 +++++++++++- 6 files changed, 14 insertions(+), 27 deletions(-) commit c78f8bdfa11fcceb9723c61212e4bd8f76c87f9e Author: Daniel Borkmann Date: Thu Feb 16 22:24:48 2017 +0100 bpf: mark all registered map/prog types as __ro_after_init All map types and prog types are registered to the BPF core through bpf_register_map_type() and bpf_register_prog_type() during init and remain unchanged thereafter. As by design we don't (and never will) have any pluggable code that can register to that at any later point in time, lets mark all the existing bpf_{map,prog}_type_list objects in the tree as __ro_after_init, so they can be moved to read-only section from then onwards. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/arraymap.c | 10 +++++----- kernel/bpf/hashtab.c | 8 ++++---- kernel/bpf/lpm_trie.c | 2 +- kernel/bpf/stackmap.c | 2 +- kernel/trace/bpf_trace.c | 6 +++--- net/core/filter.c | 18 +++++++++--------- 6 files changed, 23 insertions(+), 23 deletions(-) commit afcb50ba7f745eea32f91d7f63d6aa88f929f9c4 Author: Roopa Prabhu Date: Thu Feb 16 11:29:21 2017 -0800 bridge: vlan_tunnel: explicitly reset metadata attrs to NULL on failure Fixes: efa5356b0d97 ("bridge: per vlan dst_metadata netlink support") Signed-off-by: Roopa Prabhu Reviewed-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_vlan_tunnel.c | 2 ++ 1 file changed, 2 insertions(+) commit 6850f8b50928463213532d7812b74161d31d3cbd Author: Tobias Klauser Date: Thu Feb 16 15:11:19 2017 +0100 net: bgmac: store MAC address directly in netdev->dev_addr After commit 34a5102c3235 ("net: bgmac: allocate struct bgmac just once & don't copy it") the mac_addr member of struct bgmac is no longer necessary to pass the MAC address to bgmac_enet_probe(). Instead it can directly be stored in netdev->dev_addr. Also use eth_hw_addr_random() instead of eth_random_addr() in case a random MAC is nedded. This will make sure netdev->addr_assign_type will be properly set. Signed-off-by: Tobias Klauser Acked-by: Jon Mason Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bgmac-bcma.c | 2 +- drivers/net/ethernet/broadcom/bgmac-platform.c | 2 +- drivers/net/ethernet/broadcom/bgmac.c | 9 ++++----- drivers/net/ethernet/broadcom/bgmac.h | 1 - 4 files changed, 6 insertions(+), 8 deletions(-) commit 3105dfb2a99f52c67cd40ec092373081f022ec28 Merge: 6d6a505 b065d3f Author: David S. Miller Date: Fri Feb 17 13:00:45 2017 -0500 Merge tag 'wireless-drivers-next-for-davem-2017-02-16' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: ==================== wireless-drivers-next patches for 4.11 Mostly small fixes, not really any new features. Major changes: ath10k * when trying older firmware versions don't confuse user with error messages ath9k * fix crash in AP mode (regression) * fix relayfs crash (regression) * fix initialisation with AR9340 and AR9550 ==================== Signed-off-by: David S. Miller commit 6d6a505a1e4c40cc37f83076c8779881dd60e144 Author: Tobias Klauser Date: Thu Feb 16 13:54:32 2017 +0100 net: ethoc: Use eth_hw_addr_random() Use eth_hw_addr_random() to set a random dev_addr and update addr_assign_type instead of open-coding it. Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller drivers/net/ethernet/ethoc.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit e1c151a47942da66cd208dea2330547b34684fae Merge: 4581be4 da20420 Author: David S. Miller Date: Fri Feb 17 12:28:44 2017 -0500 Merge branch 'rhashtable-allocation-failure-during-insertion' Herbert Xu says: ==================== rhashtable: Handle table allocation failure during insertion v2 - Added Ack to patch 2. Fixed RCU annotation in code path executed by rehasher by using rht_dereference_bucket. v1 - This series tackles the problem of table allocation failures during insertion. The issue is that we cannot vmalloc during insertion. This series deals with this by introducing nested tables. The first two patches removes manual hash table walks which cannot work on a nested table. The final patch introduces nested tables. I've tested this with test_rhashtable and it appears to work. ==================== Signed-off-by: David S. Miller commit da20420f83ea0fbcf3d03afda08d971ea1d8a356 Author: Herbert Xu Date: Sat Feb 11 19:26:47 2017 +0800 rhashtable: Add nested tables This patch adds code that handles GFP_ATOMIC kmalloc failure on insertion. As we cannot use vmalloc, we solve it by making our hash table nested. That is, we allocate single pages at each level and reach our desired table size by nesting them. When a nested table is created, only a single page is allocated at the top-level. Lower levels are allocated on demand during insertion. Therefore for each insertion to succeed, only two (non-consecutive) pages are needed. After a nested table is created, a rehash will be scheduled in order to switch to a vmalloced table as soon as possible. Also, the rehash code will never rehash into a nested table. If we detect a nested table during a rehash, the rehash will be aborted and a new rehash will be scheduled. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller include/linux/rhashtable.h | 78 +++++++++---- lib/rhashtable.c | 270 ++++++++++++++++++++++++++++++++++++--------- 2 files changed, 276 insertions(+), 72 deletions(-) commit 40f9f439706073b4b0a654b3b99e18296b7990b3 Author: Herbert Xu Date: Sat Feb 11 19:26:46 2017 +0800 tipc: Fix tipc_sk_reinit race conditions There are two problems with the function tipc_sk_reinit. Firstly it's doing a manual walk over an rhashtable. This is broken as an rhashtable can be resized and if you manually walk over it during a resize then you may miss entries. Secondly it's missing memory barriers as previously the code used spinlocks which provide the barriers implicitly. This patch fixes both problems. Fixes: 07f6c4bc048a ("tipc: convert tipc reference table to...") Signed-off-by: Herbert Xu Acked-by: Ying Xue Signed-off-by: David S. Miller net/tipc/net.c | 4 ++++ net/tipc/socket.c | 30 +++++++++++++++++++----------- 2 files changed, 23 insertions(+), 11 deletions(-) commit 98687f426bb3e93b9dbbfb614ba331192beae482 Author: Herbert Xu Date: Sat Feb 11 19:26:45 2017 +0800 gfs2: Use rhashtable walk interface in glock_hash_walk The function glock_hash_walk walks the rhashtable by hand. This is broken because if it catches the hash table in the middle of a rehash, then it will miss entries. This patch replaces the manual walk by using the rhashtable walk interface. Fixes: 88ffbf3e037e ("GFS2: Use resizable hash table for glocks") Signed-off-by: Herbert Xu Signed-off-by: David S. Miller fs/gfs2/glock.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) commit 4581be42fce5e1d208cbeb8e78df3f1b4673eff7 Author: Jisheng Zhang Date: Thu Feb 16 17:07:39 2017 +0800 net: mvneta: make mvneta_eth_tool_ops static The mvneta_eth_tool_ops is only used internally in mvneta driver, so make it static. Signed-off-by: Jisheng Zhang Acked-by: Thomas Petazzoni Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvneta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4b5026ade59e07c8913ba8c4d19db2438fdeed1a Merge: ad8e963 5cecb6c Author: David S. Miller Date: Fri Feb 17 12:08:07 2017 -0500 Merge branch 'net-sched-reflect-hw-offload-in-classifiers' Or Gerlitz says: ==================== net/sched: Reflect HW offload status in classifiers Currently there is no way of querying whether a filter is offloaded to HW or not when using "both" policy (where none of skip_sw or skip_hw flags are set by user-space). Added two new flags, "in hw" and "not in hw" such that user space can determine if a filter is actually offloaded to hw. The "in hw" UAPI semantics was chosen so it's similar to the "skip hw" flag logic. If none of these two flags are set, this signals running over older kernel. As an example, add one vlan push + fwd rule, one matchall rule and one u32 rule without any flags, and another vlan + fwd skip_sw rule, such that the different TC classifier attempt to offload all of them -- all over mlx5 SRIOV VF rep: flower skip_sw indev eth2_0 src_mac e4:11:22:33:44:50 dst_mac e4:1d:2d:a5:f3:9d action vlan push id 52 action mirred egress redirect dev eth2 flower indev eth2_0 src_mac e4:11:22:33:44:50 dst_mac e4:11:22:33:44:51 action vlan push id 53 action mirred egress redirect dev eth2 u32 ht 800: flowid 800:1 match ip src 192.168.1.0/24 action drop Since that VF rep doesn't offload matchall/u32 and can currently offload only one vlan push rule we expect three of the rules not to be offloaded: filter protocol ip pref 99 u32 filter protocol ip pref 99 u32 fh 800: ht divisor 1 filter protocol ip pref 99 u32 fh 800::1 order 1 key ht 800 bkt 0 flowid 800:1 not in_hw match c0a80100/ffffff00 at 12 action order 1: gact action drop random type none pass val 0 index 8 ref 1 bind 1 filter protocol all pref 49150 matchall filter protocol all pref 49150 matchall handle 0x1 not in_hw action order 1: mirred (Egress Mirror to device veth1) pipe index 27 ref 1 bind 1 filter protocol ip pref 49151 flower filter protocol ip pref 49151 flower handle 0x1 indev eth2_0 dst_mac e4:11:22:33:44:51 src_mac e4:11:22:33:44:50 eth_type ipv4 not in_hw action order 1: vlan push id 53 protocol 802.1Q priority 0 pipe index 20 ref 1 bind 1 action order 2: mirred (Egress Redirect to device eth2) stolen index 26 ref 1 bind 1 filter protocol ip pref 49152 flower filter protocol ip pref 49152 flower handle 0x1 indev eth2_0 dst_mac e4:1d:2d:a5:f3:9d src_mac e4:11:22:33:44:50 eth_type ipv4 skip_sw in_hw action order 1: vlan push id 52 protocol 802.1Q priority 0 pipe index 19 ref 1 bind 1 action order 2: mirred (Egress Redirect to device eth2) stolen index 25 ref 1 bind 1 v3 --> v4 changes: - removed extra parenthesis (Dave) v2 --> v3 changes: - fixed the matchall dump flags patch to do proper checks (Jakub) - added the same proper checks to flower where they were missing - that flower patch was added as #1 and hence all the other patches are offed-by-one v1 --> v2 changes: - applied feedback from Jakub and Dave -- where none of the skip flags were set, the suggested approach didn't allow user space to distringuish between old kernel to a case when offloading to HW worked fine. ==================== Signed-off-by: David S. Miller commit 5cecb6cc008148b4afc51f7bacfa753e1a957483 Author: Or Gerlitz Date: Thu Feb 16 10:31:16 2017 +0200 net/sched: cls_bpf: Reflect HW offload status BPF classifier support for the "in hw" offloading flags. Signed-off-by: Or Gerlitz Reviewed-by: Amir Vadai Acked-by: Jakub Kicinski Signed-off-by: David S. Miller net/sched/cls_bpf.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 24d3dc6d27eae19f422a5e216e25d3a16628d4ff Author: Or Gerlitz Date: Thu Feb 16 10:31:15 2017 +0200 net/sched: cls_u32: Reflect HW offload status U32 support for the "in hw" offloading flags. Signed-off-by: Or Gerlitz Reviewed-by: Amir Vadai Signed-off-by: David S. Miller net/sched/cls_u32.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit c7d2b2f5eebe6e76efc11cfd7a600c0748234f3a Author: Or Gerlitz Date: Thu Feb 16 10:31:14 2017 +0200 net/sched: cls_matchall: Reflect HW offloading status Matchall support for the "in hw" offloading flags. Signed-off-by: Or Gerlitz Reviewed-by: Amir Vadai Acked-by: Jiri Pirko Signed-off-by: David S. Miller net/sched/cls_matchall.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 55593960d0d88c6d80b7b3a615dbe09de85f2541 Author: Or Gerlitz Date: Thu Feb 16 10:31:13 2017 +0200 net/sched: cls_flower: Reflect HW offload status Flower support for the "in hw" offloading flags. Signed-off-by: Or Gerlitz Reviewed-by: Amir Vadai Acked-by: Jiri Pirko Signed-off-by: David S. Miller net/sched/cls_flower.c | 5 +++++ 1 file changed, 5 insertions(+) commit e696028acc458aa3d43ad899371a963eb28336d8 Author: Or Gerlitz Date: Thu Feb 16 10:31:12 2017 +0200 net/sched: Reflect HW offload status Currently there is no way of querying whether a filter is offloaded to HW or not when using "both" policy (where none of skip_sw or skip_hw flags are set by user-space). Add two new flags, "in hw" and "not in hw" such that user space can determine if a filter is actually offloaded to hw or not. The "in hw" UAPI semantics was chosen so it's similar to the "skip hw" flag logic. If none of these two flags are set, this signals running over older kernel. Signed-off-by: Or Gerlitz Reviewed-by: Amir Vadai Acked-by: Jiri Pirko Signed-off-by: David S. Miller include/net/pkt_cls.h | 5 +++++ include/uapi/linux/pkt_cls.h | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) commit 7a335adad8b06778c0876aa5a5eb8954cd835bf5 Author: Or Gerlitz Date: Thu Feb 16 10:31:11 2017 +0200 net/sched: cls_matchall: Dump the classifier flags The classifier flags are not dumped to user-space, do that. Signed-off-by: Or Gerlitz Acked-by: Jiri Pirko Acked-by: Yotam Gigi Signed-off-by: David S. Miller net/sched/cls_matchall.c | 3 +++ 1 file changed, 3 insertions(+) commit 749e6720d2ee10d5221d5d7b8cee8ac5d1cd690e Author: Or Gerlitz Date: Thu Feb 16 10:31:10 2017 +0200 net/sched: cls_flower: Properly handle classifier flags dumping Dump the classifier flags only if non zero and make sure to check the return status of the handler that puts them into the netlink msg. Signed-off-by: Or Gerlitz Signed-off-by: David S. Miller net/sched/cls_flower.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit ad8e963ca6838071dd2f3db2df66b247b99f4295 Author: Philippe Reynes Date: Thu Feb 16 09:10:49 2017 +0100 net: oki-semi: pch_gbe: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller .../ethernet/oki-semi/pch_gbe/pch_gbe_ethtool.c | 58 ++++++++++++++-------- 1 file changed, 38 insertions(+), 20 deletions(-) commit a25996e733db057a27a5f90c5636c3e1e01ad33e Merge: 5418820 04be87a Author: Arnd Bergmann Date: Fri Feb 17 17:28:29 2017 +0100 Merge tag 'mvebu-dt-4.11-4' of git://git.infradead.org/linux-mvebu into next/dt Pull "mvebu dt for 4.11 (part 4)" from Gregory CLEMENT: Fix typos introduced during the preparation of the 4.11 merge window. * tag 'mvebu-dt-4.11-4' of git://git.infradead.org/linux-mvebu: ARM: dts: armada-385-linksys: fix DSA compatible property ARM: dts: Fix typo in armada-xp-98dx4251 commit 9fe9aa0b7334f65755fa6e9b20cb633a09fe76f7 Author: Ivan Khoronzhuk Date: Wed Feb 15 19:45:02 2017 +0200 net: ethernet: ti: cpsw: correct ale dev to cpsw The ale is a property of cpsw, so change dev to cpsw->dev, aka pdev->dev, to be consistent. Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0fa9e2899c5d128723056d2ecc950bda7b51af20 Author: Philippe Reynes Date: Tue Feb 14 23:36:32 2017 +0100 net: nvidia: forcedeth: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. As I don't have the hardware, I'd be very pleased if someone may test this patch. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/nvidia/forcedeth.c | 91 ++++++++++++++++++--------------- 1 file changed, 50 insertions(+), 41 deletions(-) commit af6e2b5b8c109d1c27f82364e8b9b1e858051093 Merge: 01f0f42 85a66e5 Author: David S. Miller Date: Fri Feb 17 11:03:07 2017 -0500 Merge branch 'ptp-attribute-cleanup' Dmitry Torokhov says: ==================== PTP attribute handling cleanup PTP core was creating some attributes, such as "period" and "fifo", and the entire "pins" attribute group, after creating class deevice, which creates a race for userspace: uevent may arrive before all attributes are created. This series of patches switches PTP to use is_visible() to control visibility of attributes in a group, and device_create_with_groups() to ensure that attributes are created before we notify userspace of a new device. v2: - added Richard's acked-by to patch #1 - removed use of kmalloc_array in favor of kcalloc in patch #2 at Richard's request - added a cover letter v1: - initial patch set ==================== Acked-by: Richard Cochran Signed-off-by: David S. Miller commit 85a66e55019583da1e0f18706b7a8281c9f6de5b Author: Dmitry Torokhov Date: Tue Feb 14 10:23:34 2017 -0800 ptp: create "pins" together with the rest of attributes Let's switch to using device_create_with_groups(), which will allow us to create "pins" attribute group together with the rest of ptp device attributes, and before userspace gets notified about ptp device creation. Signed-off-by: Dmitry Torokhov Signed-off-by: David S. Miller drivers/ptp/ptp_clock.c | 20 +++++++++++--------- drivers/ptp/ptp_private.h | 7 ++++--- drivers/ptp/ptp_sysfs.c | 39 +++++++++------------------------------ 3 files changed, 24 insertions(+), 42 deletions(-) commit af59e717d5ff9c8dbf9bcc581c0dfb3b2a9c9030 Author: Dmitry Torokhov Date: Tue Feb 14 10:23:33 2017 -0800 ptp: use is_visible method to hide unused attributes Instead of creating selected attributes after the device is created (and after userspace potentially seen uevent), lets use attribute group is_visible() method to control which attributes are shown. This will allow us to create all attributes (except "pins" group, which will be taken care of later) before userspace gets notified about new ptp class device. Signed-off-by: Dmitry Torokhov Signed-off-by: David S. Miller drivers/ptp/ptp_sysfs.c | 125 +++++++++++++++++++++--------------------------- 1 file changed, 55 insertions(+), 70 deletions(-) commit 6f7aa56bae6ff38727d5c8bf6ee7d4202b4e3865 Author: Dmitry Torokhov Date: Tue Feb 14 10:23:32 2017 -0800 ptp: use kcalloc when allocating arrays kcalloc is more semantically correct when allocating arrays of objects, and overflow-safe. Signed-off-by: Dmitry Torokhov Signed-off-by: David S. Miller drivers/ptp/ptp_sysfs.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 882f312dc0751c973db26478f07f082c584d16aa Author: Dmitry Torokhov Date: Tue Feb 14 10:23:31 2017 -0800 ptp: do not explicitly set drvdata in ptp_clock_register() We do not need explicitly call dev_set_drvdata(), as it is done for us by device_create(). Acked-by: Richard Cochran Signed-off-by: Dmitry Torokhov Signed-off-by: David S. Miller drivers/ptp/ptp_clock.c | 2 -- 1 file changed, 2 deletions(-) commit da8a58b56c661681f9b2fd2fa59c6da3a5bac8d1 Author: Jan Stancek Date: Fri Feb 17 12:10:26 2017 +0100 perf tools: Replace _SC_NPROCESSORS_CONF with max_present_cpu in cpu_topology_map There are 2 problems wrt. cpu_topology_map on systems with sparse CPUs: 1. offline/absent CPUs will have their socket_id and core_id set to -1 which triggers: "socket_id number is too big.You may need to upgrade the perf tool." 2. size of cpu_topology_map (perf_env.cpu[]) is allocated based on _SC_NPROCESSORS_CONF, but can be indexed with CPU ids going above. Users of perf_env.cpu[] are using CPU id as index. This can lead to read beyond what was allocated: ==19991== Invalid read of size 4 ==19991== at 0x490CEB: check_cpu_topology (topology.c:69) ==19991== by 0x490CEB: test_session_topology (topology.c:106) ... For example: _SC_NPROCESSORS_CONF == 16 available: 2 nodes (0-1) node 0 cpus: 0 6 8 10 16 22 24 26 node 0 size: 12004 MB node 0 free: 9470 MB node 1 cpus: 1 7 9 11 23 25 27 node 1 size: 12093 MB node 1 free: 9406 MB node distances: node 0 1 0: 10 20 1: 20 10 This patch changes HEADER_NRCPUS.nr_cpus_available from _SC_NPROCESSORS_CONF to max_present_cpu and updates any user of cpu_topology_map to iterate with nr_cpus_avail. As a consequence HEADER_CPU_TOPOLOGY core_id and socket_id lists get longer, but maintain compatibility with pre-patch state - index to cpu_topology_map is CPU id. perf test 36 -v 36: Session topology : --- start --- test child forked, pid 22211 templ file: /tmp/perf-test-gmdX5i CPU 0, core 0, socket 0 CPU 1, core 0, socket 1 CPU 6, core 10, socket 0 CPU 7, core 10, socket 1 CPU 8, core 1, socket 0 CPU 9, core 1, socket 1 CPU 10, core 9, socket 0 CPU 11, core 9, socket 1 CPU 16, core 0, socket 0 CPU 22, core 10, socket 0 CPU 23, core 10, socket 1 CPU 24, core 1, socket 0 CPU 25, core 1, socket 1 CPU 26, core 9, socket 0 CPU 27, core 9, socket 1 test child finished with 0 ---- end ---- Session topology: Ok Signed-off-by: Jan Stancek Cc: Alexander Shishkin Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/d7c05c6445fca74a8442c2c73cfffd349c52c44f.1487146877.git.jstancek@redhat.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-stat.c | 2 +- tools/perf/tests/topology.c | 4 +++- tools/perf/util/env.c | 2 +- tools/perf/util/header.c | 16 +++++----------- 4 files changed, 10 insertions(+), 14 deletions(-) commit 01f0f4253469e1b1e80bc84ae64728c294534836 Author: Eric Dumazet Date: Fri Feb 10 04:27:58 2017 -0800 mlx4: do not fire tasklet unless necessary All rx and rx netdev interrupts are handled by respectively by mlx4_en_rx_irq() and mlx4_en_tx_irq() which simply schedule a NAPI. But mlx4_eq_int() also fires a tasklet to service all items that were queued via mlx4_add_cq_to_tasklet(), but this handler was not called unless user cqe was handled. This is very confusing, as "mpstat -I SCPU ..." show huge number of tasklet invocations. This patch saves this overhead, by carefully firing the tasklet directly from mlx4_add_cq_to_tasklet(), removing four atomic operations per IRQ. Signed-off-by: Eric Dumazet Cc: Tariq Toukan Cc: Saeed Mahameed Acked-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/cq.c | 6 +++++- drivers/net/ethernet/mellanox/mlx4/eq.c | 9 +-------- 2 files changed, 6 insertions(+), 9 deletions(-) commit 43db2843a4a41cc8cdb6ab696639aeee1f4d5062 Author: Jan Stancek Date: Fri Feb 17 12:10:25 2017 +0100 perf header: Make build_cpu_topology skip offline/absent CPUs When build_cpu_topo() encounters offline/absent CPUs, it fails to find any sysfs entries and returns failure. This leads to build_cpu_topology() and write_cpu_topology() failing as well. Because HEADER_CPU_TOPOLOGY has not been written, read leaves cpu_topology_map NULL and we get NULL ptr deref at: ... cmd_test __cmd_test test_and_print run_test test_session_topology check_cpu_topology 36: Session topology : --- start --- test child forked, pid 14902 templ file: /tmp/perf-test-4CKocW failed to write feature HEADER_CPU_TOPOLOGY perf: Segmentation fault Obtained 9 stack frames. ./perf(sighandler_dump_stack+0x41) [0x5095f1] /lib64/libc.so.6(+0x35250) [0x7f4b7c3c9250] ./perf(test_session_topology+0x1db) [0x490ceb] ./perf() [0x475b68] ./perf(cmd_test+0x5b9) [0x4763c9] ./perf() [0x4945a3] ./perf(main+0x69f) [0x427e8f] /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f4b7c3b5b35] ./perf() [0x427fb9] test child interrupted ---- end ---- Session topology: FAILED! This patch makes build_cpu_topology() skip offline/absent CPUs, by checking their presence against cpu_map built from online CPUs. Signed-off-by: Jan Stancek Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Masami Hiramatsu Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/a271b770175524f4961d4903af33798358a4a518.1487146877.git.jstancek@redhat.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/header.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) commit 92a7e1278005b6bb3459affc50b2b6e2464e7e7c Author: Jan Stancek Date: Fri Feb 17 12:10:24 2017 +0100 perf cpumap: Add cpu__max_present_cpu() Similar to cpu__max_cpu() (which returns the max possible CPU), returns the max present CPU. Signed-off-by: Jan Stancek Acked-by: Jiri Olsa Cc: Alexander Shishkin Cc: Masami Hiramatsu Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/8ea4601b5cacc49927235b4ebac424bd6eeccb06.1487146877.git.jstancek@redhat.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/cpumap.c | 22 ++++++++++++++++++++++ tools/perf/util/cpumap.h | 1 + 2 files changed, 23 insertions(+) commit 8074bf51fe5af68dcbc12bd7fa72dc4be8f41dde Author: Arnaldo Carvalho de Melo Date: Fri Feb 17 12:27:26 2017 -0300 perf session: Fix DEBUG=1 build with clang The struct branch_stack->branch_stack.cycles field is a u64 :16 bitfield, and this somehow confuses clang 4.0 when checking the arguments of a printf format, so cast the :16 to unsigned short to help it. Silences this: util/session.c:935:4: error: format specifies type 'unsigned short' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat] e->flags.cycles, ^~~~~~~~~~~~~~~ 1 error generated. Cc: Adrian Hunter Cc: Andi Kleen Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-eo2t4uhlbne105z72tvyzkp1@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 67d04bb2bcbd3e99f4c4daa58599c90a83ad314a Author: Joel Fernandes Date: Thu Feb 16 20:10:58 2017 -0800 tracing: Remove outdated ring buffer comment The comment about ring buffer's organization is outdated and the code sits elsewhere, remove the comment. Link: http://lkml.kernel.org/r/20170217041058.23904-1-joelaf@google.com Cc: Ingo Molnar Signed-off-by: Joel Fernandes Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) commit 9c72fd0ff092526ea25c5a59d4a6ed94aeb4a66f Author: Steven Rostedt (VMware) Date: Thu Feb 16 20:13:52 2017 -0500 tools lib traceevent: It's preempt not prempt Fix the typo of the function name pevent_data_prempt_count() Signed-off-by: Steven Rostedt Fixes: c52d9e4e677b ("tools lib traceevent: Add retrieval of preempt count and latency flags") Link: http://lkml.kernel.org/r/20170216201352.469c99de@grimm.local.home Signed-off-by: Arnaldo Carvalho de Melo tools/lib/traceevent/event-parse.c | 4 ++-- tools/lib/traceevent/event-parse.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 4be92cf018c391c4ecc5fd091fae8c152de3692f Author: Arnaldo Carvalho de Melo Date: Wed Feb 15 21:36:48 2017 -0300 perf python: Filter out -specs=/a/b/c from the python binding cc options The -spec=/path/to/file can be used to change what gcc puts in the cc, ld, etc command lines, but this is not present in clang, filter it out at the setup.py file by changing python2's internal variable where it keeps its initial CFLAGS value. With this all of perf can be built in at least Fedora 25, fixing this problem: GEN /tmp/build/perf/python/perf.so CC /tmp/build/perf/builtin-buildid-list.o clang-4.0: error: argument unused during compilation: '-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1' [-Werror,-Wunused-command-line-argument] clang-4.0: error: argument unused during compilation: '-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1' [-Werror,-Wunused-command-line-argument] error: command 'clang' failed with exit status 1 Now I need to change all the containers where I have clang to build perf with it, so that we can check that in other distros (opensuse, debian, ubuntu, etc) this also works. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-g9lhgr162ao8ao29vvf0hgm1@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/setup.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 8bd8c6533369a013297e0eec7898b37290852a73 Author: Arnaldo Carvalho de Melo Date: Wed Feb 15 21:31:40 2017 -0300 tools perf scripting python: clang doesn't have -spec, remove it Gcc has a -spec option to override what options to pass to cc, etc, and in some distros this is used, like in fedora, where we end up getting this passed to gcc that makes clang, that doesn't have this option to stop the build: CC /tmp/build/perf/util/scripting-engines/trace-event-python.o clang-4.0: error: argument unused during compilation: '-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1' [-Werror,-Wunused-command-line-argument] So filter this out when the compiler used is clang, this way we can build the python scripting support in tools/perf/. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-2gosxoiouf24pnlknp7w7q4z@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.config | 7 +++++++ tools/perf/util/scripting-engines/trace-event-python.c | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) commit cfd75c2db17ef70590d7f04dfc254cf003b9cd77 Author: Robert Schiele Date: Thu Jan 26 16:00:05 2017 +0100 MIPS: VDSO: Explicitly use -fno-asynchronous-unwind-tables Not every toolchain has -fno-asynchronous-unwind-tables per default on MIPS. This patch specifies the necessary option explicitly for VDSO library build. This prevents the following build failure: GENVDSO arch/mips/vdso/vdso-image.c arch/mips/vdso/genvdso: 'arch/mips/vdso/vdso.so.dbg' contains relocation sections .../arch/mips/vdso/Makefile:84: recipe for target 'arch/mips/vdso/vdso-image.c' failed Signed-off-by: Robert Schiele Signed-off-by: Alexander Sverdlin Cc: Ralf Baechle Cc: "Maciej W. Rozycki" Cc: Alexander Sverdlin Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15127/ Signed-off-by: James Hogan arch/mips/vdso/Makefile | 1 + 1 file changed, 1 insertion(+) commit 843574a3ede1d4d3f3c88317a50d5c76d5a9515c Author: Markus Elfring Date: Sun Jan 22 17:41:07 2017 +0100 KVM: Return an error code only as a constant in kvm_get_dirty_log() * Return an error code without storing it in an intermediate variable. * Delete the local variable "r" and the jump label "out" which became unnecessary with this refactoring. Signed-off-by: Markus Elfring Signed-off-by: Paolo Bonzini virt/kvm/kvm_main.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) commit 58d6db34917278614cbb3a329b66498658560a46 Author: Markus Elfring Date: Sun Jan 22 17:30:16 2017 +0100 KVM: Return an error code only as a constant in kvm_get_dirty_log_protect() * Return an error code without storing it in an intermediate variable. * Delete the local variable "r" and the jump label "out" which became unnecessary with this refactoring. Signed-off-by: Markus Elfring Signed-off-by: Paolo Bonzini virt/kvm/kvm_main.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) commit f6a3b168e56abe094b5c93dbafc2f0a0bf64e702 Author: Markus Elfring Date: Sun Jan 22 11:30:21 2017 +0100 KVM: Return directly after a failed copy_from_user() in kvm_vm_compat_ioctl() * Return directly after a call of the function "copy_from_user" failed in a case block. This issue was detected by using the Coccinelle software. * Delete the jump label "out" which became unnecessary with this refactoring. Signed-off-by: Markus Elfring Signed-off-by: Paolo Bonzini virt/kvm/kvm_main.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit bd7e5b0899a429445cc6e3037c13f8b5ae3be903 Author: Paolo Bonzini Date: Fri Feb 3 21:18:52 2017 -0800 KVM: x86: remove code for lazy FPU handling The FPU is always active now when running KVM. Reviewed-by: David Matlack Reviewed-by: Bandan Das Signed-off-by: Paolo Bonzini arch/x86/include/asm/kvm_host.h | 3 -- arch/x86/kvm/cpuid.c | 2 - arch/x86/kvm/svm.c | 43 ++------------- arch/x86/kvm/vmx.c | 112 ++++++---------------------------------- arch/x86/kvm/x86.c | 7 +-- include/linux/kvm_host.h | 1 - 6 files changed, 19 insertions(+), 149 deletions(-) commit 460df4c1fc7c00829050c08d6368dc6e6beef307 Author: Paolo Bonzini Date: Wed Feb 8 11:50:15 2017 +0100 KVM: race-free exit from KVM_RUN without POSIX signals The purpose of the KVM_SET_SIGNAL_MASK API is to let userspace "kick" a VCPU out of KVM_RUN through a POSIX signal. A signal is attached to a dummy signal handler; by blocking the signal outside KVM_RUN and unblocking it inside, this possible race is closed: VCPU thread service thread -------------------------------------------------------------- check flag set flag raise signal (signal handler does nothing) KVM_RUN However, one issue with KVM_SET_SIGNAL_MASK is that it has to take tsk->sighand->siglock on every KVM_RUN. This lock is often on a remote NUMA node, because it is on the node of a thread's creator. Taking this lock can be very expensive if there are many userspace exits (as is the case for SMP Windows VMs without Hyper-V reference time counter). As an alternative, we can put the flag directly in kvm_run so that KVM can see it: VCPU thread service thread -------------------------------------------------------------- raise signal signal handler set run->immediate_exit KVM_RUN check run->immediate_exit Reviewed-by: Radim Krčmář Reviewed-by: David Hildenbrand Signed-off-by: Paolo Bonzini Documentation/virtual/kvm/api.txt | 13 ++++++++++++- arch/arm/kvm/arm.c | 4 ++++ arch/mips/kvm/mips.c | 7 ++++++- arch/powerpc/kvm/powerpc.c | 6 +++++- arch/s390/kvm/kvm-s390.c | 4 ++++ arch/x86/kvm/x86.c | 6 +++++- include/uapi/linux/kvm.h | 4 +++- 7 files changed, 39 insertions(+), 5 deletions(-) commit cce59c225920309e03c2ea350ed6a0e233e33963 Author: Prahlad V Date: Fri Feb 17 02:03:35 2017 +0530 spi: ti-qspi: revise ti_qspi_probe() failure flow call spi_master_put() in case of failures after spi_alloc_master(). call pm_runtime_disable() in case of failures after pm_runtime_enable(). Signed-off-by: Prahlad V Signed-off-by: Mark Brown drivers/spi/spi-ti-qspi.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit 7ba8ba3f4f9604ce776475e3b501e41c762af797 Author: Jeeja KP Date: Fri Feb 17 15:04:46 2017 +0530 ASoC: Intel: bxt: Add jack port initialize in bxt_rt298 machine After the pcm jack is created, create and initialize the pin switch widget for each port. Pin switch is to enable/disable the pin when monitor is connected/disconnected. Signed-off-by: Jeeja KP Signed-off-by: Mark Brown sound/soc/intel/boards/bxt_rt298.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 02983449c87b1dfd9b75af4c8a2a8057f9664c08 Author: Gavin Shan Date: Wed Jan 11 12:09:05 2017 +1100 powerpc/powernv: Remove unused variable in pnv_pci_sriov_disable() The local variable @iov isn't used, to remove it. Signed-off-by: Gavin Shan Reviewed-by: Andrew Donnellan Signed-off-by: Michael Ellerman arch/powerpc/platforms/powernv/pci-ioda.c | 2 -- 1 file changed, 2 deletions(-) commit 727597d12140b342a3deef10348b5edeb076275d Author: Gavin Shan Date: Wed Feb 8 14:11:03 2017 +1100 powerpc/kernel: Remove error message in pcibios_setup_phb_resources() The CAPI driver creates virtual PHB (vPHB) from the CAPI adapter. The vPHB's IO and memory windows aren't built from device-tree node as we do for normal PHBs. A error message is thrown in below path when trying to probe AFUs contained in the adapter. The error message is confusing and unnecessary. cxl_probe() pci_init_afu() cxl_pci_vphb_add() pcibios_scan_phb() pcibios_setup_phb_resources() This removes the error message. We might have the case where the first memory window on real PHB isn't populated properly because of error in "ranges" property in the device-tree node. We can check the device-tree instead for that. This also removes one unnecessary blank line in the function. Signed-off-by: Gavin Shan Reviewed-by: Andrew Donnellan Signed-off-by: Michael Ellerman arch/powerpc/kernel/pci-common.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit bdfdaf1a016ef09cb941f2edad485a713510b8d5 Author: Mirko Parthey Date: Wed Feb 15 23:31:30 2017 +0100 MIPS: BCM47XX: Fix button inversion for Asus WL-500W The Asus WL-500W buttons are active high, but the software treats them as active low. Fix the inverted logic. Fixes: 3be972556fa1 ("MIPS: BCM47XX: Import buttons database from OpenWrt") Signed-off-by: Mirko Parthey Acked-by: Rafał Miłecki Cc: Hauke Mehrtens Cc: linux-mips@linux-mips.org Cc: # 3.14.x- Patchwork: https://patchwork.linux-mips.org/patch/15295/ Signed-off-by: James Hogan arch/mips/bcm47xx/buttons.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 650a2b29cd4aeff6e4d27d823c5f0dcea6566c8b Author: Ian Pozella Date: Thu Feb 16 12:33:30 2017 +0000 MIPS: DTS: Add img directory to Makefile An img directory exists for the Pistchio SoC device tree but the directory itself isn't in the dts Makefile meaning the dtbs never get built. Fixes: daa10170da27 ("MIPS: DTS: img: add device tree for Marduk board") Signed-off-by: Ian Pozella Reviewed-by: Rahul Bedarkar Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15309/ Signed-off-by: James Hogan arch/mips/boot/dts/Makefile | 1 + 1 file changed, 1 insertion(+) commit c618f6b188a9170f67e4abd478d250cc72aed1e1 Author: Gavin Shan Date: Wed Feb 8 14:16:50 2017 +1100 powerpc/mm: Fix typo in set_pte_at() This fixes the typo about the _PAGE_PTE in set_pte_at() by changing "tryint" to "trying to". Signed-off-by: Gavin Shan Acked-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/mm/pgtable.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit b617649468390713db1515ea79fc772d2eb897a8 Author: Arnd Bergmann Date: Fri Feb 3 17:43:50 2017 +0100 MIPS: ip27: Disable qlge driver in defconfig One of the last remaining failures in kernelci.org is for a gcc bug: drivers/net/ethernet/qlogic/qlge/qlge_main.c:4819:1: error: insn does not satisfy its constraints: drivers/net/ethernet/qlogic/qlge/qlge_main.c:4819:1: internal compiler error: in extract_constrain_insn, at recog.c:2190 This is apparently broken in gcc-6 but fixed in gcc-7, and I cannot reproduce the problem here. However, it is clear that ip27_defconfig does not actually need this driver as the platform has only PCI-X but not PCIe, and the qlge adapter in turn is PCIe-only. The driver was originally enabled in 2010 along with lots of other drivers. Fixes: 59d302b342e5 ("MIPS: IP27: Make defconfig useful again.") Signed-off-by: Arnd Bergmann Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15197/ Signed-off-by: James Hogan arch/mips/configs/ip27_defconfig | 1 - 1 file changed, 1 deletion(-) commit a726f1d2dd4fee179aa4513176d688ad309de6cc Author: Purna Chandra Mandal Date: Thu Jun 2 14:51:42 2016 +0530 MIPS: pic32mzda: Fix linker error for pic32_get_pbclk() Early clock API pic32_get_pbclk() is defined in early_clk.c and used by time.c and early_console.c. When CONFIG_EARLY_PRINTK isn't set, early_clk.c isn't compiled and time.c fails to link. Fix it by compiling early_clk.c always. Also sort files in alphabetical order. Fixes: 6e4ad1b41360 ("MIPS: pic32mzda: fix getting timer clock rate.") Reported-by: Harvey Hunt Signed-off-by: Purna Chandra Mandal Reviewed-by: Harvey Hunt Cc: Ralf Baechle Cc: Joshua Henderson Cc: linux-mips@linux-mips.org Cc: # 4.7.x- Patchwork: https://patchwork.linux-mips.org/patch/13383/ Signed-off-by: James Hogan arch/mips/pic32/pic32mzda/Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 774f0c6419bb8f9d83901d33582c7fe3ba6a6cb3 Author: Felix Fietkau Date: Thu Jan 19 14:20:09 2017 +0100 MIPS: Lantiq: Keep ethernet enabled during boot Disabling ethernet during reboot (only to enable it again when the ethernet driver attaches) can put the chip into a faulty state where it corrupts the header of all incoming packets. This happens if packets arrive during the time window where the core is disabled, and it can be easily reproduced by rebooting while sending a flood ping to the broadcast address. Fixes: 95135bfa7ead ("MIPS: Lantiq: Deactivate most of the devices by default") Signed-off-by: Felix Fietkau Acked-by: John Crispin Cc: hauke.mehrtens@lantiq.com Cc: linux-mips@linux-mips.org Cc: # 4.4.x- Patchwork: https://patchwork.linux-mips.org/patch/15078/ Signed-off-by: James Hogan arch/mips/lantiq/xway/sysctrl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 884b426917e4b3c85f33b382c792a94305dfdd62 Author: James Cowgill Date: Mon Jan 9 16:52:28 2017 +0000 MIPS: OCTEON: Fix copy_from_user fault handling for large buffers If copy_from_user is called with a large buffer (>= 128 bytes) and the userspace buffer refers partially to unreadable memory, then it is possible for Octeon's copy_from_user to report the wrong number of bytes have been copied. In the case where the buffer size is an exact multiple of 128 and the fault occurs in the last 64 bytes, copy_from_user will report that all the bytes were copied successfully but leave some garbage in the destination buffer. The bug is in the main __copy_user_common loop in octeon-memcpy.S where in the middle of the loop, src and dst are incremented by 128 bytes. The l_exc_copy fault handler is used after this but that assumes that "src < THREAD_BUADDR($28)". This is not the case if src has already been incremented. Fix by adding an extra fault handler which rewinds the src and dst pointers 128 bytes before falling though to l_exc_copy. Thanks to the pwritev test from the strace test suite for originally highlighting this bug! Fixes: 5b3b16880f40 ("MIPS: Add Cavium OCTEON processor support ...") Signed-off-by: James Cowgill Acked-by: David Daney Reviewed-by: James Hogan Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/14978/ Signed-off-by: James Hogan arch/mips/cavium-octeon/octeon-memcpy.S | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) commit 66fd848cadaa6be974a8c780fbeb328f0af4d3bd Author: Ralf Baechle Date: Thu Jan 26 02:16:47 2017 +0100 MIPS: Fix special case in 64 bit IP checksumming. For certain arguments such as saddr = 0xc0a8fd60, daddr = 0xc0a8fda1, len = 80, proto = 17, sum = 0x7eae049d there will be a carry when folding the intermediate 64 bit checksum to 32 bit but the code doesn't add the carry back to the one's complement sum, thus an incorrect result will be generated. Reported-by: Mark Zhang Signed-off-by: Ralf Baechle Reviewed-by: James Hogan Cc: stable@vger.kernel.org Signed-off-by: James Hogan arch/mips/include/asm/checksum.h | 2 ++ 1 file changed, 2 insertions(+) commit 49f4b08e61547a5ccd2db551d994c4503efe5666 Author: Gavin Shan Date: Thu Feb 16 10:22:34 2017 +1100 pci/hotplug/pnv-php: Disable MSI and PCI device properly pnv_php_disable_irq() can be called in two paths: Bailing path in pnv_php_enable_irq() or releasing slot. The MSI (or MSIx) interrupts is disabled unconditionally in pnv_php_disable_irq(). It's wrong because that might be enabled by drivers other than pnv-php. This disables MSI (or MSIx) interrupts and the PCI device only if it was enabled by pnv-php. In the error path of pnv_php_enable_irq(), we rely on the newly added parameter @disable_device. In the path of releasing slot, @pnv_php->irq is checked. Cc: # v4.9+ Fixes: 360aebd85a4c ("drivers/pci/hotplug: Support surprise hotplug in powernv driver") Signed-off-by: Gavin Shan Reviewed-by: Andrew Donnellan Signed-off-by: Michael Ellerman drivers/pci/hotplug/pnv_php.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) commit 303529d6ef1293513c2c73c9ab86489eebb37d08 Author: Gavin Shan Date: Thu Feb 16 10:22:33 2017 +1100 pci/hotplug/pnv-php: Disable surprise hotplug capability on conflicts The root port or PCIe switch downstream port might have been associated with driver other than pnv-php. The MSI or MSIx might also have been enabled by that driver (e.g. pcieport_drv). Attempt to enable MSI incurs below backtrace: PowerPC PowerNV PCI Hotplug Driver version: 0.1 ------------[ cut here ]------------ WARNING: CPU: 19 PID: 1004 at drivers/pci/msi.c:1071 \ __pci_enable_msi_range+0x84/0x4e0 NIP [c000000000665c34] __pci_enable_msi_range+0x84/0x4e0 LR [c000000000665c24] __pci_enable_msi_range+0x74/0x4e0 Call Trace: [c000000384d67600] [c000000000665c24] __pci_enable_msi_range+0x74/0x4e0 [c000000384d676e0] [d00000000aa31b04] pnv_php_register+0x564/0x5a0 [pnv_php] [c000000384d677c0] [d00000000aa31658] pnv_php_register+0xb8/0x5a0 [pnv_php] [c000000384d678a0] [d00000000aa31658] pnv_php_register+0xb8/0x5a0 [pnv_php] [c000000384d67980] [d00000000aa31dfc] pnv_php_init+0x60/0x98 [pnv_php] [c000000384d679f0] [c00000000000cfdc] do_one_initcall+0x6c/0x1d0 [c000000384d67ab0] [c000000000b92354] do_init_module+0x94/0x254 [c000000384d67b40] [c00000000019719c] load_module+0x258c/0x2c60 [c000000384d67d30] [c000000000197bb0] SyS_finit_module+0xf0/0x170 [c000000384d67e30] [c00000000000b184] system_call+0x38/0xe0 This fixes the issue by skipping enabling the surprise hotplug capability if the MSI or MSIx on the PCI slot's upstream port has been enabled by other driver. Cc: # v4.9+ Fixes: 360aebd85a4c ("drivers/pci/hotplug: Support surprise hotplug in powernv driver") Signed-off-by: Gavin Shan Reviewed-by: Andrew Donnellan Tested-by: Vaibhav Jain Signed-off-by: Michael Ellerman drivers/pci/hotplug/pnv_php.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 36c7c9da40c408a71e5e6bfe12e57dcf549a296d Author: Gavin Shan Date: Thu Feb 16 10:22:32 2017 +1100 pci/hotplug/pnv-php: Remove WARN_ON() in pnv_php_put_slot() The WARN_ON() causes unnecessary backtrace when putting the parent slot, which is likely to be NULL. WARNING: CPU: 2 PID: 1071 at drivers/pci/hotplug/pnv_php.c:85 \ pnv_php_release+0xcc/0x150 [pnv_php] : Call Trace: [c0000003bc007c10] [d00000000ad613c4] pnv_php_release+0x144/0x150 [pnv_php] [c0000003bc007c40] [c0000000006641d8] pci_hp_deregister+0x238/0x330 [c0000003bc007cd0] [d00000000ad61440] pnv_php_unregister_one+0x70/0xa0 [pnv_php] [c0000003bc007d10] [d00000000ad614c0] pnv_php_unregister+0x50/0x80 [pnv_php] [c0000003bc007d40] [d00000000ad61e84] pnv_php_exit+0x50/0xcb4 [pnv_php] [c0000003bc007d70] [c00000000019499c] SyS_delete_module+0x1fc/0x2a0 [c0000003bc007e30] [c00000000000b184] system_call+0x38/0xe0 Cc: # v4.8+ Fixes: 66725152fb9f ("PCI/hotplug: PowerPC PowerNV PCI hotplug driver") Signed-off-by: Gavin Shan Reviewed-by: Andrew Donnellan Tested-by: Vaibhav Jain Signed-off-by: Michael Ellerman drivers/pci/hotplug/pnv_php.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3a4f17608162bbbdcdd9680789b1bc61017cefa3 Author: Thomas Huth Date: Thu Feb 16 22:07:12 2017 +0100 KVM: PPC: Book3S HV: Turn "KVM guest htab" message into a debug message The average user likely does not know what a "htab" or "LPID" is, and it's annoying that these messages are quickly filling the dmesg log when you're doing boot cycle tests, so let's turn it into a debug message instead. Signed-off-by: Thomas Huth Signed-off-by: Paul Mackerras arch/powerpc/kvm/book3s_64_mmu_hv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 71367b3fa7f56256029e7ed87862ef13386e1e7e Author: Jeff Mahoney Date: Wed Feb 15 16:28:34 2017 -0500 btrfs: use btrfs_debug instead of pr_debug in transaction abort Commit e5d6b12fe14 (Btrfs: don't WARN() in btrfs_transaction_abort() for IO errors) added a pr_debug call to be printed when a transaction is aborted with -EIO instead of WARN. btrfs_debug prints which file system the message is associated with so let's use that instead. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/ctree.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 21e75ffe3cd2c99ca4ea5ecb25dcbeb6a8024c30 Author: Jeff Mahoney Date: Wed Feb 15 16:28:32 2017 -0500 btrfs: btrfs_truncate_free_space_cache always allocates path btrfs_truncate_free_space_cache always allocates a btrfs_path structure but only uses it when the caller passes a block group. Let's move the allocation and free into the conditional. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/free-space-cache.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 77ab86bf1c64ab282f2230521c7d4d7f69ea3a3f Author: Jeff Mahoney Date: Wed Feb 15 16:28:30 2017 -0500 btrfs: free-space-cache, clean up unnecessary root arguments The free space cache APIs accept a root but always use the tree root. Also, btrfs_truncate_free_space_cache accepts a root AND an inode but the inode always points to the root anyway, so let's just pass the inode. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 9 +++++---- fs/btrfs/free-space-cache.c | 25 +++++++++++-------------- fs/btrfs/free-space-cache.h | 7 +++---- fs/btrfs/inode-map.c | 2 +- fs/btrfs/relocation.c | 5 ++--- 5 files changed, 22 insertions(+), 26 deletions(-) commit 5e00f1939f6e994123589c6e3d307de02b43c914 Author: Jeff Mahoney Date: Wed Feb 15 16:28:29 2017 -0500 btrfs: convert btrfs_inc_block_group_ro to accept fs_info btrfs_inc_block_group_ro is either passed the extent root or the dev root, but it doesn't do anything with the dev tree. Let's convert to passing an fs_info and using the extent root. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/extent-tree.c | 5 ++--- fs/btrfs/relocation.c | 2 +- fs/btrfs/scrub.c | 2 +- 4 files changed, 5 insertions(+), 6 deletions(-) commit 0c9ab349c2058736594ce82531673a1b4645420d Author: Jeff Mahoney Date: Wed Feb 15 16:28:28 2017 -0500 btrfs: flush_space always takes fs_info->fs_root We don't need to pass a root to flush_space since it always uses the fs_root. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit 87bde3cdfc7848980fc89f1979d2b24879f478c9 Author: Jeff Mahoney Date: Wed Feb 15 16:28:27 2017 -0500 btrfs: pass fs_info to (more) routines that are only called with extent_root Outside of interactions with qgroups, the roots passed in extent-tree.c are usually passed to ensure that we don't do refcounts on log trees or to get the allocation profile for an allocation request. Otherwise, it operates on the extent root. This patch converts some more routines in extent-tree.c that are always called with the extent root to accept an fs_info instead. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 103 +++++++++++++++++++++++++------------------------ 1 file changed, 53 insertions(+), 50 deletions(-) commit fb235dc06fac9eaa4408ade9c8b20d45d63c89b7 Author: Qu Wenruo Date: Wed Feb 15 10:43:03 2017 +0800 btrfs: qgroup: Move half of the qgroup accounting time out of commit trans Just as Filipe pointed out, the most time consuming parts of qgroup are btrfs_qgroup_account_extents() and btrfs_qgroup_prepare_account_extents(). Which both call btrfs_find_all_roots() to get old_roots and new_roots ulist. What makes things worse is, we're calling that expensive btrfs_find_all_roots() at transaction committing time with TRANS_STATE_COMMIT_DOING, which will blocks all incoming transaction. Such behavior is necessary for @new_roots search as current btrfs_find_all_roots() can't do it correctly so we do call it just before switch commit roots. However for @old_roots search, it's not necessary as such search is based on commit_root, so it will always be correct and we can move it out of transaction committing. This patch moves the @old_roots search part out of commit_transaction(), so in theory we can half the time qgroup time consumption at commit_transaction(). But please note that, this won't speedup qgroup overall, the total time consumption is still the same, just reduce the performance stall. Cc: Filipe Manana Signed-off-by: Qu Wenruo Reviewed-by: Filipe Manana Signed-off-by: David Sterba fs/btrfs/delayed-ref.c | 20 ++++++++++++++++---- fs/btrfs/qgroup.c | 33 +++++++++++++++++++++++++++++---- fs/btrfs/qgroup.h | 33 ++++++++++++++++++++++++++++++--- 3 files changed, 75 insertions(+), 11 deletions(-) commit 15b34517a6368c607ae7fd51c24cdc69efcd47fc Author: David Sterba Date: Fri Feb 10 20:30:23 2017 +0100 btrfs: remove unused parameter from adjust_slots_upwards Never used. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/qgroup.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 0e8d931a824aa1585e638d3c51cb172dfc982595 Author: David Sterba Date: Fri Feb 10 20:26:24 2017 +0100 btrfs: remove unused parameters from __btrfs_write_out_cache Both unused after the call to update_cache_item has been moved to __btrfs_wait_cache_io. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/free-space-cache.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) commit 7bf1a159125f1d8d6833daca3818e0ad2af62459 Author: David Sterba Date: Fri Feb 10 20:23:00 2017 +0100 btrfs: remove unused parameter from cleanup_write_cache_enospc bitmap_list is unused since the io_ctl framework. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/free-space-cache.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit d75eefdf9671115ce810598e15f72d20e3de0906 Author: David Sterba Date: Fri Feb 10 20:20:19 2017 +0100 btrfs: remove unused parameter from __add_inode_ref Unused since the helper has been split, eb used in the caller. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/tree-log.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 4a0ab9d711e9c2817c46c3f88cd1c36c917a4823 Author: David Sterba Date: Fri Feb 10 20:18:49 2017 +0100 btrfs: remove unused parameter from clone_copy_inline_extent Never used. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ioctl.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 1a287cfea17c3c14c03151fa970baf86b9055c26 Author: David Sterba Date: Fri Feb 10 20:15:10 2017 +0100 btrfs: remove unused parameters from btrfs_cmp_data After the page locking has been reworked, we get all pages prepared via cmp_pages. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ioctl.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit eeac44cb498d6380d5ea947b324892afa5d89615 Author: David Sterba Date: Fri Feb 10 19:57:27 2017 +0100 btrfs: remove unused parameter from __add_inline_refs Never used. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/backref.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit e5987e1319e7b8155994407df9eb8f108871350b Author: David Sterba Date: Fri Feb 10 19:55:54 2017 +0100 btrfs: remove unused parameters from scrub_setup_wr_ctx Never used. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/scrub.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit 61d7e4cb1173234910ee97c22d1ecf5caee88bf0 Author: David Sterba Date: Fri Feb 10 19:54:06 2017 +0100 btrfs: remove unused parameter from create_snapshot The name parameters have never been used, as the name is passed via the dentry. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e4a4dce72ebda97a930b1269add5575c7841befc Author: David Sterba Date: Fri Feb 10 19:49:01 2017 +0100 btrfs: remove unused parameter from init_first_rw_device The 'device' used to be added in that function, but now it's done by the caller. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/volumes.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 72b468c8daeba50ac85e9d7b92eda18a55c56d18 Author: David Sterba Date: Fri Feb 10 19:46:27 2017 +0100 btrfs: remove unused parameter from __btrfs_alloc_chunk We grab fs_info from other parameters. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/volumes.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 56e033a7874ae4bb5204a38fd5d5cf99c1311321 Author: David Sterba Date: Fri Feb 10 19:44:31 2017 +0100 btrfs: remove unused parameter from btrfs_fill_super Never used for anything meaningful since we have our own superblock filler. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/super.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 4242b64a4c495dea7da4825b258dcf2659ab5f81 Author: David Sterba Date: Fri Feb 10 19:38:24 2017 +0100 btrfs: remove unused parameter from extent_write_cache_pages The 'tree' was used to call locking hook that does not exist anymore. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/extent_io.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit df9f628e3d316e7a254aa8ac002199a33a02b167 Author: David Sterba Date: Fri Feb 10 19:35:37 2017 +0100 btrfs: remove unused parameter from add_pending_csums Never used. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/inode.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 3d4b9496e87fb96d25f9c995a7b965c1535de6b9 Author: David Sterba Date: Fri Feb 10 19:33:41 2017 +0100 btrfs: remove unused parameter from update_nr_written The logic has been updated in "Btrfs: make mapping->writeback_index point to the last written page" (a91326679f2a0a4c2) and page is not needed anymore. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/extent_io.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit c2df8bb43f750b5522151fa41d28251d39322701 Author: David Sterba Date: Fri Feb 10 19:29:38 2017 +0100 btrfs: remove unused parameter from submit_extent_page This used to hold number of maximum pages to allocate, but this is now limited by BIO_MAX_PAGES. The local are now unused and removed as well. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/extent_io.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit f1e30261925526990a880d1ef0e54c65a4607976 Author: David Sterba Date: Fri Feb 10 19:25:51 2017 +0100 btrfs: remove unused parameter from tree_move_next_or_upnext Not needed. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit ab6a43e1221b55c1587a8e7a05deda61f4d25800 Author: David Sterba Date: Fri Feb 10 19:24:53 2017 +0100 btrfs: remove unused parameter from tree_move_down Never needed. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3d3a126a81f152a5abfe19916a5099d2bbd38f9d Author: David Sterba Date: Fri Feb 10 19:23:20 2017 +0100 btrfs: remove unused parameter from btrfs_check_super_valid None of the checks need to know the ro/rw status as they're all not changing the superblock. Moreover, we can access the sb flags directly if we'd need to decide by the ro/rw status. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/disk-io.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 8b74c03e3c16c7a5a127a584bee687cd1578ceaa Author: David Sterba Date: Fri Feb 10 19:20:56 2017 +0100 btrfs: remove unused parameter from btrfs_prepare_extent_commit Added but never used. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.h | 3 +-- fs/btrfs/extent-tree.c | 3 +-- fs/btrfs/transaction.c | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) commit 7775c8184ec018deae89ccbc3ed1e319c910ca59 Author: David Sterba Date: Fri Feb 10 19:18:18 2017 +0100 btrfs: remove unused parameter from btrfs_subvolume_release_metadata Unused since qgroup refactoring that split data and metadata accounting, the btrfs_qgroup_free helper. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.h | 3 +-- fs/btrfs/extent-tree.c | 3 +-- fs/btrfs/ioctl.c | 11 ++++------- 3 files changed, 6 insertions(+), 11 deletions(-) commit 66cb7ddbf2a20517a6efb23960fadf698738e861 Author: David Sterba Date: Fri Feb 10 19:14:36 2017 +0100 btrfs: remove unused parameter from __push_leaf_left Unused since long ago. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 1e47eef223bd53d54085832598afedf8bd6b5c77 Author: David Sterba Date: Fri Feb 10 19:13:06 2017 +0100 btrfs: remove unused parameter from __push_leaf_right Unused since long ago. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit eece6a9cf69140fe1886f14d9a96add4f9929d78 Author: David Sterba Date: Fri Feb 10 19:04:32 2017 +0100 btrfs: merge two superblock writing helpers write_all_supers and write_ctree_super are almost equal, the parameter 'trans' is unused so we can drop it and have just one helper. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/disk-io.c | 8 +------- fs/btrfs/disk-io.h | 3 +-- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 2 +- 4 files changed, 4 insertions(+), 11 deletions(-) commit b75f50624394fff4f0e6521fda673317d5b79309 Author: David Sterba Date: Fri Feb 10 18:52:06 2017 +0100 btrfs: remove unused parameter from write_dev_supers The barriers are handled by the caller. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/disk-io.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 4961e2930f0324dedd47f09108cd4c81c0ee4010 Author: David Sterba Date: Fri Feb 10 18:49:53 2017 +0100 btrfs: remove unused parameter from split_item Never used. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 7c302b49dd757b03d12bec772e1d1f462684c991 Author: David Sterba Date: Fri Feb 10 18:47:57 2017 +0100 btrfs: remove unused parameter from clean_tree_block Added but never needed. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.c | 16 ++++++++-------- fs/btrfs/disk-io.c | 3 +-- fs/btrfs/disk-io.h | 3 +-- fs/btrfs/extent-tree.c | 4 ++-- fs/btrfs/free-space-tree.c | 2 +- fs/btrfs/qgroup.c | 2 +- fs/btrfs/tree-log.c | 6 +++--- 7 files changed, 17 insertions(+), 19 deletions(-) commit e27f62652b89d0701d87112339f286ebf24ffc8c Author: David Sterba Date: Fri Feb 10 18:46:09 2017 +0100 btrfs: remove unused parameter from check_async_write Added but never used. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/disk-io.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit cda79c545ead7e00b1adaf82a13fcea892bf1f43 Author: David Sterba Date: Fri Feb 10 18:44:32 2017 +0100 btrfs: remove unused parameter from read_block_for_search Never used in that function. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ctree.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 6655bc3de1078f8343263b8d822d0aa2236d86b4 Author: David Sterba Date: Wed Feb 15 16:47:36 2017 +0100 btrfs: ulist: rename ulist_fini to ulist_release Change the name so it matches the naming we already use eg. for btrfs_path. Suggested-by: Qu Wenruo Signed-off-by: David Sterba fs/btrfs/qgroup.c | 8 ++++---- fs/btrfs/ulist.c | 10 +++++----- fs/btrfs/ulist.h | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) commit 4ae8553c2d8811f41fe8d785646e90fd1580843f Author: David Sterba Date: Mon Feb 13 15:05:33 2017 +0100 btrfs: remove pointless rcu protection from btrfs_qgroup_inherit There was never need for RCU protection around reading nodesize or other fairly constant filesystem data. Signed-off-by: David Sterba fs/btrfs/qgroup.c | 2 -- 1 file changed, 2 deletions(-) commit 0b08e1f4f7b7af719500f5f37a60c342ba812f69 Author: David Sterba Date: Mon Feb 13 14:24:35 2017 +0100 btrfs: qgroups: opencode qgroup_free helper The helper name is not too helpful and is just wrapping a simple call. Signed-off-by: David Sterba fs/btrfs/qgroup.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 9ea6e2b54847a08da87c118e6a197f27eb9b0159 Author: David Sterba Date: Mon Feb 13 14:07:02 2017 +0100 btrfs: remove unnecessary mutex lock in qgroup_account_snapshot The quota status used to be tracked as a variable, so the mutex was needed (until "Btrfs: add a flags field to btrfs_fs_info" afcdd129e05a9). Since the status is a bit modified atomically and we don't hold the mutex beyond the check, we can drop it. Signed-off-by: David Sterba fs/btrfs/transaction.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 81353d50f5274e435105391b669e05aaf62c8609 Author: David Sterba Date: Mon Feb 13 14:05:24 2017 +0100 btrfs: check quota status earlier and don't do unnecessary frees Status of quotas should be the first check in btrfs_qgroup_account_extent and we can return immediatelly, no need to do no-op ulist frees. Signed-off-by: David Sterba fs/btrfs/qgroup.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 53d3235995b3f87754a42de24d707f158c1b3b40 Author: David Sterba Date: Mon Feb 13 13:42:29 2017 +0100 btrfs: embed extent_changeset::range_changed to the structure We can embed range_changed to the extent changeset to address following problems: - no need to allocate ulist dynamically, we also get rid of the GFP_NOFS for free - fix lack of allocation failure checking in btrfs_qgroup_reserve_data The stack consuption where extent_changeset is used slightly increases: before: 16 after: 16 - 8 (for pointer) + 32 (sizeof ulist) = 40 Which is bearable. Reviewed-by: Qu Wenruo Signed-off-by: David Sterba fs/btrfs/extent_io.c | 2 +- fs/btrfs/extent_io.h | 2 +- fs/btrfs/qgroup.c | 24 +++++++++--------------- 3 files changed, 11 insertions(+), 17 deletions(-) commit 9d037933861805799db4edfd075412a39e2549f4 Author: David Sterba Date: Mon Feb 13 13:40:16 2017 +0100 btrfs: ulist: make the finalization function public Make ulist_fini externally visible so the ulist API is complete. Signed-off-by: David Sterba fs/btrfs/ulist.c | 2 +- fs/btrfs/ulist.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit 025db916aa7f2cf31183080a82ef090d30cf270f Author: David Sterba Date: Mon Feb 13 13:00:51 2017 +0100 btrfs: qgroups: make __del_qgroup_relation static Internal helper. Signed-off-by: David Sterba fs/btrfs/qgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1d4805386ef17ebaf6ada087138d548c469369ad Author: David Sterba Date: Mon Jan 23 17:28:19 2017 +0100 btrfs: make space cache inode readahead failure nonfatal We do a readahead of the free space cache inode to speed things up but the failure is not fatal, like in other readahead cases. Proper reads would need to happen anyway and any errors would be caught there. Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/free-space-cache.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit 6602caf149cc7698fc94160803c598ae708d686c Author: David Sterba Date: Mon Feb 13 12:41:02 2017 +0100 btrfs: use GFP_KERNEL in btrfs_add/del_qgroup_relation Qgroup relations are added/deleted from ioctl, we hold the high level qgroup lock, no deadlocks or recursion from the allocation possible here. Signed-off-by: David Sterba fs/btrfs/qgroup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 52bf8e7aeabb3d16abe2c30df60a0919bfaaaef4 Author: David Sterba Date: Mon Feb 13 11:03:44 2017 +0100 btrfs: use GFP_KERNEL in btrfs_quota_enable We don't need to use GFP_NOFS here as this is called from ioctls an the only lock held is the subvol_sem, which is of a high level and protects creation/renames/deletion and is never held in the writeout paths. Signed-off-by: David Sterba fs/btrfs/qgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 323b88f4ab668d957a75befcb1079ae9a6e9e4d1 Author: David Sterba Date: Mon Feb 13 12:10:20 2017 +0100 btrfs: use GFP_KERNEL in btrfs_read_qgroup_config The qgroup config is read during mount, we do not have to use NOFS. Signed-off-by: David Sterba fs/btrfs/qgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 23269bf5eafb3bd8036d9412a80cbfc25f98f1a3 Author: David Sterba Date: Mon Feb 13 11:03:44 2017 +0100 btrfs: use GFP_KERNEL in create_snapshot We don't need to use GFP_NOFS here as this is called from ioctls an the only lock held is the subvol_sem, which is of a high level and protects creation/renames/deletion and is never held in the writeout paths. Signed-off-by: David Sterba fs/btrfs/ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1af4a0aaa5d4bfcd17020f0620017a3057a9fb8d Author: Liu Bo Date: Mon Feb 13 15:35:09 2017 -0800 Btrfs: specify a new ordered extent type for create_io_em As 0 refers to an existing type BTRFS_ORDERED_IO_DONE, this specifies a new type 'REGULAR' for regular IO. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/inode.c | 8 ++++---- fs/btrfs/ordered-data.h | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) commit 6f9994dbabe5756df1922d84a568cbff74ae1323 Author: Liu Bo Date: Tue Jan 31 07:50:22 2017 -0800 Btrfs: create a helper to create em for IO We have similar codes to create and insert extent mapping around IO path, this merges them into a single helper. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/inode.c | 189 ++++++++++++++++++++++--------------------------------- 1 file changed, 74 insertions(+), 115 deletions(-) commit 4136135b080f5680fb31eda9348d1f636e4dbfb9 Author: Liu Bo Date: Mon Feb 13 15:42:21 2017 -0800 Btrfs: use helper to get used bytes of space_info This uses a helper instead of open code around used byte of space_info everywhere. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) commit 0c9b36e0d72c0648d5274adf9b7a2141e1085208 Author: Liu Bo Date: Mon Feb 13 15:42:30 2017 -0800 Btrfs: try to avoid acquiring free space ctl's lock We don't need to take the lock if the block group has not been cached. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) commit 6f6b643e44ef79cbd85e69800a06326805829aa8 Author: Qu Wenruo Date: Thu Feb 9 10:45:06 2017 +0800 btrfs: Better csum error message for data csum mismatch The original csum error message only outputs inode number, offset, check sum and expected check sum. However no root objectid is outputted, which sometimes makes debugging quite painful under multi-subvolume case (including relocation). Also the checksum output is decimal, which seldom makes sense for users/developers and is hard to read in most time. This patch will add root objectid, which will be %lld for rootid larger than LAST_FREE_OBJECTID, and hex csum output for better readability. Signed-off-by: Qu Wenruo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/btrfs_inode.h | 18 ++++++++++++++++++ fs/btrfs/compression.c | 6 ++---- fs/btrfs/inode.c | 5 ++--- 3 files changed, 22 insertions(+), 7 deletions(-) commit fe01aa65385c226d822013b90608b67c485f8dc6 Author: Takafumi Kubota Date: Thu Feb 9 17:24:33 2017 +0900 Btrfs: add another missing end_page_writeback on submit_extent_page failure If btrfs_bio_alloc fails in submit_extent_page, submit_extent_page returns without clearing the writeback bit of the failed page. __extent_writepage_io, that is a caller of submit_extent_page, does not clear the remaining writeback bit anywhere. As a result, this will cause the hang at filemap_fdatawait_range, because it waits the writeback bit to be cleared from the failed page. So, we have to call end_page_writeback to clear the writeback bit. For reproducing the hang, we inject a fault like if (should_failtest()) { // I define should_failtest() bio = NULL; } else { bio = btrfs_bio_alloc(...); } in submit_extent_page. We should also check whether page has the bit before end_page_writeback, to avoid the conflict against the other end_page_writeback in bio_endio. Thus, we add PageWriteback checks not only in __extent_writepage_io, but also in write_one_eb too, because it misses the check. Signed-off-by: Takafumi Kubota Reviewed-by: Liu Bo Cc: David Sterba Signed-off-by: David Sterba fs/btrfs/extent_io.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 66bbc1c0c0b283600abd187bf8c8c25ab7549307 Author: David Sterba Date: Thu Feb 9 16:47:43 2017 +0100 btrfs: remove unused ulist members Commit "btrfs: ulist: Add ulist_del() function" (d4b804045924d7f8) removed some debugging code but left the structure defintions. Reviewed-by: Qu Wenruo Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/ulist.h | 7 ------- 1 file changed, 7 deletions(-) commit 76c0021db8fdd9c68fbbace15067f3ab6d57d77a Author: Liu Bo Date: Fri Feb 10 16:42:14 2017 +0100 Btrfs: use helper to simplify lock/unlock pages Since we have a helper to set page bits, let lock_delalloc_pages and __unlock_for_delalloc use it. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent_io.c | 74 +++++++--------------------------------------------- 1 file changed, 10 insertions(+), 64 deletions(-) commit da2c7009f6cafe0a550cf57a1aa79e0f1b3093d6 Author: Liu Bo Date: Fri Feb 10 16:41:05 2017 +0100 btrfs: teach __process_pages_contig about PAGE_LOCK operation Signed-off-by: Liu Bo Reviewed-by: David Sterba [ changes to the helper separated from the following patch ] Signed-off-by: David Sterba fs/btrfs/extent_io.c | 48 ++++++++++++++++++++++++++++++++++++++++++------ fs/btrfs/extent_io.h | 3 ++- 2 files changed, 44 insertions(+), 7 deletions(-) commit 6ae3f8ad2017079292cb49c8959b527bcbcbefed Author: Russell Currey Date: Fri Feb 17 13:01:35 2017 +1100 powerpc: Add POWER9 architected mode to cputable PVR value of 0x0F000005 means we are arch v3.00 compliant (i.e. POWER9). Acked-by: Michael Neuling Signed-off-by: Russell Currey [mpe: Don't set num_pmcs, so we keep the PMU fields from the raw entry] Signed-off-by: Michael Ellerman arch/powerpc/kernel/cputable.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit a2391b35f1d9d5b51d43a9150c7239253565d5a6 Author: Madhavan Srinivasan Date: Sat Dec 24 11:35:49 2016 +0530 powerpc/perf: use is_kernel_addr macro in perf_get_misc_flags() Cleanup to use is_kernel_addr macro. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/core-book3s.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 78a16d9fc1206e1a484b6ac96348756f3846bfea Author: Madhavan Srinivasan Date: Mon Feb 13 17:02:54 2017 +0530 powerpc/perf: Avoid FAB_*_MATCH checks for power9 Since power9 does not support FAB_*_MATCH bits in MMCR1, avoid these checks for power9. For this, patch factor out code in isa207_get_constraint() to retain these checks only for power8. Patch also updates the comment in power9-pmu raw event encode layout to remove FAB_*_MATCH. Finally for power9, patch adds additional check for threshold events when adding the thresh mask and value in isa207_get_constraint(). fixes: 7ffd948fae4c ('powerpc/perf: factor out power8 pmu functions') fixes: 18201b204286 ('powerpc/perf: power9 raw event format encoding') Signed-off-by: Ravi Bangoria Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/isa207-common.c | 58 ++++++++++++++++++++++++++------------- arch/powerpc/perf/power9-pmu.c | 8 ++---- 2 files changed, 42 insertions(+), 24 deletions(-) commit 8d911904f3ce412b20874a9c95f82009dcbb007c Author: Madhavan Srinivasan Date: Sun Feb 12 22:33:15 2017 +0530 powerpc/perf: Add restrictions to PMC5 in power9 DD1 PMC5 on POWER9 DD1 may not provide right counts in all sampling scenarios, hence use PM_INST_DISP event instead in PMC2 or PMC3 in preference. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/isa207-common.h | 4 ++++ arch/powerpc/perf/power9-pmu.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 356d8ce3d0a4a1d7c8448c4d234121736ad3d471 Author: Madhavan Srinivasan Date: Sun Feb 12 22:33:14 2017 +0530 powerpc/perf: Use Instruction Counter value Since PM_INST_DISP include speculative instruction, based on the workload the dispatch count could vary considerably. Hence as an alternative, for completed instruction counting, program the PM_INST_DISP event to the MMCR* but use Instruction Counter register value. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/core-book3s.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) commit 8a088542c8f8d0bb458e4db2c01a2534f1adaf47 Author: Madhavan Srinivasan Date: Sun Feb 12 22:33:13 2017 +0530 powerpc/perf: Use PM_INST_DISP for generic instructions sample Since PM_INST_CMPL may not provide right counts in all sampling scenarios in power9 DD1, instead use PM_INST_DISP. Patch also update generic instruction sampling with the same. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/power9-pmu.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) commit a114aca57a59cd92189bf3795ac082a5e8fac0f1 Author: Madhavan Srinivasan Date: Sun Feb 12 22:33:12 2017 +0530 powerpc/perf: Add alternative event table and function for power9 Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/power9-pmu.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit ac19670eb1798749121647bd9f0b403f52e31e6b Author: Madhavan Srinivasan Date: Sun Feb 12 22:33:11 2017 +0530 powerpc/perf: Add PM_INST_DISP event to Power9 event list Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/power9-events-list.h | 3 +++ 1 file changed, 3 insertions(+) commit efe881afdd9996ccbcd2a09c93b724f4ffc25991 Author: Madhavan Srinivasan Date: Sun Feb 12 22:33:10 2017 +0530 powerpc/perf: Factor out event_alternative function Factor out the power8 event_alternative function to share the code with power9. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/isa207-common.c | 36 ++++++++++++++++++++++++++++++++++++ arch/powerpc/perf/isa207-common.h | 3 +++ arch/powerpc/perf/power8-pmu.c | 35 ++--------------------------------- 3 files changed, 41 insertions(+), 33 deletions(-) commit 1e561f6166bacb9c12d6fa1d23df07999674573e Author: John Hsu Date: Fri Feb 17 09:55:33 2017 +0800 ASoC: nau8825: automatic BCLK and LRC divde in master mode configurable LRC and BCLK divide. The driver will make configurations of LRC and BCLK automatically according to BCLK and FS information in master mode. Signed-off-by: John Hsu Signed-off-by: Mark Brown sound/soc/codecs/nau8825.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit d1be371d4f4c12d11023c9fc795e5d460d960680 Author: Zhao, Xinda Date: Fri Feb 17 14:38:33 2017 +0800 drm/i915/gvt: handle fence reg access during GPU reset Lots of reduntant log info will be printed out during GPU reset, including accessing untracked mmio register and fence register, variable disable_warn_untrack is added previously to handle the situation, but the accessing of fence register is ignored in the previously patch, so add it back. Besides, set the variable disable_warn_untrack to the defalut value after GPU reset is finished. Signed-off-by: Zhao, Xinda Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 15 +++++++++------ drivers/gpu/drm/i915/gvt/mmio.c | 2 ++ 2 files changed, 11 insertions(+), 6 deletions(-) commit fd64be636708d808852c4c8c1efce0a0a51c24c5 Author: Min He Date: Fri Feb 17 15:02:36 2017 +0800 drm/i915/gvt: introduced failsafe mode into vgpu New failsafe mode is introduced, when we detect guest not supporting GVT-g. In failsafe mode, we will ignore all the MMIO and cfg space read/write from guest. This patch can fix the issue that when guest kernel or graphics driver version is too low, there will be a lot of kernel traces in host. V5: rebased onto latest gvt-staging V4: changed coding style by Zhenyu and Ping's advice V3: modified coding style and error messages according to Zhenyu's comment V2: 1) implemented MMIO/GTT/WP pages read/write logic; 2) used a unified function to enter failsafe mode Signed-off-by: Min He Signed-off-by: Pei Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cfg_space.c | 3 ++ drivers/gpu/drm/i915/gvt/gvt.h | 6 ++++ drivers/gpu/drm/i915/gvt/handlers.c | 36 +++++++++++++++++++++ drivers/gpu/drm/i915/gvt/mmio.c | 62 ++++++++++++++++++++++++++++++++++++ drivers/gpu/drm/i915/gvt/vgpu.c | 6 +++- 5 files changed, 112 insertions(+), 1 deletion(-) commit 8fd4a62d875945fc8aacdb92fdc90161ec1d9bae Merge: 9ca7035 eb875d8 Author: Dave Airlie Date: Fri Feb 17 17:43:07 2017 +1000 Merge branch 'linux-4.11' of git://github.com/skeggsb/linux into drm-next - Rework of the secure boot code, in preparation for GP10x secure boot. - Improvements to channel recovery - Initial power budget code - Some preparation for an upcoming MMU rework (probably 4.12) - Misc other fixes. * 'linux-4.11' of git://github.com/skeggsb/linux: (88 commits) drm/nouveau/tmr: provide backtrace when a timeout is hit drm/nouveau/pci/g92: Fix rearm drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios drm/nouveau/hwmon: expose power_max and power_crit drm/nouveau/iccsense: Parse max and crit power level drm/nouveau/bios/power_budget: Add basic power budget parsing drm/nouveau/fifo/gk104-: preempt recovery drm/nouveau/fifo/gk104-: trigger mmu fault before attempting engine recovery drm/nouveau/fifo/gk104-: ACK SCHED_ERROR before attempting CTXSW_TIMEOUT recovery drm/nouveau/fifo/gk104-: directly use new recovery code for ctxsw timeout drm/nouveau/fifo/gk104-: directly use new recovery code for mmu faults drm/nouveau/fifo/gk104-: reset all engines a killed channel is still active on drm/nouveau/fifo/gk104-: refactor recovery code drm/nouveau/fifo/gk104-: better detection of chid when parsing engine status drm/nouveau/fifo/gk104-: separate out engine status parsing drm/nouveau/fifo: add an api for initiating channel recovery drm/nouveau/top: add function to translate subdev index to mmu fault id drm/nouveau/gr/gf100-: implement chsw_load() method drm/nouveau/gr: implement chsw_load() method drm/nouveau/core: add engine method to assist in determining chsw direction ... commit eb875d87d9ef87cb5565e2e1c4c720e9d4ee591c Author: Ben Skeggs Date: Fri Feb 17 15:08:10 2017 +1000 drm/nouveau/tmr: provide backtrace when a timeout is hit Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/subdev/timer.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 5112abc6a43372b2c1934717ed9bf132a427c46c Author: Karol Herbst Date: Sat Feb 11 12:58:17 2017 +0100 drm/nouveau/pci/g92: Fix rearm 704a6c008b7942bb7f30bb43d2a6bcad7f543662 broke pci msi rearm for g92 GPUs. g92 needs the nv46_pci_msi_rearm, where g94+ gpus used nv40_pci_msi_rearm. Reported-by: Andrew Randrianasulu Signed-off-by: Karol Herbst Signed-off-by: Ben Skeggs Cc: stable@vger.kernel.org drivers/gpu/drm/nouveau/include/nvkm/subdev/pci.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/device/base.c | 20 ++++----- drivers/gpu/drm/nouveau/nvkm/subdev/pci/Kbuild | 1 + drivers/gpu/drm/nouveau/nvkm/subdev/pci/g92.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/pci/g94.c | 49 +++++++++++++++++++++++ 5 files changed, 62 insertions(+), 11 deletions(-) commit 800efb4c2857ec543fdc33585bbcb1fd5ef28337 Author: Martin Peres Date: Thu Sep 29 03:41:35 2016 +0300 drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios This seems to be absolutely necessary for a lot of NV40. Reported-by: gsgf on IRC/freenode Signed-off-by: Martin Peres Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/therm/base.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) commit 7722e1b0b6accab2ca11da0e9c708459fff65fb4 Author: Karol Herbst Date: Mon Jan 23 23:10:13 2017 +0100 drm/nouveau/hwmon: expose power_max and power_crit Signed-off-by: Karol Herbst Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_hwmon.c | 44 +++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) commit 1efc3c4b9f5410aa8bae10bd4dc28573a0d31ab3 Author: Karol Herbst Date: Mon Jan 23 23:10:12 2017 +0100 drm/nouveau/iccsense: Parse max and crit power level Signed-off-by: Karol Herbst Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/include/nvkm/subdev/iccsense.h | 3 +++ drivers/gpu/drm/nouveau/nvkm/subdev/iccsense/base.c | 20 ++++++++++++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) commit e5f8eabc0077ea3f77b3362e28d3969ae62e70f0 Author: Karol Herbst Date: Mon Jan 23 23:10:11 2017 +0100 drm/nouveau/bios/power_budget: Add basic power budget parsing v2: Set entry to 0xff if not found Add cap entry for ver 0x30 tables Rework to fix memory leak v3: More error checks Simplify check for invalid entries v4: disable for ver 0x10 for now move assignments after the second last return Signed-off-by: Karol Herbst Signed-off-by: Ben Skeggs .../include/nvkm/subdev/bios/power_budget.h | 26 +++++ drivers/gpu/drm/nouveau/nvkm/subdev/bios/Kbuild | 1 + .../drm/nouveau/nvkm/subdev/bios/power_budget.c | 126 +++++++++++++++++++++ 3 files changed, 153 insertions(+) commit 75d115f2aae145fd7dfed29703ce063e3e7bb716 Author: Ben Skeggs Date: Wed Jan 18 18:40:48 2017 +1000 drm/nouveau/fifo/gk104-: preempt recovery Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/gpfifogk104.c | 1 + 1 file changed, 1 insertion(+) commit 3ebef76a1d46cd7e45aee6ad3efff9683b3a0f07 Author: Ben Skeggs Date: Wed Jan 18 15:37:24 2017 +1000 drm/nouveau/fifo/gk104-: trigger mmu fault before attempting engine recovery Greatly improves the chances of recovering the GPU from a CTXSW_TIMEOUT. Tested with piglit's arb_shader_image_load_store-atomicity, which causes GR to hang in such a way that recovery failed (CTXSW_TIMEOUT continually re-triggers). Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 41 ++++++++++++++++++++++++ 1 file changed, 41 insertions(+) commit 03f16f5f278af9ef477aa847fda4b09ed87dc382 Author: Ben Skeggs Date: Wed Jan 18 16:05:15 2017 +1000 drm/nouveau/fifo/gk104-: ACK SCHED_ERROR before attempting CTXSW_TIMEOUT recovery Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 91b9d659abfd557f79a02c0bc1f92393fdba1e22 Author: Ben Skeggs Date: Wed Jan 18 16:03:44 2017 +1000 drm/nouveau/fifo/gk104-: directly use new recovery code for ctxsw timeout Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 30 +++++------------------- 1 file changed, 6 insertions(+), 24 deletions(-) commit 3534821df5e3635e3e7914a4802a74497815817e Author: Ben Skeggs Date: Wed Jan 18 16:01:11 2017 +1000 drm/nouveau/fifo/gk104-: directly use new recovery code for mmu faults Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/base.c | 18 ++++++++++++++---- drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 24 ++++++++++++++++++++---- drivers/gpu/drm/nouveau/nvkm/engine/fifo/priv.h | 3 +++ 3 files changed, 37 insertions(+), 8 deletions(-) commit eaa5ed65eebb3ee9679a5f7b597c34a6207843c2 Author: Ben Skeggs Date: Wed Jan 18 15:35:16 2017 +1000 drm/nouveau/fifo/gk104-: reset all engines a killed channel is still active on Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 0faaa47d440df5302132c47f8f84b3f61d9fc424 Author: Ben Skeggs Date: Wed Jan 18 15:22:43 2017 +1000 drm/nouveau/fifo/gk104-: refactor recovery code This will serve as a basis for implementing some improvements to how we recover the GPU from channel errors. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 95 ++++++++++++++++++++---- 1 file changed, 81 insertions(+), 14 deletions(-) commit ec5c6bda19408b78f8bc0e0592c7805e8550470f Author: Ben Skeggs Date: Mon Jan 16 10:36:00 2017 +1000 drm/nouveau/fifo/gk104-: better detection of chid when parsing engine status The previous commit simply changes the interface, but should result in the same behaviour as previously. This commit has been split out from it as it can result in a different channel being selected. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit b88917fe0fbb1a8479545ba62496ff71d63b397b Author: Ben Skeggs Date: Mon Jan 16 10:14:36 2017 +1000 drm/nouveau/fifo/gk104-: separate out engine status parsing We'll be wanting to reuse this logic in more places. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 59 ++++++++++++++++++------ 1 file changed, 46 insertions(+), 13 deletions(-) commit 21e6de29bb12f82161c2822ebb85dbf9103de4c1 Author: Ben Skeggs Date: Thu Jan 26 12:10:24 2017 +1000 drm/nouveau/fifo: add an api for initiating channel recovery This will be used by callers outside of fifo interrupt handlers. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/base.c | 11 +++++++++++ drivers/gpu/drm/nouveau/nvkm/engine/fifo/priv.h | 2 ++ 2 files changed, 13 insertions(+) commit 13416077e54354df19d3a4f98e574cce451cec2d Author: Ben Skeggs Date: Wed Jan 18 14:57:01 2017 +1000 drm/nouveau/top: add function to translate subdev index to mmu fault id Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/subdev/top.h | 1 + drivers/gpu/drm/nouveau/nvkm/subdev/top/base.c | 14 ++++++++++++++ 2 files changed, 15 insertions(+) commit 6845c313f79fd44c64834b98d4341187e77b2377 Author: Ben Skeggs Date: Mon Jan 16 10:28:54 2017 +1000 drm/nouveau/gr/gf100-: implement chsw_load() method Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 71ce33a28a06fed624b796189c14d960684cf830 Author: Ben Skeggs Date: Mon Jan 16 10:25:10 2017 +1000 drm/nouveau/gr: implement chsw_load() method Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/gr/base.c | 10 ++++++++++ drivers/gpu/drm/nouveau/nvkm/engine/gr/priv.h | 1 + 2 files changed, 11 insertions(+) commit 17041c7eef2efb998b28f770442156401701cd3c Author: Ben Skeggs Date: Mon Jan 16 10:22:59 2017 +1000 drm/nouveau/core: add engine method to assist in determining chsw direction FIFO gives us load/save/switch status, and we need to be able to determine which direction a "switch" is failing during channel recovery. In order to do this, we apparently need to query the engine itself. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/engine.h | 2 ++ drivers/gpu/drm/nouveau/nvkm/core/engine.c | 8 ++++++++ 2 files changed, 10 insertions(+) commit 84cd0a55659ad7ab5792d5319b315e1e5bba312a Author: Ben Skeggs Date: Tue Jan 24 16:56:52 2017 +1000 drm/nouveau: check for dead channel before trying to idle This prevents *very* long waits while attempting to destroy channels after a fault has occurred. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_chan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d8cc37d878d695fc2a88b4777cdfea8bca9fdcb5 Author: Ben Skeggs Date: Sat Nov 5 13:31:25 2016 +1000 drm/nouveau: request notifications for channels that have been killed These will be used to improve error recovery behaviour. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_chan.c | 26 ++++++++++++++++++++++++++ drivers/gpu/drm/nouveau/nouveau_chan.h | 5 ++++- 2 files changed, 30 insertions(+), 1 deletion(-) commit ff9f29abf0ef4c43e696bef7621884518e6bdbda Author: Ben Skeggs Date: Sat Nov 5 13:05:14 2016 +1000 drm/nouveau/fifo/gf100-: provide notification to user if channel is killed There are instances (such as non-recoverable GPU page faults) where NVKM decides that a channel's context is no longer viable, and will be removed from the runlist. This commit notifies the owner of the channel when this happens, so it has the opportunity to take some kind of recovery action instead of hanging. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvif/cl906f.h | 1 + drivers/gpu/drm/nouveau/include/nvif/cla06f.h | 1 + drivers/gpu/drm/nouveau/include/nvkm/engine/fifo.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/fifo/base.c | 32 +++++++++++++++++++++- drivers/gpu/drm/nouveau/nvkm/engine/fifo/chan.h | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/fifo/chang84.c | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/fifo/gf100.c | 1 + drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 1 + .../gpu/drm/nouveau/nvkm/engine/fifo/gpfifogf100.c | 19 ++++++++++++- .../gpu/drm/nouveau/nvkm/engine/fifo/gpfifogk104.c | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/fifo/priv.h | 1 + 11 files changed, 58 insertions(+), 5 deletions(-) commit 40cea73984a77acb714e1d4a60a47fdfb07b656f Author: Ben Skeggs Date: Tue Jan 24 16:08:14 2017 +1000 drm/nouveau/fifo/g84-: rename non-stall interrupt event Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvif/cl826e.h | 2 +- drivers/gpu/drm/nouveau/include/nvif/cl826f.h | 2 +- drivers/gpu/drm/nouveau/include/nvif/cl906f.h | 2 +- drivers/gpu/drm/nouveau/include/nvif/cla06f.h | 2 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/fifo/chang84.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) commit e774055a074b6715193c2984024eecf8fdf8dbd1 Author: Ben Skeggs Date: Sat Nov 5 13:12:57 2016 +1000 drm/nouveau/fifo: tidy up channel creation event code Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/base.c | 16 +++++++++++----- drivers/gpu/drm/nouveau/nvkm/engine/fifo/chan.c | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/fifo/priv.h | 1 + 3 files changed, 13 insertions(+), 6 deletions(-) commit 86d7442baa6ec9f563343fd8515531201312de44 Author: Ben Skeggs Date: Sat Nov 5 14:14:20 2016 +1000 drm/nouveau/core: increase maximum number of notifies that a client can request Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ca33fafdc9020720a9773fd416c94fe68aef7220 Author: Martin Peres Date: Wed Jan 18 23:49:21 2017 +0200 drm/nouveau/drm/nouveau/led: prevent a possible use-after-free If the led class registration fails, we free drm->led but do not reset it to NULL, which means that the suspend/resume/fini function will act as if everything went well in init() and will likely crash the kernel. This patch adds the missing drm->led = NULL. Reported-by: Emmanuel Pescosta Signed-off-by: Martin Peres Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_led.c | 1 + 1 file changed, 1 insertion(+) commit 443828fd9e6097464aa3fd32199bbba3a3bf7e88 Author: Karol Herbst Date: Sun Nov 20 00:43:15 2016 +0100 drm/nouveau/pci/g92: Enable changing pcie link speeds Tested on a G92, seems to work. Confirmed by 8 mmiotraces. Signed-off-by: Karol Herbst Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/device/base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 725af748266727c4aebdfa7e02c2e289435a4d3b Author: Karol Herbst Date: Sun Nov 20 00:43:14 2016 +0100 drm/nouveau/pci: Rename g94 to g92 Signed-off-by: Karol Herbst Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/subdev/pci.h | 2 +- drivers/gpu/drm/nouveau/nvkm/engine/device/base.c | 20 ++++---- drivers/gpu/drm/nouveau/nvkm/subdev/pci/Kbuild | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/pci/g92.c | 57 +++++++++++++++++++++++ drivers/gpu/drm/nouveau/nvkm/subdev/pci/g94.c | 57 ----------------------- drivers/gpu/drm/nouveau/nvkm/subdev/pci/gf100.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/pci/gf106.c | 2 +- drivers/gpu/drm/nouveau/nvkm/subdev/pci/priv.h | 2 +- 8 files changed, 72 insertions(+), 72 deletions(-) commit 9f1c4dbd3def9bc43601b89c94666e660f2f2646 Author: Ben Skeggs Date: Mon Jan 16 13:44:11 2017 +1000 drm/nouveau/devinit/nv50: return error code if pll calculation fails Reported-by: Dan Carpenter Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/devinit/nv50.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0879683280508ea3d474dcaf91b4658985824513 Author: Ilia Mirkin Date: Thu Jan 5 01:13:15 2017 -0500 drm/nouveau: fix bug id typo in comment The issue was recorded in fd.o bug 27501, not 25701. Signed-off-by: Ilia Mirkin Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/fb/rammcp77.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4d8b3d34c323e4692a69c7ab063c157773c34f0f Author: Ben Skeggs Date: Mon May 23 12:34:49 2016 +1000 drm/nouveau: size is u64 everywhere Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_bo.c | 34 ++++++++++++++++++---------------- drivers/gpu/drm/nouveau/nouveau_bo.h | 2 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +- drivers/gpu/drm/nouveau/nouveau_gem.h | 2 +- 4 files changed, 21 insertions(+), 19 deletions(-) commit 0e47b0275bdb40a9dab7a86535b1fcd85d874007 Author: Philipp Zabel Date: Thu Feb 16 14:46:31 2017 +0100 gpu: ipu-v3: Stop overwriting pdev->dev.of_node of child devices Setting dev->of_node changes the modalias and breaks module autoloading. Since there is an of_node field in the platform data passed to child devices, we don't even need this anymore. Suggested-by: Russell King Signed-off-by: Philipp Zabel drivers/gpu/ipu-v3/ipu-common.c | 6 ------ 1 file changed, 6 deletions(-) commit 5f1eb69446f4ec2401560d252c9a95991e80797d Author: Philipp Zabel Date: Thu Feb 16 12:36:21 2017 +0100 gpu: ipu-v3: export ipu_csi_set_downsize This function will be used by the media drivers and needs to be exported to allow them to be built as modules. Reported-by: Russell King Fixes: 867341b95891 ("gpu: ipu-v3: add ipu_csi_set_downsize") Signed-off-by: Philipp Zabel drivers/gpu/ipu-v3/ipu-csi.c | 1 + 1 file changed, 1 insertion(+) commit f57c511a9d1e8625879abd032e3cbf4bd25bbafa Author: Philipp Zabel Date: Fri Jan 27 11:57:19 2017 +0100 drm/imx: lift 64x64 pixel minimum framebuffer size requirement There is no reason to limit framebuffer size to 64x64 pixels at a minimum on creation. The actual scanout limitations (width >= 13 for the base plane and height >= 2) are checked in atomic_check. Signed-off-by: Philipp Zabel Reviewed-by: Lucas Stach drivers/gpu/drm/imx/imx-drm-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit fc12bccda8b6f5c38139eceec9e369ed78091b2b Author: Fabio Estevam Date: Wed Feb 8 10:47:49 2017 -0200 drm/imx: imx-tve: Do not set the regulator voltage Commit deb65870b5d9d ("drm/imx: imx-tve: check the value returned by regulator_set_voltage()") exposes the following probe issue: 63ff0000.tve supply dac not found, using dummy regulator imx-drm display-subsystem: failed to bind 63ff0000.tve (ops imx_tve_ops): -22 When the 'dac-supply' is not passed in the device tree a dummy regulator is used and setting its voltage is not allowed. To fix this issue, do not set the dac-supply voltage inside the driver and let its voltage be specified in the device tree. Print a warning if the the 'dac-supply' voltage has a value different from 2.75V. Fixes: deb65870b5d9d ("drm/imx: imx-tve: check the value returned by regulator_set_voltage()") Cc: # 4.8+ Suggested-by: Lucas Stach Signed-off-by: Fabio Estevam Signed-off-by: Philipp Zabel drivers/gpu/drm/imx/imx-tve.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 753843471cbbaeca25a5cab51981ee721ad272f7 Author: Sahil Mehta Date: Wed Feb 15 13:46:18 2017 -0500 powerpc/pseries: Implement indexed-count hotplug memory remove Indexed-count remove for memory hotplug guarantees that a contiguous block of lmbs beginning at a specified will be unassigned (NOT that lmbs will be removed). Because of Qemu's per-DIMM memory management, the removal of a contiguous block of memory currently requires a series of individual calls. Indexed-count remove reduces this series into a single call. Signed-off-by: Sahil Mehta Signed-off-by: Nathan Fontenot Signed-off-by: Michael Ellerman arch/powerpc/platforms/pseries/hotplug-memory.c | 98 +++++++++++++++++++++++++ 1 file changed, 98 insertions(+) commit 333f7b76865bec24c66710cf352f892d69e3ba0a Author: Sahil Mehta Date: Wed Feb 15 13:45:56 2017 -0500 powerpc/pseries: Implement indexed-count hotplug memory add Indexed-count add for memory hotplug guarantees that a contiguous block of lmbs beginning at a specified will be assigned, any LMBs in this range that are not already assigned will be DLPAR added. Because of Qemu's per-DIMM memory management, the addition of a contiguous block of memory currently requires a series of individual calls to add each LMB in the block. Indexed-count add reduces this series of calls to a single call for the entire block. Signed-off-by: Sahil Mehta Signed-off-by: Nathan Fontenot Signed-off-by: Michael Ellerman arch/powerpc/include/asm/rtas.h | 2 + arch/powerpc/platforms/pseries/dlpar.c | 38 +++++++- arch/powerpc/platforms/pseries/hotplug-memory.c | 119 ++++++++++++++++++++++-- 3 files changed, 147 insertions(+), 12 deletions(-) commit f655e67ac8d797425abb0404d0878758f3f71c1a Author: Zhenyu Wang Date: Thu Feb 16 14:10:01 2017 +0800 drm/i915/gvt: Fix check error on opregion.c As we switched to memremap for opregion, shouldn't use any __iomem for that, and move to use memcpy instead. This fixed static check errors for: CHECK drivers/gpu/drm/i915//gvt/opregion.c drivers/gpu/drm/i915//gvt/opregion.c:142:31: warning: incorrect type in argument 1 (different address spaces) drivers/gpu/drm/i915//gvt/opregion.c:142:31: expected void *addr drivers/gpu/drm/i915//gvt/opregion.c:142:31: got void [noderef] *opregion_va drivers/gpu/drm/i915//gvt/opregion.c:160:35: warning: incorrect type in assignment (different address spaces) drivers/gpu/drm/i915//gvt/opregion.c:160:35: expected void [noderef] *opregion_va drivers/gpu/drm/i915//gvt/opregion.c:160:35: got void * Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gvt.h | 2 +- drivers/gpu/drm/i915/gvt/opregion.c | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) commit 1228f7befbf3280906e75f532a1700c7d3138117 Author: Heiko Carstens Date: Thu Feb 16 10:41:52 2017 +0100 s390: add missing "do {} while (0)" loop constructs to multiline macros Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/ctl_reg.h | 8 ++++---- arch/s390/include/asm/processor.h | 4 ++-- arch/s390/include/asm/uaccess.h | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) commit 549f2bf594782faa440055255831c9a51940a651 Author: Heiko Carstens Date: Mon Feb 13 15:20:18 2017 +0100 s390/mm: add cond_resched call to kernel page table dumper Walking kernel page tables within the kernel page table dumper may potentially take a lot of time. This may lead to soft lockup warning messages. To avoid this add a cond_resched call for each pgd_level iteration. This is the same as "x86/mm/ptdump: Fix soft lockup in page table walker" for x86. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/mm/dump_pagetables.c | 2 ++ 1 file changed, 2 insertions(+) commit 466178fc4e2937685edb7be005da4eb28bb81d72 Author: Heiko Carstens Date: Mon Feb 13 15:11:15 2017 +0100 s390: get rid of MACHINE_HAS_PFMF and MACHINE_HAS_HPAGE Both MACHINE_HAS_PFMF and MACHINE_HAS_HPAGE are just an alias for MACHINE_HAS_EDAT1. So simply use MACHINE_HAS_EDAT1 instead. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/hugetlb.h | 2 +- arch/s390/include/asm/pgtable.h | 2 +- arch/s390/include/asm/setup.h | 3 --- arch/s390/kernel/setup.c | 2 +- 4 files changed, 3 insertions(+), 6 deletions(-) commit 604ddad038bfa0ae6f447c2ff29fcd430cec8181 Author: Heiko Carstens Date: Mon Feb 13 14:58:36 2017 +0100 s390/mm: make memory_block_size_bytes available for !MEMORY_HOTPLUG Fix this compile error for !MEMORY_HOTPLUG && NUMA: arch/s390/built-in.o: In function `emu_setup_size_adjust': arch/s390/numa/mode_emu.c:477: undefined reference to `memory_block_size_bytes' Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/mm/init.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 187b5f41b4f15feae8b59e3a9ccaa7df85518bbb Author: Christian Borntraeger Date: Fri Feb 10 12:34:49 2017 +0100 s390: replace ACCESS_ONCE with READ_ONCE Remove the last places of ACCESS_ONCE in s390 code. Signed-off-by: Christian Borntraeger Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/spinlock.h | 2 +- arch/s390/kernel/idle.c | 14 +++++++------- arch/s390/lib/spinlock.c | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) commit d321796753f5305a00a5f4996dbbb996994df45c Author: Paul Gortmaker Date: Thu Feb 9 15:20:25 2017 -0500 s390: Audit and remove any remaining unnecessary uses of module.h Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in doing so is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h was the source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each change instance for the presence of either and replace as needed. An instance where module_param was used without moduleparam.h was also fixed, as well as implicit use of ptrace.h and string.h headers. Signed-off-by: Paul Gortmaker Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/livepatch.h | 2 +- arch/s390/kvm/kvm-s390.c | 1 + arch/s390/lib/delay.c | 2 +- arch/s390/lib/spinlock.c | 2 +- arch/s390/lib/string.c | 3 ++- arch/s390/lib/xor.c | 2 +- 6 files changed, 7 insertions(+), 5 deletions(-) commit ff24b07abbe0a513ba4b5083c8aeaca6d548e364 Author: Paul Gortmaker Date: Thu Feb 9 15:20:24 2017 -0500 s390: mm: Audit and remove any unnecessary uses of module.h Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in doing so is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h was the source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each change instance for the presence of either and replace as needed. An instance where module_param was used without moduleparam.h was also fixed, as well as an implict use of asm/elf.h header. Signed-off-by: Paul Gortmaker Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/mm/cmm.c | 1 + arch/s390/mm/dump_pagetables.c | 1 - arch/s390/mm/extmem.c | 2 +- arch/s390/mm/mem_detect.c | 1 - arch/s390/mm/mmap.c | 2 +- arch/s390/mm/pageattr.c | 1 - arch/s390/mm/vmem.c | 2 +- 7 files changed, 4 insertions(+), 6 deletions(-) commit 3994a52b54569c4d71d43e3e00464eb9127f86a5 Author: Paul Gortmaker Date: Thu Feb 9 15:20:23 2017 -0500 s390: kernel: Audit and remove any unnecessary uses of module.h Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in doing so is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h was the source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each change instance for the presence of either and replace as needed. Build testing revealed some implicit header usage that was fixed up accordingly. Signed-off-by: Paul Gortmaker Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/compat_linux.c | 1 - arch/s390/kernel/cpcmd.c | 2 +- arch/s390/kernel/crash_dump.c | 3 ++- arch/s390/kernel/debug.c | 2 +- arch/s390/kernel/diag.c | 3 ++- arch/s390/kernel/dis.c | 2 +- arch/s390/kernel/ebcdic.c | 4 ++-- arch/s390/kernel/ipl.c | 3 ++- arch/s390/kernel/irq.c | 3 ++- arch/s390/kernel/jump_label.c | 1 - arch/s390/kernel/nmi.c | 2 +- arch/s390/kernel/process.c | 2 +- arch/s390/kernel/smp.c | 2 +- arch/s390/kernel/stacktrace.c | 2 +- arch/s390/kernel/sysinfo.c | 2 +- arch/s390/kernel/time.c | 2 +- arch/s390/kernel/vdso.c | 2 +- 17 files changed, 20 insertions(+), 18 deletions(-) commit a4a81d8eebdc1d209d034f62a082a5131e4242b5 Author: Michael Holzheu Date: Tue Feb 7 18:09:14 2017 +0100 s390/kdump: Use "LINUX" ELF note name instead of "CORE" In binutils/libbfd (bfd/elf.c) it is enforced that all s390 specific ELF notes like e.g. NT_S390_PREFIX or NT_S390_CTRS have "LINUX" specified as note name. Otherwise the notes are ignored. For /proc/vmcore we currently use "CORE" for these notes. Up to now this has not been a real problem because the dump analysis tool "crash" does not check the note name. But it will break all programs that use libbfd for processing ELF notes. So fix this and use "LINUX" for all s390 specific notes to comply with libbfd. Cc: stable@vger.kernel.org # v4.4+ Reported-by: Philipp Rudo Reviewed-by: Philipp Rudo Signed-off-by: Michael Holzheu Signed-off-by: Martin Schwidefsky arch/s390/kernel/crash_dump.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit d67a5f4b5947aba4bfe9a80a2b86079c215ca755 Author: Mikulas Patocka Date: Wed Feb 15 11:26:10 2017 -0500 dm: flush queued bios when process blocks to avoid deadlock Commit df2cb6daa4 ("block: Avoid deadlocks with bio allocation by stacking drivers") created a workqueue for every bio set and code in bio_alloc_bioset() that tries to resolve some low-memory deadlocks by redirecting bios queued on current->bio_list to the workqueue if the system is low on memory. However other deadlocks (see below **) may happen, without any low memory condition, because generic_make_request is queuing bios to current->bio_list (rather than submitting them). ** the related dm-snapshot deadlock is detailed here: https://www.redhat.com/archives/dm-devel/2016-July/msg00065.html Fix this deadlock by redirecting any bios on current->bio_list to the bio_set's rescue workqueue on every schedule() call. Consequently, when the process blocks on a mutex, the bios queued on current->bio_list are dispatched to independent workqueus and they can complete without waiting for the mutex to be available. The structure blk_plug contains an entry cb_list and this list can contain arbitrary callback functions that are called when the process blocks. To implement this fix DM (ab)uses the onstack plug's cb_list interface to get its flush_current_bio_list() called at schedule() time. This fixes the snapshot deadlock - if the map method blocks, flush_current_bio_list() will be called and it redirects bios waiting on current->bio_list to appropriate workqueues. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1267650 Depends-on: df2cb6daa4 ("block: Avoid deadlocks with bio allocation by stacking drivers") Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer drivers/md/dm.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) commit 37a098e9d10db6e2efc05fe61e3a6ff2e9802c53 Author: Mike Snitzer Date: Thu Feb 16 23:57:17 2017 -0500 dm round robin: revert "use percpu 'repeat_count' and 'current_path'" The sloppy nature of lockless access to percpu pointers (s->current_path) in rr_select_path(), from multiple threads, is causing some paths to used more than others -- which results in less IO performance being observed. Revert these upstream commits to restore truly symmetric round-robin IO submission in DM multipath: b0b477c dm round robin: use percpu 'repeat_count' and 'current_path' 802934b dm round robin: do not use this_cpu_ptr() without having preemption disabled There is no benefit to all this complexity if repeat_count = 1 (which is the recommended default). Cc: stable@vger.kernel.org # 4.6+ Signed-off-by: Mike Snitzer drivers/md/dm-round-robin.c | 67 ++++++++++----------------------------------- 1 file changed, 14 insertions(+), 53 deletions(-) commit 605f9ccd7d0ad603d8df9301f3f400be5d8081d9 Author: Ben Skeggs Date: Tue May 17 11:13:37 2016 +1000 drm/nouveau: s/mem/reg/ for struct ttm_mem_reg variables Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_bo.c | 266 ++++++++++++++++---------------- drivers/gpu/drm/nouveau/nouveau_sgdma.c | 12 +- drivers/gpu/drm/nouveau/nouveau_ttm.c | 48 +++--- drivers/gpu/drm/nouveau/nv17_fence.c | 6 +- drivers/gpu/drm/nouveau/nv50_fence.c | 6 +- 5 files changed, 169 insertions(+), 169 deletions(-) commit 1167c6bc51880cb74a3b1a02286fc25392684281 Author: Ben Skeggs Date: Wed May 18 13:57:42 2016 +1000 drm/nouveau: allocate device object for every client Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/dispnv04/arb.c | 6 +-- drivers/gpu/drm/nouveau/dispnv04/crtc.c | 38 +++++++------- drivers/gpu/drm/nouveau/dispnv04/cursor.c | 2 +- drivers/gpu/drm/nouveau/dispnv04/dac.c | 18 +++---- drivers/gpu/drm/nouveau/dispnv04/dfp.c | 12 ++--- drivers/gpu/drm/nouveau/dispnv04/disp.c | 6 +-- drivers/gpu/drm/nouveau/dispnv04/disp.h | 6 +-- drivers/gpu/drm/nouveau/dispnv04/hw.c | 80 ++++++++++++++--------------- drivers/gpu/drm/nouveau/dispnv04/hw.h | 42 +++++++-------- drivers/gpu/drm/nouveau/dispnv04/overlay.c | 16 +++--- drivers/gpu/drm/nouveau/dispnv04/tvnv04.c | 4 +- drivers/gpu/drm/nouveau/dispnv04/tvnv17.c | 16 +++--- drivers/gpu/drm/nouveau/dispnv04/tvnv17.h | 4 +- drivers/gpu/drm/nouveau/nouveau_abi16.c | 4 +- drivers/gpu/drm/nouveau/nouveau_backlight.c | 24 ++++----- drivers/gpu/drm/nouveau/nouveau_bios.c | 18 +++---- drivers/gpu/drm/nouveau/nouveau_bo.c | 52 +++++++++---------- drivers/gpu/drm/nouveau/nouveau_connector.c | 18 +++---- drivers/gpu/drm/nouveau/nouveau_debugfs.c | 5 +- drivers/gpu/drm/nouveau/nouveau_display.c | 14 ++--- drivers/gpu/drm/nouveau/nouveau_drm.c | 59 +++++++++++---------- drivers/gpu/drm/nouveau/nouveau_drv.h | 3 +- drivers/gpu/drm/nouveau/nouveau_fbcon.c | 16 +++--- drivers/gpu/drm/nouveau/nouveau_gem.c | 10 ++-- drivers/gpu/drm/nouveau/nouveau_hwmon.c | 66 ++++++++++++------------ drivers/gpu/drm/nouveau/nouveau_led.c | 6 +-- drivers/gpu/drm/nouveau/nouveau_sgdma.c | 2 +- drivers/gpu/drm/nouveau/nouveau_ttm.c | 28 +++++----- drivers/gpu/drm/nouveau/nouveau_vga.c | 8 +-- drivers/gpu/drm/nouveau/nv04_fbcon.c | 2 +- drivers/gpu/drm/nouveau/nv50_display.c | 26 +++++----- drivers/gpu/drm/nouveau/nv84_fence.c | 4 +- 32 files changed, 310 insertions(+), 305 deletions(-) commit 80e60973b2494a0c51b2c84847f3faeffed595f0 Author: Ben Skeggs Date: Mon May 23 11:25:17 2016 +1000 drm/nouveau: create userspace clients as subclients This will allow the DRM to share memory objects between clients later down the track. For the moment, the only immediate benefit is less logic required to handle suspend/resume. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_drm.c | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) commit 20d8a88e557aae5264e793f4626c45cd644c7144 Author: Ben Skeggs Date: Wed May 18 13:36:34 2016 +1000 drm/nouveau: tidy up the client init/fini interfaces These were a little insane. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_drm.c | 86 ++++++++++++++++++++--------------- drivers/gpu/drm/nouveau/nouveau_drv.h | 5 +- 2 files changed, 52 insertions(+), 39 deletions(-) commit fc1b0a02ad4f463e10574afcec797ff620f6813d Author: Ben Skeggs Date: Tue May 24 17:29:55 2016 +1000 drm/nouveau: pass nvif_client to nouveau_gem_new() instead of drm_device Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_abi16.c | 2 +- drivers/gpu/drm/nouveau/nouveau_display.c | 3 ++- drivers/gpu/drm/nouveau/nouveau_fbcon.c | 5 +++-- drivers/gpu/drm/nouveau/nouveau_gem.c | 10 +++++----- drivers/gpu/drm/nouveau/nouveau_gem.h | 2 +- 5 files changed, 12 insertions(+), 10 deletions(-) commit bab7cc18d3ba56c9160f4708dbf353eaa3ce1ec5 Author: Ben Skeggs Date: Tue May 24 17:26:48 2016 +1000 drm/nouveau: pass nvif_client to nouveau_bo_new() instead of drm_device Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/dispnv04/crtc.c | 5 +++-- drivers/gpu/drm/nouveau/nouveau_bo.c | 5 +++-- drivers/gpu/drm/nouveau/nouveau_bo.h | 4 +++- drivers/gpu/drm/nouveau/nouveau_chan.c | 2 +- drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +- drivers/gpu/drm/nouveau/nouveau_prime.c | 3 ++- drivers/gpu/drm/nouveau/nv17_fence.c | 2 +- drivers/gpu/drm/nouveau/nv50_display.c | 4 ++-- drivers/gpu/drm/nouveau/nv50_fence.c | 2 +- drivers/gpu/drm/nouveau/nv84_fence.c | 6 +++--- 10 files changed, 20 insertions(+), 15 deletions(-) commit d2ee360564dca43cbfb2bd8ceead7671c87962d2 Author: Ben Skeggs Date: Tue May 10 12:42:26 2016 +1000 drm/nouveau/core/memory: distinguish between coherent/non-coherent targets Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/memory.h | 7 ++++--- drivers/gpu/drm/nouveau/nvkm/engine/fifo/gf100.c | 9 ++++++++- drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 11 +++++++---- drivers/gpu/drm/nouveau/nvkm/falcon/v1.c | 11 +++++++---- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/gk20a.c | 2 +- 5 files changed, 27 insertions(+), 13 deletions(-) commit 134fdc1a704f0042465ea993c33540aaec7e1d2e Author: Ben Skeggs Date: Sat Oct 3 17:34:25 2015 +1000 drm/nouveau/core/mm: replace region list with next pointer We never have any need for a double-linked list here, and as there's generally a large number of these objects, replace it with a single- linked list in order to save some memory. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/mm.h | 8 +++++++- drivers/gpu/drm/nouveau/include/nvkm/subdev/fb.h | 2 +- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/nouveau/nvkm/core/mm.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/subdev/fb/ramgf100.c | 10 +++++----- drivers/gpu/drm/nouveau/nvkm/subdev/fb/ramnv50.c | 23 ++++++++++------------ .../gpu/drm/nouveau/nvkm/subdev/instmem/gk20a.c | 17 ++++------------ drivers/gpu/drm/nouveau/nvkm/subdev/mmu/base.c | 7 ++++--- 8 files changed, 34 insertions(+), 37 deletions(-) commit 04b8867758a4e1fca9d349f4a279fff8855db58c Author: Ben Skeggs Date: Sun May 22 20:35:16 2016 +1000 drm/nouveau/core/client: allow creation of subclients We want a supervisor client of NVKM (such as the DRM) to be able to allow sharing of resources (such as memory objects) between clients. To allow this, the supervisor creates all its clients as children of itself, and will use an upcoming ioctl to permit sharing. Currently it's not possible for indirect clients to use subclients. Supporting this will require an additional field in the main ioctl. This isn't important currently, but will need to be fixed for virt. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvif/client.h | 3 +- drivers/gpu/drm/nouveau/include/nvif/driver.h | 6 ++- drivers/gpu/drm/nouveau/include/nvif/if0000.h | 7 +++ drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 1 + drivers/gpu/drm/nouveau/nouveau_drm.c | 6 ++- drivers/gpu/drm/nouveau/nvif/Kbuild | 1 + drivers/gpu/drm/nouveau/nvif/client.c | 43 ++++++---------- drivers/gpu/drm/nouveau/nvif/driver.c | 58 ++++++++++++++++++++++ drivers/gpu/drm/nouveau/nvkm/core/client.c | 50 ++++++++++++++++++- 9 files changed, 140 insertions(+), 35 deletions(-) commit 7c413feb7f9907c72aad7ea8f43af8ca8893c2bc Author: Ben Skeggs Date: Wed May 25 17:08:21 2016 +1000 drm/nouveau/core/client: pass notification callback to nvkm_client_new Preparation for supporting subclients. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 4 +++- drivers/gpu/drm/nouveau/nouveau_nvif.c | 12 ++---------- drivers/gpu/drm/nouveau/nvkm/core/client.c | 5 ++++- 3 files changed, 9 insertions(+), 12 deletions(-) commit 05da248bbe91fecb29e1f2fb9b978c4d2ee6da8e Author: Ben Skeggs Date: Wed May 25 17:02:11 2016 +1000 drm/nouveau/core/client: destroy client objects over nvif Preparation for supporting subclients, and also good for consistency. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_nvif.c | 10 ---------- drivers/gpu/drm/nouveau/nvif/client.c | 6 +++--- drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 13 +++++++------ 3 files changed, 10 insertions(+), 19 deletions(-) commit 2c3af924fbee23544a6adc81a2bbe398132b472f Author: Ben Skeggs Date: Mon May 23 08:42:54 2016 +1000 drm/nouveau/core/client: use standard object dtor/init/fini paths Preparation for supporting subclients, and also good for consistency. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 3 -- drivers/gpu/drm/nouveau/nouveau_nvif.c | 10 +++-- drivers/gpu/drm/nouveau/nvkm/core/client.c | 47 +++++++++------------- 3 files changed, 26 insertions(+), 34 deletions(-) commit 03295eabdb95153be4777ff04cc4f1dec0d62bc4 Author: Ben Skeggs Date: Thu May 26 08:43:00 2016 +1000 drm/nouveau/core/client: modify prefix on nvif structures, for consistency Preparation for supporting subclients. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvif/class.h | 18 +++++++++++------- drivers/gpu/drm/nouveau/include/nvif/if0000.h | 4 ++-- drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 1 + drivers/gpu/drm/nouveau/nvkm/core/client.c | 20 +++++++++++++------- 4 files changed, 27 insertions(+), 16 deletions(-) commit 843faa030c3677080e4a108889dccb21798b2a32 Author: Ben Skeggs Date: Wed May 25 17:47:18 2016 +1000 drm/nouveau/core/object: pass more args in oclass The fields were already in struct nvkm_oclass for some reason (probably as an accidental left-over). Preparation for supporting subclients. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 7 +++---- drivers/gpu/drm/nouveau/nvkm/core/object.c | 3 +++ 2 files changed, 6 insertions(+), 4 deletions(-) commit a664869ac4c77875ca84a38f614bc1c7b3c79812 Author: Ben Skeggs Date: Wed May 25 17:33:36 2016 +1000 drm/nouveau/core/object: pass client directly to ioctl handlers nvkm_object::client refers to the client that created the object, which, is currently always the same as the ioctl caller. Upcoming patches introduce the concept of subclients, where a parent is able to access the object trees of its children, making the above no longer true. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 47 ++++++++++++++++++------------- 1 file changed, 28 insertions(+), 19 deletions(-) commit 83e85d91b2bc38d4067baf05a7fe9e47436e1d8c Author: Ben Skeggs Date: Tue May 17 19:40:29 2016 +1000 drm/nouveau/dma: lookup objects with nvkm_object_search() Custom code is no longer needed here. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 1 - drivers/gpu/drm/nouveau/include/nvkm/engine/dma.h | 6 +--- drivers/gpu/drm/nouveau/nvkm/core/client.c | 1 - .../gpu/drm/nouveau/nvkm/engine/disp/dmacnv50.c | 7 ++-- drivers/gpu/drm/nouveau/nvkm/engine/dma/base.c | 42 +--------------------- drivers/gpu/drm/nouveau/nvkm/engine/dma/user.c | 19 +++++++--- drivers/gpu/drm/nouveau/nvkm/engine/fifo/chan.c | 6 ++-- 7 files changed, 22 insertions(+), 60 deletions(-) commit daad3dfb05be8b0682c1bb0db6b59e50a4bb95f6 Author: Ben Skeggs Date: Thu Dec 22 15:23:04 2016 +1000 drm/nouveau/core/client: lookup client objects with nvkm_object_search() Custom code is no longer needed here. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 4 -- drivers/gpu/drm/nouveau/nvkm/core/client.c | 49 ---------------------- drivers/gpu/drm/nouveau/nvkm/core/ioctl.c | 11 ++--- 3 files changed, 4 insertions(+), 60 deletions(-) commit 110cccff955313c66dccd2817f62368f106d9bf2 Author: Ben Skeggs Date: Thu Dec 22 15:22:25 2016 +1000 drm/nouveau/core/object: support lookup of specific object types It turns out we have a nice and convenient way of looking up a specific object type already, by using the func pointer as a key. This will be used to remove the separate object trees for each type we need to be able to search for. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/object.h | 5 ++ drivers/gpu/drm/nouveau/nvkm/core/object.c | 61 +++++++++++++++++++++- 2 files changed, 65 insertions(+), 1 deletion(-) commit 05073caeedd1ea6bfc5b1ebd051f2a6694e4b26b Author: Geliang Tang Date: Tue Dec 20 22:02:11 2016 +0800 drm/nouveau/dma: use rb_entry() To make the code clearer, use rb_entry() instead of container_of() to deal with rbtree. Signed-off-by: Geliang Tang Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/dma/base.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit af7db03e1bd562105dc6460674a05f5463e333e0 Author: Ben Skeggs Date: Thu Mar 3 12:56:33 2016 +1000 replace BUG_ON(1) with BUG() Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_connector.c | 2 +- drivers/gpu/drm/nouveau/nouveau_usif.c | 2 +- drivers/gpu/drm/nouveau/nv50_display.c | 4 ++-- drivers/gpu/drm/nouveau/nvkm/subdev/clk/nv50.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) commit 0233a9f403973c107a2937ed42f3d588e5f1811b Author: Ben Skeggs Date: Wed Dec 21 12:46:50 2016 +1000 drm/nouveau/gr/nv50-mcp89: add defines for gr classes Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvif/class.h | 12 ++++++++++++ drivers/gpu/drm/nouveau/nvkm/engine/gr/g84.c | 12 +++++++----- drivers/gpu/drm/nouveau/nvkm/engine/gr/gt200.c | 12 +++++++----- drivers/gpu/drm/nouveau/nvkm/engine/gr/gt215.c | 14 ++++++++------ drivers/gpu/drm/nouveau/nvkm/engine/gr/mcp79.c | 12 +++++++----- drivers/gpu/drm/nouveau/nvkm/engine/gr/mcp89.c | 14 ++++++++------ drivers/gpu/drm/nouveau/nvkm/engine/gr/nv50.c | 12 +++++++----- 7 files changed, 56 insertions(+), 32 deletions(-) commit 1894054dc1b6e4395048b2c0f28832a3f4320fd3 Author: Ben Skeggs Date: Thu Dec 22 10:07:49 2016 +1000 drm/nouveau/gr/gf100-: fix ccache error logging Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fc134253651e906f55fd5ddf29c1699099473c76 Author: Ben Skeggs Date: Thu Dec 22 10:07:27 2016 +1000 drm/nouveau/disp/g94: remove unused sor implementation Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/disp/sorg94.c | 7 ------- 1 file changed, 7 deletions(-) commit 7eb7497e555e84d1cedb847416acbc337c874d15 Author: Ben Skeggs Date: Thu Dec 22 10:06:54 2016 +1000 drm/nouveau/fb/ram/gk104: remove unused best_clk variable Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/fb/ramgk104.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 63f542e4733a3609488c31961036995aa55d2450 Author: Alexandre Courbot Date: Wed Dec 14 17:02:52 2016 +0900 drm/nouveau/secboot: clear halt interrupt after ACR is run The halt interrupt must be cleared after ACR is run, otherwise the LS PMU firmware will not be able to run. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 2 ++ 1 file changed, 2 insertions(+) commit 425c816a806230bcaf17ceb41faeb477f285f781 Author: Alexandre Courbot Date: Wed Dec 14 17:02:50 2016 +0900 drm/nouveau/secboot: add lazy-bootstrap flag When the PMU firmware is present, the falcons it manages need to have the lazy-bootstrap flag of their WPR header set so the ACR does not boot them. Add support for this. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 4 ++++ drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.h | 3 +++ 2 files changed, 7 insertions(+) commit 64a94ded890a2e4e5701ac34868180c2d895874a Author: Alexandre Courbot Date: Wed Dec 14 17:02:49 2016 +0900 drm/nouveau/secboot: fix WPR descriptor generation Generate the WPR descriptor closer to what RM does. In particular, set the expected masks, and only set the ucode members on Tegra. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) commit 45ef8450098fbb243ad65f590b965db1247d2d7e Author: Alexandre Courbot Date: Wed Dec 14 17:02:48 2016 +0900 drm/nouveau/secboot: set default error value in error register Set a default error value in the mailbox 0 register so we can catch cases where the secure boot binary fails early without being able to report anything. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/secboot/gm200.c | 3 +++ 1 file changed, 3 insertions(+) commit b606234e2ffe0059055fcf38c087d5f71ca3b4b7 Author: Alexandre Courbot Date: Wed Dec 14 17:02:47 2016 +0900 drm/nouveau/secboot: add missing fields to BL structure Since DMEM was initialized to zero, these fields went unnoticed. Add them for safety. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 4 ++++ 1 file changed, 4 insertions(+) commit b2888c650e61d03bbfc8325662cff660b40b39ba Author: Alexandre Courbot Date: Wed Dec 14 17:02:46 2016 +0900 drm/nouveau/secboot: safer zeroing of BL descriptors Perform the zeroing of BL descriptors in the caller function instead of trusting each generator will do it. This could avoid a few pulled hairs. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 4 ++-- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr_r361.c | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) commit 9d896f3e41a6093a843ce668c97159367c1e4573 Author: Alexandre Courbot Date: Wed Dec 14 17:02:45 2016 +0900 drm/nouveau/secboot: abstract LS firmware loading functions The WPR and LSB headers, used to generate the LS blob, may have a different layout and sizes depending on the driver version they come from. Abstract them and confine their use to driver-specific code. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 102 +++++++++++------- .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.h | 119 +++++++++++++++++++++ .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r361.c | 9 +- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/base.c | 9 +- .../gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode.h | 100 +---------------- .../drm/nouveau/nvkm/subdev/secboot/ls_ucode_gr.c | 41 +++---- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h | 2 + 7 files changed, 215 insertions(+), 167 deletions(-) commit 9839307cfeedca72d4f2c27d60ada4a1ec5c9489 Author: Alexandre Courbot Date: Wed Dec 14 17:02:44 2016 +0900 drm/nouveau/secboot: remove ls_ucode_mgr This was used only locally to one function and can be replaced by ad-hoc variables. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 90 ++++++++-------------- 1 file changed, 33 insertions(+), 57 deletions(-) commit 88490323e46603bc99995a578b399cfc9a5d2ef1 Author: Alexandre Courbot Date: Wed Dec 14 17:02:43 2016 +0900 drm/nouveau/secboot: remove unneeded ls_ucode_img member ucode_header is not used anywhere, so just get rid of it. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 25 ++++++---------------- .../gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode.h | 2 -- .../drm/nouveau/nvkm/subdev/secboot/ls_ucode_gr.c | 2 -- 3 files changed, 7 insertions(+), 22 deletions(-) commit 3454a034b715a3b89f8efb92508ccc9fbee17e6f Author: Alexandre Courbot Date: Wed Dec 14 17:02:42 2016 +0900 drm/nouveau/secboot: disable falcon interrupts when running blob Make sure we are not disturbed by spurious interrupts, as we poll the halt bit anyway. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/secboot/gm200.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 555cafb40445861c121422b157c74fe2de793e68 Author: Alexandre Courbot Date: Wed Dec 14 17:02:41 2016 +0900 drm/nouveau/secboot: split reset function Split the reset function into more meaningful and reusable ones. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/include/nvkm/subdev/secboot.h | 5 ++ .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 78 +++++++++++++++------- 2 files changed, 58 insertions(+), 25 deletions(-) commit 8a50452c89037ccdb844011d1d71146418765fe4 Author: Alexandre Courbot Date: Wed Dec 14 17:02:40 2016 +0900 drm/nouveau/secboot: add LS flags to LS func structure Add a flag that can be set when declaring how a LS firmware should be loaded. This allows us to remove falcon-specific code in the loader. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 10 ++++------ drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.h | 2 ++ drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr_r361.c | 2 ++ 3 files changed, 8 insertions(+), 6 deletions(-) commit 72e0642fb4c21632a410c1ff971a63886402b9c9 Author: Alexandre Courbot Date: Wed Dec 14 17:02:39 2016 +0900 drm/nouveau/secboot: reorganize into more files Split the act of building the ACR blob from firmware files from the rest of the (chip-dependent) secure boot logic. ACR logic is moved into acr_rxxx.c files, where rxxx corresponds to the compatible release of the NVIDIA driver. At the moment r352 and r361 are supported since firmwares have been released for these versions. Some abstractions are added on top of r352 so r361 can easily be implemented on top of it by just overriding a few hooks. This split makes it possible and easy to reuse the same ACR version on different chips. It also hopefully makes the code much more readable as the different secure boot logics are separated. As more chips and firmware versions will be supported, this is a necessity to not get lost in code that is already quite complex. This is a big commit, but it essentially moves things around (and split the nvkm_secboot structure into two, nvkm_secboot and nvkm_acr). Code semantics should not be affected. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/include/nvkm/subdev/secboot.h | 9 +- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/Kbuild | 4 + drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr.c | 54 + drivers/gpu/drm/nouveau/nvkm/subdev/secboot/acr.h | 69 ++ .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.c | 910 ++++++++++++++++ .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r352.h | 126 +++ .../gpu/drm/nouveau/nvkm/subdev/secboot/acr_r361.c | 135 +++ drivers/gpu/drm/nouveau/nvkm/subdev/secboot/base.c | 84 +- .../gpu/drm/nouveau/nvkm/subdev/secboot/gm200.c | 1152 +------------------- .../gpu/drm/nouveau/nvkm/subdev/secboot/gm200.h | 43 + .../gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c | 125 +-- .../gpu/drm/nouveau/nvkm/subdev/secboot/ls_ucode.h | 245 +++++ .../drm/nouveau/nvkm/subdev/secboot/ls_ucode_gr.c | 167 +++ drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h | 328 +----- 14 files changed, 1877 insertions(+), 1574 deletions(-) commit 8f491c892eb4acbde080753a51f4d5cb5997168d Author: Alexandre Courbot Date: Wed Dec 14 17:02:38 2016 +0900 drm/nouveau/secboot: generate HS BL descriptor in hook Use the HS hook to completely generate the HS BL descriptor, similarly to what is done in the LS hook, instead of (arbitrarily) using the acr_v1 format as an intermediate. This allows us to make the bootloader descriptor structures private to each implementation, resulting in a cleaner an more consistent design. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/nvkm/subdev/secboot/gm200.c | 179 ++++++++++----------- .../gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c | 43 ++--- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h | 71 ++++---- 3 files changed, 138 insertions(+), 155 deletions(-) commit e781ff9118fbbb7f91f55e3076bd0885d7609b59 Author: Alexandre Courbot Date: Wed Dec 14 17:02:37 2016 +0900 drm/nouveau/secboot: add low-secure firmware hooks Secure firmwares provided by NVIDIA will follow the same overall principle, but may slightly differ in format, or not use the same bootloader descriptor even on the same chip. In order to handle this as gracefully as possible, turn the LS firmware functions into hooks that can be overloaded as needed. The current hooks cover the external firmware loading as well as the bootloader descriptor generation. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/nvkm/subdev/secboot/gm200.c | 239 ++++----------------- .../gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c | 30 +++ drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h | 193 +++++++++++++++++ 3 files changed, 265 insertions(+), 197 deletions(-) commit a9b333a50eee410ed302d25b00a7497e5c76894e Author: Alexandre Courbot Date: Wed Dec 14 17:02:36 2016 +0900 drm/nouveau/secboot: remove fixup_hs_desc hook This hook can be removed if the function writing the HS descriptor is aware of WPR settings. Let's do that as it allows us to make the ACR descriptor structure private and save some code. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/nvkm/subdev/secboot/gm200.c | 95 ++++++++++++++++------ .../gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c | 11 --- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h | 60 ++------------ 3 files changed, 79 insertions(+), 87 deletions(-) commit 808d6efdeb361bd51c1afa2115db0e5f4fe6609d Author: Alexandre Courbot Date: Wed Dec 14 17:02:35 2016 +0900 drm/nouveau/secboot: rename init() hook to oneinit() The init() hook is called by the subdev's oneinit(). Rename it accordingly to avoid confusion about the lifetime of objects allocated in it. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/secboot/base.c | 4 ++-- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/gm200.c | 4 ++-- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c | 6 +++--- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) commit c8225b54fe1b0d64b7da2c0d1d5b64d316b248f5 Author: Alexandre Courbot Date: Tue Dec 13 17:11:31 2016 +0900 drm/nouveau/secboot: remove nvkm_secboot_start() Since GR has moved to using the falcon library to start the falcons, this function is not needed anymore. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/include/nvkm/subdev/secboot.h | 1 - drivers/gpu/drm/nouveau/nvkm/subdev/secboot/base.c | 15 ------------ .../gpu/drm/nouveau/nvkm/subdev/secboot/gm200.c | 27 ---------------------- .../gpu/drm/nouveau/nvkm/subdev/secboot/gm20b.c | 1 - drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h | 1 - 5 files changed, 45 deletions(-) commit 89cd6e2071b3d3bc4635fe41461e2bb75b5f2d2d Author: Alexandre Courbot Date: Tue Dec 13 17:11:30 2016 +0900 drm/nouveau/gr/gf100: instantiate and reserve GR falcons Create instances for the FECS and GPCCS falcons and use the init() and fini() hooks to reserve them for as long as GR controls them. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 98 +++++++++++++------------- drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.h | 3 + 2 files changed, 51 insertions(+), 50 deletions(-) commit 0296b5d985a030a99dcf2057b5eac1461637c7ee Author: Alexandre Courbot Date: Tue Dec 13 17:11:29 2016 +0900 drm/nouveau/gr/gf100: split gf100_gr_init_ctxctl() gf100_gr_init_ctxctl() is basically two different functions (one for use of internal firmware, the other for use of external firmware), but its current layout makes it look more complex than it is. Split it to better reflect that fact. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 212 ++++++++++++++----------- 1 file changed, 115 insertions(+), 97 deletions(-) commit d2753f40a947229cf2c8075ed93479159c1af1c1 Author: Alexandre Courbot Date: Tue Dec 13 17:11:28 2016 +0900 drm/nouveau/gr: add fini() hook Add a fini() hook to the GR engine. This will be used by gf100+ to properly release the FECS and GPCCS falcons. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/gr/base.c | 10 ++++++++++ drivers/gpu/drm/nouveau/nvkm/engine/gr/priv.h | 1 + 2 files changed, 11 insertions(+) commit d72fb36c45698b9f49a1159eb1a3eb46235d3586 Author: Alexandre Courbot Date: Tue Dec 13 17:11:27 2016 +0900 drm/nouveau/secboot: use falcon library Use the falcon library functions in secure boot. This removes a lot of code and makes the secure boot flow easier to understand as no register is directly accessed. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/include/nvkm/subdev/secboot.h | 4 +- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/base.c | 146 ++------------------- .../gpu/drm/nouveau/nvkm/subdev/secboot/gm200.c | 125 ++++++------------ drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h | 2 - 4 files changed, 51 insertions(+), 226 deletions(-) commit 236f4747915bbad4cd276654659870b081e882be Author: Alexandre Courbot Date: Tue Dec 13 17:11:26 2016 +0900 drm/nouveau/secboot: fix functions definitions These functions should use the nvkm_secboot_falcon enum. Fix this. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/subdev/secboot.h | 6 +++--- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/base.c | 4 ++-- drivers/gpu/drm/nouveau/nvkm/subdev/secboot/priv.h | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) commit b1c39d801ad0f87bb4429f92392bea18c62a23cf Author: Alexandre Courbot Date: Tue Dec 13 17:11:25 2016 +0900 drm/nouveau/gm20b: add dummy PMU device Add a dummy PMU device so the PMU falcon is instanciated and can be used by secure boot. We could reuse gk20a's implementation here, but it would fight with secboot over PMU falcon's ownership and secboot will reset the PMU, preventing it from operating afterwards. Proper handout between secboot and pmu is coming along with the actual gm20b PMU implementation, so use this as a temporary solution. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/subdev/pmu.h | 1 + drivers/gpu/drm/nouveau/nvkm/engine/device/base.c | 1 + drivers/gpu/drm/nouveau/nvkm/subdev/pmu/Kbuild | 1 + drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gm20b.c | 34 +++++++++++++++++++++++ 4 files changed, 37 insertions(+) commit 9b071c7935f053bf05ab4d0b2f4a8ae4069b4b89 Author: Alexandre Courbot Date: Tue Dec 13 17:11:24 2016 +0900 drm/nouveau/pmu/gk20a: use falcon library functions Use the falcon library functions where relevant. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gk20a.c | 31 ++++++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) commit 68d82161fdab51f44767bcde801fd6a58bef9548 Author: Alexandre Courbot Date: Tue Dec 13 17:11:23 2016 +0900 drm/nouveau/pmu/gk20a: simplify code a bit Some functions always succeed - change their return type to void and remove the error-handling code in their caller. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gk20a.c | 30 +++++++------------------ 1 file changed, 8 insertions(+), 22 deletions(-) commit d8711c5a9cfd6b06d611a64a30ae3e98ef4e6962 Author: Alexandre Courbot Date: Tue Dec 13 17:11:22 2016 +0900 drm/nouveau/pmu/gk20a: use nvkm_pmu_ctor() Use the PMU constructor so that all base members (in particular the falcon instance) are initialized properly. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/pmu/gk20a.c | 35 ++++++++++--------------- 1 file changed, 14 insertions(+), 21 deletions(-) commit 1e2115d8c0c0da62405400316f5499d909e479bc Author: Alexandre Courbot Date: Tue Dec 13 17:11:20 2016 +0900 drm/nouveau/pmu: instanciate the falcon in PMU device Have an instance of nvkm_falcon in the PMU structure, ready to be used by other subdevs (i.e. secboot). Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/subdev/pmu.h | 2 ++ drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) commit e72da6e04f739253b175cd87aab47337c4646a66 Author: Alexandre Courbot Date: Tue Dec 13 17:11:21 2016 +0900 drm/nouveau/pmu: add nvkm_pmu_ctor() function Add a PMU constructor so implementations that extend the nvkm_pmu structure can have all base members properly initialized. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/pmu/base.c | 17 ++++++++++++----- drivers/gpu/drm/nouveau/nvkm/subdev/pmu/priv.h | 2 ++ 2 files changed, 14 insertions(+), 5 deletions(-) commit 31214108ad08766075bf111df90c1f26520b0159 Author: Alexandre Courbot Date: Tue Dec 13 17:11:19 2016 +0900 drm/nouveau/core: add falcon library functions Falcon processors are used in various places of GPU chips. Although there exist different versions of the falcon, and some variants exist, the base set of actions performed on them is the same, which results in lots of duplicated code. This patch consolidates the current nvkm_falcon structure and extends it with the following features: * Ability for an engine to obtain and later release a given falcon, * Abstractions for basic operations (IMEM/DMEM access, start, etc) * Abstractions for secure operations if a falcon is secure Abstractions make it easy to e.g. start a falcon, without having to care about its details. For instance, falcons in secure mode need to be started by writing to a different register. Right now the abstractions variants only cover secure vs. non-secure falcon, but more will come as e.g. SEC2 support is added. This is still a WIP as other functions previously done by engine/falcon.c need to be reimplemented. However this first step allows to keep things simple and to discuss basic design. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs .../gpu/drm/nouveau/include/nvkm/engine/falcon.h | 76 +++++- drivers/gpu/drm/nouveau/nvkm/Kbuild | 1 + drivers/gpu/drm/nouveau/nvkm/falcon/Kbuild | 2 + drivers/gpu/drm/nouveau/nvkm/falcon/base.c | 191 +++++++++++++++ drivers/gpu/drm/nouveau/nvkm/falcon/priv.h | 8 + drivers/gpu/drm/nouveau/nvkm/falcon/v1.c | 263 +++++++++++++++++++++ 6 files changed, 537 insertions(+), 4 deletions(-) commit c599dd4b70d3d8a485be6b80d8b190beb3df874b Author: Alexandre Courbot Date: Tue Dec 13 17:11:18 2016 +0900 drm/nouveau/mc: add nvkm_mc_enabled() function Add a function that allows us to query whether a given subdev is currently enabled or not. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/subdev/mc.h | 1 + drivers/gpu/drm/nouveau/nvkm/subdev/mc/base.c | 10 ++++++++++ 2 files changed, 11 insertions(+) commit c1fcb14879e87c837c360c2ec9f32d19f62faf89 Author: Alexandre Courbot Date: Tue Dec 13 17:11:17 2016 +0900 drm/nouveau/core: constify nv*_printk macros Constify the local variables declared in these macros so we can pass const pointers to them. Signed-off-by: Alexandre Courbot Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 4 ++-- drivers/gpu/drm/nouveau/include/nvkm/core/device.h | 2 +- drivers/gpu/drm/nouveau/include/nvkm/core/subdev.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) commit 4da934dc6515afaa1db4e02548803de0cd279734 Author: Vipin K Parashar Date: Thu Feb 16 22:40:26 2017 +0530 KVM: PPC: Book3S PR: Ratelimit copy data failure error messages kvm_ppc_mmu_book3s_32/64 xlat() logs "KVM can't copy data" error upon failing to copy user data to kernel space. This floods kernel log once such fails occur in short time period. Ratelimit this error to avoid flooding kernel logs upon copy data failures. Signed-off-by: Vipin K Parashar Signed-off-by: Paul Mackerras arch/powerpc/kvm/book3s_32_mmu.c | 3 ++- arch/powerpc/kvm/book3s_64_mmu.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) commit 9ca70356a9260403c1bda40d942935e55d00c11c Author: Dave Airlie Date: Fri Feb 17 12:38:46 2017 +1000 Revert "drm: Resurrect atomic rmfb code, v3" This reverts commit 1592364de3912dad264262f4bcc61552984c9523. This apparantly causes some regressions so pull it out for now. Signed-off-by: Dave Airlie drivers/gpu/drm/drm_atomic.c | 106 ------------------------------------ drivers/gpu/drm/drm_crtc_internal.h | 1 - drivers/gpu/drm/drm_framebuffer.c | 7 --- 3 files changed, 114 deletions(-) commit 99d5ceeea5120dd3ac2f879f4083697b70a1c89f Merge: 5237b9d 7785bba Author: David S. Miller Date: Thu Feb 16 21:25:49 2017 -0500 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next Steffen Klassert says: ==================== pull request (net-next): ipsec-next 2017-02-16 1) Make struct xfrm_input_afinfo const, nothing writes to it. From Florian Westphal. 2) Remove all places that write to the afinfo policy backend and make the struct const then. From Florian Westphal. 3) Prepare for packet consuming gro callbacks and add ESP GRO handlers. ESP packets can be decapsulated at the GRO layer then. It saves a round through the stack for each ESP packet. Please note that this has a merge coflict between commit 63fca65d0863 ("net: add confirm_neigh method to dst_ops") from net-next and 3d7d25a68ea5 ("xfrm: policy: remove garbage_collect callback") a2817d8b279b ("xfrm: policy: remove family field") from ipsec-next. The conflict can be solved as it is done in linux-next. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller commit 5237b9dde379f9eadd60a9b6310567ce5d307fe8 Merge: 3f64116 ffed21b Author: David S. Miller Date: Thu Feb 16 21:19:44 2017 -0500 Merge branch '10GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 10GbE Intel Wired LAN Driver Updates 2017-02-16 This series contains updates to ixgbe only. Tony updates the driver to advertise 2.5Gb and 5.0Gb if the adapter supports it. Stephen Hemminger renames our dcbnl_ops since it is global to ixgbe_dcbnl_ops to avoid namespace issues. Mark updates the driver version based on the recent changes. Alex has the remainder of the changes, starting with consolidating functions that represent logical steps in the receive process so we can later update them more easily (and align with igb). Modify the receive path to only synchronize the length of the frame versus the entire buffer. Provided performance improvements by adding support for DMA_ATTR_SKIP_CPU_SYNC and DMA_ATTR_WEAK_ORDERING. Also made additional performance gains by batching the page count updates instead of doing them one at a time. Adjusted the receive path to use 3k buffers with 8k backing them in order to support build_skb with jumbo frames. Made additional driver improvements by using the length of the packet instead of the DD status to determine if a new descriptor is ready to be processed, which cuts down on reads. To reduce code duplication, pulled apart the receive path into separate functions. Added support for providing a buffer with headroom and tailroom to allow for shared info for NET_SKB_PAD and NET_IP_ALIGN. ==================== Signed-off-by: David S. Miller commit 08293fe8d3f297a0b092855d2e94b18f1c1300d5 Merge: dec13c8 1b30ab0 Author: Dave Airlie Date: Fri Feb 17 12:04:09 2017 +1000 Merge tag 'omapdrm-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux into drm-next omapdrm fixes for v4.11 Fix regressions: - Planes might have been left enabled - Scaling checks did not use the new config Also limit downscaling decimation to prevent HW underflows. * tag 'omapdrm-4.11-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: drm/omapdrm: dispc: Refuse x-decimation above 4 for all but 8-bit formats drm/omapdrm: Move commit_modeset_enables() before commit_planes() Revert "drm: omapdrm: Let the DRM core skip plane commit on inactive CRTCs" commit dec13c8ba2f5be8839ba5505b57b22ab0d2a287e Merge: be3c9f5 e841130 Author: Dave Airlie Date: Fri Feb 17 11:55:12 2017 +1000 Merge branch 'drm-next-4.11' of git://people.freedesktop.org/~agd5f/linux into drm-next Fixes for 4.11. Highlights: - fix >2 displays on asics with 3 or 5 crtcs - fix SI headless asics - powerplay fixes for new polaris variants - misc fixes * 'drm-next-4.11' of git://people.freedesktop.org/~agd5f/linux: drm/amdgpu: fix warning on older gcc releases drm/ttm: make TTM_MAX_BO_PRIORITY unsigned drm/amd/amdgpu: Fix flow control in uvd_v4_2_stop() drm/amd/powerplay: add didt config table for polaris kicker drm/amd/powerplay: modify VddcPhase value for polaris kicker drm/amd/powerplay: add kicker flag into smumgr drm/amdgpu: Initialize pipe priority order on graphic initialization drm/amdgpu: read hw register to check pg status. drm/amdgpu: Add to initialization of mmVCE_VCPU_CNTL register drm/amdgpu/pm: check for headless before calling compute_clocks drm/amdgpu: use amdgpu_gem_va_check() in amdgpu_gem_va_update_vm() drm/amdgpu: add more cases to DCE11 possible crtc mask setup commit 410d17f67e583559be3a922f8b6cc336331893f3 Author: Christoph Hellwig Date: Thu Feb 16 17:12:51 2017 -0800 xfs: tune down agno asserts in the bmap code In various places we currently assert that xfs_bmap_btalloc allocates from the same as the firstblock value passed in, unless it's either NULLAGNO or the dop_low flag is set. But the reflink code does not fully follow this convention as it passes in firstblock purely as a hint for the allocator without actually having previous allocations in the transaction, and without having a minleft check on the current AG, leading to the assert firing on a very full and heavily used file system. As even the reflink code only allocates from equal or higher AGs for now we can simply the check to always allow for equal or higher AGs. Note that we need to eventually split the two meanings of the firstblock value. At that point we can also allow the reflink code to allocate from any AG instead of limiting it in any way. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_bmap.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) commit 8ee9fdbebc84b39f1d1c201c5e32277c61d034aa Author: Chandan Rajendra Date: Thu Feb 16 17:12:16 2017 -0800 xfs: Use xfs_icluster_size_fsb() to calculate inode chunk alignment On a ppc64 system, executing generic/256 test with 32k block size gives the following call trace, XFS: Assertion failed: args->maxlen > 0, file: /root/repos/linux/fs/xfs/libxfs/xfs_alloc.c, line: 2026 kernel BUG at /root/repos/linux/fs/xfs/xfs_message.c:113! Oops: Exception in kernel mode, sig: 5 [#1] SMP NR_CPUS=2048 DEBUG_PAGEALLOC NUMA pSeries Modules linked in: CPU: 2 PID: 19361 Comm: mkdir Not tainted 4.10.0-rc5 #58 task: c000000102606d80 task.stack: c0000001026b8000 NIP: c0000000004ef798 LR: c0000000004ef798 CTR: c00000000082b290 REGS: c0000001026bb090 TRAP: 0700 Not tainted (4.10.0-rc5) MSR: 8000000000029032 CR: 28004428 XER: 00000000 CFAR: c0000000004ef180 SOFTE: 1 GPR00: c0000000004ef798 c0000001026bb310 c000000001157300 ffffffffffffffea GPR04: 000000000000000a c0000001026bb130 0000000000000000 ffffffffffffffc0 GPR08: 00000000000000d1 0000000000000021 00000000ffffffd1 c000000000dd4990 GPR12: 0000000022004444 c00000000fe00800 0000000020000000 0000000000000000 GPR16: 0000000000000000 0000000043a606fc 0000000043a76c08 0000000043a1b3d0 GPR20: 000001002a35cd60 c0000001026bbb80 0000000000000000 0000000000000001 GPR24: 0000000000000240 0000000000000004 c00000062dc55000 0000000000000000 GPR28: 0000000000000004 c00000062ecd9200 0000000000000000 c0000001026bb6c0 NIP [c0000000004ef798] .assfail+0x28/0x30 LR [c0000000004ef798] .assfail+0x28/0x30 Call Trace: [c0000001026bb310] [c0000000004ef798] .assfail+0x28/0x30 (unreliable) [c0000001026bb380] [c000000000455d74] .xfs_alloc_space_available+0x194/0x1b0 [c0000001026bb410] [c00000000045b914] .xfs_alloc_fix_freelist+0x144/0x480 [c0000001026bb580] [c00000000045c368] .xfs_alloc_vextent+0x698/0xa90 [c0000001026bb650] [c0000000004a6200] .xfs_ialloc_ag_alloc+0x170/0x820 [c0000001026bb7c0] [c0000000004a9098] .xfs_dialloc+0x158/0x320 [c0000001026bb8a0] [c0000000004e628c] .xfs_ialloc+0x7c/0x610 [c0000001026bb990] [c0000000004e8138] .xfs_dir_ialloc+0xa8/0x2f0 [c0000001026bbaa0] [c0000000004e8814] .xfs_create+0x494/0x790 [c0000001026bbbf0] [c0000000004e5ebc] .xfs_generic_create+0x2bc/0x410 [c0000001026bbce0] [c0000000002b4a34] .vfs_mkdir+0x154/0x230 [c0000001026bbd70] [c0000000002bc444] .SyS_mkdirat+0x94/0x120 [c0000001026bbe30] [c00000000000b760] system_call+0x38/0xfc Instruction dump: 4e800020 60000000 7c0802a6 7c862378 3c82ffca 7ca72b78 38841c18 7c651b78 38600000 f8010010 f821ff91 4bfff94d <0fe00000> 60000000 7c0802a6 7c892378 When block size is larger than inode cluster size, the call to XFS_B_TO_FSBT(mp, mp->m_inode_cluster_size) returns 0. Also, mkfs.xfs would have set xfs_sb->sb_inoalignmt to 0. This causes xfs_ialloc_cluster_alignment() to return 0. Due to this args.minalignslop (in xfs_ialloc_ag_alloc()) gets the unsigned equivalent of -1 assigned to it. This later causes alloc_len in xfs_alloc_space_available() to have a value of 0. In such a scenario when args.total is also 0, the assert statement "ASSERT(args->maxlen > 0);" fails. This commit fixes the bug by replacing the call to XFS_B_TO_FSBT() in xfs_ialloc_cluster_alignment() with a call to xfs_icluster_size_fsb(). Suggested-by: Darrick J. Wong Signed-off-by: Chandan Rajendra Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_ialloc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 48af96ab92bc68fb645068b978ce36df2379e076 Author: Brian Foster Date: Wed Feb 15 10:18:10 2017 -0800 xfs: don't reserve blocks for right shift transactions The block reservation for the transaction allocated in xfs_shift_file_space() is an artifact of the original collapse range support. It exists to handle the case where a collapse range occurs, the initial extent is left shifted into a location that forms a contiguous boundary with the previous extent and thus the extents are merged. This code was subsequently refactored and reused for insert range (right shift) support. If an insert range occurs under low free space conditions, the extent at the starting offset is split before the first shift transaction is allocated. If the block reservation fails, this leaves separate, but contiguous extents around in the inode. While not a fatal problem, this is unexpected and will flag a warning on subsequent insert range operations on the inode. This problem has been reproduce intermittently by generic/270 running against a ramdisk device. Since right shift does not create new extent boundaries in the inode, a block reservation for extent merge is unnecessary. Update xfs_shift_file_space() to conditionally reserve fs blocks for left shift transactions only. This avoids the warning reproduced by generic/270. Reported-by: Ross Zwisler Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_bmap_util.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit 353fe445f5efd58dfec6e06bf4747a9c28374adc Author: Arnd Bergmann Date: Tue Feb 14 18:16:50 2017 -0800 xfs: fix len comparison in xfs_extent_busy_trim The length is now passed by reference, so the assertion has to be updated to match the other changes, as pointed out by this W=1 warning: fs/xfs/xfs_extent_busy.c: In function 'xfs_extent_busy_trim': fs/xfs/xfs_extent_busy.c:356:13: error: ordered comparison of pointer with integer zero [-Werror=extra] Fixes: ebf55872616c ("xfs: improve handling of busy extents in the low-level allocator") Signed-off-by: Arnd Bergmann Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_extent_busy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 93aaead52a9eebdc20dc8fa673c350e592a06949 Author: Darrick J. Wong Date: Mon Feb 13 22:52:27 2017 -0800 xfs: fix uninitialized variable in _reflink_convert_cow Fix an uninitialize variable. Reported-by: Dan Carpenter Reviewed-by: Brian Foster Signed-off-by: Darrick J. Wong fs/xfs/xfs_reflink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 75d65361cf3c0dae2af970c305e19c727b28a510 Author: Brian Foster Date: Mon Feb 13 22:48:30 2017 -0800 xfs: split indlen reservations fairly when under reserved Certain workoads that punch holes into speculative preallocation can cause delalloc indirect reservation splits when the delalloc extent is split in two. If further splits occur, an already short-handed extent can be split into two in a manner that leaves zero indirect blocks for one of the two new extents. This occurs because the shortage is large enough that the xfs_bmap_split_indlen() algorithm completely drains the requested indlen of one of the extents before it honors the existing reservation. This ultimately results in a warning from xfs_bmap_del_extent(). This has been observed during file copies of large, sparse files using 'cp --sparse=always.' To avoid this problem, update xfs_bmap_split_indlen() to explicitly apply the reservation shortage fairly between both extents. This smooths out the overall indlen shortage and defers the situation where we end up with a delalloc extent with zero indlen reservation to extreme circumstances. Reported-by: Patrick Dung Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_bmap.c | 61 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 18 deletions(-) commit 0e339ef8556d9e567aa7925f8892c263d79430d9 Author: Brian Foster Date: Mon Feb 13 22:48:18 2017 -0800 xfs: handle indlen shortage on delalloc extent merge When a delalloc extent is created, it can be merged with pre-existing, contiguous, delalloc extents. When this occurs, xfs_bmap_add_extent_hole_delay() merges the extents along with the associated indirect block reservations. The expectation here is that the combined worst case indlen reservation is always less than or equal to the indlen reservation for the individual extents. This is not always the case, however, as existing extents can less than the expected indlen reservation if the extent was previously split due to a hole punch. If a new extent merges with such an extent, the total indlen requirement may be larger than the sum of the indlen reservations held by both extents. xfs_bmap_add_extent_hole_delay() assumes that the worst case indlen reservation is always available and assigns it to the merged extent without consideration for the indlen held by the pre-existing extent. As a result, the subsequent xfs_mod_fdblocks() call can attempt an unintentional allocation rather than a free (indicated by an ASSERT() failure). Further, if the allocation happens to fail in this context, the failure goes unhandled and creates a filesystem wide block accounting inconsistency. Fix xfs_bmap_add_extent_hole_delay() to function as designed. Cap the indlen reservation assigned to the merged extent to the sum of the indlen reservations held by each of the individual extents. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_bmap.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 9dbddd7b0c649bd6aa9442c717932325ec590303 Author: Brian Foster Date: Mon Feb 13 22:48:17 2017 -0800 xfs: resurrect debug mode drop buffered writes mechanism A debug mode write failure mechanism was introduced to XFS in commit 801cc4e17a ("xfs: debug mode forced buffered write failure") to facilitate targeted testing of delalloc indirect reservation management from userspace. This code was subsequently rendered ineffective by the move to iomap based buffered writes in commit 68a9f5e700 ("xfs: implement iomap based buffered write path"). This likely went unnoticed because the associated userspace code had not made it into xfstests. Resurrect this mechanism to facilitate effective indlen reservation testing from xfstests. The move to iomap based buffered writes relocated the hook this mechanism needs to return write failure from XFS to generic code. The failure trigger must remain in XFS. Given that limitation, convert this from a write failure mechanism to one that simply drops writes without returning failure to userspace. Rename all "fail_writes" references to "drop_writes" to illustrate the point. This is more hacky than preferred, but still triggers the XFS error handling behavior required to drive the indlen tests. This is only available in DEBUG mode and for testing purposes only. Signed-off-by: Brian Foster Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_iomap.c | 4 ++++ fs/xfs/xfs_mount.h | 15 ++++++++------- fs/xfs/xfs_sysfs.c | 14 +++++++------- 3 files changed, 19 insertions(+), 14 deletions(-) commit fa7f138ac4c70dc00519c124cf7cd4862a0a5b0e Author: Brian Foster Date: Thu Feb 16 17:19:12 2017 -0800 xfs: clear delalloc and cache on buffered write failure The buffered write failure handling code in xfs_file_iomap_end_delalloc() has a couple minor problems. First, if written == 0, start_fsb is not rounded down and it fails to kill off a delalloc block if the start offset is block unaligned. This results in a lingering delalloc block and broken delalloc block accounting detected at unmount time. Fix this by rounding down start_fsb in the unlikely event that written == 0. Second, it is possible for a failed overwrite of a delalloc extent to leave dirty pagecache around over a hole in the file. This is because is possible to hit ->iomap_end() on write failure before the iomap code has attempted to allocate pagecache, and thus has no need to clean it up. If the targeted delalloc extent was successfully written by a previous write, however, then it does still have dirty pages when ->iomap_end() punches out the underlying blocks. This ultimately results in writeback over a hole. To fix this problem, unconditionally punch out the pagecache from XFS before the associated delalloc range. Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_iomap.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit f5f893c57e37ca730808cb2eee3820abd05e7507 Author: Kees Cook Date: Mon Feb 13 11:25:26 2017 -0800 usercopy: Adjust tests to deal with SMAP/PAN Under SMAP/PAN/etc, we cannot write directly to userspace memory, so this rearranges the test bytes to get written through copy_to_user(). Additionally drops the bad copy_from_user() test that would trigger a memcpy() against userspace on failure. Signed-off-by: Kees Cook lib/test_user_copy.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) commit 4fbfeb8bd684d564bddeff1e3723d3d9f99aa5de Author: Hoeun Ryu Date: Sun Feb 12 15:13:33 2017 +0900 usercopy: add testcases to check zeroing on failure During usercopy the destination buffer will be zeroed if copy_from_user() or get_user() fails. This patch adds testcases for it. The destination buffer is set with non-zero value before illegal copy_from_user() or get_user() is executed and the buffer is compared to zero after usercopy is done. Signed-off-by: Hoeun Ryu [kees: clarified commit log, dropped second kmalloc] Signed-off-by: Kees Cook lib/test_user_copy.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 3f64116a838e6c3468f9d5eed7f1f87cf3a2c3eb Merge: f3caf86 4695dae Author: David S. Miller Date: Thu Feb 16 19:34:01 2017 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net commit a90e883d8b8fb07ddea4d9618ce58bf72bce7f00 Author: Michael Ellerman Date: Mon Feb 13 15:30:19 2017 +1100 powerpc/mm: Blacklist SLB symbols from kprobe We can't sensibly take a trap at this point. So, blacklist these symbols. Reported-by: Anton Blanchard Signed-off-by: Naveen N. Rao Signed-off-by: Michael Ellerman arch/powerpc/mm/slb_low.S | 8 ++++++++ 1 file changed, 8 insertions(+) commit e471c393dfafff54c65979cbda7d5a0eb38590f4 Author: Michael Ellerman Date: Mon Feb 13 15:26:40 2017 +1100 powerpc/mm: Convert slb_finish_load[_1T] to local symbols slb_finish_load and slb_finish_load_1T are both only used within slb_low.S, so make them local symbols. This makes the code a little clearer, as it's more obvious neither is intended to be an entry point from arbitrary other code, only the uses in this file. It also prevents them being used with kprobes and other tracing tools, which is good because we're not able to safely take traps at these locations, so making them local symbols avoids us needing to blacklist them. Signed-off-by: Naveen N. Rao Signed-off-by: Michael Ellerman arch/powerpc/mm/slb_low.S | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit a42715830d552d7c0e3be709383ece4832453275 Author: Stewart Smith Date: Thu Feb 16 11:37:15 2017 +1100 MAINTAINERS: Remove powerpc's "opal" pattern match The block guys have merged a new driver called "sed-opal", which is getting caught by our pattern match on "opal". So drop our "opal" pattern and replace it with matches against the specific paths for our drivers. We should try and remember to add new drivers as they're added in future. Suggested-by: Jon Derrick Signed-off-by: Stewart Smith Reviewed-by: Andrew Donnellan [mpe: Fix ic2/i2c typo, write change log] Signed-off-by: Michael Ellerman MAINTAINERS | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit eae8263fb1f4256460270dd8f42334604dcdfac6 Author: Byungchul Park Date: Tue Feb 14 16:26:24 2017 +0900 md/raid5: Don't reinvent the wheel but use existing llist API Although llist provides proper APIs, they are not used. Make them used. Signed-off-by: Byungchul Park Signed-off-by: Shaohua Li drivers/md/raid5.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 448c077eeb02240c430db2a2c3bf5285a4c65d66 Author: Matthijs van Duin Date: Thu Feb 16 01:05:04 2017 +0100 ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build 'adr' yields a data-pointer, not a function-pointer. Fixes: 999f934de195 ("ARM: omap5/dra7xx: Enable booting secondary CPU in HYP mode") Signed-off-by: Matthijs van Duin Signed-off-by: Tony Lindgren arch/arm/mach-omap2/omap-headsmp.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 55f0cd3fb9c29c20fb94c47e28a9ec8cf704f8c2 Author: H Hartley Sweeten Date: Thu Feb 16 13:07:37 2017 -0700 spi: spi-ep93xx: simplify GPIO chip selects This driver requires a GPIO line to be used for the chip select of each SPI device. Remove the ep93xx_spi_chip_ops definition from the platform data and use the spi core GPIO handling for the chip selects. Fix all the ep93xx platforms that use this driver and remove the old Documentation. Signed-off-by: H Hartley Sweeten Signed-off-by: Mark Brown Documentation/spi/ep93xx_spi | 105 ----------------------- arch/arm/mach-ep93xx/edb93xx.c | 31 ++----- arch/arm/mach-ep93xx/simone.c | 63 +++----------- arch/arm/mach-ep93xx/vision_ep9307.c | 88 +++---------------- drivers/spi/spi-ep93xx.c | 139 ++++++++++--------------------- include/linux/platform_data/spi-ep93xx.h | 17 +--- 6 files changed, 74 insertions(+), 369 deletions(-) commit 0c8967c9df230d2c4dde6649f410b62e01806c22 Merge: 277d6f1 34a0548 Author: Ingo Molnar Date: Thu Feb 16 20:53:13 2017 +0100 Merge tag 'perf-core-for-mingo-4.11-20170215' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core Pull perf/core clang fixes from Arnaldo Carvalho de Melo: Changes to make tools/{perf,lib/{bpf,traceevent,api}} build with CC=clang, to, for instance, take advantage of warnings (Arnaldo Carvalho de Melo): - Conditionally request some warning options not available on clang - Set the maximum optimization level to -O3 when using CC=clang, leave the previous setting of -O6 otherwise. - Make it an error to pass a signed value to OPTION_UINTEGER, so that we can remove abs(unsigned int) calls in 'perf bench futex'. - Make sure dprintf() is not defined before using that name in 'perf bench numa' - Avoid using field after variable sized type, its a GNU extension, use equivalent code. - Fix some bugs where some variables could be used unitialized, something not caught by gcc. - Fix some spots where we were testing struct->array[] members against NULL, it will always evaluate to 'true'. - Add missing parse_events_error() prototype in the bison file. There are still one problem when trying to build the python support, but this are the 'size' outputs for 'make -C tools/perf NO_LIBPYTHON' for gcc and clang builds: DW_AT_producer: clang version 4.0.0 (http://llvm.org/git/clang.git f5be8ba13adc4ba1011a7ccd60c844bd60427c1c) (ht $ size ~/bin/perf text data bss dec hex filename 3447514 831320 23901696 28180530 1ae0032 /home/acme/bin/perf DW_AT_producer: GNU C99 6.3.1 20161221 (Red Hat 6.3.1-1) -mtune=generic -march=x86-64 -ggdb3 -O6 -std=gnu99 +-fno-omit-frame-pointer -funwind-tables -fstack-protector-all $ size ~/bin/perf text data bss dec hex filename 3671662 836480 23902752 28410894 1b1840e /home/acme/bin/perf Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit f3caf8618bce7e86c6f4f86785dd004c71b63a2d Author: Ganesh Goudar Date: Thu Feb 16 12:27:15 2017 +0530 cxgb4: Remove redundant code in t4_uld_clean_up() Remove variable rxq_info and also remove redundant assignment to it. Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.c | 2 -- 1 file changed, 2 deletions(-) commit 5d071c24f0cb8ce9fb5642c2a65ab5ab7f5ad244 Author: Ganesh Goudar Date: Thu Feb 16 12:25:52 2017 +0530 cxgb4: Add new T5 and T6 pci device id's Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/t4_pci_id_tbl.h | 5 +++++ 1 file changed, 5 insertions(+) commit 45da1ca2e20fb5b13c1abc8e65185dda08c88030 Author: Arjun V Date: Thu Feb 16 12:22:45 2017 +0530 cxgb4: Increase max number of tc u32 links Make max number of supported tc u32 links equal to max number of filters supported by hardware. Signed-off-by: Arjun V Signed-off-by: Rahul Lakkireddy Signed-off-by: Casey Leedom Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 3 +-- drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32.c | 12 +++++------- drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_u32.h | 5 +---- 3 files changed, 7 insertions(+), 13 deletions(-) commit 6085831883c25860264721df15f05bbded45e2a2 Author: Mikulas Patocka Date: Wed Feb 15 12:06:19 2017 -0500 dm stats: fix a leaked s->histogram_boundaries array Fixes: dfcfac3e4cd9 ("dm stats: collect and report histogram of IO latencies") Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer drivers/md/dm-stats.c | 1 + 1 file changed, 1 insertion(+) commit b79af13efd98ca2908f2df1120e79a7ff70faa0d Author: Bhumika Goyal Date: Wed Feb 15 23:43:28 2017 +0530 dm space map metadata: constify dm_space_map structures Declare dm_space_map structures as const as they are only passed as an argument to the function memcpy. This argument is of type const void *, so dm_space_map structures having this property can be declared as const. File size before: text data bss dec hex filename 4889 240 0 5129 1409 dm-space-map-metadata.o File size after: text data bss dec hex filename 5139 0 0 5139 1413 dm-space-map-metadata.o Signed-off-by: Bhumika Goyal Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-space-map-metadata.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e3efb2ad834b50cb9c8625155e3e2674f5bc443b Author: Vinod Koul Date: Thu Feb 9 16:44:04 2017 +0530 ASoC: hdac_hdmi: Add device id for Geminilake Geminilake is new Intel SoC, so add codec entry for HDMI Signed-off-by: Vinod Koul Signed-off-by: Senthilnathan Veppur Signed-off-by: Subhransu S. Prusty Signed-off-by: Mark Brown sound/soc/codecs/hdac_hdmi.c | 1 + 1 file changed, 1 insertion(+) commit 255048634366c9aee87d7ab801fa530c34f10b9f Author: Vinod Koul Date: Thu Feb 9 16:44:03 2017 +0530 ASoC: Intel: Skylake: Add Geminlake IDs Geminilake is next gen SoC, so add the IDs for Geminilake. Signed-off-by: Vinod Koul Signed-off-by: Subhransu S. Prusty Signed-off-by: Mark Brown sound/soc/intel/skylake/skl-messages.c | 7 +++++++ sound/soc/intel/skylake/skl.c | 7 +++++++ 2 files changed, 14 insertions(+) commit 06a99ddd2049e2697de32a9435c4d5c5b5c78360 Author: Vinod Koul Date: Thu Feb 9 16:44:02 2017 +0530 ASoC: rt298: Add DMI match for Geminilake reference platform Geminilake reference platform also uses combo jack for audio connector so we need to set codec pdata to use this based on DMI match for this board. Signed-off-by: Vinod Koul Signed-off-by: Subhransu S. Prusty Signed-off-by: Mark Brown sound/soc/codecs/rt298.c | 7 +++++++ 1 file changed, 7 insertions(+) commit db2f586b803eb6a7974098dd8ce1201f048071d0 Author: Senthilnathan Veppur Date: Thu Feb 9 16:44:01 2017 +0530 ASoC: Intel: Skylake: Check device type to get endpoint configuration Geminilake has two different devices connected to the same SSP, so use device_type check to get correct device configuration. Signed-off-by: Senthilnathan Veppur Signed-off-by: Subhransu S. Prusty Signed-off-by: Mark Brown sound/soc/intel/skylake/skl-nhlt.c | 16 ++++++++++------ sound/soc/intel/skylake/skl-topology.c | 32 ++++++++++++++++++++++++++++++-- sound/soc/intel/skylake/skl.h | 3 ++- 3 files changed, 42 insertions(+), 9 deletions(-) commit c5cf9f37a0fb6e50d68f6dcf58b93b2c47c780a1 Author: Jeeja KP Date: Tue Feb 7 19:10:00 2017 +0530 ASoC: Intel: bxt: Add jack port initialize in da7219_max98357a machine After the pcm jack is created, create and initialize the pin switch widget for each port. Pin switch is to enable/disable the pin when monitor is connected/disconnected. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/bxt_da7219_max98357a.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 86b5703158ff39e5efe9480784a7cad1b4baef59 Author: Jeeja KP Date: Tue Feb 7 19:09:58 2017 +0530 ASoC: Intel: Skylake: Add jack port initialize in nau88l25_ssm4567 machine After the pcm jack is created, create and initialize the pin switch widget for each port. Pin switch is to enable/disable the pin when monitor is connected/disconnected. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/skl_nau88l25_ssm4567.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 565f13a95ec3d541324e80657bd512a19df8e576 Author: Jeeja KP Date: Tue Feb 7 19:09:57 2017 +0530 ASoC: Intel: Skylake: Add jack port initialize in nau88l25_max98357a machine After the pcm jack is created, create and initialize the pin switch widget for each port. Pin switch is to enable/disable the pin when monitor is connected/disconnected. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/skl_nau88l25_max98357a.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 64f8620d482d38ed093eca78d8ca9b1bb64a6172 Author: Jeeja KP Date: Tue Feb 7 19:09:56 2017 +0530 ASoC: Intel: Skylake: Add jack port initialize in rt286 machine After the pcm jack is created, create and initialize the pin switch widget for each port. Pin switch is to enable/disable the pin when monitor is connected/disconnected. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/skl_rt286.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 0324e51b5ba405cd2d66e9e95430f6b9562d0ac0 Author: Jeeja KP Date: Tue Feb 7 19:09:55 2017 +0530 ASoC: hdac_hdmi: Add machine pin widget for each port Represent each port as machine DAPM pin widget. This helps in enable/disable pin when monitor is connected/disconnected in case pcm is rendered to multiple ports. Create machine pin widgets and pin switch kcontrol for each port and report based on the pin status Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/codecs/hdac_hdmi.c | 130 +++++++++++++++++++++++++++++++++++++++++++ sound/soc/codecs/hdac_hdmi.h | 2 + 2 files changed, 132 insertions(+) commit 625de2bf2ed1632cb74a4a38f8f09a2063fb74af Author: Jeeja KP Date: Tue Feb 7 19:09:54 2017 +0530 ASoC: Intel: bxt: Create ASoC jack for hdmi in bxt_da7219_max98357 machine Creates ASoC jack for HDMI PCM and calls hdmi codec API to initialize jack in bxt_da7219_max98357 machine Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/bxt_da7219_max98357a.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) commit 7932b8ace390c4474d1dc62d7843e843bc3ae9b5 Author: Jeeja KP Date: Tue Feb 7 19:09:53 2017 +0530 ASoC: Intel: bxt: Create ASoC jack for hdmi in bxt_rt298 machine Creates ASoC jack for HDMI PCM and calls hdmi codec API to initialize jack in bxt_rt298.c machine Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/bxt_rt298.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) commit 9e4278cd9b8e6e6464a4eb5e65c2b232076aa6c6 Author: Jeeja KP Date: Tue Feb 7 19:09:52 2017 +0530 ASoC: Intel: Skylake: Create ASoC jack for hdmi in nau88l25_ssm4567 machine Creates ASoC jack for HDMI PCM and calls hdmi codec API to initialize jack in skl_nau88l25_ssm4567 machine Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/skl_nau88l25_ssm4567.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) commit c541b2dd45042c1e031778e0229d032dff90f045 Author: Jeeja KP Date: Tue Feb 7 19:09:51 2017 +0530 ASoC: Intel: Skylake: Create ASoC jack for hdmi in skl_nau88l25_max98357a machine Creates ASoC jack for HDMI PCM and calls hdmi codec API to initialize jack in skl_nau88l25_max98357a machine Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/skl_nau88l25_max98357a.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) commit f3af359242f58b9c5f6f78ff4d13e8f108514bc0 Author: Jeeja KP Date: Tue Feb 7 19:09:50 2017 +0530 ASoC: Intel: Skylake: Create ASoC jack for hdmi in rt286 machine Creates ASoC jack for HDMI pcm and calls hdmi codec API to initialize jack in skl_rt268 machine Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/skl_rt286.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) commit 624900163d060f15d71ff383104a909737de770c Author: Jeeja KP Date: Tue Feb 7 19:09:49 2017 +0530 ASoC: hdac_hdmi: Use ASoC jack instead of snd_jack Use snd_soc_jack instead of snd_jack and create the jack in machine driver and pass the jack pointer to hdac_hdmi driver for jack reporting. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/codecs/hdac_hdmi.c | 19 ++++++++----------- sound/soc/codecs/hdac_hdmi.h | 3 ++- 2 files changed, 10 insertions(+), 12 deletions(-) commit e0e5d3e5a53b3bc354c18030b78b7ebcb33e004b Author: Jeeja KP Date: Tue Feb 7 19:09:48 2017 +0530 ASoC: hdac_hdmi: Add support for multiple ports to a PCM Since we have the MST feature enabled and Pin-Port mux for user to select the converter routing, multiple port mapping to same converter needs to be supported. To support multiple port mapped to same converter following changes are done for this:. o Add port list to pcm, so that multiple ports can be mapped to a PCM. o Jack reporting in case where multiple port are attached to same PCM. o Change hdac_hdmi_get_port_from_cvt(), channel_map, remove functions to parse through all ports mapped to same the PCM. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/codecs/hdac_hdmi.c | 168 +++++++++++++++++++++++++++++-------------- 1 file changed, 113 insertions(+), 55 deletions(-) commit 1b46ebd136b3ad334762d6e66b0b96b432680e50 Author: Jeeja KP Date: Tue Feb 7 19:09:47 2017 +0530 ASoc: hdac_hdmi: Configure pin verbs for MST To enable stream on a specific port of a MST capable pin, the port needs to be selected before we configure the pin widget verb. When port is selected, all the pin widget verb controlling the sink device operation will be directed to selected port. So add port selection before configuring the pin widget verb. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/codecs/hdac_hdmi.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit a9ce96bcd9c4d0c1ffd3d37c000bcee470b2535b Author: Jeeja KP Date: Tue Feb 7 19:09:46 2017 +0530 ASoC: hdac_hdmi: Handle MST pin jack detection at boot/resume The ELD notification can be received asynchronously from the graphics side and this may happen just at the moment the sound driver is initializing and notification will be missed. Similarly at system resume, the notification is ignored as the ELD and connection states are updated in anyway at the end of the resume. So check the jack status in boot/resume by querying the port presence based on pin caps and report the jack status. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/codecs/hdac_hdmi.c | 41 +++++++++++++++++++++++++++++------------ 1 file changed, 29 insertions(+), 12 deletions(-) commit fc181b04f2d44805624d4bc5a0615bc084199a81 Author: Jeeja KP Date: Tue Feb 7 19:09:45 2017 +0530 ASoC: hdac_hdmi: Add MST verb support To support DP MST audio, new pin verbs/params are added. This patch adds helper functions to do following: o To set a specific port o To get the currently selected port o To get the length of port. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/codecs/hdac_hdmi.c | 70 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) commit 025205f8f30c6ab52b69bf34fb359ac80360fefd Author: Andrey Ryabinin Date: Tue Feb 14 13:08:39 2017 +0300 x86/mm/ptdump: Add address marker for KASAN shadow region Annotate the KASAN shadow with address markers in page table dump output: $ cat /sys/kernel/debug/kernel_page_tables ... ---[ Vmemmap ]--- 0xffffea0000000000-0xffffea0003000000 48M RW PSE GLB NX pmd 0xffffea0003000000-0xffffea0004000000 16M pmd 0xffffea0004000000-0xffffea0005000000 16M RW PSE GLB NX pmd 0xffffea0005000000-0xffffea0040000000 944M pmd 0xffffea0040000000-0xffffea8000000000 511G pud 0xffffea8000000000-0xffffec0000000000 1536G pgd ---[ KASAN shadow ]--- 0xffffec0000000000-0xffffed0000000000 1T ro GLB NX pte 0xffffed0000000000-0xffffed0018000000 384M RW PSE GLB NX pmd 0xffffed0018000000-0xffffed0020000000 128M pmd 0xffffed0020000000-0xffffed0028200000 130M RW PSE GLB NX pmd 0xffffed0028200000-0xffffed0040000000 382M pmd 0xffffed0040000000-0xffffed8000000000 511G pud 0xffffed8000000000-0xfffff50000000000 7680G pgd 0xfffff50000000000-0xfffffbfff0000000 7339776M ro GLB NX pte 0xfffffbfff0000000-0xfffffbfff0200000 2M pmd 0xfffffbfff0200000-0xfffffbfff0a00000 8M RW PSE GLB NX pmd 0xfffffbfff0a00000-0xfffffbffffe00000 244M pmd 0xfffffbffffe00000-0xfffffc0000000000 2M ro GLB NX pte ---[ KASAN shadow end ]--- 0xfffffc0000000000-0xffffff0000000000 3T pgd ---[ ESPfix Area ]--- ... Signed-off-by: Andrey Ryabinin Reviewed-by: Alexander Potapenko Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: Tobias Regnery Cc: Andrey Ryabinin Cc: Dmitry Vyukov Link: http://lkml.kernel.org/r/20170214100839.17186-2-aryabinin@virtuozzo.com Signed-off-by: Thomas Gleixner arch/x86/mm/dump_pagetables.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 243b72aae28ca1032284028323bb81c9235b15c9 Author: Andrey Ryabinin Date: Tue Feb 14 13:08:38 2017 +0300 x86/mm/ptdump: Optimize check for W+X mappings for CONFIG_KASAN=y Enabling both DEBUG_WX=y and KASAN=y options significantly increases boot time (dozens of seconds at least). KASAN fills kernel page tables with repeated values to map several TBs of the virtual memory to the single kasan_zero_page: kasan_zero_pud -> kasan_zero_pmd-> kasan_zero_pte-> kasan_zero_page So, the page table walker used to find W+X mapping check the same kasan_zero_p?d page table entries a lot more than once. With patch pud walker will skip the pud if it has the same value as the previous one . Skipping done iff we search for W+X mappings, so this optimization won't affect the page table dump via debugfs. This dropped time spend in W+X check from ~30 sec to reasonable 0.1 sec: Before: [ 4.579991] Freeing unused kernel memory: 1000K [ 35.257523] x86/mm: Checked W+X mappings: passed, no W+X pages found. After: [ 5.138756] Freeing unused kernel memory: 1000K [ 5.266496] x86/mm: Checked W+X mappings: passed, no W+X pages found. Signed-off-by: Andrey Ryabinin Reviewed-by: Alexander Potapenko Cc: Mark Rutland Cc: kasan-dev@googlegroups.com Cc: Tobias Regnery Cc: Dmitry Vyukov Link: http://lkml.kernel.org/r/20170214100839.17186-1-aryabinin@virtuozzo.com Signed-off-by: Thomas Gleixner arch/x86/mm/dump_pagetables.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit 5b1ad68f9b1951ef78312d2935906cc8a8bd2e12 Merge: 1013fe3 7089db8 Author: Thomas Gleixner Date: Thu Feb 16 19:51:27 2017 +0100 Merge branch 'linus' into x86/mm Make sure to get the latest fixes before applying the ptdump enhancements. commit 0a441275018b69deffd35bc22a84fd51c54d7d85 Author: Mandel Benjamin Date: Wed Feb 15 06:46:16 2017 +0900 Staging: vc04_services: Fix the "space prohibited" code style errors Fixes the following code style errors: ERROR: space prohibited after/before that open/closed parenthesis Signed-off-by: Mandel Benjamin Signed-off-by: Greg Kroah-Hartman drivers/staging/vc04_services/interface/vchi/vchi_common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6b0d6284d9486102350a72418e38e5cfb0055477 Author: Mandel Benjamin Date: Wed Feb 15 06:39:52 2017 +0900 Staging: vc04_services: Fix the "wrong indent" code style errors Fixes the following code style errors: ERROR: code indent should use tabs where possible Signed-off-by: Mandel Benjamin Signed-off-by: Greg Kroah-Hartman drivers/staging/vc04_services/interface/vchi/vchi_common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 66812da3a689e3fea8a2e3899dd8b5f53aab2261 Author: Tobias Klauser Date: Wed Feb 15 13:51:10 2017 +0100 staging: octeon: Use net_device_stats from struct net_device Instead of using a private copy of struct net_device_stats in struct octeon_ethernet, use stats from struct net_device. Also remove the now unnecessary .ndo_get_stats function. Signed-off-by: Tobias Klauser Signed-off-by: Greg Kroah-Hartman drivers/staging/octeon/ethernet-rx.c | 6 +++--- drivers/staging/octeon/ethernet-tx.c | 10 +++++----- drivers/staging/octeon/ethernet.c | 18 +++++++++--------- drivers/staging/octeon/octeon-ethernet.h | 2 -- 4 files changed, 17 insertions(+), 19 deletions(-) commit 548d35062bc0550166cb7d6e55d969b83cd503f7 Author: Derek Robson Date: Thu Feb 16 18:34:18 2017 +1300 Staging: rtl8192u: ieee80211: ieee80211.h - style fix Fixed style of block comments Found using checkpatch Signed-off-by: Derek Robson Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192u/ieee80211/ieee80211.h | 61 +++++++++++++++----------- 1 file changed, 36 insertions(+), 25 deletions(-) commit b8edc16314d8f41b4d4c2d152e80295bb50262a5 Author: Derek Robson Date: Thu Feb 16 18:33:51 2017 +1300 Staging: rtl8192u: ieee80211: ieee80211_tx.c - style fix Fixed style of block comments Found using checkpatch Signed-off-by: Derek Robson Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c | 290 +++++++++++----------- 1 file changed, 150 insertions(+), 140 deletions(-) commit 87bf14fe117e68ba5a146934db7e07ec8402fbb1 Author: Derek Robson Date: Thu Feb 16 18:33:12 2017 +1300 Staging: rtl8192u: ieee80211: rtl819x_BAProc.c - style fix Fixed style of block comments Found using checkpatch Signed-off-by: Derek Robson Signed-off-by: Greg Kroah-Hartman .../staging/rtl8192u/ieee80211/rtl819x_BAProc.c | 28 +++++++++++----------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 6dbe64b2feafe5e7547d87adafbe807f11b86ded Author: Derek Robson Date: Thu Feb 16 18:32:43 2017 +1300 Staging: rtl8192u: ieee80211: ieee80211_module.c - style fix Fixed style of block comments Found using checkpatch Signed-off-by: Derek Robson Signed-off-by: Greg Kroah-Hartman .../staging/rtl8192u/ieee80211/ieee80211_module.c | 60 +++++++++++----------- 1 file changed, 30 insertions(+), 30 deletions(-) commit 239378b46a4dd9be58a85c83d6762ce20172b9b0 Author: Derek Robson Date: Thu Feb 16 18:32:15 2017 +1300 Staging: rtl8192u: ieee80211: rtl819x_TSProc.c - style fix Fixed style of block comments Found using checkpatch Signed-off-by: Derek Robson Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192u/ieee80211/rtl819x_TSProc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9e664c6feab6f898845fa5cb8cfe17da03d65d9d Author: Derek Robson Date: Thu Feb 16 18:32:01 2017 +1300 Staging: rtl8192u: r8192U.h - style fix Fixed style of block comments Found using checkpatch Signed-off-by: Derek Robson Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192u/r8192U.h | 39 ++++++++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 13 deletions(-) commit 8ec5252530bcb177219bbb4d63f31b9a18b3b3bc Author: Derek Robson Date: Thu Feb 16 18:31:37 2017 +1300 Staging: rtl8192u: r8192U_core.c - style fix Fixed style of block comments Found using checkpatch Signed-off-by: Derek Robson Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192u/r8192U_core.c | 70 +++++++++++++++++----------------- 1 file changed, 35 insertions(+), 35 deletions(-) commit 70cd55d6755ee8342899b9ea3ba7fe16987f09b7 Author: Derek Robson Date: Thu Feb 16 18:31:07 2017 +1300 Staging: rtl8192u: r819xU_cmdpkt.c - style fix Fixed style of block comments Found using checkpatch Signed-off-by: Derek Robson Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192u/r819xU_cmdpkt.c | 82 ++++++++++++++++++++------------ 1 file changed, 52 insertions(+), 30 deletions(-) commit f59de563358eb9351b7f8f0ba2d3be2ebb70b93d Author: Chris Brandt Date: Tue Feb 14 11:08:05 2017 -0500 clk: renesas: mstp: ensure register writes complete When there is no status bit, it is possible for the clock enable/disable operation to have not completed by the time the driver code resumes execution. This is due to the fact that write operations are sometimes queued and delayed internally. Doing a read ensures the write operations has completed. Fixes: b6face404f38 ("ARM: shmobile: r7s72100: add essential clock nodes to dtsi") Signed-off-by: Chris Brandt Reviewed-by: Geert Uytterhoeven Signed-off-by: Stephen Boyd drivers/clk/renesas/clk-mstp.c | 6 ++++++ 1 file changed, 6 insertions(+) commit c95378123d466f4ecaf14cd3543a01f03bece36d Author: simran singhal Date: Wed Feb 15 01:41:06 2017 +0530 staging: rtl8192u: blank lines aren't necessary before a close brace '}' Fix checkpatch issues: "CHECK: Blank lines aren't necessary before a close brace '}'". Signed-off-by: simran singhal Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192u/ieee80211/ieee80211_wx.c | 3 --- 1 file changed, 3 deletions(-) commit 758c3788a8e6cee1e9caad8954da00d298f64388 Author: simran singhal Date: Wed Feb 15 01:39:09 2017 +0530 staging: rtl8192u: Adding space after enum and struct definition Fixes checkpatch.pl warning: WARNING: missing space after struct definition WARNING: missing space after enum definition Signed-off-by: simran singhal Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192u/ieee80211/rtl819x_HT.h | 38 ++++++++++++------------- 1 file changed, 19 insertions(+), 19 deletions(-) commit 6beed63bf3c9002933a0df2e6b0dc58634060d9b Author: simran singhal Date: Wed Feb 15 01:38:13 2017 +0530 staging: rtl8192u: Adding space after struct definition Fixes checkpatch.pl warning: WARNING: missing space after struct definition Signed-off-by: simran singhal Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8192u/ieee80211/rtl819x_TS.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit db224d31bbcd04fe1e85b40649e61ced97776720 Author: Shiva Kerdel Date: Thu Feb 16 17:13:25 2017 +0100 Staging: ks7010: Add required and preferred spaces around operators Spaces should be added around operators to improve readability and are required in some cases. Signed-off-by: Shiva Kerdel Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks_hostif.c | 2 +- drivers/staging/ks7010/ks_hostif.h | 64 +++++++++++++++++----------------- drivers/staging/ks7010/ks_wlan.h | 4 +-- drivers/staging/ks7010/ks_wlan_ioctl.h | 64 +++++++++++++++++----------------- drivers/staging/ks7010/ks_wlan_net.c | 4 +-- drivers/staging/ks7010/michael_mic.c | 8 ++--- 6 files changed, 73 insertions(+), 73 deletions(-) commit d9eb486147270d15110dc3153203dfe65ccd15e6 Author: Shiva Kerdel Date: Thu Feb 16 16:31:02 2017 +0100 Staging: ks7010: ks*: Remove redundant blank lines Multiple blank lines shouldn't be used. Signed-off-by: Shiva Kerdel Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks7010_sdio.c | 1 - drivers/staging/ks7010/ks_wlan_net.c | 2 -- 2 files changed, 3 deletions(-) commit 38fb746872a85f66e6858d5858077a2aa5cc9ce2 Author: Shiva Kerdel Date: Thu Feb 16 16:31:01 2017 +0100 Staging: ks7010: ks*: Add missing blank lines after declarations A blank line should be added after function/struct/union/enum declarations. Signed-off-by: Shiva Kerdel Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks7010_sdio.h | 1 + drivers/staging/ks7010/ks_wlan.h | 1 + 2 files changed, 2 insertions(+) commit ee9dc31962ac7141df6926b8696edf8831dde76c Author: Garlic Tseng Date: Thu Feb 16 13:27:16 2017 +0800 ASoC: mediatek: add power-domains for mt2701-afe-pcm.txt This add power-domains for mt2701-afe-pcm Signed-off-by: Garlic Tseng Signed-off-by: Mark Brown Documentation/devicetree/bindings/sound/mt2701-afe-pcm.txt | 2 ++ 1 file changed, 2 insertions(+) commit cc3e1ce2c73c0e44373eb364f94e4fefebf7719e Author: Garlic Tseng Date: Thu Feb 16 13:27:15 2017 +0800 ASoC: mediatek: add power-domain get/put ctrl for mt2701 add power-domain ctrl for audio driver Signed-off-by: Garlic Tseng Signed-off-by: Mark Brown sound/soc/mediatek/mt2701/mt2701-afe-pcm.c | 2 ++ 1 file changed, 2 insertions(+) commit ad16d4a83ddc86151b4a6efe257ba74eb30f9f8e Author: DongCV Date: Wed Feb 15 19:50:52 2017 +0900 spi: rspi: Replaces "n" by "len" in qspi_transfer_*() This patch replaced "n" by "len" bytes of data in qspi_transfer_in() and qspi_transfer_out() function. This will make improving readability. Signed-off-by: DongCV Reviewed-by: Geert Uytterhoeven Signed-off-by: Mark Brown drivers/spi/spi-rspi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7264abc7000d601726aefb05189ea524ee3995ba Author: DongCV Date: Wed Feb 15 19:50:51 2017 +0900 spi: rspi: Fixes bogus received byte in qspi_transfer_in() In qspi_transfer_in(), when receiving the last n (or len) bytes of data, one bogus byte was written in the receive buffer. This code leads to a buffer overflow. "jffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found at 0x03b40000: 0x1900 instead jffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found at 0x03b40004: 0x000c instead" The error message above happens when trying to mount, unmount, and remount a jffs2-formatted device. This patch removed the bogus write to fixes: 3be09bec42a800d4 "spi: rspi: supports 32bytes buffer for DUAL and QUAD" And here is Geert's comment: "spi: rspi: Fix bogus received byte in qspi_transfer_in() When there are less than QSPI_BUFFER_SIZE remaining bytes to be received, qspi_transfer_in() writes one bogus byte in the receive buffer, possibly leading to a buffer overflow. This can be reproduced by mounting, unmounting, and remounting a jffs2-formatted device, causing lots of warnings like: "jffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found at 0x03b40000: 0x1900 instead" Remove the bogus write to fix this. " Signed-off-by: DongCV Reviewed-by: Geert Uytterhoeven Signed-off-by: Mark Brown drivers/spi/spi-rspi.c | 1 - 1 file changed, 1 deletion(-) commit 614dd644cbacb6a0ad0f1f746e75ec3887ed18bb Author: Stefan Svinciak Date: Wed Feb 15 17:04:26 2017 +0100 staging: visorbus, replace init_timer with setup_timer Newer version is more readable and needs less changes if/when timer_struct is to be changed. Signed-off-by: Stefan Svinciak Signed-off-by: Jiri Slaby Cc: David Kershner Cc: Acked-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorbus_main.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit dfbfa05210f4734990fd82e832759dc6e6ab038a Author: Michael S. Hansen Date: Wed Feb 15 21:47:41 2017 -0500 staging: vt6656: rxtx.c Removed multiple dereferencing Fixes checkpatch warning: Avoid multiple line dereference Signed-off-by: Michael S. Hansen Signed-off-by: Greg Kroah-Hartman drivers/staging/vt6656/rxtx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 42aa03dc5ce7798707948bfdf9cd87a6a7627299 Author: Arushi Singhal Date: Wed Feb 15 00:53:47 2017 +0530 staging: vt6656: Alignment match open parenthesis Fix checkpatch issues: "CHECK: Alignment should match open parenthesis" Signed-off-by: Arushi Singhal Signed-off-by: Greg Kroah-Hartman drivers/staging/vt6656/rxtx.c | 54 +++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 27 deletions(-) commit 812930665872e668119412a4bdb0c08f8c373a1f Author: Arushi Singhal Date: Tue Feb 14 23:39:15 2017 +0530 staging: vt6656: Alignment should match open parenthesis Fix checkpatch issues: "CHECK: Alignment should match open parenthesis" Signed-off-by: Arushi Singhal Signed-off-by: Greg Kroah-Hartman drivers/staging/vt6656/firmware.c | 34 +++++++++++++++++----------------- drivers/staging/vt6656/key.h | 2 +- drivers/staging/vt6656/rf.c | 12 ++++++------ drivers/staging/vt6656/usbpipe.c | 12 ++++++------ drivers/staging/vt6656/wcmd.c | 2 +- 5 files changed, 31 insertions(+), 31 deletions(-) commit cd3d9ecebf8b3918588b1d529ad0a70da4ac8263 Author: Bo YU Date: Thu Feb 16 09:59:07 2017 -0500 Staging: bcm2835-audio: fixed a code style issue: Missing a blank line after declarations Signed-off-by: Bo YU Signed-off-by: Greg Kroah-Hartman drivers/staging/bcm2835-audio/bcm2835-pcm.c | 1 + 1 file changed, 1 insertion(+) commit f5e2199ae574245b56b32e047c93625a28fe3b3a Author: Dan Carpenter Date: Wed Feb 15 02:15:44 2017 +0300 staging: bcm2835-audio: allocate enough data for work queues We accidentally allocate sizeof(void *) bytes instead of 112 bytes. It results in memory corruption. Fixes: 23b028c871e1 ("staging: bcm2835-audio: initial staging submission") Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman drivers/staging/bcm2835-audio/bcm2835-vchiq.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 021fbaa5fb5b2f0c2d9938ee16c79358ba9bf06b Author: Dan Carpenter Date: Wed Feb 15 02:10:44 2017 +0300 Staging: bcm2835-audio: && vs & typo We intended to mask away the upper bits but there is a "&&" vs "&" typo so it's broken. Fixes: 23b028c871e1 ("staging: bcm2835-audio: initial staging submission") Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman drivers/staging/bcm2835-audio/bcm2835-ctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f3fe2a8e60d27ea0c2410ff299efb58fc2032b93 Author: Gargi Sharma Date: Thu Feb 16 22:58:35 2017 +0530 staging: wlan-ng: remove space before tab remove the space before the tab to fix the the checkpatch issue, no spaces before tabs. Signed-off-by: Gargi Sharma Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/prism2mib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 66dc935358f43737fc1e745c21be7930e47b8875 Author: Maxime Rossi Bellom Date: Thu Feb 16 11:50:26 2017 +0100 staging: lustre: Fix incompatible argument in osc_match_base sparse warn about _u32 used for two arguments in function osc_match_base instead of enum ldlm_type and enum ldlm_mode as used in the prototype. Signed-off-by: Maxime Rossi Bellom Reviewed-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/osc/osc_request.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3827b64dba27ebadb4faf51f2c91143e01ba1f6d Author: Javier Martinez Canillas Date: Thu Feb 16 14:30:02 2017 -0300 regulator: core: Resolve supplies before disabling unused regulators After commit 66d228a2bf03 ("regulator: core: Don't use regulators as supplies until the parent is bound"), input supplies aren't resolved if the input supplies parent device has not been bound. This prevent regulators to hold an invalid reference if its supply parent device driver probe is deferred. But this causes issues on some boards where a PMIC's regulator use as input supply a regulator from another PMIC whose driver is registered after the driver for the former. In this case the regulators for the first PMIC will fail to resolve input supplies on regulators registration (since the other PMIC wasn't probed yet). And when the core attempts to resolve again latter when the other PMIC registers its own regulators, it will fail again since the parent device isn't bound yet. This will cause some parent supplies to never be resolved and wrongly be disabled on boot due taking them as unused. To solve this problem, also attempt to resolve the pending regulators input supplies before disabling the unused regulators. Signed-off-by: Javier Martinez Canillas Signed-off-by: Mark Brown drivers/regulator/core.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 9ff7400bd38c0d0bbcd02ed79cca2e51e10f0958 Author: Cheah Kok Cheong Date: Thu Feb 16 22:05:47 2017 +0800 Staging: comedi: drivers: comedi_test: Add auto-configuration capability Currently this module needs to be manually configured by COMEDI userspace tool before the test waveform can be read by a COMEDI compatible application. This patch adds auto-configuration capability and makes it the default loading option. This is achieved by creating a device during init to stand in for a real hardware device. This allows comedi_auto_config() to perform auto-configuration. With this patch, the test waveform can be read by a COMEDI compatible application without needing manual configuration. Previous behaviour is still selectable via module loading parameter. Module loading without passing any parameter will default to auto-configuration with the same default waveform amplitude and period values. For auto-configuration, different amplitude and period values can be set via module loading parameters. Tested on Xubuntu 16.04 using Xoscope ver: 2.0 which is available in the Ubuntu repository. Xoscope is a COMEDI compatible digital oscilloscope application. For manual configuration, only module loading/unloading is tested. Here are the truncated dmesg output. [sudo modprobe comedi_test] comedi_test: 1000000 microvolt, 100000 microsecond waveform attached driver 'comedi_test' has successfully auto-configured 'comedi_test'. [sudo modprobe comedi_test amplitude=2500000 period=150000] comedi_test: 2500000 microvolt, 150000 microsecond waveform attached driver 'comedi_test' has successfully auto-configured 'comedi_test'. [sudo modprobe comedi_test noauto=1] comedi_test: module is from the staging directory, the quality is unknown, you have been warned. For those without an actual hardware, the comedi_test module is as close as one can get to test the COMEDI system. Having both auto and manual configuration capability will broaden the test function of this module. Hopefully this will make it easier for people to check out the COMEDI system and contribute to its development. Signed-off-by: Cheah Kok Cheong Reviewed-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers/comedi_test.c | 135 ++++++++++++++++++++++++--- 1 file changed, 123 insertions(+), 12 deletions(-) commit 7f1b21591a632c6caefd9aa53b630808f4f477e1 Author: Mike Snitzer Date: Tue Oct 4 15:00:47 2016 -0400 dm cache metadata: use cursor api in blocks_are_clean_separate_dirty() Signed-off-by: Mike Snitzer drivers/md/dm-cache-metadata.c | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) commit 9b696229aa7de356675a938c6c8a70b46085ed66 Author: Joe Thornber Date: Wed Oct 5 10:40:39 2016 -0400 dm persistent data: add cursor skip functions to the cursor APIs Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-array.c | 21 ++++++++++++++++++++ drivers/md/persistent-data/dm-array.h | 1 + drivers/md/persistent-data/dm-bitset.c | 35 ++++++++++++++++++++++++++++++++++ drivers/md/persistent-data/dm-bitset.h | 1 + drivers/md/persistent-data/dm-btree.c | 11 +++++++++++ drivers/md/persistent-data/dm-btree.h | 1 + 6 files changed, 70 insertions(+) commit 683bb1a3742bb0c8768711aa5ff1034d92e447f2 Author: Joe Thornber Date: Thu Sep 22 10:45:21 2016 -0400 dm cache metadata: use dm_bitset_new() to create the dirty bitset in format 2 Big speed up with large configs. Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/dm-cache-metadata.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) commit 2151249eaabb48151cff6364adb4054b3497d62d Author: Joe Thornber Date: Thu Sep 22 10:44:41 2016 -0400 dm bitset: add dm_bitset_new() A more efficient way of creating a populated bitset. Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-bitset.c | 42 ++++++++++++++++++++++++++++++++++ drivers/md/persistent-data/dm-bitset.h | 16 +++++++++++++ 2 files changed, 58 insertions(+) commit 48551054fc256285289f6d03abd50cb74fb71819 Author: Mike Snitzer Date: Tue Oct 4 15:22:17 2016 -0400 dm cache metadata: name the cache block that couldn't be loaded Improves __load_mapping_v1() and __load_mapping_v2() DMERR messages to explicitly name the cache block number whose mapping couldn't be loaded. Signed-off-by: Mike Snitzer drivers/md/dm-cache-metadata.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 629d0a8a1a104187db8fbf966e4cc5cfb6aa9a3c Author: Joe Thornber Date: Thu Sep 22 06:15:21 2016 -0400 dm cache metadata: add "metadata2" feature If "metadata2" is provided as a table argument when creating/loading a cache target a more compact metadata format, with separate dirty bits, is used. "metadata2" improves speed of shutting down a cache target. Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer Documentation/device-mapper/cache.txt | 4 + drivers/md/dm-cache-metadata.c | 278 ++++++++++++++++++++++++++++++---- drivers/md/dm-cache-metadata.h | 11 +- drivers/md/dm-cache-target.c | 38 +++-- 4 files changed, 278 insertions(+), 53 deletions(-) commit ae4a46a1f60942263d6fd119fe1da49bb16d2bd5 Author: Joe Thornber Date: Mon Oct 3 14:16:20 2016 -0400 dm cache metadata: use bitset cursor api to load discard bitset Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/dm-cache-metadata.c | 48 ++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 20 deletions(-) commit 6fe28dbf05e329ce136f38219d95a1826ceafebd Author: Joe Thornber Date: Mon Oct 3 14:15:02 2016 -0400 dm bitset: introduce cursor api Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-bitset.c | 69 ++++++++++++++++++++++++++++++++++ drivers/md/persistent-data/dm-bitset.h | 22 +++++++++++ 2 files changed, 91 insertions(+) commit 9f9ef0657d53d988dc07b096052b3dd07d6e3c46 Author: Joe Thornber Date: Thu Nov 19 13:36:45 2015 +0000 dm btree: use GFP_NOFS in dm_btree_del() dm_btree_del() is called from an ioctl so don't recurse into FS. Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-btree.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 3ba3ba1e8411532dc4a05b4e8932c9e358d70a44 Author: Joe Thornber Date: Thu Nov 19 13:03:36 2015 +0000 dm space map common: memcpy the disk root to ensure it's arch aligned The metadata_space_map_root passed to sm_ll_open_metadata() may or may not be arch aligned, use memcpy to ensure it is. This is not a fast path so the extra memcpy doesn't hurt us. Long-term it'd be better to use the kernel's alignment infrastructure to remove the memcpy()s that are littered across persistent-data (btree, array, space-maps, etc). Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-space-map-common.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit 602548bdd5ac4ed7025d992e3ad61a628af4c500 Author: Joe Thornber Date: Thu Nov 19 12:55:58 2015 +0000 dm block manager: add unlikely() annotations on dm_bufio error paths Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-block-manager.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit ca763d0a53b264a650342cee206512bc92ac7050 Author: Joe Thornber Date: Thu Feb 9 11:46:18 2017 -0500 dm cache: fix corruption seen when using cache > 2TB A rounding bug due to compiler generated temporary being 32bit was found in remap_to_cache(). A localized cast in remap_to_cache() fixes the corruption but this preferred fix (changing from uint32_t to sector_t) eliminates potential for future rounding errors elsewhere. Cc: stable@vger.kernel.org Signed-off-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/dm-cache-target.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit bbd6411513aa8ef3ea02abab61318daf87c1af1e Author: Cao, Lei Date: Fri Feb 3 20:04:35 2017 +0000 KVM: Support vCPU-based gfn->hva cache Provide versions of struct gfn_to_hva_cache functions that take vcpu as a parameter instead of struct kvm. The existing functions are not needed anymore, so delete them. This allows dirty pages to be logged in the vcpu dirty ring, instead of the global dirty ring, for ring-based dirty memory tracking. Signed-off-by: Lei Cao Message-Id: Reviewed-by: Radim Krčmář Signed-off-by: Paolo Bonzini arch/x86/kvm/lapic.c | 22 ++++++++++------------ arch/x86/kvm/x86.c | 41 ++++++++++++++++++++--------------------- include/linux/kvm_host.h | 16 ++++++++-------- virt/kvm/kvm_main.c | 34 +++++++++++++++++----------------- 4 files changed, 55 insertions(+), 58 deletions(-) commit 4bd518f1598d41985eb933aa73bac2605b70984c Author: Paolo Bonzini Date: Fri Feb 3 20:44:51 2017 -0800 KVM: use separate generations for each address space This will make it easier to support multiple address spaces in kvm_gfn_to_hva_cache_init. Instead of having to check the address space id, we can keep on checking just the generation number. Reviewed-by: Radim Krčmář Signed-off-by: Paolo Bonzini virt/kvm/kvm_main.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) commit 5a2d4365d2c39e8a3ff3cbee3af123a23aebdb9c Author: Paolo Bonzini Date: Fri Feb 3 20:32:28 2017 -0800 KVM: only retrieve memslots once when initializing cache This will make it a bit simpler to handle multiple address spaces in gfn_to_hva_cache. Reviewed-by: Radim Krčmář Signed-off-by: Paolo Bonzini virt/kvm/kvm_main.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) commit 47c0152e0f8bd325869417e0aaff032e62bcf6f2 Author: Paolo Bonzini Date: Mon Dec 19 11:44:07 2016 +0100 KVM: VMX: use vmcs_set/clear_bits for CPU-based execution controls Reviewed-by: Radim Krčmář Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) commit 4306f200c71b959c44c32c8a0048fd5857a357c5 Author: Radim Krčmář Date: Wed Feb 15 20:27:20 2017 +0100 ptp_kvm: try to detect hypercall availability No point in registering the device if it cannot work. The hypercall does not advertise itself, so we have to call it. Signed-off-by: Radim Krčmář Signed-off-by: Paolo Bonzini drivers/ptp/ptp_kvm.c | 7 +++++++ 1 file changed, 7 insertions(+) commit e8411302b44b844b4f619e8064735c70b7490ee8 Author: Arnd Bergmann Date: Fri Feb 3 17:47:26 2017 +0100 drm/amdgpu: fix warning on older gcc releases gcc-4.8 warns about '{0}' being used an an initializer for nested structures: drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c: In function ‘gfx_v8_0_ring_emit_ce_meta_init’: drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c:7263:2: warning: missing braces around initializer [-Wmissing-braces] } ce_payload = {0}; drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c: In function ‘gfx_v8_0_ring_emit_de_meta_init’: drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c:7290:2: warning: missing braces around initializer [-Wmissing-braces] } de_payload = {0}; Using an empty {} initializer however has the same effect and works on all versions. Fixes: acad2b2a7b70 ("drm/amdgpu:implement CE/DE meta-init routines") Signed-off-by: Arnd Bergmann Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3e011039a3f376f246e662b0e3ffb08018e3416e Merge: d0f7de9 6b6a186 Author: Arnd Bergmann Date: Thu Feb 16 17:50:04 2017 +0100 Merge tag 'amlogic-dt64-2' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic into next/late Pull "Amlogic DT updates for v4.11, round 2" from Kevin Hilman: - add SAR ADC driver - add ADC laddered keys to meson-gxbb-p200 board * tag 'amlogic-dt64-2' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic: ARM64: dts: meson-gxbb-p200: add ADC laddered keys ARM64: dts: meson: meson-gx: add the SAR ADC ARM64: dts: meson-gxl: add the pwm_ao_b pin ARM64: dts: meson-gx: add the missing pwm_AO_ab node clk: gxbb: fix CLKID_ETH defined twice ARM64: dts: meson-gxl: rename Nexbox A95x for consistency clk: gxbb: add the SAR ADC clocks and expose them dt-bindings: amlogic: Add WeTek boards ARM64: dts: meson-gxbb: Add support for WeTek Hub and Play dt-bindings: vendor-prefix: Add wetek vendor prefix ARM64: dts: meson-gxm: Rename q200 and q201 DT files for consistency ARM64: dts: meson-gx: Add HDMI HPD/DDC pinctrl nodes ARM64: dts: meson-gxbb-vega-s95: Add LED ARM64: dts: meson-gx: add the serial CTS and RTS pin groups ARM64: dts: meson-gx: add the missing uart_AO_B clk: meson-gxbb: Export HDMI clocks ARM64: dts: meson-gxm: add SCPI configuration for GXM ARM64: dts: meson-gx: move the SCPI and SRAM nodes to meson-gx commit d0f7de9258e1fa7b531f10a6bdb971a2417dfd8a Merge: a121103 6629490 Author: Arnd Bergmann Date: Thu Feb 16 17:46:52 2017 +0100 Merge tag 'samsung-dt64-4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux into next/late Pull "Samsung DeviceTree ARM64 update for v4.11, third round" from Krzysztof Kozłowski: 1. Add necessary initial configuration for clocks of display subsystem. Till now it worked mostly thanks to bootloader. 2. Use macro definitions instead of hard-coded values for pinctrl on Exynos7. 3. Enable USB 3.0 (DWC3) on Exynos7. * tag 'samsung-dt64-4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux: (27 commits) arm64: dts: exynos: Add regulators for Vbus and Vbus-Boost arm64: dts: exynos: Add USB 3.0 controller node for Exynos7 arm64: dts: exynos: Use macros for pinctrl configuration on Exynos7 pinctrl: dt-bindings: samsung: Add Exynos7 specific pinctrl macro definitions arm64: dts: exynos: Add initial configuration for DISP clocks for TM2/TM2e clk: samsung: exynos5433: Add data for 250MHz and 278MHz PLL rates clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks arm64: dts: exynos: Add clocks to Exynos5433 LPASS module arm64: dts: exynos: set LDO7 regulator as always on arm64: dts: exynos: configure TV path clocks for Ultra HD modes arm64: dts: exynos: Fix drive strength of sd0_xxx pin definitions arm64: dts: exynos: Disable pull down for audio pins in Exynos5433 SoCs arm64: dts: exynos: Add TM2 touchkey node arm64: dts: exynos: Remove unneeded unit names in Exynos5433 nodes arm64: dts: exynos: Enable HDMI/TV path on Exynos5433-TM2 arm64: dts: exynos: Add HDMI node to Exynos5433 arm64: dts: exynos: Add DECON_TV node to Exynos5433 arm64: dts: exynos: Fix addresses in node names on Exynos5433 arm64: dts: exynos: Make TM2 and TM2E independent from each other arm64: dts: exynos: Fix wrong values for ldo23 and ldo25 on TM2/TM2E ... commit 5187b6cd1d22a010e7701e3ed74bdf0ad175904a Author: Nicolai Hähnle Date: Tue Feb 14 11:06:52 2017 +0100 drm/ttm: make TTM_MAX_BO_PRIORITY unsigned Fix a warning about different types in min() macro in amdgpu: In file included from ./include/linux/list.h:8:0, from drivers/gpu/drm/amd/amdgpu/amdgpu_object.c:32: drivers/gpu/drm/amd/amdgpu/amdgpu_object.c: In function ‘amdgpu_bo_create_restricted’: ./include/linux/kernel.h:739:16: warning: comparison of distinct pointer types lacks a cast (void) (&min1 == &min2); \ ^ ./include/linux/kernel.h:742:2: note: in expansion of macro ‘__min’ __min(typeof(x), typeof(y), \ ^~~~~ drivers/gpu/drm/amd/amdgpu/amdgpu_object.c:434:21: note: in expansion of macro ‘min’ bo->tbo.priority = min(bo->tbo.priority, TTM_MAX_BO_PRIORITY - 1); ^~~ Signed-off-by: Nicolai Hähnle Reviewed-by: Christian König Signed-off-by: Alex Deucher include/drm/ttm/ttm_bo_driver.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e89d5b5c202831648b853be20a5b9f8170d642d5 Author: Tom St Denis Date: Mon Feb 13 14:11:40 2017 -0500 drm/amd/amdgpu: Fix flow control in uvd_v4_2_stop() Break out of outer loop properly. Signed-off-by: Tom St Denis Reported-by: Dan Carpenter Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/uvd_v4_2.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit fce293ca3d088b9a398c4fa3f7e9489283a70cf5 Author: Huang Rui Date: Mon Feb 13 10:38:08 2017 +0800 drm/amd/powerplay: add didt config table for polaris kicker Signed-off-by: Huang Rui Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher .../gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c | 150 ++++++++++++++++++++- 1 file changed, 149 insertions(+), 1 deletion(-) commit 28a488848f9e14898c55e0bb2c2774288a424d67 Author: Huang Rui Date: Fri Feb 10 16:55:18 2017 +0800 drm/amd/powerplay: modify VddcPhase value for polaris kicker Signed-off-by: Huang Rui Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/smumgr/polaris10_smc.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 5d7213b0be71b3cb780b2f2094879480e46ad00e Author: Huang Rui Date: Fri Feb 10 16:42:19 2017 +0800 drm/amd/powerplay: add kicker flag into smumgr Signed-off-by: Huang Rui Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 20 ++++++++++++-------- drivers/gpu/drm/amd/include/cgs_common.h | 1 + drivers/gpu/drm/amd/powerplay/inc/smumgr.h | 1 + drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c | 2 ++ 4 files changed, 16 insertions(+), 8 deletions(-) commit 27d1c469a5d3a104fc5a9313dac84e726f8f3de9 Author: Colin Ian King Date: Wed Dec 28 21:17:54 2016 +0000 Bluetooth: fix spelling mistake: "advetising" -> "advertising" trivial fix to spelling mistake in BT_ERR_RATELIMITED error message Signed-off-by: Colin Ian King Signed-off-by: Marcel Holtmann net/bluetooth/hci_event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a9a4840dc43c978b2978b37ed1737c385a33b410 Author: Colin Ian King Date: Wed Dec 28 21:30:30 2016 +0000 Bluetooth: btmrvl: fix spelling mistake: "caibration" -> "calibration" trivial fix to spelling mistake in BT_ERR error message Signed-off-by: Colin Ian King Signed-off-by: Marcel Holtmann drivers/bluetooth/btmrvl_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0df8a3dbacb585bb9c8b2e55de43c6aac9d86488 Merge: 53b7f7b beabdc3 Author: Greg Kroah-Hartman Date: Thu Feb 16 08:38:01 2017 -0800 Merge tag 'usb-serial-4.11-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-next Johan writes: USB-serial updates for v4.11-rc1 part 2 Here's one more device id for the new upd78f0730 driver and three clean-up patches that are mostly moving some code around. All have been in linux-next with no reported issues. Signed-off-by: Johan Hovold commit e27ee2b16bad0c2ae648f5ee67d0555e0cd799d6 Author: Javier Martinez Canillas Date: Mon Jan 2 10:23:23 2017 -0300 Bluetooth: btqcomsmd: Allow driver to build if COMPILE_TEST is enabled The driver only has runtime but no build time dependency with QCOM_SMD && QCOM_WCNSS_CTRL. So it can be built for testing purposes if COMPILE_TEST option is enabled. This is useful to have more build coverage and make sure that the driver is not affected by changes that could cause build regressions. Signed-off-by: Javier Martinez Canillas Signed-off-by: Marcel Holtmann drivers/bluetooth/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 441ad62d6c3f131f1dbd7dcdd9cbe3f74dbd8501 Author: Dmitry Tunin Date: Thu Jan 5 13:19:53 2017 +0300 Bluetooth: Add another AR3012 04ca:3018 device T: Bus=01 Lev=01 Prnt=01 Port=07 Cnt=04 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=04ca ProdID=3018 Rev=00.01 C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb Signed-off-by: Dmitry Tunin Signed-off-by: Marcel Holtmann Cc: stable@vger.kernel.org drivers/bluetooth/ath3k.c | 2 ++ drivers/bluetooth/btusb.c | 1 + 2 files changed, 3 insertions(+) commit 89ab37b489d11e2ec3a70635139dcda076c16354 Author: Daniel Drake Date: Thu Jan 5 11:10:54 2017 -0600 Bluetooth: hci_bcm: Add support for BCM2E95 and BCM2E96 The BCM2E96 ID is used by the ECS EF20 laptop, and BCM2E95 is present in the Weibu F3C. Both are now logged as: hci0: BCM: chip id 82 hci0: BCM43341B0 (002.001.014) build 0000 hci0: BCM (002.001.014) build 0158 The ECS vendor kernel predates the host-wakeup support in hci_bcm but it explicitly has a comment saying that the GPIO assignment needs to be reordered for BCM2E96: 1. (not used in vendor driver) 2. Device wakeup 3. Shutdown For both devices in question, the DSDT has these GPIOs listed in order of GpioInt, GpioIo, GpioIo. And if we use the first one listed (GpioInt) as the host wakeup, that interrupt handler fires while doing bluetooth I/O. I am assuming the convention of GPIO ordering has been changed for these new device IDs, so lets use the new ordering on such devices. Signed-off-by: Daniel Drake Signed-off-by: Marcel Holtmann drivers/bluetooth/hci_bcm.c | 68 +++++++++++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 24 deletions(-) commit 3af3a594e111474fab03d872f41760e10d4c17c4 Author: Wen-chien Jesse Sung Date: Tue Jan 10 11:46:28 2017 +0800 Bluetooth: btbcm: Add a delay for module reset Some btbcm devices require more time to complete its reset process. They won't reply any hci command until reset is done. [ 17.218554] Bluetooth: hci0 command 0x1001 tx timeout [ 25.214999] Bluetooth: hci0: BCM: Reading local version info failed (-110) Signed-off-by: Wen-chien Jesse Sung Signed-off-by: Marcel Holtmann drivers/bluetooth/btbcm.c | 3 +++ 1 file changed, 3 insertions(+) commit fdfddc601713d4ed564b0bd25b29415bd622020a Author: Wen-chien Jesse Sung Date: Tue Jan 10 15:41:13 2017 +0800 Bluetooth: btusb: Add support for 413c:8143 This is a Boardcom module and requires patchram to work. T: Bus=01 Lev=03 Prnt=03 Port=01 Cnt=02 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=413c ProdID=8143 Rev= 1.12 S: Manufacturer=Broadcom Corp S: Product=BCM20702A0 S: SerialNumber=20689D1FAF94 C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr= 0mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none) E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=84(I) Atr=02(Bulk) MxPS= 32 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 32 Ivl=0ms I:* If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none) Signed-off-by: Wen-chien Jesse Sung Signed-off-by: Marcel Holtmann drivers/bluetooth/btusb.c | 4 ++++ 1 file changed, 4 insertions(+) commit 5418820574d2b4d1da092a2f2d770e63d7ac520b Merge: 2b4c76b 53225f6 Author: Arnd Bergmann Date: Thu Feb 16 17:30:42 2017 +0100 Merge tag 'omap-for-v4.11/dt-late' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into next/dt Pull "Few more late dts changes for omaps for v4.11 merge window" from Tony Lindgren: - Add support for phyCORE-AM335x PCM-953 carrier board - Add power button and charger support for am335x-chiliboard * tag 'omap-for-v4.11/dt-late' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: am335x-chiliboard: Support charger ARM: dts: am335x-chiliboard: Support power button ARM: dts: Add support for phyCORE-AM335x PCM-953 carrier board commit ffb955dba61dd823c3d52a083b6c8d0dcfda0efe Author: Jeffy Chen Date: Mon Jan 23 12:18:53 2017 +0800 btmrvl: use dt's irqflags for wakeup pin Use irqflags parsed from dt. Signed-off-by: Jeffy Chen Reviewed-by: Brian Norris Signed-off-by: Marcel Holtmann drivers/bluetooth/btmrvl_sdio.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit fd1a88da81d60a27960174bd9cda312c712961d1 Author: Jeffy Chen Date: Mon Jan 23 12:18:52 2017 +0800 btmrvl: set irq_bt to -1 when failed to parse it The irq_of_parse_and_map will return 0 as a invalid irq. Set irq_bt to -1 in this case, so that the btmrvl resume/suspend code would not try to enable/disable it. Signed-off-by: Jeffy Chen Reviewed-by: Brian Norris Signed-off-by: Marcel Holtmann drivers/bluetooth/btmrvl_sdio.c | 1 + 1 file changed, 1 insertion(+) commit 9af02d86e11dc409e5c3de46e81c0a492ba58905 Author: Jeffy Chen Date: Mon Jan 23 12:18:51 2017 +0800 btmrvl: avoid double-disable_irq() race It's much the same as what we did for mwifiex in: b9da4d2 mwifiex: avoid double-disable_irq() race "We have a race where the wakeup IRQ might be in flight while we're calling mwifiex_disable_wake() from resume(). This can leave us disabling the IRQ twice. Let's disable the IRQ and enable it in case if we have double-disabled it." Signed-off-by: Jeffy Chen Reviewed-by: Brian Norris Signed-off-by: Marcel Holtmann drivers/bluetooth/btmrvl_sdio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 9dcbc313cd4ada386487b3055d9b6ec169d51765 Author: Ezequiel Garcia Date: Thu Dec 29 09:51:19 2016 -0300 Bluetooth: Fix NULL pointer dereference in bt_sock_recvmsg As per the comment in include/linux/net.h, the recvfrom handlers should expect msg_name to be NULL. However, bt_sock_recvmsg() is currently not checking it, which could lead to a NULL pointer dereference. The following NULL pointer dereference was produced while testing L2CAP datagram reception. Note that the kernel is tainted due to the r8723bs module being inserted. However, it seems the fix still applies. $ l2test -r -G l2test[326]: Receiving ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = ee008000 [00000000] *pgd=7f896835 Internal error: Oops: 817 [#1] PREEMPT SMP ARM Modules linked in: r8723bs(O) CPU: 0 PID: 326 Comm: l2test Tainted: G O 4.8.0 #1 Hardware name: Allwinner sun7i (A20) Family task: ef1c6880 task.stack: eea70000 PC is at __memzero+0x58/0x80 LR is at l2cap_skb_msg_name+0x1c/0x4c pc : [] lr : [] psr: 00070013 sp : eea71e60 ip : 00000000 fp : 00034e1c r10: 00000000 r9 : 00000000 r8 : eea71ed4 r7 : 000002a0 r6 : eea71ed8 r5 : 00000000 r4 : ee4a5d80 r3 : 00000000 r2 : 00000000 r1 : 0000000e r0 : 00000000 Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5387d Table: 7600806a DAC: 00000051 Process l2test (pid: 326, stack limit = 0xeea70210) Stack: (0xeea71e60 to 0xeea72000) 1e60: ee4a5d80 eeac2800 000002a0 c04d7114 173eefa0 00000000 c06ca68e 00000000 1e80: 00000001 eeac2800 eef23500 00000000 000002a0 eea71ed4 eea70000 c0504d50 1ea0: 00000000 00000000 eef23500 00000000 00000000 c044e8a0 eea71edc eea9f904 1ec0: bef89aa0 fffffff7 00000000 00035008 000002a0 00000000 00000000 00000000 1ee0: 00000000 00000000 eea71ed4 00000000 00000000 00000000 00004000 00000000 1f00: 0000011b c01078c4 eea70000 c044e5e4 00000000 00000000 642f0001 6c2f7665 1f20: 0000676f 00000000 00000000 00000000 00000000 00000000 00000000 00000000 1f40: 00000000 00000000 00000000 00000000 00000000 ffffffff 00000001 bef89ad8 1f60: 000000a8 c01078c4 eea70000 00000000 00034e1c c01e6c74 00000000 00000000 1f80: 00034e1c 000341f8 00000000 00000123 c01078c4 c044e90c 00000000 00000000 1fa0: 000002a0 c0107700 00034e1c 000341f8 00000003 00035008 000002a0 00000000 1fc0: 00034e1c 000341f8 00000000 00000123 00000000 00000000 00011ffc 00034e1c 1fe0: 00000000 bef89aa4 0001211c b6eebb60 60070010 00000003 00000000 00000000 [] (__memzero) from [] (l2cap_skb_msg_name+0x1c/0x4c) [] (l2cap_skb_msg_name) from [] (bt_sock_recvmsg+0x128/0x160) [] (bt_sock_recvmsg) from [] (l2cap_sock_recvmsg+0x98/0x134) [] (l2cap_sock_recvmsg) from [] (SyS_recvfrom+0x94/0xec) [] (SyS_recvfrom) from [] (SyS_recv+0x14/0x1c) [] (SyS_recv) from [] (ret_fast_syscall+0x0/0x3c) Code: e3110010 18a0500c e49de004 e3110008 (18a0000c) ---[ end trace 224e35e79fe06b42 ]--- Signed-off-by: Ezequiel Garcia Signed-off-by: Marcel Holtmann net/bluetooth/af_bluetooth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ddf5cf02b981e32aa5896cfd66fc191b9a58ed2e Author: Brian Norris Date: Thu Feb 9 12:52:50 2017 -0800 ARM: multi_v7_defconfig: enable pstore configs It's useful to get testing on these features on various boards (e.g., on KernelCI), and (when they're working) the ramoops feature is extremely helpful for debugging live systems. Signed-off-by: Brian Norris Signed-off-by: Arnd Bergmann arch/arm/configs/multi_v7_defconfig | 4 ++++ 1 file changed, 4 insertions(+) commit a4ccc9e33d2f01532bcceb621ea06bbf4db6efac Author: Rajat Jain Date: Wed Feb 1 14:24:10 2017 -0800 Bluetooth: btusb: Configure Marvell to use one of the pins for oob wakeup The Marvell devices may have many gpio pins, and hence for wakeup on these out-of-band pins, the chip needs to be told which pin is to be used for wakeup, using an hci command. Thus, we read the pin number etc from the device tree node and send a command to the chip. Signed-off-by: Rajat Jain Reviewed-by: Brian Norris Acked-by: Rob Herring Signed-off-by: Marcel Holtmann Documentation/devicetree/bindings/net/btusb.txt | 3 + .../devicetree/bindings/net/marvell-bt-8xxx.txt | 86 ++++++++++++++++++++++ .../devicetree/bindings/net/marvell-bt-sd8xxx.txt | 56 -------------- drivers/bluetooth/btusb.c | 51 +++++++++++++ 4 files changed, 140 insertions(+), 56 deletions(-) commit fd913ef7ce619467c6b0644af48ba1fec499c623 Author: Rajat Jain Date: Wed Feb 1 14:24:09 2017 -0800 Bluetooth: btusb: Add out-of-band wakeup support Some onboard BT chips (e.g. Marvell 8997) contain a wakeup pin that can be connected to a gpio on the CPU side, and can be used to wakeup the host out-of-band. This can be useful in situations where the in-band wakeup is not possible or not preferable (e.g. the in-band wakeup may require the USB host controller to remain active, and hence consuming more system power during system sleep). The oob gpio interrupt to be used for wakeup on the CPU side, is read from the device tree node, (using standard interrupt descriptors). A devcie tree binding document is also added for the driver. The compatible string is in compliance with Documentation/devicetree/bindings/usb/usb-device.txt Signed-off-by: Rajat Jain Reviewed-by: Brian Norris Acked-by: Rob Herring Signed-off-by: Marcel Holtmann Documentation/devicetree/bindings/net/btusb.txt | 40 ++++++++++++ drivers/bluetooth/btusb.c | 85 +++++++++++++++++++++++++ 2 files changed, 125 insertions(+) commit 10ab133b7a1a7265600d580d9e056d86aea70b53 Author: Rajat Jain Date: Wed Feb 1 14:24:08 2017 -0800 Bluetooth: btusb: Use an error label for error paths Use a label to remove the repetetive cleanup, for error cases. Signed-off-by: Rajat Jain Reviewed-by: Brian Norris Signed-off-by: Marcel Holtmann drivers/bluetooth/btusb.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) commit 132509843461fa06d9b7b8ba17a1309736ceefac Author: Ard Biesheuvel Date: Wed Feb 15 18:30:12 2017 +0000 ARM: multi_v7_defconfig: enable some newly added crypto modules Enable the new accelerated CRC32(C), CRC-T10DIF and ChaCha20 drivers as modules for multi_v7_defconfig builds. Signed-off-by: Ard Biesheuvel Signed-off-by: Arnd Bergmann arch/arm/configs/multi_v7_defconfig | 3 +++ 1 file changed, 3 insertions(+) commit 8b71d5ed2fab3030d46bffdcebe4395215c86821 Merge: 4f3a468 4842903 Author: Arnd Bergmann Date: Thu Feb 16 17:19:26 2017 +0100 Merge tag 'davinci-for-v4.11/defconfig-2' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into next/defconfig Pull "Enable SATA support found on DA850 SoC" from Sekhar Nori: * tag 'davinci-for-v4.11/defconfig-2' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci: ARM: davinci_all_defconfig: enable SATA modules commit 747d3f1a8a2fc4d8447c63205421a6a67f22799b Author: Javier Martinez Canillas Date: Mon Jan 2 10:09:56 2017 -0300 Bluetooth: btqcomsmd: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/bluetooth/btqcomsmd.ko | grep alias $ After this patch: $ modinfo drivers/bluetooth/btqcomsmd.ko | grep alias alias: of:N*T*Cqcom,wcnss-btC* alias: of:N*T*Cqcom,wcnss-bt Signed-off-by: Javier Martinez Canillas Signed-off-by: Marcel Holtmann drivers/bluetooth/btqcomsmd.c | 1 + 1 file changed, 1 insertion(+) commit 2b4c76ba8427f6f444a1326afe56f38895e0b390 Merge: 3c38e32 91aba93 Author: Arnd Bergmann Date: Thu Feb 16 17:18:18 2017 +0100 Merge tag 'davinci-for-v4.11/dt-2' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into next/dt Pull "Enable SATA support on DA850 LCDK" from Sekhar Nori: * tag 'davinci-for-v4.11/dt-2' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci: ARM: dts: da850-lcdk: enable the SATA node ARM: dts: da850: add the SATA node devicetree: bindings: add bindings for ahci-da850 commit a57bac43468e005064d6560183b313b269403f0a Author: Christoph Haag Date: Fri Feb 10 14:02:45 2017 +0100 Bluetooth: btusb: add support for 0bb4:0306 It's a custom USB ID for the broadcom bt adapter in the HTC Vive. T: Bus=01 Lev=02 Prnt=02 Port=01 Cnt=02 Dev#= 6 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0bb4 ProdID=0306 Rev= 1.12 S: Manufacturer=Broadcom Corp S: Product=BCM2045A0 S: SerialNumber=AC3743E110CE C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr= 0mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=btusb E: Ad=84(I) Atr=02(Bulk) MxPS= 32 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 32 Ivl=0ms I:* If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none) dmesg: Bluetooth: hci0: BCM: chip id 102 Bluetooth: hci0: c-l Bluetooth: hci0: BCM (001.001.005) build 0000 Bluetooth: hci0: BCM (001.001.005) build 0481 Bluetooth: hci0: BCM20703A1 Generic USB 20Mhz fcbga_BU Signed-off-by: Christoph Haag Signed-off-by: Marcel Holtmann drivers/bluetooth/btusb.c | 4 ++++ 1 file changed, 4 insertions(+) commit af1d09eefa72089300ddde13bbaf9af1a82c6be1 Merge: c6057e1 a303588 Author: Arnd Bergmann Date: Thu Feb 16 17:15:39 2017 +0100 Merge tag 'davinci-for-v4.11/soc-2' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into next/soc Pull "SoC updates needed for SATA support on DA850" from Sekhar Nori: This includes a merge of non-critical-fixes branch already queued for v4.11 because SATA clock addition conflicts with the fix-up done earlier. * tag 'davinci-for-v4.11/soc-2' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci: ARM: davinci: remove BUG_ON() from da850_register_sata() ARM: davinci: da850: model the SATA refclk ARM: davinci: da850: add con_id for the SATA clock ARM: davinci: da8xx-dt: add OF_DEV_AUXDATA entry for SATA ARM: davinci: add skeleton for pdata-quirks bus: da850-mstpri: fix my e-mail address ARM: davinci: da850: fix da850_set_pll0rate() ARM: davinci: da850: coding style fix commit db27dd05b1da6e658494a2570680f8d0ddbc578c Merge: d2aff02 cdf0ead Author: Arnd Bergmann Date: Thu Feb 16 17:14:07 2017 +0100 Merge tag 'davinci-for-v4.11/drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into next/drivers Merge "Driver updates for SATA support on DA850." from Sekhar Nori: These have been acked by SATA maintainer Tejun Heo. Tejun preferred these be queued through ARM-SoC because of the dependencies with platform code. * tag 'davinci-for-v4.11/drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci: sata: ahci-da850: un-hardcode the MPY bits sata: ahci-da850: add a workaround for controller instability sata: ahci: export ahci_do_hardreset() locally sata: ahci-da850: implement a workaround for the softreset quirk sata: ahci-da850: add device tree match table sata: ahci-da850: get the sata clock using a connection id commit 2f1736ff0664937636f8c0a4994c4a5a23da2090 Author: Marco Franchi Date: Thu Feb 16 10:23:43 2017 -0200 hwmon: (sht15) Add device tree support Allow the driver to work with device tree support. Based on initial patch submission from Peter Fox. Tested on a imx7d-sdb board connected to a SHT15 board via Mikro Bus. Signed-off-by: Marco Franchi Reviewed-by: Fabio Estevam Signed-off-by: Guenter Roeck Documentation/devicetree/bindings/hwmon/sht15.txt | 19 +++++++ drivers/hwmon/sht15.c | 64 +++++++++++++++++++++-- 2 files changed, 79 insertions(+), 4 deletions(-) commit 75bf2f6478cab9b0c1d7f5f674a765d1e2ad530e Author: Yazen Ghannam Date: Wed Feb 15 14:56:22 2017 -0600 EDAC, mce_amd: Print IPID and Syndrome on a separate line Currently, the IPID and Syndrome are printed on the same line as the Address. There are cases when we can have a valid Syndrome but not a valid Address. For example, the MCA_SYND register can be used to hold more detailed error info that the hardware folks can use. It's not just DRAM ECC syndromes. There are some error types that aren't related to memory that may have valid syndromes, like some errors related to links in the Data Fabric, etc. In these cases, the IPID and Syndrome are not printed at the same log level as the rest of the stanza, so users won't see them on the console. Console: [Hardware Error]: CPU:16 (17:1:0) MC22_STATUS[Over|CE|MiscV|-|-|-|-|SyndV|-]: 0xd82000000002080b [Hardware Error]: Power, Interrupts, etc. Extended Error Code: 2 Dmesg: [Hardware Error]: CPU:16 (17:1:0) MC22_STATUS[Over|CE|MiscV|-|-|-|-|SyndV|-]: 0xd82000000002080b , Syndrome: 0x000000010b404000, IPID: 0x0001002e00000002 [Hardware Error]: Power, Interrupts, etc. Extended Error Code: 2 Print the IPID first and on a new line. The IPID should always be printed on SMCA systems. The Syndrome will then be printed with the IPID and at the same log level when valid: [Hardware Error]: CPU:16 (17:1:0) MC22_STATUS[Over|CE|MiscV|-|-|-|-|SyndV|-]: 0xd82000000002080b [Hardware Error]: IPID: 0x0001002e00000002, Syndrome: 0x000000010b404000 [Hardware Error]: Power, Interrupts, etc. Extended Error Code: 2 Signed-off-by: Yazen Ghannam Cc: linux-edac Link: http://lkml.kernel.org/r/1487192182-2474-1-git-send-email-Yazen.Ghannam@amd.com Signed-off-by: Borislav Petkov drivers/edac/mce_amd.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 5d4bac9a5f4ef24b2482529bda6661a58e5b5b65 Author: Jeremy Kerr Date: Thu Feb 16 12:24:09 2017 +0800 genirq: Clarify logic calculating bogus irqreturn_t values Although irqreturn_t is an enum, we treat it (and its enumeration constants) as a bitmask. However, bad_action_ret() uses a less-than operator to determine whether an irqreturn_t falls within allowable bit values, which means we need to know the signededness of an enum type to read the logic, which is implementation-dependent. This change explicitly uses an unsigned type for the comparison. We do this instead of changing to a bitwise test, as the latter compiles to increased instructions in this hot path. It looks like we get the correct behaviour currently (bad_action_ret(-1) returns 1), so this is purely a readability fix. Signed-off-by: Jeremy Kerr Link: http://lkml.kernel.org/r/1487219049-4061-1-git-send-email-jk@ozlabs.org Signed-off-by: Thomas Gleixner kernel/irq/spurious.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 2f44e29cef006a4b0a4ecf7d4c5aac7d0fbb505c Author: Arnd Bergmann Date: Tue Feb 14 22:53:12 2017 +0100 genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg A bug fix to the MSIx handling in vfio added references to functions that may not be defined if MSI is disabled in the kernel, resulting in this link error: drivers/built-in.o: In function `vfio_msi_set_vector_signal': :(.text+0x450808): undefined reference to `get_cached_msi_msg' :(.text+0x45080c): undefined reference to `write_msi_msg' As suggested by Alex Williamson, add stub implementations for get_cached_msi_msg() and pci_write_msi_msg(). In case this bugfix gets backported, please note that the #ifdef has changed over time, originally both functions were implemented in drivers/pci/msi.c and controlled by CONFIG_PCI_MSI, while nowadays get_cached_msi_msg() is part of the generic MSI support and can be used without PCI. Fixes: b8f02af096b1 ("vfio/pci: Restore MSIx message prior to enabling") Signed-off-by: Arnd Bergmann Cc: Marc Zyngier Cc: Alex Williamson Cc: Bjorn Helgaas Cc: Bart Van Assche Link: http://lkml.kernel.org/r/1413190208.4202.34.camel@ul30vt.home Link: http://lkml.kernel.org/r/20170214215343.3307861-1-arnd@arndb.de Signed-off-by: Thomas Gleixner include/linux/msi.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 3bba73b1b7a88d88c3ea16b7914c13d475e4a87b Author: Thomas Gleixner Date: Thu Feb 16 15:12:04 2017 +0100 x86/cpufeature: Move RING3MWAIT feature to avoid conflicts The original feature bit is used in a different branch already. Move it to scattered bits. Signed-off-by: Thomas Gleixner arch/x86/include/asm/cpufeatures.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e42a46b6f52473661ad192f76a128a68fe301df4 Author: Leonard Crestez Date: Tue Feb 14 17:31:03 2017 +0200 regulator: Fix regulator_summary for deviceless consumers It is allowed to call regulator_get with a NULL dev argument (_regulator_get explicitly checks for it) but this causes an error later when printing /sys/kernel/debug/regulator_summary. Fix this by explicitly handling "deviceless" consumers in the debugfs code. Signed-off-by: Leonard Crestez Signed-off-by: Mark Brown Cc: stable@vger.kernel.org drivers/regulator/core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 1b30ab0c40a99da347c1ab83c30b485e03fe9f64 Author: Jyri Sarha Date: Wed Feb 8 16:08:06 2017 +0200 drm/omapdrm: dispc: Refuse x-decimation above 4 for all but 8-bit formats Let's disable all scaling that requires horizontal decimation with higher factor than 4, until we have better estimates of what we can and can not do. However, NV12 color format appears to work Ok with all decimation factors. When decimating horizontally by more that 4 the dss is not able to fetch the data in burst mode. When this happens it is hard to tell if there enough bandwidth. Despite what theory says this appears to be true also for 16-bit color formats. Signed-off-by: Jyri Sarha Acked-by: Laurent Pinchart Signed-off-by: Tomi Valkeinen drivers/gpu/drm/omapdrm/dss/dispc.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit 897145d0c7010b4e07fa9bc674b1dfb9a2c6fff9 Author: Jyri Sarha Date: Fri Jan 27 12:04:55 2017 +0200 drm/omapdrm: Move commit_modeset_enables() before commit_planes() Move drm_atomic_helper_commit_modeset_enables() call to before drm_atomic_helper_commit_planes() call and have a omap_atomic_wait_for_completion() call after both. With the current dss dispc implementation we have to enable the new modeset before we can commit planes. The dispc ovl configuration relies on the video mode configuration been written into the HW when the ovl configuration is calculated. This approach is not ideal because after a mode change the plane update is executed only after the first vblank interrupt. The dispc implementation should be fixed so that it is able use uncommitted drm state information. information. Signed-off-by: Jyri Sarha Signed-off-by: Tomi Valkeinen drivers/gpu/drm/omapdrm/omap_drv.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit e025d3860bd9f718d4d8ce251e6a823dd8293b51 Author: Jyri Sarha Date: Fri Jan 27 12:04:54 2017 +0200 Revert "drm: omapdrm: Let the DRM core skip plane commit on inactive CRTCs" This reverts commit dadf4659d0608e034b6633f30300c2eff2dafb4c. If planes are not disabled when the they are not on any crtc anymore they will remain active and may show as "ghosts" when the crtc they were last on is active again. Signed-off-by: Jyri Sarha Signed-off-by: Tomi Valkeinen drivers/gpu/drm/omapdrm/omap_crtc.c | 8 +------- drivers/gpu/drm/omapdrm/omap_drv.c | 3 +-- 2 files changed, 2 insertions(+), 9 deletions(-) commit ffed21bcee7a544f99a9c9b18c23b361a0b1e476 Author: Alexander Duyck Date: Tue Jan 17 08:37:29 2017 -0800 ixgbe: Don't bother clearing buffer memory for descriptor rings This patch makes it so that we don't need to bother with clearing the memory out for the descriptor rings. The general idea is to only free buffers associated with buffers in use which are located between the next_to_clean and next_to_use or next_to_alloc values. Everything outside of those regions can be safely ignored since they should have no buffers associated with them. The advantage to doing things this way is that is should speed up bring-up and tear-down of the rings. Specifically we can avoid the 512 or more cycles required to memset the rings in tear-down. In the bring-up phase we then clear the memory as a part of initialization. The general idea is that the clearing in initialization can act as a prefetch of sorts for the buffer info structures so they are in the local CPU when we go to populate them. This should help to improve overall time needed to perform a suspend/resume. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 11 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 159 +++++++++++++---------- 2 files changed, 99 insertions(+), 71 deletions(-) commit 6f429223b31c550b835b4f066ac034d0cf0cc71e Author: Alexander Duyck Date: Tue Jan 17 08:37:13 2017 -0800 ixgbe: Add support for build_skb This patch adds build_skb support to the Rx path. There are several advantages to this change. 1. It avoids the memcpy and skb->head allocation for small packets which improves performance by about 5% in my tests. 2. It avoids the memcpy, skb->head allocation, and eth_get_headlen for larger packets improving performance by about 10% in my tests. 3. For VXLAN packets it allows the full header to be in skb->data which improves the performance by as much as 30% in some of my tests. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 49 ++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) commit 2ccdf26ff614dd49b14e76c0c076f5f4e9562e79 Author: Alexander Duyck Date: Tue Jan 17 08:37:03 2017 -0800 ixgbe: Add private flag to control buffer mode Since there are potential drawbacks to the new Rx allocation approach I thought it best to add a "chicken bit" so that we can turn the feature off if in the event that a problem is found. It also provides a means of validating the legacy Rx path in the event that we are forced to fall back. At some point in the future when we are convinced we don't need it anymore we might be able to drop the legacy-rx flag. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 47 ++++++++++++++++++++++++ 1 file changed, 47 insertions(+) commit 2de6aa3a666e63699978f81d0d5523e7e0778f7b Author: Alexander Duyck Date: Tue Jan 17 08:36:54 2017 -0800 ixgbe: Add support for padding packet This patch adds support for providing a buffer with headroom and tailroom to allow for shared info, NET_SKB_PAD, and NET_IP_ALIGN. With this combined with the DMA changes we can start using build_skb to build frames around an incoming Rx buffer instead of having to memcpy the headers. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe.h | 17 +++++++++++ drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 43 ++++++++++++++++++++++++--- 2 files changed, 56 insertions(+), 4 deletions(-) commit 3fd218767fa49857e812e53a27fcbf5d24d040d6 Author: Alexander Duyck Date: Tue Jan 17 08:36:45 2017 -0800 ixgbe: Break out Rx buffer page management We are going to be expanding the number of Rx paths in the driver. Instead of duplicating all that code I am pulling it apart into separate functions so that we don't have so much code duplication. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 231 ++++++++++++++------------ 1 file changed, 122 insertions(+), 109 deletions(-) commit c3630cc40b4f0fe004e21f19bfb5cd2231c105f8 Author: Alexander Duyck Date: Tue Jan 17 08:36:28 2017 -0800 ixgbe: Use length to determine if descriptor is done This change makes it so that we use the length of the packet instead of the DD status bit to determine if a new descriptor is ready to be processed. The obvious advantage is that it cuts down on reads as we don't really even need the DD bit if going from a 0 to a non-zero value on size is enough to inform us that the packet has been completed. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) commit 4f4542bfb3b539bef118578ffafcc98e4ce91979 Author: Alexander Duyck Date: Tue Jan 17 08:36:14 2017 -0800 ixgbe: Make use of order 1 pages and 3K buffers independent of FCoE In order to support build_skb with jumbo frames it will be necessary to use 3K buffers for the Rx path with 8K pages backing them. This is needed on architectures that implement 4K pages because we can't support 2K buffers plus padding in a 4K page. In the case of systems that support page sizes larger than 4K the 3K attribute will only be applied to FCoE as we can fall back to using just 2K buffers and adding the padding. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe.h | 20 +++++++++----------- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 19 +++++++++++++------ 2 files changed, 22 insertions(+), 17 deletions(-) commit 1b56cf49f5b0bab9ad4eab18f9b0aee1929afd89 Author: Alexander Duyck Date: Tue Jan 17 08:36:03 2017 -0800 ixgbe: Update code to better handle incrementing page count Batch the page count updates instead of doing them one at a time. By doing this we can improve the overall performance as the atomic increment operations can be expensive due to the fact that on x86 they are locked operations which can cause stalls. By doing bulk updates we can consolidate the stall which should help to improve the overall receive performance. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Acked-by: John Fastabend Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe.h | 7 ++++- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 39 +++++++++++++++++---------- 2 files changed, 31 insertions(+), 15 deletions(-) commit f3213d9321735aa8e252d87796d5db43d4b830ec Author: Alexander Duyck Date: Tue Jan 17 08:35:54 2017 -0800 ixgbe: Update driver to make use of DMA attributes in Rx path This patch adds support for DMA_ATTR_SKIP_CPU_SYNC and DMA_ATTR_WEAK_ORDERING. By enabling both of these for the Rx path we are able to see performance improvements on architectures that implement either one due to the fact that page mapping and unmapping only has to sync what is actually being used instead of the entire buffer. In addition by enabling the weak ordering attribute enables a performance improvement for architectures that can associate a memory ordering with a DMA buffer such as Sparc. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3 ++ drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 56 ++++++++++++++++++--------- 2 files changed, 40 insertions(+), 19 deletions(-) commit f215af8cae4c283d8a522ea166d94f763dc4aebf Author: Alexander Duyck Date: Tue Jan 17 08:35:44 2017 -0800 ixgbe: Only DMA sync frame length On some platforms, syncing a buffer for DMA is expensive. Rather than sync the whole 2K receive buffer, only synchronise the length of the frame, which will typically be the MTU, or a much smaller TCP ACK. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit af43da0dba0b1bc7af259cd7d6d76054f3acfab0 Author: Alexander Duyck Date: Tue Jan 17 08:35:34 2017 -0800 ixgbe: Add function for checking to see if we can reuse page This patch consolidates the code for the ixgbe driver so that it is more inline with what is already in igb. The general idea is to just consolidate functions that represent logical steps in the Rx process so we can later update them more easily. Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 71 ++++++++++++++++----------- 1 file changed, 42 insertions(+), 29 deletions(-) commit 1733284d02e21ec256f10794109d8c39c3c1b0f8 Author: Mark Rustad Date: Mon Dec 12 15:08:13 2016 -0800 ixgbe: Update version to reflect added functionality Update the driver version to reflect the new devices that it supports. Signed-off-by: Mark Rustad Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3f40c74ccef0a0bc8cdc52105e1ac712e8e32868 Author: Stephen Hemminger Date: Mon Nov 21 09:52:40 2016 -0800 ixgbe: prefix Data Center Bridge ops struct Since dcbnl_ops is global, it should be prefixed by ixgbe_ Signed-off-by: Stephen Hemminger Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe.h | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_dcb_nl.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit 1dc0eb75a8f88e37c2aee75fca0313cd6e30a1e1 Author: Tony Nguyen Date: Thu Nov 10 16:01:33 2016 -0800 ixgbe: Support 2.5Gb and 5Gb speed Though not advertised through ethtool, if the link partner advertises a 2.5Gb or 5Gb connection, and the adapter supports it, allow the speed to be used. Signed-off-by: Tony Nguyen Tested-by: Krishneil Singh Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 3 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 10 +++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) commit d48085f0716f195ee7432de2dd110e2093c40fd5 Author: travis@sgi.com Date: Tue Feb 14 18:11:29 2017 -0600 x86/platform/UV/NMI: Fix uneccessary kABI breakage The addition of support for UV Hubless systems unneccessarily broke the kABI for a symbol that is not used by external kernel modules. Remove the symbol from the EXPORT list. Signed-off-by: Mike Travis Reviewed-by: Russ Anderson Link: http://lkml.kernel.org/r/20170215001129.068078379@asylum.americas.sgi.com Signed-off-by: Thomas Gleixner arch/x86/platform/uv/uv_nmi.c | 1 - 1 file changed, 1 deletion(-) commit 998d75730b40afc218c059d811869abe9676b305 Author: Hans de Goede Date: Tue Feb 14 18:12:38 2017 +0200 drm/i915: Fix not finding the VBT when it overlaps with OPREGION_ASLE_EXT If there is no OPREGION_ASLE_EXT then a VBT stored in mailbox #4 may use the ASLE_EXT parts of the opregion. Adjust the vbt_size calculation for a vbt in mailbox #4 for this. This fixes the driver not finding the VBT on a jumper ezpad mini3 cherrytrail tablet and on a ACER SW5_017 machine. Cc: stable@vger.kernel.org Signed-off-by: Hans de Goede Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1487088758-30050-1-git-send-email-jani.nikula@intel.com (cherry picked from commit dfb65e71ea2c1d97ac373cc0587dc60b3307581a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_opregion.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 636deb5b2277cf57bb0f5e00fc9687de9a96061e Author: Chris Wilson Date: Sun Feb 12 21:53:43 2017 +0000 drm/i915: Pass timeout==0 on to i915_gem_object_wait_fence() The i915_gem_object_wait_fence() uses an incoming timeout=0 to query whether the current fence is busy or idle, without waiting. This can be used by the wait-ioctl to implement a busy query. Fixes: e95433c73a11 ("drm/i915: Rearrange i915_wait_request() accounting with callers") Testcase: igt/gem_wait/basic-busy-write-all Signed-off-by: Chris Wilson Cc: Matthew Auld Cc: Joonas Lahtinen Cc: # v4.10-rc1+ Cc: stable@vger.kernel.org Link: http://patchwork.freedesktop.org/patch/msgid/20170212215344.16600-1-chris@chris-wilson.co.uk Reviewed-by: Joonas Lahtinen (cherry picked from commit d892e9398ecf6defc7972a62227b77dad6be20bd) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ddd09373628adcbdc3f7b9098d22328834f8d772 Author: Chris Wilson Date: Wed Nov 9 10:39:05 2016 +0000 drm/i915/gvt: Disable access to stolen memory as a guest Explicitly disable stolen memory when running as a guest in a virtual machine, since the memory is not mediated between clients and reserved entirely for the host. The actual size should be reported as zero, but like every other quirk we want to tell the user what is happening. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99028 Signed-off-by: Chris Wilson Cc: Zhenyu Wang Cc: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161109103905.17860-1-chris@chris-wilson.co.uk Reviewed-by: Zhenyu Wang Cc: stable@vger.kernel.org (cherry picked from commit 04a68a35ce6d7b54749989f943993020f48fed62) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_stolen.c | 5 +++++ 1 file changed, 5 insertions(+) commit aa9323dd49b23932a09023012f050556de64f118 Author: Ville Syrjälä Date: Wed Feb 8 19:52:54 2017 +0200 drm/i915: Avoid spurious WARNs about the wrong pipe in the PPS code Until recently vlv_steal_power_sequencer() wasn't being called for normal DP ports, and hence it could assert that it should only be called for pipe A and B (since pipe C doesn't support eDP). However that changed when we started to consider normal DP ports as well when choosing a PPS. So we will now get spurious warnings when vlv_steal_power_sequencer() does get called for pipe C. Avoid this by moving the WARN down into vlv_detach_power_sequencer() where this assertion should still hold. Cc: Imre Deak Cc: stable@vger.kernel.org Fixes: 9f2bdb006a7e ("drm/i915: Prevent PPS stealing from a normal DP port on VLV/CHV") References: https://bugs.freedesktop.org/show_bug.cgi?id=95287 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20170208175254.10958-1-ville.syrjala@linux.intel.com Reviewed-by: Imre Deak (cherry picked from commit d158694f452252d0fef335a775aeb3eb74fe7af0) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 44a027058b24541cc7ec499e6fb91db4b130648a Author: Chris Wilson Date: Wed Feb 8 18:12:38 2017 +0000 drm/i915: Check for timeout completion when waiting for the rq to submitted We first wait for a request to be submitted to hw and assigned a seqno, before we can wait for the hw to signal completion (otherwise we don't know the hw id we need to wait upon). Whilst waiting for the request to be submitted, we may exceed the user's timeout and need to propagate the error back. v2: Make ETIME into an error from wait_for_execute for consistent exit handling. Reported-by: Tvrtko Ursulin Fixes: 4680816be336 ("drm/i915: Wait first for submission, before waiting for request completion") Testcase: igt/gem_wait/basic-await Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: Joonas Lahtinen Cc: # v4.10-rc1+ Cc: stable@vger.kernel.org Link: http://patchwork.freedesktop.org/patch/msgid/20170208181238.7232-1-chris@chris-wilson.co.uk Reviewed-by: Tvrtko Ursulin (cherry picked from commit 969bb72cbfd906d347cf76dc9b8c8dbaf83ba27a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_request.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 3e52d71ede206df75b56208e7c7a277ef157bb71 Author: Zhi Wang Date: Wed Feb 8 21:03:33 2017 +0800 drm/i915: A hotfix for making aliasing PPGTT work for GVT-g This patch makes PPGTT page table non-shrinkable when using aliasing PPGTT mode. It's just a temporary solution for making GVT-g work. Fixes: 2ce5179fe826 ("drm/i915/gtt: Free unused lower-level page tables") Cc: Tvrtko Ursulin Cc: Michal Winiarski Cc: Michel Thierry Cc: Mika Kuoppala Cc: Joonas Lahtinen Cc: Chris Wilson Cc: Daniel Vetter Cc: Zhenyu Wang Cc: Zhiyuan Lv Signed-off-by: Zhi Wang Link: http://patchwork.freedesktop.org/patch/msgid/1486559013-25251-2-git-send-email-zhi.a.wang@intel.com Reviewed-by: Chris Wilson Cc: # v4.10 Signed-off-by: Chris Wilson (cherry picked from commit e81ecb5e31db6c2a259d694738cf620d9fa70861) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_gtt.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit ec62ed3e1d93843b382c222bc0d81546f12c97b8 Author: Chris Wilson Date: Tue Feb 7 15:24:37 2017 +0000 drm/i915: Restore context and pd for ringbuffer submission after reset Following a reset, the context and page directory registers are lost. However, the queue of requests that we resubmit after the reset may depend upon them - the registers are restored from a context image, but that restore may be inhibited and may simply be absent from the request if it was in the middle of a sequence using the same context. If we prime the CCID/PD registers with the first request in the queue (even for the hung request), we prevent invalid memory access for the following requests (and continually hung engines). v2: Magic BIT(8), reserved for future use but still appears unused. v3: Some commentary on handling innocent vs guilty requests v4: Add a wait for PD_BASE fetch. The reload appears to be instant on my Ivybridge, but this bit probably exists for a reason. Fixes: 821ed7df6e2a ("drm/i915: Update reset path to fix incomplete requests") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20170207152437.4252-1-chris@chris-wilson.co.uk Reviewed-by: Mika Kuoppala (cherry picked from commit c0dcb203fb009678e5be9e7782329dcfbbf16439) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 18 ++++------ drivers/gpu/drm/i915/i915_reg.h | 6 ++-- drivers/gpu/drm/i915/intel_lrc.c | 16 ++++++++- drivers/gpu/drm/i915/intel_ringbuffer.c | 58 +++++++++++++++++++++++++++++++-- 4 files changed, 81 insertions(+), 17 deletions(-) commit 26d12c619476ccbc6725aa4a17dcb1d41d5774e7 Author: Zhi Wang Date: Mon Feb 6 18:37:16 2017 +0800 drm/i915: Let execlist_update_context() cover !FULL_PPGTT mode. execlist_update_context() will try to update PDPs in a context before a ELSP submission only for full PPGTT mode, while PDPs was populated during context initialization. Now the latter code path is removed. Let execlist_update_context() also cover !FULL_PPGTT mode. Fixes: 34869776c76b ("drm/i915: check ppgtt validity when init reg state") Cc: Tvrtko Ursulin Cc: Michal Winiarski Cc: Michel Thierry Cc: Joonas Lahtinen Cc: Chris Wilson Cc: Zhenyu Wang Cc: Zhiyuan Lv Signed-off-by: Zhi Wang Link: http://patchwork.freedesktop.org/patch/msgid/1486377436-15380-1-git-send-email-zhi.a.wang@intel.com Reviewed-by: Chris Wilson Signed-off-by: Chris Wilson (cherry picked from commit 04da811b3d821567e7a9a8a0baf48a6c1718b582) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_lrc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 4b84b4a5507913ee0da27b1f1b27671937839de6 Author: Imre Deak Date: Fri Jan 27 11:39:19 2017 +0200 drm/i915/lspcon: Fix resume time initialization due to unasserted HPD During system resume time initialization the HPD level on LSPCON ports can stay low for an extended amount of time, leading to failed AUX transfers and LSPCON initialization. Fix this by waiting for HPD to get asserted. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99178 Cc: Shashank Sharma Cc: Jani Nikula Cc: Ville Syrjälä Cc: Daniel Vetter Cc: # v4.9+ Signed-off-by: Imre Deak Reviewed-by: Shashank Sharma Link: http://patchwork.freedesktop.org/patch/msgid/1485509961-9010-3-git-send-email-imre.deak@intel.com (cherry picked from commit 390b4e00241ce14ca3967c4698c8f6a158c5a674) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dp.c | 4 ++-- drivers/gpu/drm/i915/intel_drv.h | 2 ++ drivers/gpu/drm/i915/intel_lspcon.c | 5 ++++- 3 files changed, 8 insertions(+), 3 deletions(-) commit 2a57d9cce1c08578097d965468e37f06d71fa495 Author: Imre Deak Date: Fri Jan 27 11:39:18 2017 +0200 drm/i915/gen9+: Enable hotplug detection early For LSPCON resume time initialization we need to sample the corresponding pin's HPD level, but this is only available when HPD detection is enabled. Currently we enable detection only when enabling HPD interrupts which is too late, so bring the enabling of detection earlier. This is needed by the next patch. Cc: Shashank Sharma Cc: Jani Nikula Cc: Ville Syrjälä Cc: Daniel Vetter Cc: # v4.9+ Signed-off-by: Imre Deak Reviewed-by: Shashank Sharma Link: http://patchwork.freedesktop.org/patch/msgid/1485509961-9010-2-git-send-email-imre.deak@intel.com (cherry picked from commit 7fff8126d9cc902b2636d05d5d34894a75174993) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_irq.c | 69 +++++++++++++++++++++++++++++------------ 1 file changed, 50 insertions(+), 19 deletions(-) commit 1769ae83c8cb32166d1e208f7cefbf334085bd58 Author: Chris Wilson Date: Fri Feb 3 10:56:52 2017 +0000 drm/i915: Reject set-tiling-ioctl with stride==0 and a tiling mode In commit 957870f93412 ("drm/i915: Split out i915_gem_object_set_tiling()"), I swapped an alignment check for IS_ALIGNED and in the process removed the less-than check. That check turns out to be important as it was the only rejection for stride == 0. Tvrtko did spot it, but I was overconfident in the IS_ALIGNED() conversion. Fixes: 957870f93412 ("drm/i915: Split out i915_gem_object_set_tiling()") Testcase: igt/gem_tiling_max_stride Signed-off-by: Chris Wilson Cc: Chris Wilson Cc: Tvrtko Ursulin Link: http://patchwork.freedesktop.org/patch/msgid/20170203105652.27819-1-chris@chris-wilson.co.uk Reviewed-by: Tvrtko Ursulin (cherry picked from commit 52da22e7aba155be238faff4f6e97b2eb9de64f3) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_tiling.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2d2cfc12b1270c8451edc7d2dd5f79097b3a17d8 Author: Chris Wilson Date: Thu Feb 2 13:27:21 2017 +0000 drm/i915: Recreate internal objects with single page segments if dmar fails If we fail to dma-map the object, the most common cause is lack of space inside the SW-IOTLB due to fragmentation. If we recreate the_sg_table using segments of PAGE_SIZE (and single page allocations), we may succeed in remapping the scatterlist. First became a significant problem for the mock selftests after commit 5584f1b1d73e ("drm/i915: fix i915 running as dom0 under Xen") increased the max_order. Fixes: 920cf4194954 ("drm/i915: Introduce an internal allocator for disposable private objects") Fixes: 5584f1b1d73e ("drm/i915: fix i915 running as dom0 under Xen") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Link: http://patchwork.freedesktop.org/patch/msgid/20170202132721.12711-1-chris@chris-wilson.co.uk Reviewed-by: Tvrtko Ursulin Cc: # v4.10 (cherry picked from commit bb96dcf5830e5d81a1da2e2a14e6c0f7dfc64348) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_internal.c | 37 ++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 14 deletions(-) commit 33b7bfdf918af4dc6585afe6d21f5e6b7613de1b Merge: 39a75ac 4a0b344 Author: Jani Nikula Date: Thu Feb 16 11:58:16 2017 +0200 Merge tag 'gvt-next-2017-02-15' of https://github.com/01org/gvt-linux into drm-intel-next-fixes gvt-next-2017-02-15 - Chuanxiao's IOMMU workaround fix - debug message cleanup from Changbin - oops fix in fail path of workload submission when GPU reset from Changbin - other misc fixes Signed-off-by: Jani Nikula commit 39a75ac4a55df8ee0a2f6059400c7153c8fd7d95 Merge: 13f62f5 2d6ceb8 Author: Jani Nikula Date: Thu Feb 16 11:56:51 2017 +0200 Merge tag 'gvt-next-2017-02-07' of https://github.com/01org/gvt-linux into drm-intel-next-fixes From Zhenyu, "These are GVT-g changes for 4.11 merge window, mostly for gvt init order fix that impacted resource handling for device model, the one i915 change has been reviewed and acked." Signed-off-by: Jani Nikula commit b1ef30e5ed17a417fc78eaff12da28f9a1c2efcc Author: Takashi Iwai Date: Wed Feb 15 22:11:13 2017 +0100 ALSA: x86: Don't bail out from PCM ops when disconnected Currently the driver returns -ENODEV when the monitor is disconnected. But PA alsa module doesn't like this and it starts playing Juliet, kills itself as if it were a fatal tragedy. Since we protect the whole read/write at disconnection, just allow the PCM accesses even during disconnection. Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 22 ---------------------- 1 file changed, 22 deletions(-) commit 2d42c033aec9f8e7e175c551ae62ea3f4dc200b9 Author: Takashi Iwai Date: Wed Feb 15 22:08:21 2017 +0100 ALSA: x86: Minor code rearrangement Put the stuff in the right order; notification should be at the end of the action. Also dropped a superfluous debug print and incorrect comments. Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) commit be9a2e933e301bec856d526516801e14247519c5 Author: Takashi Iwai Date: Wed Feb 15 22:05:34 2017 +0100 ALSA: x86: Stop the stream when buffer is processed after disconnection This shouldn't happen, but just to be sure... Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 28ed125b9a07b9ad09ea680628a920427d079af6 Author: Takashi Iwai Date: Wed Feb 15 22:02:10 2017 +0100 ALSA: x86: Avoid register accesses during disconnection It seems that accessing registers during disconnection often leads to the GPU pipe error. The original driver had a similar check in the past, but it was lost through refactoring. Now put a connection check in the register access functions. One exception is the irq handler: it still needs to access the raw register even while disconnected, because it has to read and write to ACK the irq mask. Although the irq shouldn't be raised while disconnected (the stream should have been disabled), let's make it safer for now. Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) commit a72ccfbad7fd6f604d8edd068119edb57e7984e1 Author: Takashi Iwai Date: Wed Feb 15 21:45:06 2017 +0100 ALSA: x86: Don't return an error from chmap ctl at disconnected It's not wise to return an error at info/get callback when disconnected, which happens at any time. The chmap ctl is supposed to fill zero for such a case, instead. Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit 18353192b8f696a27420e2e8f39804c2075f26fb Author: Takashi Iwai Date: Wed Feb 15 21:42:20 2017 +0100 ALSA: x86: Fix memory leak in had_build_channel_allocation_map() The previously allocated chmap has to be released before setting the new one. Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 5def90196b52d0bbec4f662448e25f2a4c06ddbc Author: Takashi Iwai Date: Wed Feb 15 21:36:38 2017 +0100 ALSA: x86: Use snd_pcm_stop_xrun() for connection / disconnection paths This seems more friendly to user-space, as it's notified at least as an error, instead of forcibly moving the PCM state to SETUP out of sudden. Moreover, snd_pcm_stop() needs an extra PCM spinlock I forgot, while snd_pcm_stop_xrun() takes the spinlock by itself. Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b9bacf275ca2eeb8e8fa85c1705d07e2475f1aaa Author: Takashi Iwai Date: Tue Feb 14 12:29:38 2017 +0100 ALSA: x86: Implement jack control This patch implements a jack interface for notifying HDMI/DP connection. PA listens to this, so it can handle the monitor connection more gracefully. Signed-off-by: Takashi Iwai sound/x86/intel_hdmi_audio.c | 23 +++++++++++++++++++++++ sound/x86/intel_hdmi_audio.h | 1 + 2 files changed, 24 insertions(+) commit 9f1bc2c4c58fcb2d86e0e26437dc8f3a18ac3276 Author: Kai-Heng Feng Date: Thu Feb 16 15:26:54 2017 +0800 ALSA: hda/realtek - Cannot adjust speaker's volume on a Dell AIO The issue is the same as "dd9aa335c880 ALSA: hda/realtek - Can't adjust speaker's volume on a Dell AIO", the output requires to connect to a node with Amp-out capability. Applying the same fixup "ALC298_FIXUP_SPK_VOLUME" can fix the issue. Signed-off-by: Kai-Heng Feng Cc: Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 6 ++++++ 1 file changed, 6 insertions(+) commit e3dc847a5f85b43ee2bfc8eae407a7e383483228 Author: Steffen Klassert Date: Wed Feb 15 11:38:58 2017 +0100 vti6: Don't report path MTU below IPV6_MIN_MTU. In vti6_xmit(), the check for IPV6_MIN_MTU before we send a ICMPV6_PKT_TOOBIG message is missing. So we might report a PMTU below 1280. Fix this by adding the required check. Fixes: ccd740cbc6e ("vti6: Add pmtu handling to vti6_xmit.") Signed-off-by: Steffen Klassert net/ipv6/ip6_vti.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 5b73d6347eb82cd2a26698fc339607e25e0ad917 Author: David Gibson Date: Wed Feb 15 14:40:04 2017 +1100 KVM: PPC: Book3S HV: Prevent double-free on HPT resize commit path resize_hpt_release(), called once the HPT resize of a KVM guest is completed (successfully or unsuccessfully) frees the state structure for the resize. It is currently not safe to call with a NULL pointer. However, one of the error paths in kvm_vm_ioctl_resize_hpt_commit() can invoke it with a NULL pointer. This will occur if userspace improperly invokes KVM_PPC_RESIZE_HPT_COMMIT without previously calling KVM_PPC_RESIZE_HPT_PREPARE, or if it calls COMMIT twice without an intervening PREPARE. To fix this potential crash bug - and maybe others like it, make it safe (and a no-op) to call resize_hpt_release() with a NULL resize pointer. Found by Dan Carpenter with a static checker. Reported-by: Dan Carpenter Signed-off-by: David Gibson Signed-off-by: Paul Mackerras arch/powerpc/kvm/book3s_64_mmu_hv.c | 3 +++ 1 file changed, 3 insertions(+) commit b802c8410ca915e7772e738e68420115f1a3c811 Author: Dan Williams Date: Wed Feb 15 18:42:09 2017 -0800 async_tx: deprecate broken support for channel switching Back in 2011, Russell pointed out that the "async_tx channel switch" capability was violating expectations of the dma mapping api [1]. At the time the existing uses were reviewed as still usable, but that longer term we needed a rework of the raid offload implementation. While some of the framework for a fixed implementation was introduced in 2012 [2], the wider rewrite never materialized. There continues to be interest in raid offload with new dma/raid engine drivers being submitted. Those drivers must not build on top of the broken channel switching capability. Prevent async_tx from using an offload engine if the channel switching capability is enabled. This still allows the engine to be used for other purposes, but the broken way async_tx uses these engines for raid will be disabled. For configurations where this causes a performance regression the only solution is to start the work of eliminating the async_tx api and moving channel management into the raid code directly where it can manage marshalling an operation stream between multiple dma channels. [1]: http://lists.infradead.org/pipermail/linux-arm-kernel/2011-January/036753.html [2]: https://lkml.org/lkml/2012/12/6/71 Cc: Anatolij Gustschin Cc: Anup Patel Cc: Rameshwar Prasad Sahu Cc: Saeed Bishara Cc: Thomas Petazzoni Reported-by: Russell King Signed-off-by: Dan Williams Signed-off-by: Vinod Koul include/linux/async_tx.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit be3c9f5eed3be89d17b5dcffc38412932214fbae Merge: b7bc0da 1aa5ca6 Author: Dave Airlie Date: Thu Feb 16 13:57:37 2017 +1000 Merge branch 'drm-rockchip-next-2017-02-16' of https://github.com/markyzq/kernel-drm-rockchip into drm-next Use iommu for rockchip arm64 platform. * 'drm-rockchip-next-2017-02-16' of https://github.com/markyzq/kernel-drm-rockchip: drm/rockchip: Use common IOMMU API to attach devices drm/rockchip: Do not use DMA mapping API if attached to IOMMU domain commit b7bc0daa889e65db202f3222f5b69b5c80d4070f Merge: 1e9d996 1592364 Author: Dave Airlie Date: Thu Feb 16 13:27:55 2017 +1000 Merge tag 'drm-misc-next-fixes-2017-02-15' of git://anongit.freedesktop.org/git/drm-misc into drm-next Fixes for the v4.11 merge window. * tag 'drm-misc-next-fixes-2017-02-15' of git://anongit.freedesktop.org/git/drm-misc: drm: Resurrect atomic rmfb code, v3 uapi: add missing install of dma-buf.h commit 1e9d996645401f1a5bd6473e229a4d41575fc478 Merge: 13f62f5 c462c2f Author: Dave Airlie Date: Thu Feb 16 13:27:24 2017 +1000 Merge tag 'sti-drm-next-2017-02-10' of https://github.com/vinceab/linux into drm-next - remove deprecated stih416 chip functionnalities - fix issues met around gdp panes - fix STI driver unbind procedure - DVI/HDMI mode is automatically detected - allow fps statisitics resetting * tag 'sti-drm-next-2017-02-10' of https://github.com/vinceab/linux: drm/sti: debug fps reset drm/sti: hdmi: automatically check DVI/HDMI mode drm/sti: unbind all components while driver cleanup drm/sti: do not post GDP command if no update drm/sti: do not set gdp pixel clock rate if mode is not set drm/sti: enable gdp pixel clock in atomic_update drm/sti: remove deprecated legacy vtg slave drm/sti: remove deprecated sink_term config drm/sti: do not check hw scaling if mode is not set drm/sti: Fix up crtc_state->event handling drm/sti: use atomic_helper for commit commit d1da522fb8a70b8c527d4ad15f9e62218cc00f2c Author: Arnd Bergmann Date: Tue Feb 14 22:21:51 2017 +0100 scsi: megaraid_sas: handle dma_addr_t right on 32-bit When building with a dma_addr_t that is different from pointer size, we get this warning: drivers/scsi/megaraid/megaraid_sas_fusion.c: In function 'megasas_make_prp_nvme': drivers/scsi/megaraid/megaraid_sas_fusion.c:1654:17: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] It's better to not pretend that the dma address is a pointer and instead use a dma_addr_t consistently. Fixes: 33203bc4d61b ("scsi: megaraid_sas: NVME fast path io support") Signed-off-by: Arnd Bergmann Acked-by: Sumit Saxena Signed-off-by: Martin K. Petersen drivers/scsi/megaraid/megaraid_sas_fusion.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 40a4c2c392593b57a2e6f6438794492596279838 Author: Dan Carpenter Date: Tue Feb 14 19:38:55 2017 +0300 scsi: megaraid_sas: array overflow in megasas_dump_frame() The "sz" variable is in terms of bytes, but we're treating the buffer as an array of __le32 so we have to divide by 4. Fixes: def0eab3af86 ("scsi: megaraid_sas: enhance debug logs in OCR context") Signed-off-by: Dan Carpenter Acked-by: Sumit Saxena Signed-off-by: Martin K. Petersen drivers/scsi/megaraid/megaraid_sas_base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8e305cb2bd8b6300ea29420f2458a2f245bdacbd Author: Christoph Hellwig Date: Wed Feb 1 15:21:21 2017 +0100 scsi: snic: switch to pci_irq_alloc_vectors Signed-off-by: Christoph Hellwig Acked-by: Narsimhulu Musini Signed-off-by: Martin K. Petersen drivers/scsi/snic/snic.h | 1 - drivers/scsi/snic/snic_isr.c | 48 ++++++++++++++++++-------------------------- 2 files changed, 19 insertions(+), 30 deletions(-) commit 6ff8ec98e12f984b9d62e43f83b0a3c44e2bdc12 Author: Guenter Roeck Date: Sat Feb 11 15:04:56 2017 -0800 clk: qcom: Do not drop device node twice of_find_node_by_name() drops the reference to a passed device node. It is not necessary to drop it again, and doing so may result in the device node being released prematurely. Cc: Rob Herring Signed-off-by: Guenter Roeck Fixes: ee15faffef11 ("clk: qcom: common: Add API to register board clocks backwards compatibly") Signed-off-by: Stephen Boyd drivers/clk/qcom/common.c | 1 - 1 file changed, 1 deletion(-) commit f84775c2d5d92581f2df60d53b574b0405c85be3 Author: Michael Ellerman Date: Thu Feb 16 11:27:00 2017 +1100 powerpc/pseries: Fix build break when MEMORY_HOTREMOVE=n We broke the build when CONFIG_MEMORY_HOTREMOVE=n: arch/powerpc/platforms/pseries/hotplug-memory.c:821:8: error: implicit declaration of function 'dlpar_memory_readd_by_index' Add a dummy to fix it. Fixes: e70d59700fc3 ("powerpc/pseries: Introduce memory hotplug READD operation") Signed-off-by: Michael Ellerman arch/powerpc/platforms/pseries/hotplug-memory.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit a578884fa0d2768f13d37c6591a9e1ed600482d3 Author: Arnd Bergmann Date: Tue Feb 14 22:19:18 2017 +0100 cpufreq: CPPC: add ACPI_PROCESSOR dependency Without the Kconfig dependency, we can get this warning: warning: ACPI_CPPC_CPUFREQ selects ACPI_CPPC_LIB which has unmet direct dependencies (ACPI && ACPI_PROCESSOR) Fixes: 5477fb3bd1e8 (ACPI / CPPC: Add a CPUFreq driver for use with CPPC) Signed-off-by: Arnd Bergmann Acked-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki drivers/cpufreq/Kconfig.arm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 149ab8649667eb50863495d841a7ba1110fc17d3 Author: Paul Gortmaker Date: Mon Feb 13 19:45:02 2017 -0500 cpufreq: make ti-cpufreq explicitly non-modular The Kconfig currently controlling compilation of this code is: drivers/cpufreq/Kconfig.arm:config ARM_TI_CPUFREQ drivers/cpufreq/Kconfig.arm: bool "Texas Instruments CPUFreq support" ...meaning that it currently is not being built as a module by anyone. Lets remove the couple traces of modular infrastructure use, so that when reading the driver there is no doubt it is builtin-only. Since module_init translates to device_initcall in the non-modular case, the init ordering remains unchanged with this commit. We also delete the MODULE_LICENSE tag etc. since all that information is already contained at the top of the file in the comments. Signed-off-by: Paul Gortmaker Acked-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki drivers/cpufreq/ti-cpufreq.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit f451014692ae34e587b00de6745e16661cf734d8 Author: Rafael J. Wysocki Date: Mon Feb 13 13:44:57 2017 +0100 cpufreq: Do not clear real_cpus mask on policy init If new_policy is set in cpufreq_online(), the policy object has just been created and its real_cpus mask has been zeroed on allocation, and the driver's ->init() callback should not touch it. It doesn't need to be cleared again, so don't do that. Signed-off-by: Rafael J. Wysocki Acked-by: Viresh Kumar drivers/cpufreq/cpufreq.c | 2 -- 1 file changed, 2 deletions(-) commit 48385dd7400ee68fdc8af92a730c0d037df5a29e Author: Doug Smythies Date: Mon Feb 13 15:19:07 2017 -0800 tools/power/x86: Debug utility for intel_pstate driver This utility can be used to debug and tune the performance of the intel_pstate driver. This utility can be used in two ways: - If there is Linux trace file with pstate_sample events enabled, then this utility can parse the trace file and generate performance plots. - If user has not specified a trace file as input via command line parameters, then this utility enables and collects trace data for a user-specified interval and generates performance plots. Signed-off-by: Doug Smythies Acked-by: Srinivas Pandruvada Signed-off-by: Rafael J. Wysocki .../x86/intel_pstate_tracer/intel_pstate_tracer.py | 569 +++++++++++++++++++++ 1 file changed, 569 insertions(+) commit b3fc275d548dd831ce0e7e9bd74be03092fcdf03 Author: Todd E Brandt Date: Thu Feb 9 13:27:43 2017 -0800 AnalyzeSuspend: fix drag and zoom bug in javascript Signed-off-by: Todd Brandt Signed-off-by: Rafael J. Wysocki scripts/analyze_suspend.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit cd3e2eb8905d14fe28a2fc75362b8ecec16f0fb6 Author: Andy Shevchenko Date: Tue Feb 14 12:59:37 2017 +0200 PCI: Sort the list of devices with D3 delay quirk by ID Sort the list of Intel devices that have no PCI D3 delay by ID. Add a comment for group of devices that had not been marked yet. There is no functional change. Signed-off-by: Andy Shevchenko Signed-off-by: Bjorn Helgaas drivers/pci/quirks.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) commit 4e29ccdb240ec833f172a34fcf405e077b51066b Author: Hans Ulli Kroll Date: Wed Feb 8 21:00:10 2017 +0100 DT: add Faraday Tec. as vendor add Faraday Technology Corporation as vendor faraday for DT Signed-off-by: Hans Ulli Kroll Signed-off-by: Rob Herring Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) commit d8a4995bcea168dfac8ee41c28c79109907e4fba Author: Christopher Covington Date: Wed Feb 15 16:39:43 2017 -0500 tty: pl011: Work around QDF2400 E44 stuck BUSY bit The Qualcomm Datacenter Technologies QDF2400 family of SoCs contains a custom (non-PrimeCell) implementation of the SBSA UART. Occasionally the BUSY bit in the Flag Register gets stuck as 1, erratum 44 for both 2432v1 and 2400v1 SoCs.Checking that the Transmit FIFO Empty (TXFE) bit is 0, instead of checking that the BUSY bit is 1, works around the issue. To facilitate this substitution of flags and values, introduce vendor-specific inversion of Feature Register bits when UART AMBA Port (UAP) data is available. For the earlycon case, prior to UAP availability, implement alternative putc and early_write functions. Similar to what how ARMv8 ACPI PCI quirks are detected during MCFG parsing, check the OEM fields of the Serial Port Console Redirection (SPCR) ACPI table to determine if the current platform is known to be affected by the erratum. Signed-off-by: Christopher Covington Acked-by: Russell King Acked-by: Timur Tabi Acked-by: Mark Rutland Signed-off-by: Greg Kroah-Hartman drivers/acpi/spcr.c | 23 ++++++++++++++ drivers/tty/serial/amba-pl011.c | 66 ++++++++++++++++++++++++++++++++++++----- 2 files changed, 82 insertions(+), 7 deletions(-) commit 62924fd789c6a381b772141f78a82361f46ae397 Author: Rémy Léone Date: Wed Feb 15 13:16:35 2017 +0100 Add a target to check broken external links in the Documentation Documentation shouldn't have broken links. sphinx linkcheck builder scans all documents for external links, tries to open them with urllib2, and writes an overview which ones are broken and redirected to standard output and to output.txt in the output directory. Reviewed-by: Jani Nikula Tested-by: Jani Nikula Signed-off-by: Rémy Léone Signed-off-by: Jonathan Corbet Documentation/DocBook/Makefile | 1 + Documentation/Makefile.sphinx | 4 ++++ Documentation/media/Makefile | 1 + Makefile | 2 +- 4 files changed, 7 insertions(+), 1 deletion(-) commit 72f8f677e3ec685865392846c356e08771d49f13 Author: Tyler Hicks Date: Tue Feb 14 04:04:17 2017 +0000 Documentation: Fix linux-api list typo A Japanese translation file contained the incorrect email address for the linux-api list. Signed-off-by: Tyler Hicks Signed-off-by: Jonathan Corbet Documentation/translations/ja_JP/HOWTO | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0f3a249110bea205b025a108f4b360c1d2ff8880 Author: Jim Davis Date: Mon Feb 13 17:02:57 2017 -0700 Documentation: DocBook/Makefile comment typo Fix a se for so typo. Signed-off-by: Jim Davis Signed-off-by: Jonathan Corbet Documentation/DocBook/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 291b9d73681f3e0123b8954eb20be22342987afc Author: Matthew Wilcox Date: Mon Feb 13 11:16:02 2017 -0800 Improve sparse documentation Add documentation of -DCONFIG_SPARSE_RCU_POINTER. I started to add documentation of -D__CHECK_ENDIAN__ as well, but discovered I'm too late; that's now enabled by default. Signed-off-by: Matthew Wilcox Signed-off-by: Jonathan Corbet Documentation/dev-tools/sparse.rst | 6 ++++++ 1 file changed, 6 insertions(+) commit df56c3dbae0e6df0edcca2e778810a3d8c994f4e Author: Jaroslav Kysela Date: Wed Feb 15 17:09:43 2017 +0100 ALSA: hda - add sanity check to force the separate stream tags It seems that newer Intel chipsets have more than 15 I/O streams (total). This patch forces the separate stream tags, when this hardware is detected to avoid SDxCTL.STRM field overflow and an unexpected behaviour. Signed-off-by: Jaroslav Kysela Signed-off-by: Takashi Iwai sound/pci/hda/hda_intel.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit e7480b34ad1ab84a63540b2c884cb92c0764ab74 Author: Jaroslav Kysela Date: Wed Feb 15 17:09:42 2017 +0100 ALSA: hda - fix Lewisburg audio issue Like for Sunrise Point, the total stream number of Lewisburg's input and output stream exceeds 15 (GCAP is 0x9701), which will cause some streams do not work because of the overflow on SDxCTL.STRM field if using the legacy stream tag allocation method. Fixes: 5cf92c8b3dc5 ("ALSA: hda - Add Intel Lewisburg device IDs Audio") Signed-off-by: Jaroslav Kysela Cc: Signed-off-by: Takashi Iwai sound/pci/hda/hda_intel.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d7a1030839d35c04a620e841f406b9b2a8600041 Author: Ming Lei Date: Tue Feb 14 23:29:03 2017 +0800 md: fast clone bio in bio_clone_mddev() Firstly bio_clone_mddev() is used in raid normal I/O and isn't in resync I/O path. Secondly all the direct access to bvec table in raid happens on resync I/O except for write behind of raid1, in which we still use bio_clone() for allocating new bvec table. So this patch replaces bio_clone() with bio_clone_fast() in bio_clone_mddev(). Also kill bio_clone_mddev() and call bio_clone_fast() directly, as suggested by Christoph Hellwig. Reviewed-by: Christoph Hellwig Signed-off-by: Ming Lei Signed-off-by: Shaohua Li drivers/md/faulty.c | 2 +- drivers/md/md.c | 7 ------- drivers/md/md.h | 2 -- drivers/md/raid1.c | 10 ++++++---- drivers/md/raid10.c | 11 +++++------ drivers/md/raid5.c | 4 ++-- 6 files changed, 14 insertions(+), 22 deletions(-) commit ed7ef732ca9f7d6f42be8df6cc7bf4ace3534af3 Author: Ming Lei Date: Tue Feb 14 23:29:02 2017 +0800 md: remove unnecessary check on mddev mddev is never NULL and neither is ->bio_set, so remove the check. Reviewed-by: Christoph Hellwig Signed-off-by: Ming Lei Signed-off-by: Shaohua Li drivers/md/md.c | 3 --- 1 file changed, 3 deletions(-) commit 8e58e327e25c7fffc3fb79a24c76637bdda37716 Author: Ming Lei Date: Tue Feb 14 23:29:01 2017 +0800 md/raid1: use bio_clone_bioset_partial() in case of write behind Write behind need to replace pages in bio's bvecs, and we have to clone a fresh bio with new bvec table, so use the introduced bio_clone_bioset_partial() for it. For other bio_clone_mddev() cases, we will use fast clone since they don't need to touch bvec table. Reviewed-by: Christoph Hellwig Signed-off-by: Ming Lei Signed-off-by: Shaohua Li drivers/md/raid1.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) commit 10273170fd5602d8090b1312e66ad4746ab02c94 Author: Ming Lei Date: Tue Feb 14 23:29:00 2017 +0800 md: fail if mddev->bio_set can't be created The current behaviour is to fall back to allocate bio from 'fs_bio_set', that isn't a correct way because it might cause deadlock. So this patch simply return failure if mddev->bio_set can't be created. Reviewed-by: Christoph Hellwig Signed-off-by: Ming Lei Signed-off-by: Shaohua Li drivers/md/md.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit c18a1e09008de7d8bd82b046d38a88f4285d53f9 Author: Ming Lei Date: Tue Feb 14 23:28:59 2017 +0800 block: introduce bio_clone_bioset_partial() md still need bio clone(not the fast version) for behind write, and it is more efficient to use bio_clone_bioset_partial(). The idea is simple and just copy the bvecs range specified from parameters. Reviewed-by: Christoph Hellwig Reviewed-by: Jens Axboe Signed-off-by: Ming Lei Signed-off-by: Shaohua Li block/bio.c | 61 +++++++++++++++++++++++++++++++++++++++++------------ include/linux/bio.h | 11 ++++++++-- 2 files changed, 57 insertions(+), 15 deletions(-) commit 4da3273b93bd3715b05cc007ca07e5c12fa1e883 Author: James Hogan Date: Wed Feb 15 17:17:14 2017 +0000 MIPS: OCTEON: Enable DEVTMPFS Recent versions of udev and systemd require the kernel to be compiled with CONFIG_DEVTMPFS in order to populate the /dev directory. Most MIPS platforms have it enabled by default, so enable it for the Cavium Octeon defconfig as well. This will assist with automated kernel boot testing. Signed-off-by: James Hogan Acked-by: David Daney Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/15294/ Signed-off-by: James Hogan arch/mips/configs/cavium_octeon_defconfig | 1 + 1 file changed, 1 insertion(+) commit 53b7f7b53d83727075c01f57f813fc141d53c3d5 Author: Gustavo A. R. Silva Date: Tue Feb 14 21:10:52 2017 -0600 usb: cdc-wdm: remove logically dead code Remove logically dead code. 'cntr' is always equal to zero when the following line of code is executed: rv = cntr ? cntr : -EAGAIN; Addresses-Coverity-ID: 113227 Signed-off-by: Gustavo A. R. Silva Acked-by: Oliver Neukum Reviewed-by: Peter Senna Tschudin Signed-off-by: Greg Kroah-Hartman drivers/usb/class/cdc-wdm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b973154a2278c6af0b0efefafb222e0189959659 Author: Jan Koniarik Date: Wed Feb 15 16:59:35 2017 +0100 atm: idt77252, use setup_timer and mod_timer Stop accessing timer struct members directly and use setup_timer and mod_timer helpers intended for that use. It makes the code cleaner and will allow for easier change of the timer struct internals. Signed-off-by: Jan Koniarik Signed-off-by: Jiri Slaby Cc: Chas Williams <3chas3@gmail.com> Cc: Cc: Signed-off-by: David S. Miller drivers/atm/idt77252.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit 0c921a894c2f01850f39ad6ecb31dd92a9cc9839 Author: Jiri Pirko Date: Wed Feb 15 12:09:51 2017 +0100 mlxsw: acl: Use PBS type for forward action Current behaviour of "mirred redirect" action (forward) offload is a bit odd. For matched packets the action forwards them to the desired destination, but it also lets the packet duplicates to go the original way down (bridge, router, etc). That is more like "mirred mirror". Fix this by using PBS type which behaves exactly like "mirred redirect". Note that PBS does not support loopback mode. Fixes: 4cda7d8d7098 ("mlxsw: core: Introduce flexible actions support") Signed-off-by: Jiri Pirko Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller .../ethernet/mellanox/mlxsw/core_acl_flex_actions.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) commit 6a553b4894264eb880fe07c2ac6be54eea1d7abb Merge: 36a4a50 c80151e Author: David S. Miller Date: Wed Feb 15 13:20:57 2017 -0500 Merge branch 'stmmac-misc' Corentin Labbe says: ==================== stmmac: misc patchs This is a follow up of my previous stmmac serie which address some comment done in v2. ==================== Acked-by: Giuseppe Cavallaro Signed-off-by: David S. Miller commit c80151ec4b65c08dac6a653a849ec5e50d94708f Author: LABBE Corentin Date: Wed Feb 15 10:46:45 2017 +0100 net: stmmac: invert the logic for dumping regs It is easier to follow the logic by removing the not operator Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Reviewed-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit cc26dc67b69a736b17c69fa3f2251c8fefa99b75 Author: LABBE Corentin Date: Wed Feb 15 10:46:44 2017 +0100 net: stmmac: reduce indentation by adding a continue As suggested by Joe Perches, replacing the "if phydev" logic permit to reduce indentation in the for loop. Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Reviewed-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 82 +++++++++++------------ 1 file changed, 40 insertions(+), 42 deletions(-) commit 9beae261baab3f5a3001933cbc4d321538bef344 Author: LABBE Corentin Date: Wed Feb 15 10:46:43 2017 +0100 net: stmmac: split the stmmac_adjust_link 10/100 case The 10/100 case have too many ifcase. This patch split it for removing an if. Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Reviewed-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit 5db1355673205dccaf754dc3cb2f6b5abc2ff67e Author: LABBE Corentin Date: Wed Feb 15 10:46:42 2017 +0100 net: stmmac: run stmmac_hw_fix_mac_speed when speed is valid This patch mutualise a bit by running stmmac_hw_fix_mac_speed() after the switch in case of valid speed. Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Reviewed-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 688495b10ba703c1c13b3d05fcaecff55a320578 Author: LABBE Corentin Date: Wed Feb 15 10:46:41 2017 +0100 net: stmmac: set speed at SPEED_UNKNOWN in case of broken speed In case of invalid speed given, stmmac_adjust_link() still record it as current speed. This patch modify the default case to set speed as SPEED_UNKNOWN if not 10/100/1000. Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Reviewed-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 1 + 1 file changed, 1 insertion(+) commit bd00632c5294bff0ed5826677cd2f1b2e303a6f6 Author: LABBE Corentin Date: Wed Feb 15 10:46:40 2017 +0100 net: stmmac: use SPEED_UNKNOWN/DUPLEX_UNKNOWN It is better to use DUPLEX_UNKNOWN instead of just "-1". Using 0 for an invalid speed is bad since 0 is a valid value for speed. So this patch replace 0 by SPEED_UNKNOWN. Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Reviewed-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 3e12790eed9da7ac0e20b94690ce5de209540168 Author: LABBE Corentin Date: Wed Feb 15 10:46:39 2017 +0100 net: stmmac: likely is useless in occasional function The stmmac_adjust_link() function is called too rarely for having likely() macros being useful. Just remove likely annotation in it. Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Reviewed-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit cb2c0acea271d96ca3242fb2ff0ce5e24958d015 Author: LABBE Corentin Date: Wed Feb 15 10:46:38 2017 +0100 net: stmmac: remove useless parenthesis This patch remove some useless parenthesis. Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Reviewed-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 ++++---- drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) commit 51b0be640cf6e2cb63a7cf4d9c7c4acd3ad5afd0 Author: Stefan Berger Date: Wed Feb 15 11:56:23 2017 -0500 tpm: Fix expected number of response bytes of TPM1.2 PCR Extend The TPM1.2 PCR Extend operation only returns 20 bytes in the body, which is the size of the PCR state. This fixes a problem where IMA gets errors with every PCR Extend. Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") Signed-off-by: Stefan Berger Acked-by: Mimi Zohar Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen drivers/char/tpm/tpm-interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 36a4a50f4048f21b7c2694b37804dfc1d9890ab4 Author: Christoph Hellwig Date: Wed Feb 15 08:38:47 2017 +0100 net: ethernet: aquantia: switch to pci_alloc_irq_vectors pci_enable_msix has been long deprecated, but this driver adds a new instance. Convert it to pci_alloc_irq_vectors so that no new instance of the deprecated function reaches mainline. Signed-off-by: Christoph Hellwig Tested-by: Pavel Belous Signed-off-by: David S. Miller .../net/ethernet/aquantia/atlantic/aq_pci_func.c | 101 +++++---------------- 1 file changed, 25 insertions(+), 76 deletions(-) commit 4c2ae32d4c6ccd63819f36702f8455a5b08eaca8 Merge: 8b9c156 4f69bd1 Author: Bjorn Helgaas Date: Wed Feb 15 11:56:12 2017 -0600 Merge branch 'pci/vpd' into next * pci/vpd: PCI: Increase VPD access timeout to 125ms commit 8b9c156262f9ebaa88736b93263c1af5ae5fa43e Merge: 0dc49eb 5b0948d Author: Bjorn Helgaas Date: Wed Feb 15 11:56:11 2017 -0600 Merge branch 'pci/virtualization' into next * pci/virtualization: PCI: Lock each enable/disable num_vfs operation in sysfs PCI: Add ACS quirk for Intel Union Point commit 0dc49eb2a25a6b48e235803eeb2b52677f577ca5 Merge: 3ec2574 25e7738 Author: Bjorn Helgaas Date: Wed Feb 15 11:56:10 2017 -0600 Merge branch 'pci/resource' into next * pci/resource: PCI: Remove res_to_dev_res() debug message commit 3ec2574e31b5aebeeed52ea784bb6d7960788202 Merge: 906c142 e4e7d597 Author: Bjorn Helgaas Date: Wed Feb 15 11:56:10 2017 -0600 Merge branch 'pci/msi' into next * pci/msi: PCI/MSI: Update MSI/MSI-X bits in PCIEBUS-HOWTO PCI/MSI: Document pci_alloc_irq_vectors(), deprecate pci_enable_msi() PCI/MSI: Return -ENOSPC if pci_enable_msi_range() can't get enough vectors PCI/portdrv: Use pci_irq_alloc_vectors() PCI/MSI: Check that we have a legacy interrupt line before using it PCI/MSI: Remove pci_msi_domain_{alloc,free}_irqs() PCI/MSI: Remove unused pci_msi_create_default_irq_domain() PCI/MSI: Return failure when msix_setup_entries() fails PCI/MSI: Remove pci_enable_msi_{exact,range}() amd-xgbe: Update PCI support to use new IRQ functions [media] cobalt: use pci_irq_allocate_vectors() PCI/MSI: Fix msi_capability_init() kernel-doc warnings commit 906c142634def5dd3dda533d5d20bd3c1c19d1fb Merge: 63ab93f 1acf8bc Author: Bjorn Helgaas Date: Wed Feb 15 11:56:09 2017 -0600 Merge branch 'pci/hotplug' into next * pci/hotplug: PCI: acpiphp_ibm: Make ibm_apci_table_attr __ro_after_init PCI: rpadlpar: Remove unnecessary return statement commit 63ab93f021ecd815d848c3e9d3e326fa9628e5a9 Merge: af3a2ab fed6781 Author: Bjorn Helgaas Date: Wed Feb 15 11:56:08 2017 -0600 Merge branch 'pci/enumeration' into next * pci/enumeration: PCI: Remove duplicate check for positive return value from probe() functions PCI: Enable PCIe Extended Tags if supported PCI: Avoid possible deadlock on pci_lock and p->pi_lock PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup() PCI: Apply _HPX settings only to relevant devices commit af3a2ab5daa0b8bf188a039c122a670cdc8b9544 Merge: 8f417ca abdbf4d Author: Bjorn Helgaas Date: Wed Feb 15 11:56:07 2017 -0600 Merge branch 'pci/dpc' into next * pci/dpc: PCI/DPC: Wait for Root Port busy to clear PCI/DPC: Decode extended reasons commit 8f417ca9ebfa8701a41db64f5ed9cbb01b8e4219 Merge: ca0ef7f a142f4d Author: Bjorn Helgaas Date: Wed Feb 15 11:56:07 2017 -0600 Merge branch 'pci/aspm' into next * pci/aspm: PCI/ASPM: Add comment about L1 substate latency PCI/ASPM: Configure L1 substate settings PCI/ASPM: Calculate and save the L1.2 timing parameters PCI/ASPM: Read and set up L1 substate capabilities PCI/ASPM: Add support for L1 substates PCI/ASPM: Add L1 substate capability structure register definitions commit ca0ef7fecc881a7e8d11db2d8852ab580cd29e03 Merge: 7ce7d89 2fd260f Author: Bjorn Helgaas Date: Wed Feb 15 11:56:06 2017 -0600 Merge branch 'pci/aer' into next * pci/aer: PCI/AER: Remove unused .link_reset() callback commit e4e7d59704d485f272061cea9057798dda3cfd99 Author: Christoph Hellwig Date: Wed Feb 15 08:58:23 2017 +0100 PCI/MSI: Update MSI/MSI-X bits in PCIEBUS-HOWTO Update the MSI/MSI-X bits in PCIEBUS-HOWTO. Stop talking about low-level details that mention deprecated APIs and concentrate on what service drivers should do and why. Signed-off-by: Christoph Hellwig Signed-off-by: Bjorn Helgaas Documentation/PCI/PCIEBUS-HOWTO.txt | 33 +++++++-------------------------- 1 file changed, 7 insertions(+), 26 deletions(-) commit dfb011d241e26ebe8ac05aaa2597f00ac2918122 Merge: b93f79b 4c55215 Author: David S. Miller Date: Wed Feb 15 12:42:54 2017 -0500 Merge branch 'qed-ptp' Yuval Mintz says: ==================== qed*: Add support for PTP This patch series adds required changes for qed/qede drivers for supporting the IEEE Precision Time Protocol (PTP). Changes from previous versions: v7: Fixed Kbuild robot warnings. v6: Corrected broken loop iteration in previous version. Reduced approximation error of adjfreq. v5: Removed two divisions from the adjust-frequency loop. Resulting logic would use 8 divisions [instead of 24]. v4: Remove the loop iteration for value '0' in the qed_ptp_hw_adjfreq() implementation. v3: Use div_s64 for 64-bit divisions as do_div gives error for signed types. Incorporated review comments from Richard Cochran. - Clear timestamp resgisters as soon as timestamp is read. - Use shift operation in the place of 'divide by 16'. v2: Use do_div for 64-bit divisions. ==================== Acked-by: Richard Cochran Signed-off-by: David S. Miller commit 4c55215c05d252e975930fe08ff418d02e002ceb Author: Sudarsana Reddy Kalluru Date: Wed Feb 15 10:24:11 2017 +0200 qede: Add driver support for PTP This patch adds the driver support for, - Registering the ptp clock functionality with the OS. - Timestamping the Rx/Tx PTP packets. - Ethtool callbacks related to PTP. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/Kconfig | 1 + drivers/net/ethernet/qlogic/qede/Makefile | 2 +- drivers/net/ethernet/qlogic/qede/qede.h | 4 + drivers/net/ethernet/qlogic/qede/qede_ethtool.c | 10 + drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 + drivers/net/ethernet/qlogic/qede/qede_main.c | 39 ++ drivers/net/ethernet/qlogic/qede/qede_ptp.c | 536 ++++++++++++++++++++++++ drivers/net/ethernet/qlogic/qede/qede_ptp.h | 65 +++ 8 files changed, 661 insertions(+), 1 deletion(-) commit c78c70fa30e23dc6cdb394f6c13880919499fba5 Author: Sudarsana Reddy Kalluru Date: Wed Feb 15 10:24:10 2017 +0200 qed: Add infrastructure for PTP support The patch adds the required qed interfaces for configuring/reading the PTP clock on the adapter. Signed-off-by: Sudarsana Reddy Kalluru Signed-off-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/Makefile | 2 +- drivers/net/ethernet/qlogic/qed/qed.h | 2 + drivers/net/ethernet/qlogic/qed/qed_l2.c | 5 + drivers/net/ethernet/qlogic/qed/qed_l2.h | 1 + drivers/net/ethernet/qlogic/qed/qed_main.c | 15 ++ drivers/net/ethernet/qlogic/qed/qed_ptp.c | 323 +++++++++++++++++++++++++ drivers/net/ethernet/qlogic/qed/qed_ptp.h | 47 ++++ drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 31 +++ include/linux/qed/qed_eth_if.h | 22 ++ 9 files changed, 447 insertions(+), 1 deletion(-) commit b93f79bea9c1fcb1dd4619eaa528b6a5688c3ece Author: Ganesh Goudar Date: Wed Feb 15 11:45:25 2017 +0530 cxgb4: Update proper netdev stats for rx drops Count buffer group drops or truncates as rx drops rather than rx errors in netdev stats. Signed-off-by: Ganesh Goudar Signed-off-by: Arjun V Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 425df17ce3a26d98f76e2b6b0af2acf4aeb0b026 Author: Jarno Rajahalme Date: Tue Feb 14 21:16:28 2017 -0800 openvswitch: Set internal device max mtu to ETH_MAX_MTU. Commit 91572088e3fd ("net: use core MTU range checking in core net infra") changed the openvswitch internal device to use the core net infra for controlling the MTU range, but failed to actually set the max_mtu as described in the commit message, which now defaults to ETH_DATA_LEN. This patch fixes this by setting max_mtu to ETH_MAX_MTU after ether_setup() call. Fixes: 91572088e3fd ("net: use core MTU range checking in core net infra") Signed-off-by: Jarno Rajahalme Signed-off-by: David S. Miller net/openvswitch/vport-internal_dev.c | 2 ++ 1 file changed, 2 insertions(+) commit b0c9d043d4ae95d898aa79b2d89226262de471fd Merge: d0d8949 6ccc3a3 Author: Dmitry Torokhov Date: Wed Feb 15 09:24:23 2017 -0800 Merge tag 'ib-mfd-input-v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd into next Merge in cros-ec changes applied through MFD branch to resolve conflicts. commit 8ae70032552a8082734d0b8550848cf6bf92e1d5 Author: Jiri Pirko Date: Wed Feb 15 11:57:50 2017 +0100 sched: have stub for tcf_destroy_chain in case NET_CLS is not configured This fixes broken build for !NET_CLS: net/built-in.o: In function `fq_codel_destroy': /home/sab/linux/net-next/net/sched/sch_fq_codel.c:468: undefined reference to `tcf_destroy_chain' Fixes: cf1facda2f61 ("sched: move tcf_proto_destroy and tcf_destroy_chain helpers into cls_api") Reported-by: Sabrina Dubroca Signed-off-by: Jiri Pirko Tested-by: Sabrina Dubroca Signed-off-by: David S. Miller include/net/pkt_cls.h | 6 ++++++ 1 file changed, 6 insertions(+) commit d498f8719a098a5df7c6dba4ea302df7afb51efd Author: Mickaël Salaün Date: Sat Feb 11 23:20:23 2017 +0100 bpf: Rebuild bpf.o for any dependency update This is needed to force a rebuild of bpf.o when one of its dependencies (e.g. uapi/linux/bpf.h) is updated. Add a phony target. Signed-off-by: Mickaël Salaün Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: David S. Miller Cc: Wang Nan Signed-off-by: David S. Miller tools/testing/selftests/bpf/Makefile | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) commit cdc6a4ba88fbc26de1ffe8cbcaf0e41d316046fd Author: Mickaël Salaün Date: Sat Feb 11 20:37:08 2017 +0100 bpf: Remove redundant ifdef Remove a useless ifdef __NR_bpf as requested by Wang Nan. Inline one-line static functions as it was in the bpf_sys.h file. Signed-off-by: Mickaël Salaün Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: David S. Miller Cc: Wang Nan Link: https://lkml.kernel.org/r/828ab1ff-4dcf-53ff-c97b-074adb895006@huawei.com Acked-by: Wang Nan Signed-off-by: David S. Miller tools/lib/bpf/bpf.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit 99f5711e7c15e997c4eb34b378502ef6f3982233 Author: Eric Dumazet Date: Thu Feb 9 09:10:04 2017 -0800 mlx4: do not use rwlock in fast path Using a reader-writer lock in fast path is silly, when we can instead use RCU or a seqlock. For mlx4 hwstamp clock, a seqlock is the way to go, removing two atomic operations and false sharing. Signed-off-by: Eric Dumazet Cc: Tariq Toukan Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_clock.c | 35 ++++++++++++++------------- drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 2 +- 2 files changed, 19 insertions(+), 18 deletions(-) commit 6cf18e6927c0b224f972e3042fb85770d63cb9f8 Author: Thomas Gleixner Date: Wed Feb 15 11:11:51 2017 +0100 goldfish: Sanitize the broken interrupt handler This interrupt handler is broken in several ways: - It loops forever when the op code is not decodeable - It never returns IRQ_HANDLED because the only way to exit the loop returns IRQ_NONE unconditionally. The whole concept of this is broken. Creating devices in an interrupt handler is beyond any point of sanity. Make it at least behave halfways sane so accidental users do not have to deal with a hard to debug lockup. Fixes: e809c22b8fb028 ("goldfish: add the goldfish virtual bus") Reported-by: Gabriel C Signed-off-by: Thomas Gleixner Acked-by: Linus Torvalds Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/platform/goldfish/pdev_bus.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 47512cfd0d7a8bd6ab71d01cd89fca19eb2093eb Author: Thomas Gleixner Date: Wed Feb 15 11:11:50 2017 +0100 x86/platform/goldfish: Prevent unconditional loading The goldfish platform code registers the platform device unconditionally which causes havoc in several ways if the goldfish_pdev_bus driver is enabled: - Access to the hardcoded physical memory region, which is either not available or contains stuff which is completely unrelated. - Prevents that the interrupt of the serial port can be requested - In case of a spurious interrupt it goes into a infinite loop in the interrupt handler of the pdev_bus driver (which needs to be fixed seperately). Add a 'goldfish' command line option to make the registration opt-in when the platform is compiled in. I'm seriously grumpy about this engineering trainwreck, which has seven SOBs from Intel developers for 50 lines of code. And none of them figured out that this is broken. Impressive fail! Fixes: ddd70cf93d78 ("goldfish: platform device for x86") Reported-by: Gabriel C Signed-off-by: Thomas Gleixner Cc: stable@vger.kernel.org Acked-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman Documentation/admin-guide/kernel-parameters.txt | 4 ++++ arch/x86/platform/goldfish/goldfish.c | 14 +++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) commit beabdc3cd3e3ef9a56b62ee0e0b0663edacd5264 Author: Johan Hovold Date: Wed Feb 15 11:09:51 2017 +0100 USB: serial: keyspan: drop header file Move all declarations and definitions in keyspan.h to keyspan.c, which is the only place were they are used. This specifically moves the driver device-id tables and usb-serial driver definitions to the source file where they are expected to be found. While at it, fix up some multi-line comments and minor white-space issues (spaces instead of tabs and superfluous white space). Note that the information in the comment header of the removed header file is also present in the source file. Reviewed-by: Greg Kroah-Hartman Signed-off-by: Johan Hovold drivers/usb/serial/keyspan.c | 592 +++++++++++++++++++++++++++++++++++++++- drivers/usb/serial/keyspan.h | 629 ------------------------------------------- 2 files changed, 589 insertions(+), 632 deletions(-) commit 35d479762bef1a38b20decbb6f1060043d833fdd Author: Johan Hovold Date: Wed Feb 15 11:09:50 2017 +0100 USB: serial: io_edgeport: drop io-tables header file Move the driver device-id tables and usb-serial driver definitions to the source file where they are expected to be found. Reviewed-by: Greg Kroah-Hartman Signed-off-by: Johan Hovold drivers/usb/serial/io_edgeport.c | 217 +++++++++++++++++++++++++++++++++++- drivers/usb/serial/io_tables.h | 232 --------------------------------------- 2 files changed, 215 insertions(+), 234 deletions(-) commit c3cf2c61ddc1410424da0ea87717edf16fc296c5 Author: Christoph Hellwig Date: Wed Feb 15 08:58:22 2017 +0100 PCI/MSI: Document pci_alloc_irq_vectors(), deprecate pci_enable_msi() Document pci_alloc_irq_vectors() instead of the deprecated pci_enable_msi() and pci_enable_msix() APIs. Signed-off-by: Christoph Hellwig Signed-off-by: Bjorn Helgaas Documentation/PCI/pci.txt | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit b410aff2bd9f101bc096069612391aecce204cd1 Author: Tahsin Erdogan Date: Tue Feb 14 19:27:38 2017 -0800 block: do not allow updates through sysfs until registration completes When a new disk shows up, sysfs queue directory is created before elevator is registered. This allows a user to attempt a scheduler switch even though the initial registration hasn't completed yet. In one scenario, blk_register_queue() calls elv_register_queue() and right before cfq_registered_queue() is called, another process executes elevator_switch() and replaces q->elevator with deadline scheduler. When cfq_registered_queue() executes it interprets e->elevator_data as struct cfq_data even though it is actually struct deadline_data. Grab q->sysfs_lock in blk_register_queue() to synchronize with sysfs callers. Signed-off-by: Tahsin Erdogan Signed-off-by: Jens Axboe block/blk-sysfs.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit bef5da60595f5706232e2502876f8545743b9b41 Author: Masami Hiramatsu Date: Fri Feb 10 22:21:55 2017 +0900 tracing/probes: Fix a warning message to show correct maximum length Since tracing/*probe_events will accept a probe definition up to 4096 - 2 ('\n' and '\0') bytes, it must show 4094 instead of 4096 in warning message. Note that there is one possible case of exceed 4094. If user prepare 4096 bytes null-terminated string and syscall write it with the count == 4095, then it can be accepted. However, if user puts a '\n' after that, it must rejected. So IMHO, the warning message should indicate shorter one, since it is safer. Link: http://lkml.kernel.org/r/148673290462.2579.7966778294009665632.stgit@devbox Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace_probe.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6732c7401035c8464fd4ab5ff2e1bf86e5fcd74c Author: Matias Bjørling Date: Wed Feb 15 16:25:33 2017 +0100 lightnvm: set default lun range when no luns are specified The create target ioctl takes a lun begin and lun end parameter, which defines the range of luns to initialize a target with. If the user does not set the parameters, it default to only using lun 0. Instead, defaults to use all luns in the OCSSD, as it is the usual behaviour users want. Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe drivers/lightnvm/core.c | 5 +++++ 1 file changed, 5 insertions(+) commit 0e5ffd1cb5f7ce19f23cc829d5dc3ebb1491570f Author: Matias Bjørling Date: Wed Feb 15 16:25:32 2017 +0100 lightnvm: fix off-by-one error on target initialization If one specifies the end lun id to be the absolute number of luns, without taking zero indexing into account, the lightnvm core will pass the off-by-one end lun id to target creation, which then panics during nvm_ioctl_dev_create. Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe drivers/lightnvm/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 04be87a83db6cbb7586db95b591467c58ae09aee Author: Ralph Sennhauser Date: Thu Feb 9 16:27:02 2017 +0100 ARM: dts: armada-385-linksys: fix DSA compatible property The switch to the new DSA binding used "marvell,mv88e6095" for the compatible property which doesn't exist, use "marvell,mv88e6085" instead. Fixes: 455b82f03f52 ("ARM: dts: armada-385-linksys: Utilize new DSA binding") Signed-off-by: Ralph Sennhauser Reviewed-by: Andrew Lunn Signed-off-by: Gregory CLEMENT arch/arm/boot/dts/armada-385-linksys.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b85ad494098bf881c3713218fbd74193e5d5c488 Author: Rob Herring Date: Fri Feb 3 12:39:03 2017 -0600 of: introduce of_graph_get_remote_node The OF graph API leaves too much of the graph walking to clients when in many cases the driver doesn't care about accessing the port or endpoint nodes. The drivers typically just want the device connected via a particular graph connection. of_graph_get_remote_node provides this functionality. Signed-off-by: Rob Herring Acked-by: Philipp Zabel drivers/of/base.c | 37 +++++++++++++++++++++++++++++++++++++ include/linux/of_graph.h | 8 ++++++++ 2 files changed, 45 insertions(+) commit 6df6b4a9ce43deb57d3e23b0e79a529464b5cf37 Author: Moni Shoua Date: Tue Feb 14 07:24:08 2017 +0200 IB/cma: Destination and source addr families must match The destination address in a listening rdma_id does not have an address family. Since address family in both sides of a connection must be the same in rdma_bind_addr() we set the address family of the destination to the address family of the source. This patch serves the logic in cma_port_is_unique() which requires to know if destination address that is associated with a rdma_id is any address (cma_zero_addr() and cma_loopback_addr()). This can happen when port reuse is checked for a port number that is being listened to. Fixes: 19b752a19dce ("IB/cma: Allow port reuse for rdma_id") Signed-off-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/cma.c | 4 ++++ 1 file changed, 4 insertions(+) commit 89052d784bc977c2a0b92393f6bd57140952c206 Author: Majd Dibbiny Date: Tue Feb 14 07:21:52 2017 +0200 IB/cma: Add default RoCE TOS to CMA configfs Add new entry to the RDMA-CM configfs that allows users to select default TOS for RDMA-CM QPs. This is useful for users that want to control the TOS for legacy applications without changing their code. Application that sets the TOS explicitly using the rdma_set_option API will continue to work as expected, meaning overriding the configfs value. CC: Dan Carpenter Signed-off-by: Majd Dibbiny Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford Documentation/ABI/testing/configfs-rdma_cm | 8 +++++ drivers/infiniband/core/cma.c | 54 +++++++++++++++++++++++++++--- drivers/infiniband/core/cma_configfs.c | 42 +++++++++++++++++++++++ drivers/infiniband/core/core_priv.h | 3 ++ 4 files changed, 102 insertions(+), 5 deletions(-) commit 590396084039b6504097b371cda6474dfcb83648 Author: Parav Pandit Date: Thu Feb 2 07:14:08 2017 +0200 IB/core: Remove pointer casting from void to net_device This patch avoids unnecessary type casting from void to net_device. CC: Yuval Shaia Signed-off-by: Parav Pandit Signed-off-by: Leon Romanovsky Reviewed-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/core/roce_gid_mgmt.c | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) commit 2b0841766a898aba84630fb723989a77a9d3b4e6 Author: Erez Shitrit Date: Wed Feb 1 19:10:05 2017 +0200 IB/IPoIB: Add destination address when re-queue packet When sending packet to destination that was not resolved yet via path query, the driver keeps the skb and tries to re-send it again when the path is resolved. But when re-sending via dev_queue_xmit the kernel doesn't call to dev_hard_header, so IPoIB needs to keep 20 bytes in the skb and to put the destination address inside them. In that way the dev_start_xmit will have the correct destination, and the driver won't take the destination from the skb->data, while nothing exists there, which causes to packet be be dropped. The test flow is: 1. Run the SM on remote node, 2. Restart the driver. 4. Ping some destination, 3. Observe that first ICMP request will be dropped. Fixes: fc791b633515 ("IB/ipoib: move back IB LL address into the hard header") Cc: # v4.8+ Signed-off-by: Erez Shitrit Signed-off-by: Noa Osherovich Signed-off-by: Leon Romanovsky Tested-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/ulp/ipoib/ipoib_main.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) commit e7d08bcfe9b0badeda28ed5281766f1317660673 Author: Chris Packham Date: Wed Feb 8 09:28:10 2017 +1300 ARM: dts: Fix typo in armada-xp-98dx4251 The compatible should be 98dx4251 not 98dx4521. Signed-off-by: Chris Packham Signed-off-by: Gregory CLEMENT arch/arm/boot/dts/armada-xp-98dx4251.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cdbe33d0f82d68ff74f05502a4c26e65ec7e90bb Author: Eli Cohen Date: Tue Feb 14 07:25:38 2017 +0200 IB/mlx5: Fix configuration of port capabilities When the "ib_virt" cap is set, configuration of port capabilities need to be done through mlx5_core_modify_hca_vport_context. Since modify_hca_vport_context accepts mask and value, there is no need to read the port capabilities and calculate the new cap values so we avoid the mutex when ib_virt is set. Signed-off-by: Eli Cohen Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) commit 681bcea802f2bf0a28cdf0fd0f813de7bb5cd3c7 Author: David Hildenbrand Date: Tue Jan 24 22:21:16 2017 +0100 KVM: svm: inititalize hash table structures directly The hashtable and guarding spinlock are global data structures, we can inititalize them statically. Signed-off-by: David Hildenbrand Message-Id: <20170124212116.4568-1-david@redhat.com> Reviewed-by: Radim Krčmář Signed-off-by: Paolo Bonzini arch/x86/kvm/svm.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 34a0548f01626b01c9e98d9627812c3c9f6b6f7d Author: Arnaldo Carvalho de Melo Date: Wed Feb 15 10:09:11 2017 -0300 perf tools: Add missing parse_events_error() prototype As pointed out by clang, we were not providing a prototype for a function before using it: util/parse-events.y:699:6: error: conflicting types for 'parse_events_error' void parse_events_error(YYLTYPE *loc, void *data, ^ /tmp/build/perf/util/parse-events-bison.c:2224:7: note: previous implicit declaration is here yyerror (&yylloc, _data, scanner, YY_("syntax error")); ^ /tmp/build/perf/util/parse-events-bison.c:65:25: note: expanded from macro 'yyerror' #define yyerror parse_events_error 1 error generated. One line fix it. Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: David Ahern Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/r/20170215130605.GC4020@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/parse-events.y | 2 ++ 1 file changed, 2 insertions(+) commit 8f0994bb8cbde5452e58ce0cacdbf6cb58079d01 Author: Wei Yongjun Date: Thu Jan 12 13:55:02 2017 +0000 tracing: Fix return value check in trace_benchmark_reg() In case of error, the function kthread_run() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Link: http://lkml.kernel.org/r/20170112135502.28556-1-weiyj.lk@gmail.com Cc: stable@vger.kernel.org Fixes: 81dc9f0e ("tracing: Add tracepoint benchmark tracepoint") Signed-off-by: Wei Yongjun Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace_benchmark.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit eb583cd484f9a76c3716c0539bd06340943eeff9 Author: Arnd Bergmann Date: Mon Jan 23 13:24:45 2017 +0100 tracing: Use modern function declaration We get a lot of harmless warnings about this header file at W=1 level because of an unusual function declaration: kernel/trace/trace.h:766:1: error: 'inline' is not at beginning of declaration [-Werror=old-style-declaration] This moves the inline statement where it normally belongs, avoiding the warning. Link: http://lkml.kernel.org/r/20170123122521.3389010-1-arnd@arndb.de Fixes: 4046bf023b06 ("ftrace: Expose ftrace_hash_empty and ftrace_lookup_ip") Signed-off-by: Arnd Bergmann Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3821fd35b58dba449bd894014fbf4e1c43c9e951 Author: Jason Baron Date: Fri Feb 3 15:42:24 2017 -0500 jump_label: Reduce the size of struct static_key The static_key->next field goes mostly unused. The field is used for associating module uses with a static key. Most uses of struct static_key define a static key in the core kernel and make use of it entirely within the core kernel, or define the static key in a module and make use of it only from within that module. In fact, of the ~3,000 static keys defined, I found only about 5 or so that did not fit this pattern. Thus, we can remove the static_key->next field entirely and overload the static_key->entries field. That is, when all the static_key uses are contained within the same module, static_key->entries continues to point to those uses. However, if the static_key uses are not contained within the module where the static_key is defined, then we allocate a struct static_key_mod, store a pointer to the uses within that struct static_key_mod, and have the static key point at the static_key_mod. This does incur some extra memory usage when a static_key is used in a module that does not define it, but since there are only a handful of such cases there is a net savings. In order to identify if the static_key->entries pointer contains a struct static_key_mod or a struct jump_entry pointer, bit 1 of static_key->entries is set to 1 if it points to a struct static_key_mod and is 0 if it points to a struct jump_entry. We were already using bit 0 in a similar way to store the initial value of the static_key. This does mean that allocations of struct static_key_mod and that the struct jump_entry tables need to be at least 4-byte aligned in memory. As far as I can tell all arches meet this criteria. For my .config, the patch increased the text by 778 bytes, but reduced the data + bss size by 14912, for a net savings of 14,134 bytes. text data bss dec hex filename 8092427 5016512 790528 13899467 d416cb vmlinux.pre 8093205 5001600 790528 13885333 d3df95 vmlinux.post Link: http://lkml.kernel.org/r/1486154544-4321-1-git-send-email-jbaron@akamai.com Cc: Peter Zijlstra Cc: Ingo Molnar Cc: Joe Perches Signed-off-by: Jason Baron Signed-off-by: Steven Rostedt (VMware) Documentation/static-keys.txt | 4 +- include/linux/jump_label.h | 23 ++++--- kernel/jump_label.c | 153 +++++++++++++++++++++++++++++++++++------- 3 files changed, 145 insertions(+), 35 deletions(-) commit 7257634135c247de235f3cdfdaa22f9eb5f054e4 Author: Masami Hiramatsu Date: Tue Feb 7 20:21:28 2017 +0900 tracing/probe: Show subsystem name in messages Show "trace_probe:", "trace_kprobe:" and "trace_uprobe:" headers for each warning/error/info message. This will help people to notice that kprobe/uprobe events caused those messages. Link: http://lkml.kernel.org/r/148646647813.24658.16705315294927615333.stgit@devbox Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace_kprobe.c | 1 + kernel/trace/trace_probe.c | 1 + kernel/trace/trace_uprobe.c | 1 + 3 files changed, 3 insertions(+) commit 8e0f11429aec1119b17cbfcfa2d3194c8e864a26 Author: Luiz Capitulino Date: Mon Feb 13 12:25:17 2017 -0500 tracing/hwlat: Update old comment about migration The ftrace hwlat does support a cpumask. Link: http://lkml.kernel.org/r/20170213122517.6e211955@redhat.com Signed-off-by: Luiz Capitulino Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace_hwlat.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 8a58a34ba479d42b3ef28f8ffd9e245a81a7786f Author: Thomas Gleixner Date: Fri Feb 10 16:41:15 2017 +0100 timers: Make flags output in the timer_start tracepoint useful The timer flags in the timer_start trace event contain lots of useful information, but the meaning is not clear in the trace output. Making tools rely on the bit positions is bad as they might change over time. Decode the flags in the print out. Tools can retrieve the bits and their meaning from the trace format file. Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1702101639290.4036@nanos Requested-by: Arjan van de Ven Signed-off-by: Thomas Gleixner Signed-off-by: Steven Rostedt (VMware) include/linux/timer.h | 2 ++ include/trace/events/timer.h | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) commit b065d3f59ff1905922194bd17c79543289317fc7 Merge: 7272416 c9f1e326 Author: Kalle Valo Date: Wed Feb 15 16:01:04 2017 +0200 Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git ath.git patches for 4.11. Major changes: ath10k * when trying older firmware versions don't confuse user with error messages ath9k * fix crash in AP mode (regression) * fix relayfs crash (regression) * fix initialisation with AR9340 and AR9550 commit 1f9b3546cf4c273b6d809003244d05cf0460a5e9 Author: Steven Rostedt (VMware) Date: Thu Feb 9 17:53:50 2017 -0500 tracing: Have traceprobe_probes_write() not access userspace unnecessarily The code in traceprobe_probes_write() reads up to 4096 bytes from userpace for each line. If userspace passes in several lines to execute, the code will do a large read for each line, even though, it is highly likely that the first read from userspace received all of the lines at once. I changed the logic to do a single read from userspace, and to only read from userspace again if not all of the read from userspace made it in. I tested this by adding printk()s and writing files that would test -1, ==, and +1 the buffer size, to make sure that there's no overflows and that if a single line is written with +1 the buffer size, that it fails properly. Link: http://lkml.kernel.org/r/20170209180458.5c829ab2@gandalf.local.home Acked-by: Masami Hiramatsu Acked-by: Namhyung Kim Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace_probe.c | 48 ++++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 19 deletions(-) commit 858e25c06fb0bc4b39b2f01c14c990348e3a9b67 Author: Jim Mattson Date: Wed Nov 30 12:03:47 2016 -0800 kvm: nVMX: Refactor nested_vmx_run() Nested_vmx_run is split into two parts: the part that handles the VMLAUNCH/VMRESUME instruction, and the part that modifies the vcpu state to transition from VMX root mode to VMX non-root mode. The latter will be used when restoring the checkpointed state of a vCPU that was in VMX operation when a snapshot was taken. Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 111 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 62 insertions(+), 49 deletions(-) commit ca0bde28f2ed66c2229ecfb7f4bfa0defa3da4b5 Author: Jim Mattson Date: Wed Nov 30 12:03:46 2016 -0800 kvm: nVMX: Split VMCS checks from nested_vmx_run() The checks performed on the contents of the vmcs12 are extracted from nested_vmx_run so that they can be used to validate a vmcs12 that has been restored from a checkpoint. Signed-off-by: Jim Mattson [Change prepare_vmcs02 and nested_vmx_load_cr3's last argument to u32, to match check_vmentry_postreqs. Update comments for singlestep handling. - Paolo] Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 194 ++++++++++++++++++++++++++++------------------------- 1 file changed, 103 insertions(+), 91 deletions(-) commit 6beb7bd52e482c213dfa6c1c88e27a579df5bf4d Author: Jim Mattson Date: Wed Nov 30 12:03:45 2016 -0800 kvm: nVMX: Refactor nested_get_vmcs12_pages() Perform the checks on vmcs12 state early, but defer the gpa->hpa lookups until after prepare_vmcs02. Later, when we restore the checkpointed state of a vCPU in guest mode, we will not be able to do the gpa->hpa lookups when the restore is done. Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 138 ++++++++++++++++++++++++++--------------------------- 1 file changed, 69 insertions(+), 69 deletions(-) commit a8bc284eb70f58a4fd0f4a70d816cca28ca01973 Author: Jim Mattson Date: Wed Nov 30 12:03:44 2016 -0800 kvm: nVMX: Refactor handle_vmptrld() Handle_vmptrld is split into two parts: the part that handles the VMPTRLD instruction, and the part that establishes the current VMCS pointer. The latter will be used when restoring the checkpointed state of a vCPU that had a valid VMCS pointer when a snapshot was taken. Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) commit e29acc55bfc3afcfdf9ea3468f1217d08f0b2d2b Author: Jim Mattson Date: Wed Nov 30 12:03:43 2016 -0800 kvm: nVMX: Refactor handle_vmon() Handle_vmon is split into two parts: the part that handles the VMXON instruction, and the part that modifies the vcpu state to transition from legacy mode to VMX operation. The latter will be used when restoring the checkpointed state of a vCPU that was in VMX operation when a snapshot was taken. Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 93 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 41 deletions(-) commit cf8b84f48a5936f558a7a415f1d2f42161bf73eb Author: Jim Mattson Date: Wed Nov 30 12:03:42 2016 -0800 kvm: nVMX: Prepare for checkpointing L2 state Split prepare_vmcs12 into two parts: the part that stores the current L2 guest state and the part that sets up the exit information fields. The former will be used when checkpointing the vCPU's VMX state. Modify prepare_vmcs02 so that it can construct a vmcs02 midway through L2 execution, using the checkpointed L2 guest state saved into the cached vmcs12 above. Signed-off-by: Jim Mattson [Rebasing: add from_vmentry argument to prepare_vmcs02 instead of using vmx->nested.nested_run_pending, because it is no longer 1 at the point prepare_vmcs02 is called. - Paolo] Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 77 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 48 insertions(+), 29 deletions(-) commit b95234c840045b7c72380fd14c59416af28fcb02 Author: Paolo Bonzini Date: Mon Dec 19 13:57:33 2016 +0100 kvm: x86: do not use KVM_REQ_EVENT for APICv interrupt injection Since bf9f6ac8d749 ("KVM: Update Posted-Interrupts Descriptor when vCPU is blocked", 2015-09-18) the posted interrupt descriptor is checked unconditionally for PIR.ON. Therefore we don't need KVM_REQ_EVENT to trigger the scan and, if NMIs or SMIs are not involved, we can avoid the complicated event injection path. Calling kvm_vcpu_kick if PIR.ON=1 is also useless, though it has been there since APICv was introduced. However, without the KVM_REQ_EVENT safety net KVM needs to be much more careful about races between vmx_deliver_posted_interrupt and vcpu_enter_guest. First, the IPI for posted interrupts may be issued between setting vcpu->mode = IN_GUEST_MODE and disabling interrupts. If that happens, kvm_trigger_posted_interrupt returns true, but smp_kvm_posted_intr_ipi doesn't do anything about it. The guest is entered with PIR.ON, but the posted interrupt IPI has not been sent and the interrupt is only delivered to the guest on the next vmentry (if any). To fix this, disable interrupts before setting vcpu->mode. This ensures that the IPI is delayed until the guest enters non-root mode; it is then trapped by the processor causing the interrupt to be injected. Second, the IPI may be issued between kvm_x86_ops->sync_pir_to_irr(vcpu) and vcpu->mode = IN_GUEST_MODE. In this case, kvm_vcpu_kick is called but it (correctly) doesn't do anything because it sees vcpu->mode == OUTSIDE_GUEST_MODE. Again, the guest is entered with PIR.ON but no posted interrupt IPI is pending; this time, the fix for this is to move the RVI update after IN_GUEST_MODE. Both issues were mostly masked by the liberal usage of KVM_REQ_EVENT, though the second could actually happen with VT-d posted interrupts. In both race scenarios KVM_REQ_EVENT would cancel guest entry, resulting in another vmentry which would inject the interrupt. This saves about 300 cycles on the self_ipi_* tests of vmexit.flat. Signed-off-by: Paolo Bonzini arch/x86/kvm/lapic.c | 11 ++++------- arch/x86/kvm/vmx.c | 8 +++++--- arch/x86/kvm/x86.c | 44 +++++++++++++++++++++++++------------------- 3 files changed, 34 insertions(+), 29 deletions(-) commit 76dfafd536730ef9b9d99b1cf596916d52be76d1 Author: Paolo Bonzini Date: Mon Dec 19 17:17:11 2016 +0100 KVM: x86: do not scan IRR twice on APICv vmentry Calls to apic_find_highest_irr are scanning IRR twice, once in vmx_sync_pir_from_irr and once in apic_search_irr. Change sync_pir_from_irr to get the new maximum IRR from kvm_apic_update_irr; now that it does the computation, it can also do the RVI write. In order to avoid complications in svm.c, make the callback optional. Signed-off-by: Paolo Bonzini arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/lapic.c | 8 +++++--- arch/x86/kvm/svm.c | 6 ------ arch/x86/kvm/vmx.c | 31 +++++++++++++++++++------------ arch/x86/kvm/x86.c | 9 +++------ 5 files changed, 28 insertions(+), 28 deletions(-) commit 3d92789f69162ee5689f3766e5f50bb46b7e1d97 Author: Paolo Bonzini Date: Mon Dec 19 13:29:03 2016 +0100 KVM: vmx: move sync_pir_to_irr from apic_find_highest_irr to callers Signed-off-by: Paolo Bonzini arch/x86/kvm/lapic.c | 7 ++++--- arch/x86/kvm/x86.c | 4 +++- 2 files changed, 7 insertions(+), 4 deletions(-) commit 810e6defcca4d05275aa15c2872c0a4949178fcb Author: Paolo Bonzini Date: Mon Dec 19 13:05:46 2016 +0100 KVM: x86: preparatory changes for APICv cleanups Add return value to __kvm_apic_update_irr/kvm_apic_update_irr. Move vmx_sync_pir_to_irr around. Signed-off-by: Paolo Bonzini arch/x86/kvm/lapic.c | 25 +++++++++++++++++-------- arch/x86/kvm/lapic.h | 4 ++-- arch/x86/kvm/vmx.c | 32 ++++++++++++++++---------------- 3 files changed, 35 insertions(+), 26 deletions(-) commit 0ad3bed6c5ec6dbb093a26802c85088a85fb9757 Author: Paolo Bonzini Date: Mon Dec 19 15:23:54 2016 +0100 kvm: nVMX: move nested events check to kvm_vcpu_running vcpu_run calls kvm_vcpu_running, not kvm_arch_vcpu_runnable, and the former does not call check_nested_events. Once KVM_REQ_EVENT is removed from the APICv interrupt injection path, however, this would leave no place to trigger a vmexit from L2 to L1, causing a missed interrupt delivery while in guest mode. This is caught by the "ack interrupt on exit" test in vmx.flat. [This does not change the calls to check_nested_events in inject_pending_event. That is material for a separate cleanup.] Signed-off-by: Paolo Bonzini arch/x86/kvm/x86.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 967235d320329e4a7a2bd1a36b04293063e985ae Author: Paolo Bonzini Date: Mon Dec 19 14:03:45 2016 +0100 KVM: vmx: clear pending interrupts on KVM_SET_LAPIC Pending interrupts might be in the PI descriptor when the LAPIC is restored from an external state; we do not want them to be injected. Signed-off-by: Paolo Bonzini arch/x86/kvm/lapic.c | 3 +-- arch/x86/kvm/vmx.c | 9 +++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) commit db1c056cee59f4a7670c3bd9ee1657468cf0b4c4 Author: Paolo Bonzini Date: Thu Dec 8 15:31:41 2016 +0100 kvm: vmx: Use the hardware provided GPA instead of page walk As in the SVM patch, the guest physical address is passed by VMX to x86_emulate_instruction already, so mark the GPA as available in vcpu->arch. Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 3 +++ 1 file changed, 3 insertions(+) commit 1592364de3912dad264262f4bcc61552984c9523 Author: Maarten Lankhorst Date: Wed Jan 25 12:30:47 2017 +0100 drm: Resurrect atomic rmfb code, v3 This was somehow lost between v3 and the merged version in Maarten's patch merged as: commit f2d580b9a8149735cbc4b59c4a8df60173658140 Author: Maarten Lankhorst Date: Wed May 4 14:38:26 2016 +0200 drm/core: Do not preserve framebuffer on rmfb, v4. This introduces a slight behavioral change to rmfb. Instead of disabling a crtc when the primary plane is disabled, we try to preserve it. Apart from old versions of the vmwgfx xorg driver, there is nothing depending on rmfb disabling a crtc. Since vmwgfx is a legacy driver we can safely only disable the plane with atomic. If this commit is rejected by the driver then we will still fall back to the old behavior and turn off the crtc. v2: - Remove plane->fb assignment, done by drm_atomic_clean_old_fb. - Add WARN_ON when atomic_remove_fb fails. - Always call drm_atomic_state_put. v3: - Use drm_drv_uses_atomic_modeset - Handle the case where the first plane-disable-only commit fails with -EINVAL. Some drivers do not support this, fall back to disabling all crtc's in this case. Signed-off-by: Daniel Vetter Signed-off-by: Daniel Vetter Signed-off-by: Maarten Lankhorst Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/66fc3da5-697b-1613-0a67-a5293209f0dc@linux.intel.com drivers/gpu/drm/drm_atomic.c | 106 ++++++++++++++++++++++++++++++++++++ drivers/gpu/drm/drm_crtc_internal.h | 1 + drivers/gpu/drm/drm_framebuffer.c | 7 +++ 3 files changed, 114 insertions(+) commit b30a7d1fc96d60fe2c02e375a56a046385701d17 Author: Arnaldo Carvalho de Melo Date: Wed Feb 15 10:06:20 2017 -0300 perf pmu: Fix check for unset alias->unit array The alias->unit field is an array, so to check that it is not set we should see if it is an empty string, i.e. alias->unit[0], instead of checking alias->unit != NULL, as this will _always_ evaluate to 'true'. Pointed out by clang. Acked-by: Jiri Olsa Cc: Adrian Hunter Cc: David Ahern Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/r/20170214182435.GD4458@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/pmu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ffe7afd1713558d73483834c2e2d03a1e39a4062 Author: Mark Rutland Date: Thu Feb 9 15:19:21 2017 +0000 arm64/kprobes: consistently handle MRS/MSR with XZR Now that we have XZR-safe helpers for fiddling with registers, use these in the arm64 kprobes code rather than open-coding the logic. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Will Deacon Signed-off-by: Will Deacon arch/arm64/kernel/probes/simulate-insn.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) commit 521c646108ed199d19c5c73978aaca3e18ca8f81 Author: Mark Rutland Date: Thu Feb 9 15:19:20 2017 +0000 arm64: cpufeature: correctly handle MRS to XZR In emulate_mrs() we may erroneously write back to the user SP rather than XZR if we trap an MRS instruction where Xt == 31. Use the new pt_regs_write_reg() helper to handle this correctly. Signed-off-by: Mark Rutland Fixes: 77c97b4ee21290f5 ("arm64: cpufeature: Expose CPUID registers by emulation") Cc: Andre Przywara Cc: Catalin Marinas Cc: Marc Zyngier Cc: Suzuki K Poulose Cc: Will Deacon Signed-off-by: Will Deacon arch/arm64/kernel/cpufeature.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8b6e70fccff27121430114b4507f0adfb790752f Author: Mark Rutland Date: Thu Feb 9 15:19:19 2017 +0000 arm64: traps: correctly handle MRS/MSR with XZR Currently we hand-roll XZR-safe register handling in user_cache_maint_handler(), though we forget to do the same in ctr_read_handler(), and may erroneously write back to the user SP rather than XZR. Use the new helpers to handle these cases correctly and consistently. Signed-off-by: Mark Rutland Fixes: 116c81f427ff6c53 ("arm64: Work around systems with mismatched cache line sizes") Cc: Andre Przywara Cc: Catalin Marinas Cc: Marc Zyngier Cc: Suzuki K Poulose Cc: Will Deacon Signed-off-by: Will Deacon arch/arm64/kernel/traps.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 6c23e2ff7013be2c4bbcb7b9b3cc27c763348223 Author: Mark Rutland Date: Thu Feb 9 15:19:18 2017 +0000 arm64: ptrace: add XZR-safe regs accessors In A64, XZR and the SP share the same encoding (31), and whether an instruction accesses XZR or SP for a particular register parameter depends on the definition of the instruction. We store the SP in pt_regs::regs[31], and thus when emulating instructions, we must be careful to not erroneously read from or write back to the saved SP. Unfortunately, we often fail to be this careful. In all cases, instructions using a transfer register parameter Xt use this to refer to XZR rather than SP. This patch adds helpers so that we can more easily and consistently handle these cases. Signed-off-by: Mark Rutland Cc: Catalin Marinas Cc: Marc Zyngier Cc: Will Deacon Signed-off-by: Will Deacon arch/arm64/include/asm/ptrace.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit f705d954634d161db5923fc86cacf0f9e301f73a Author: Arnd Bergmann Date: Tue Feb 14 22:32:58 2017 +0100 arm64: include asm/assembler.h in entry-ftrace.S In a randconfig build I ran into this build error: arch/arm64/kernel/entry-ftrace.S: Assembler messages: arch/arm64/kernel/entry-ftrace.S:101: Error: unknown mnemonic `ldr_l' -- `ldr_l x2,ftrace_trace_function' The macro is defined in asm/assembler.h, so we should include that file. Fixes: 829d2bd13392 ("arm64: entry-ftrace.S: avoid open-coded {adr,ldr}_l") Acked-by: Mark Rutland Signed-off-by: Arnd Bergmann Signed-off-by: Will Deacon arch/arm64/kernel/entry-ftrace.S | 1 + 1 file changed, 1 insertion(+) commit 12f043ff2b28fa64c9123b454cbe30a8a9e1967e Author: Arnd Bergmann Date: Tue Feb 14 22:27:01 2017 +0100 arm64: fix warning about swapper_pg_dir overflow With 4 levels of 16KB pages, we get this warning about the fact that we are copying a whole page into an array that is declared as having only two pointers for the top level of the page table: arch/arm64/mm/mmu.c: In function 'paging_init': arch/arm64/mm/mmu.c:528:2: error: 'memcpy' writing 16384 bytes into a region of size 16 overflows the destination [-Werror=stringop-overflow=] This is harmless since we actually reserve a whole page in the definition of the array that comes from, and just the extern declaration is short. The pgdir is initialized to zero either way, so copying the actual entries here seems like the best solution. Acked-by: Ard Biesheuvel Acked-by: Mark Rutland Signed-off-by: Arnd Bergmann Signed-off-by: Will Deacon arch/arm64/mm/mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ee10689117c0186fd4fe7feca8d48c7316f65d70 Merge: 8ef81a9 5982f08 Author: Paolo Bonzini Date: Wed Feb 15 12:30:20 2017 +0100 Merge branch 'kvm-ppc-next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc into HEAD This brings in two fixes for potential host crashes, from Ben Herrenschmidt and Nick Piggin. commit 10d4cf188ab26a4ebeee4c914e82acd5edd9f0ff Author: Rashmica Gupta Date: Thu Jun 2 14:29:47 2016 +1000 powerpc/asm: Define STACK_PT_REGS_OFFSET macro in asm-offsets.c There are quite a few entries in asm-offests.c which look like: DEFINE(REG, STACK_FRAME_OVERHEAD+offsetof(struct pt_regs, reg)); So define a macro to do it once. Signed-off-by: Rashmica Gupta [mpe: Rename to STACK_PT_REGS_OFFSET for excruciating explicitness] Signed-off-by: Michael Ellerman arch/powerpc/kernel/asm-offsets.c | 61 ++++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 29 deletions(-) commit 454656155110603e88b83eec847d5293a30bb96e Author: Rashmica Gupta Date: Wed Feb 15 21:41:20 2017 +1100 powerpc/asm: Use OFFSET macro in asm-offsets.c A lot of entries in asm-offests.c look like this: DEFINE(TI_FLAGS, offsetof(struct thread_info, flags)); But there is a common macro, OFFSET, which makes this cleaner: OFFSET(TI_flags, thread_info, flags) So use it. Signed-off-by: Rashmica Gupta Signed-off-by: Michael Ellerman arch/powerpc/kernel/asm-offsets.c | 711 ++++++++++++++++++-------------------- 1 file changed, 340 insertions(+), 371 deletions(-) commit 8c7cdbf9272c300dc093da3c62fa3b4bc6dc960e Author: Shawn Lin Date: Wed Feb 15 16:36:47 2017 +0800 mmc: core: add mmc prefix for blk_fixups That makes all the quirks table look more consistent. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/block.c | 2 +- drivers/mmc/core/quirks.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 0e9cfcf44e4aced8d45f409dcb48a0994fa77979 Author: Shawn Lin Date: Wed Feb 15 16:35:31 2017 +0800 mmc: core: move all quirks together into quirks.h It's not appreciated to place quirks everywhere, let's put them together just like what we do for USB, PCI etc. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/block.c | 80 ----------------------------------------- drivers/mmc/core/mmc.c | 11 ------ drivers/mmc/core/quirks.h | 91 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+), 91 deletions(-) commit 1144c1e4ddab9339e262e2702744e8f5c6220824 Author: Shawn Lin Date: Wed Feb 15 16:35:30 2017 +0800 mmc: core: improve the quirks for sdio devices Rename mmc_fixup_methods to sdio_fixup_methods to better reflect that it's for sdio devices. So we could also pass on it from sdio card's probe sequence just like what we do for eMMC and block there. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/quirks.h | 6 +----- drivers/mmc/core/sdio.c | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) commit 884f38607897cb4a963ea8a65296f0973a2828d0 Author: Shawn Lin Date: Wed Feb 15 16:35:29 2017 +0800 mmc: core: move some sdio IDs out of quirks file Consolidate all the sdio devices' IDs into sdio_ids. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/quirks.h | 20 -------------------- include/linux/mmc/sdio_ids.h | 7 +++++++ 2 files changed, 7 insertions(+), 20 deletions(-) commit 28fc64af63488d701184977481b263f31d856984 Author: Shawn Lin Date: Wed Feb 15 16:35:28 2017 +0800 mmc: core: change quirks.c to be a header file Rename quirks.c to quirks.h, and include it for individual C files which need it. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/Makefile | 2 +- drivers/mmc/core/block.c | 1 + drivers/mmc/core/card.h | 2 -- drivers/mmc/core/mmc.c | 1 + drivers/mmc/core/quirks.c | 85 ----------------------------------------------- drivers/mmc/core/quirks.h | 81 ++++++++++++++++++++++++++++++++++++++++++++ drivers/mmc/core/sdio.c | 1 + 7 files changed, 85 insertions(+), 88 deletions(-) commit 4e03f628b464e0580abadf5161eaa38c61d20943 Author: Masahiro Yamada Date: Tue Feb 14 20:05:40 2017 +0900 mmc: sdhci-cadence: fix bit shift of read data from PHY port This macro is currently unused, but it may be useful for debug use. Fix it just in case. Fixes: ff6af28faff5 ("mmc: sdhci-cadence: add Cadence SD4HC support") Signed-off-by: Masahiro Yamada Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-cadence.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9050d50e2244331f3095e86eca899ac624fdb38f Author: Hauke Mehrtens Date: Tue Dec 27 16:31:43 2016 +0100 MIPS: lantiq: Set physical_memsize physical_memsize is needed by the vpe loader code and the platform specific code has to define it. This value will be given to the firmware loaded with the VPE loader. I am not aware of any standard interface or better value to provide here. Reported-by: kbuild test robot Fixes: d9ae4f18c0d2 ("MIPS: Lantiq: Activate more drivers in default configuration") Signed-off-by: Hauke Mehrtens Cc: Ralf Baechle Cc: John Crispin Cc: Paul Gortmaker Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14908/ Signed-off-by: James Hogan arch/mips/lantiq/prom.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 7785bba299a8dc8fe8390a0183dad3cafb3f1d80 Author: Steffen Klassert Date: Wed Feb 15 09:40:00 2017 +0100 esp: Add a software GRO codepath This patch adds GRO ifrastructure and callbacks for ESP on ipv4 and ipv6. In case the GRO layer detects an ESP packet, the esp{4,6}_gro_receive() function does a xfrm state lookup and calls the xfrm input layer if it finds a matching state. The packet will be decapsulated and reinjected it into layer 2. Signed-off-by: Steffen Klassert include/net/xfrm.h | 1 + net/ipv4/Kconfig | 13 +++++ net/ipv4/Makefile | 1 + net/ipv4/esp4_offload.c | 106 +++++++++++++++++++++++++++++++++++++++ net/ipv4/xfrm4_input.c | 6 +++ net/ipv4/xfrm4_mode_transport.c | 4 +- net/ipv6/Kconfig | 13 +++++ net/ipv6/Makefile | 1 + net/ipv6/esp6_offload.c | 108 ++++++++++++++++++++++++++++++++++++++++ net/ipv6/xfrm6_input.c | 7 +++ net/ipv6/xfrm6_mode_transport.c | 4 +- net/xfrm/xfrm_input.c | 31 ++++++++++-- 12 files changed, 288 insertions(+), 7 deletions(-) commit 54ef207ac8f7a17d677082157a29f4df8499dc81 Author: Steffen Klassert Date: Wed Feb 15 09:39:54 2017 +0100 xfrm: Extend the sec_path for IPsec offloading We need to keep per packet offloading informations across the layers. So we extend the sec_path to carry these for the input and output offload codepath. Signed-off-by: Steffen Klassert include/net/xfrm.h | 41 +++++++++++++++++++++++++++++++++++++++++ net/xfrm/xfrm_input.c | 2 ++ 2 files changed, 43 insertions(+) commit 7d7be3aa08fa338e84eb235805ee18f2fab85a46 Author: Al Viro Date: Fri Dec 4 17:30:31 2015 +0000 powerpc/spufs: Get rid of broken fasync stuff In all the years it's been in the tree it had never been used by anything - it would instantly trigger BUG_ON() in fs/fcntl.c due to bogus band argument (ie. POLLIN not POLL_IN) passed to kill_fasync(). Since nobody had ever used it in ten years, let's just rip it out and be done with that. Signed-off-by: Al Viro Acked-by: Arnd Bergmann Signed-off-by: Michael Ellerman arch/powerpc/platforms/cell/spufs/file.c | 65 +++---------------------------- arch/powerpc/platforms/cell/spufs/spufs.h | 3 -- 2 files changed, 6 insertions(+), 62 deletions(-) commit 0d2b5cdc76ff7eef9d727c2e802213ec15d5e94f Author: Michael Ellerman Date: Wed Feb 15 20:24:25 2017 +1100 powerpc/64e: Fix bogus usage of WARN_ONCE() WARN_ONCE() takes a condition and a format string. We were passing a constant string as the condition, and the function name as the format string. It would work, but the message would be just the function name. Fix it by just using WARN_ONCE() directly instead of if (x) WARN_ONCE(). Noticed-by: Geliang Tang Signed-off-by: Michael Ellerman arch/powerpc/kernel/setup_64.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit c9f1e32600816d695f817477d56490bfc2ba43c6 Author: Christian Lamparter Date: Tue Feb 14 20:10:30 2017 +0100 ath9k: use correct OTP register offsets for the AR9340 and AR9550 This patch fixes the OTP register definitions for the AR934x and AR9550 WMAC SoC. Previously, the ath9k driver was unable to initialize the integrated WMAC on an Aerohive AP121: | ath: phy0: timeout (1000 us) on reg 0x30018: 0xbadc0ffe & 0x00000007 != 0x00000004 | ath: phy0: timeout (1000 us) on reg 0x30018: 0xbadc0ffe & 0x00000007 != 0x00000004 | ath: phy0: Unable to initialize hardware; initialization status: -5 | ath9k ar934x_wmac: failed to initialize device | ath9k: probe of ar934x_wmac failed with error -5 It turns out that the AR9300_OTP_STATUS and AR9300_OTP_DATA definitions contain a typo. Cc: Gabor Juhos Cc: stable@vger.kernel.org Fixes: add295a4afbdf5852d0 "ath9k: use correct OTP register offsets for AR9550" Signed-off-by: Christian Lamparter Signed-off-by: Chris Blake Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath9k/ar9003_eeprom.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7272416609126e8910b7f0d0e3dba008aa87830c Author: Arnd Bergmann Date: Tue Feb 14 22:28:33 2017 +0100 rt2500usb: don't mark register accesses as inline When CONFIG_KASAN is set, we get a rather large stack here: drivers/net/wireless/ralink/rt2x00/rt2500usb.c: In function 'rt2500usb_set_device_state': drivers/net/wireless/ralink/rt2x00/rt2500usb.c:1074:1: error: the frame size of 3032 bytes is larger than 100 bytes [-Werror=frame-larger-than=] If we don't force those functions to be inline, the compiler can figure this out better itself and not inline the functions when doing so would be harmful, reducing the stack size to a merge 256 bytes. Note that there is another problem that manifests in this driver, as a result of the typecheck() macro causing even larger stack frames. Signed-off-by: Arnd Bergmann Signed-off-by: Kalle Valo drivers/net/wireless/ralink/rt2x00/rt2500usb.c | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) commit 91b632803ee4e47c5a5c4dc3d8bf5abf9c16107a Author: Tobias Klauser Date: Mon Feb 13 11:14:09 2017 +0100 brcmfmac: Use net_device_stats from struct net_device Instead of using a private copy of struct net_device_stats in struct brcm_if, use stats from struct net_device. Also remove the now unnecessary .ndo_get_stats function. Signed-off-by: Tobias Klauser Acked-by: Arend van Spriel Signed-off-by: Kalle Valo .../wireless/broadcom/brcm80211/brcmfmac/core.c | 26 +++++++--------------- .../wireless/broadcom/brcm80211/brcmfmac/core.h | 2 -- 2 files changed, 8 insertions(+), 20 deletions(-) commit b686784d03e66f8515198de4850d1e372b729880 Author: Larry Finger Date: Sat Feb 11 18:46:05 2017 -0600 rtlwifi: btcoexist: Fix if == else warnings in halbtc8723b1ant.c The 0-DAY kernel test infrastructure reports the following: drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b1ant.c:1875:2-4: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b1ant.c:2253:3-5: WARNING: possible condition with no effect (if == else) Reported-by: kbuild-all@01.org Signed-off-by: Larry Finger Cc: Julia Lawall Signed-off-by: Kalle Valo .../realtek/rtlwifi/btcoexist/halbtc8723b1ant.c | 24 ++++------------------ 1 file changed, 4 insertions(+), 20 deletions(-) commit 42e74946f016520a700085bc89e6250c71bb61b6 Author: Larry Finger Date: Sat Feb 11 18:46:04 2017 -0600 rtlwifi: btcoexist: Fix if == else warnings in halbtc8821a1ant.c The 0-DAY kernel test infrastructure reports the following: drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a1ant.c:1771:1-3: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a1ant.c:2126:3-5: WARNING: possible condition with no effect (if == else) Reported-by: kbuild-all@01.org Signed-off-by: Larry Finger Cc: Julia Lawall Signed-off-by: Kalle Valo .../realtek/rtlwifi/btcoexist/halbtc8821a1ant.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) commit ac0ca72c6f53ccbbe50b0af9e1de0577da1cb667 Author: Larry Finger Date: Sat Feb 11 18:46:03 2017 -0600 rtlwifi: btcoexist: Fix if == else warnings in halbtc8821a2ant.c The 0-DAY kernel test infrastructure reports the following: drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3023:1-3: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3035:2-4: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3037:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3047:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3075:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3085:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3129:1-3: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3141:2-4: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3143:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3153:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3179:2-4: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3181:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:3192:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2677:1-3: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2833:1-3: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2847:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2857:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2885:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2895:3-5: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2940:1-3: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2788:2-4: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2391:2-4: WARNING: possible condition with no effect (if == else) drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c:2417:2-4: WARNING: possible condition with no effect (if == else) Reported-by: kbuild-all@01.org Signed-off-by: Larry Finger Cc: Julia Lawall Signed-off-by: Kalle Valo .../realtek/rtlwifi/btcoexist/halbtc8821a2ant.c | 185 +++------------------ 1 file changed, 24 insertions(+), 161 deletions(-) commit 2447e2cad75239ae407c0f98acf12511354208c5 Author: Brian Norris Date: Fri Feb 10 13:55:25 2017 -0800 mwifiex: don't enable/disable IRQ 0 during suspend/resume If we don't have an out-of-band wakeup IRQ configured through DT (as most platforms don't), then we fall out of this function with 'irq_wakeup == 0'. Other code (e.g., mwifiex_disable_wake() and mwifiex_enable_wake()) treats 'irq_wakeup >= 0' as a valid IRQ, and so we end up calling {enable,disable}_irq() on IRQ 0. That seems bad, so let's not do that. Same problem as fixed in this patch: https://patchwork.kernel.org/patch/9531693/ [PATCH v2 2/3] btmrvl: set irq_bt to -1 when failed to parse it with the difference that: (a) this one is actually a regression and (b) this affects both device tree and non-device-tree systems While fixing the regression, also drop the verbosity on the parse failure, so we don't see this when a DT node is present but doesn't have an interrupt property (this is perfectly legal): [ 21.999000] mwifiex_pcie 0000:01:00.0: fail to parse irq_wakeup from device tree Fixes: 853402a00823 ("mwifiex: Enable WoWLAN for both sdio and pcie") Signed-off-by: Brian Norris Acked-by: Rajat Jain Signed-off-by: Kalle Valo drivers/net/wireless/marvell/mwifiex/main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 3a6282045b228f6de6abced74b793c71178fb948 Author: Tobias Klauser Date: Fri Feb 10 14:03:13 2017 +0100 orinoco: Use net_device_stats from struct net_device Instead of using a private copy of struct net_device_stats in struct orinoco_private, use stats from struct net_device. Also remove the now unnecessary .ndo_get_stats function. Signed-off-by: Tobias Klauser Signed-off-by: Kalle Valo drivers/net/wireless/intersil/orinoco/main.c | 27 ++++++---------------- drivers/net/wireless/intersil/orinoco/orinoco.h | 2 -- .../net/wireless/intersil/orinoco/orinoco_usb.c | 6 ++--- 3 files changed, 9 insertions(+), 26 deletions(-) commit 7546bba385b4eb746fcb2ea972abe96efb44edb8 Author: Julia Lawall Date: Thu Feb 9 21:12:51 2017 +0100 rtlwifi: btcoexist: fix semicolon.cocci warnings Remove unneeded semicolon. Generated by: scripts/coccinelle/misc/semicolon.cocci CC: Larry Finger Signed-off-by: Julia Lawall Signed-off-by: Fengguang Wu Acked-by: Larry Finger Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8821a2ant.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1f8665320fa1a232fda22bcc7f88daeb83628385 Author: Iain Hunter Date: Thu Feb 9 14:37:28 2017 +0000 wlcore: disable multicast filter in AP mode Enable AP support for allmulticast for MDNS. It can be enabled by bringing up the interface with ip command with argument allmulticast on Signed-off-by: Iain Hunter Signed-off-by: Kalle Valo drivers/net/wireless/ti/wlcore/main.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 454593e54cac126a0f49d4b65f90a5e518c51404 Author: Gavin Shan Date: Wed Jan 11 11:50:08 2017 +1100 drivers/pci/hotplug: Mask PDC interrupt if required We're supporting surprise hotplug on PCI slots behind root port or PCIe switch downstream ports, which don't claim the capability in hardware register (offset: PCIe cap + PCI_EXP_SLTCAP). PEX8718 is one of the examples. For those PCI slots, the PDC (Presence Detection Change) event isn't reliable and the underly (skiboot) firmware has best judgement. This masks the PDC event when skiboot requests by "ibm,slot-broken-pdc" property in PCI slot's device-tree node. Reported-by: Hank Chang Signed-off-by: Gavin Shan Tested-by: Willie Liauw Signed-off-by: Michael Ellerman arch/powerpc/include/asm/pnv-pci.h | 2 ++ drivers/pci/hotplug/pnv_php.c | 27 ++++++++++++++++++++++----- 2 files changed, 24 insertions(+), 5 deletions(-) commit d0c424971f70501ec0a0364117b9934db039c9cc Author: Gavin Shan Date: Wed Jan 11 11:50:07 2017 +1100 drivers/pci/hotplug: Fix initial state for empty slot In PowerNV PCI hotplug driver, the initial PCI slot's state is set to PNV_PHP_STATE_POPULATED if no PCI devices are connected to the slot. The PCI devices that are hot added to the slot won't be probed and populated because of the check in pnv_php_enable(): /* Check if the slot has been configured */ if (php_slot->state != PNV_PHP_STATE_REGISTERED) return 0; This fixes the issue by leaving the slot in PNV_PHP_STATE_REGISTERED state initially if nothing is connected to the slot. Fixes: 360aebd85a4 ("drivers/pci/hotplug: Support surprise hotplug in powernv driver") Cc: stable@vger.kernel.org #v4.9+ Reported-by: Hank Chang Signed-off-by: Gavin Shan Tested-by: Willie Liauw Signed-off-by: Michael Ellerman drivers/pci/hotplug/pnv_php.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) commit d7d55536c6cd1f80295b6d7483ad0587b148bde4 Author: Gavin Shan Date: Wed Jan 11 11:50:06 2017 +1100 drivers/pci/hotplug: Handle presence detection change properly The surprise hotplug is driven by interrupt in PowerNV PCI hotplug driver. In the interrupt handler, pnv_php_interrupt(), we bail when pnv_pci_get_presence_state() returns zero wrongly. It causes the presence change event is always ignored incorrectly. This fixes the issue by bailing on error (non-zero value) returned from pnv_pci_get_presence_state(). Fixes: 360aebd85a4 ("drivers/pci/hotplug: Support surprise hotplug in powernv driver") Cc: stable@vger.kernel.org #v4.9+ Reported-by: Hank Chang Signed-off-by: Gavin Shan Tested-by: Willie Liauw Signed-off-by: Michael Ellerman drivers/pci/hotplug/pnv_php.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 5b102782c7f460d88b42d504c78755eeb030894a Author: Balbir Singh Date: Thu Feb 2 10:33:44 2017 +0530 powerpc/xmon: Enable disassembly files (compilation changes) After updating ppc-dis.c, ppc-opc.c and ppc.h the following changes were made to enable compilation and working of xmon: 1. Remove all disassembler_info 2. Use xmon's printf/print_address to output data and addresses respectively. 3. All bfd_* types and casts have been removed. 4. Optimizations related to opcd_indices have been removed. 5. The dialect is set based on cpu features. 6. PPC_OPCODE_CLASSIC is no longer supported in the new disassembler. 7. VLE opcode parsing and printing has been stripped. 8. Coding style conventions used for those routines has been retained and it does not match our CodingStyle. 9. The highest supported dialect is POWER9. 10. Defined ATTRIBUTE_UNUSED in ppc-dis.c. 11. Defined _(x) in ppc-dis.c. Finally, we remove the dependency on BROKEN so that XMON_DISASSEMBLY can be enabled again. Signed-off-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/Kconfig.debug | 1 - arch/powerpc/xmon/ppc-dis.c | 592 ++++---------------------------------------- arch/powerpc/xmon/ppc-opc.c | 12 +- arch/powerpc/xmon/ppc.h | 2 - 4 files changed, 60 insertions(+), 547 deletions(-) commit 08d96e0b127e07c3b90e10f1939caf70b456793e Author: Balbir Singh Date: Thu Feb 2 10:33:43 2017 +0530 powerpc/xmon: Apply binutils changes to upgrade disassembly The following commit-ids from the binutils project were applied on the xmon branch and relicensed with the permission of the authors under GPLv2 for the following files: ppc-opc.c ppc-dis.c ppc.h Working off of binutils commit 65b650b4c746 we have now moved up to binutils commit a5721ba270dd. Some commit logs have been taken verbatim, some are summarized for ease of understanding. Here is a summary of the commits: 33e8d5ac613d PPC7450 New. (powerpc_opcodes): Use it in dcba. c3d65c1ced61 New opcodes and mask 8dbcd839b1bb Instruction Sorting 91eb7075e370 (powerpc_opcodes): Fix the first two operands of dquaiq. 548b1dcfcbab ppc-opc.c (powerpc_opcodes): Remove the dcffix and dcffix. 930bb4cfae30 Support optional L form mtmsr. de866fccd87d (powerpc_opcodes): Order and format. 19a6653ce8c6 ppc e500mc support fa452fa6833c (ppc_cpu_t): New typedef. c8187e1509b2 (parse_cpu): Handle -m464. 081ba1b3c08b Define. (PPC_OPERAND_FSL, PPC_OPERAND_FCR, PPC_OPERAND_UDI) 9b4e57660d38 Rename altivec_or_spe to retain_flags. Handle -mvsx and -mpower7. 899d85beadd0 (powerpc_opcodes): Enable rfci, mfpmr, mtpmr for e300. e1c93c699b7d (extract_sprg): Correct operand range check. 2f3bb96af796 (powerpc_init_dialect): Do not set PPC_OPCODE_BOOKE 1cb0a7674666 (ppc_setup_opcodes): Remove PPC_OPCODE_NOPOWER4 test 21169fcfadfa (print_insn_powerpc): Skip insn if it is deprecated 80890a619b85 ("dcbt", "dcbtst") 0e55be1624c2 ("lfdepx", "stfdepx") 066be9f7bd8e (parse_cpu): Extend -mpower7 to accept power7 and isel instructions. c72ab5f2c55d (powerpc_opcodes): Reorder the opcode table so that instructions 69fe9ce501f5 (ppc_parse_cpu): New function. (powerpc_init_dialect) e401b04ca7cd (powerpc_opcodes) <"dcbzl">: Merge the POWER4 and E500MC entries. 70dc4e324b9a (powerpc_init_dialect): Do not choose a default dialect due to -many/-Many. 858d7a6db20b (powerpc_opcodes) <"tlbilxlpid", "tlbilxpid", "tlbilxva", "tlbilx" bdc7fcfe59f1 (powerpc_macros ): Allow n+b of 64 e0d602ecffb0 (md_show_usage): Document -mpcca2 b961e85b6ebe (ppc_cpu_t): Typedef to uint64_t 8765b5569284 (powerpc_opcodes): Remove support for the the "lxsdux", "lxvd2ux" 634b50f2a623 Rename "ppca2" to "a2" 9fe54b1ca1c0 (md_show_usage): Document -m476 0dc9305793c8 Add bfd_mach_ppc_e500mc64 ce3d2015b21b Define. bfd/ * archures.c (bfd_mach_ppc_titan) cdc51b0748c4 Add -mpwr4, -mpwr5, -mpwr5x, -mpwr6 and -mpwr7 63d0fa4e9e57 Add PPC_OPCODE_E500MC for "e500mc64" cee62821d472 New Define. ("dccci"): Enable for PPCA2 85d4ac0b3c0b Correct wclr encoding. 51b5d4a8c5e5 (powerpc_opcodes): Enable divdeu, devweu, divde, divwe, divdeuo e01d869a3be2 (md_assemble): Emit APUinfo section for PPC_OPCODE_E500 09a8ad8d8f56 (powerpc_opcodes): Revert deprecation of mfocrf, mtcrf and mtocrf on EFS. f2bae120dcef (PPC_OPCODE_COMMON): Expand comment. 81a0b7e2ae09 (PPCPWR2): Add PPC_OPCODE_COMMON. (powerpc_opcodes): Add "subc" bdc70b4a03fd (PPC_OPCODE_32, PPC_OPCODE_BOOKE64, PPC_OPCODE_CLASSIC) 7102e95e4943 (ppc_set_cpu): Cast PPC_OPCODE_xxx to ppc_cpu_t before inverting f383de6633cb (powerpc_opcodes) [lswx,lswi,stswx,stswi]: Deprecate on E500 and E500MC 6b069ee70de3 Remove PPC_OPCODE_PPCPS 2f7f77101279 (powerpc_opcodes): Enable icswx for POWER7 989993d80a97 (insert_nbi, insert_rbx, FRAp, FRBp, FRSp, FRTp, NBI, RAX, RBX) a08fc94222d1 : New extended mnemonics 588925d06545 : Use PPC_OPERAND_GPR 8baf7b78b5d9 <"lswx">: Use RAX for the second and RBX for the third operand e67ed0e885d6 Changed opcode for vabsdub, vabsduh, vabsduw, mviwsplt fb048c26f19f (UIMM4, UIMM3, UIMM2, VXVA_MASK, VXVB_MASK, VXVAVB_MASK, VXVDVA_MASK 382c72e90441 (VXASHB_MASK): New define c7a5aa9c64fc (ppc_opts) : Use PPC_OPCODE_ALTIVEC2 ab4437c3224f : Fix opcode spelling 62082a42b9cd "lfdp" and "stfdp" use DS offset. 776fc41826bb (ppc_parse_cpu): Update prototype 943d398f4c52 (insert_sci8, extract_sci8): Rewrite. 5817ffd1f81c New define (PPC_OPCODE_HTM/POWER8) 9f0682fe89d9 (extract_vlesi): Properly sign extend c0637f3af686 (powerpc_init_dialect): Set default dialect to power8. 58ae08f29af8 (powerpc_opcodes): Add tdui, twui, tdu, twu, tui, tu 4f6ffcd38d90 (powerpc_init_dialect): Use ppc_parse_cpu() to set dialect 4b95cf5c0c75 Update copyright years a47622ac1bad Allow both signed and unsigned fields in PowerPC cmpli insn 12e87fac5c76 ppc: enable msgclr and msgsnd on Power8 8514e4db84cc Don't deprecate powerpc mftb insn db76a70026ab Power4 should treat mftb as extended mfspr mnemonic b90efa5b79ac ChangeLog rotatation and copyright year update c4e676f19656 powerpc: Add slbfee. instruction 27c49e9a8fc0 powerpc: Only initialise opcode indices once 4fff86c517ab DCBT_EO): New define 4bc0608a8b69 Fix some PPC assembler errors dc302c00611b Add hwsync extended mnemonic 99a2c5612124 Remove unused MTMSRD_L macro and re-add accidentally deleted comment 11a0cf2ec0ed Allow for optional operands with non-zero default values 7b9341139a69 PPC sync instruction accepts invalid and incompatible operands ef5a96d564a2 Remove ppc860, ppc750cl, ppc7450 insns from common ppc 43e65147c07b Remove trailing spaces in opcodes 6dca4fd141fd Add dscr and ctrl SPR mnemonics b6518b387185 Fix compile time warnings generated when compiling with clang 36f7a9411dcd Patches for illegal ppc 500 instructions a680de9a980e Add assembler, disassembler and linker support for power9 dd2887fc3de4 Reorder some power9 insns b817670b52b7 Enable 2 operand form of powerpc mfcr with -many 6f2750feaf28 Copyright update for binutils afa8d4054b8e Delete opcodes that have been removed from ISA 3.0 1178da445ad5 Accept valid one byte signed and unsigned values for the IMM8 operand e43de63c8fd1 Fix powerpc subis range 514e58b72633 Correct "Fix powerpc subis range" 19dfcc89e8d9 Add support for new POWER ISA 3.0 instructions 1fe0971e41a4 add more extern C 026122a67044 Re-add support for lbarx, lharx, stbcx. and sthcx. insns back to the E6500 cpu 14b57c7c6a53 PowerPC VLE 6fd3a02da554 Add support for yet some more new ISA 3.0 instructions dfdaec14b0db Fix some PowerPC VLE BFD issues and add some PowerPC VLE instructions fd486b633e87 Modify POWER9 support to match final ISA 3.0 documentation a5721ba270dd Disallow 3-operand cmp[l][i] for ppc64 This updates the disassembly capabilities to add support for newer processors. Signed-off-by: Balbir Singh [mpe: Reformat commit list for brevity] Signed-off-by: Michael Ellerman arch/powerpc/xmon/ppc-dis.c | 710 +++- arch/powerpc/xmon/ppc-opc.c | 8591 ++++++++++++++++++++++++++++--------------- arch/powerpc/xmon/ppc.h | 222 +- 3 files changed, 6310 insertions(+), 3213 deletions(-) commit 438e69b52be776c035aa2a851ccc1709033d729b Author: Aneesh Kumar K.V Date: Thu Feb 9 08:28:21 2017 +0530 powerpc/mm/radix: Skip ptesync in pte update helpers We do them at the start of tlb flush, and we are sure a pte update will be followed by a tlbflush. Hence we can skip the ptesync in pte update helpers. Signed-off-by: Aneesh Kumar K.V Tested-by: Michael Neuling Signed-off-by: Michael Ellerman arch/powerpc/include/asm/book3s/64/radix.h | 3 --- 1 file changed, 3 deletions(-) commit cc7639ce18b950086c7b06e00350652db3732183 Author: Balbir Singh Date: Thu Feb 2 10:33:42 2017 +0530 powerpc/xmon: Update ppc-dis/opc.c and ppc.h Upgrade ppc-opc.c, ppc-dis.c and ppc.h to the versions belonging to the following binutils commit: 65b650b4c7463f4508bed523c24ab0031a5ae5cd * ppc-dis.c (print_insn_powerpc): Don't skip all operands after setting skip_optional. That is the last version of those files that were licensed under GPLv2. This leaves the code in a state that does not compile, because the binutils code needs to be tweaked to work in the kernel. We don't fix that in this commit, because we want to import more binutils changes in subsequent commits. So for now we mark XMON_DISASSEMBLY as BROKEN, so it can't be built. Signed-off-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/Kconfig.debug | 1 + arch/powerpc/xmon/ppc-dis.c | 272 ++++++++++++++--- arch/powerpc/xmon/ppc-opc.c | 728 ++++++++++++++------------------------------ arch/powerpc/xmon/ppc.h | 62 ++-- 4 files changed, 493 insertions(+), 570 deletions(-) commit f4894b80b1ddfef00d4d2e5c58613ccef358a1b2 Author: Aneesh Kumar K.V Date: Thu Feb 9 08:28:20 2017 +0530 powerpc/mm/radix: Use ptep_get_and_clear_full when clearing pte for full mm This helps us to do some optimization for application exit case, where we can skip the DD1 style pte update sequence. Signed-off-by: Aneesh Kumar K.V Tested-by: Michael Neuling Signed-off-by: Michael Ellerman arch/powerpc/include/asm/book3s/64/pgtable.h | 17 +++++++++++++++++ arch/powerpc/include/asm/book3s/64/radix.h | 23 ++++++++++++++++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) commit ca94573b9c69d224e50e1084a2776772f4ea030d Author: Aneesh Kumar K.V Date: Thu Feb 9 08:28:19 2017 +0530 powerpc/mm/radix: Update pte update sequence for pte clear case In the kernel we do follow the below sequence in different code paths. pte = ptep_get_clear(ptep) .... set_pte_at(ptep, pte) We do that for mremap, autonuma protection update and softdirty clearing. This implies our optimization to skip a tlb flush when clearing a pte update is not valid, because for DD1 system that followup set_pte_at will be done witout doing the required tlbflush. Fix that by always doing the dd1 style pte update irrespective of new_pte value. In a later patch we will optimize the application exit case. Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Aneesh Kumar K.V Tested-by: Michael Neuling Signed-off-by: Michael Ellerman arch/powerpc/include/asm/book3s/64/radix.h | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit 18061c17c8ecdbdbf1e7d1695ec44e7388b4f601 Author: Aneesh Kumar K.V Date: Mon Jan 30 21:42:59 2017 +0530 powerpc/mm: Update PROTFAULT handling in the page fault path With radix, we can get page fault with DSISR_PROTFAULT value set in case of PROT_NONE or autonuma mapping. The PROT_NONE case in handled by the vma check where we consider the access bad. For autonuma we should fall through and fixup the access mask correctly. Without this patch we trigger the WARN_ON() on radix. This code moves that WARN_ON() within a radix_enabled() check. I also moved the WARN_ON() outside the if condition making it apply for all type of faults (exec/write/read). It is also conditionalized for book3s, because BOOK3E can also get a PROTFAULT to handle the D/I cache sync. Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman arch/powerpc/mm/copro_fault.c | 10 ++++++---- arch/powerpc/mm/fault.c | 43 +++++++++++++++++++++++++++++++++---------- 2 files changed, 39 insertions(+), 14 deletions(-) commit c21a493a2b44650707d06741601894329486f2ad Author: Ravi Bangoria Date: Tue Nov 22 14:55:59 2016 +0530 powerpc/xmon: Fix data-breakpoint Currently xmon data-breakpoint feature is broken. Whenever there is a watchpoint match occurs, hw_breakpoint_handler will be called by do_break via notifier chains mechanism. If watchpoint is registered by xmon, hw_breakpoint_handler won't find any associated perf_event and returns immediately with NOTIFY_STOP. Similarly, do_break also returns without notifying to xmon. Solve this by returning NOTIFY_DONE when hw_breakpoint_handler does not find any perf_event associated with matched watchpoint, rather than NOTIFY_STOP, which tells the core code to continue calling the other breakpoint handlers including the xmon one. Cc: stable@vger.kernel.org Signed-off-by: Ravi Bangoria Signed-off-by: Michael Ellerman arch/powerpc/kernel/hw_breakpoint.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 36b390fd624a7f3a64bda5de54fa58ebcf956ffc Author: Michael Ellerman Date: Wed Feb 15 19:54:55 2017 +1100 powerpc/mm: Fix build break with BOOK3S_64=n and MEMORY_HOTPLUG=y The recently merged HPT (Hash Page Table) resize support broke the build when BOOK3S_64=n (ie. 32-bit or 64-bit Book3E) and MEMORY_HOTPLUG=y: arch/powerpc/mm/mem.o: In function `.arch_add_memory': (.text+0x4e4): undefined reference to `.resize_hpt_for_hotplug' Fix it by adding a dummy version. Fixes: 438cc81a41e8 ("powerpc/pseries: Automatically resize HPT for memory hot add/remove") Signed-off-by: Michael Ellerman arch/powerpc/include/asm/sparsemem.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 1e29537034e388c7e72eac43cfcda1d23131623b Author: Steffen Klassert Date: Wed Feb 15 09:39:49 2017 +0100 xfrm: Export xfrm_parse_spi. We need it in the ESP offload handlers, so export it. Signed-off-by: Steffen Klassert include/net/xfrm.h | 1 + net/xfrm/xfrm_input.c | 1 + 2 files changed, 2 insertions(+) commit 25393d3fc055b76587fcc91627aee8c345400c3a Author: Steffen Klassert Date: Wed Feb 15 09:39:44 2017 +0100 net: Prepare gro for packet consuming gro callbacks The upcomming IPsec ESP gro callbacks will consume the skb, so prepare for that. Signed-off-by: Steffen Klassert include/linux/netdevice.h | 9 +++++++++ net/core/dev.c | 7 +++++++ net/xfrm/Kconfig | 4 ++++ 3 files changed, 20 insertions(+) commit 5f114163f2f5eb2edbb49c4d3e0b405c7a8a7e2a Author: Steffen Klassert Date: Wed Feb 15 09:39:39 2017 +0100 net: Add a skb_gro_flush_final helper. Add a skb_gro_flush_final helper to prepare for consuming skbs in call_gro_receive. We will extend this helper to not touch the skb if the skb is consumed by a gro callback with a followup patch. We need this to handle the upcomming IPsec ESP callbacks as they reinject the skb to the napi_gro_receive asynchronous. The handler is used in all gro_receive functions that can call the ESP gro handlers. Signed-off-by: Steffen Klassert include/linux/netdevice.h | 5 +++++ net/ethernet/eth.c | 2 +- net/ipv4/af_inet.c | 2 +- net/ipv6/ip6_offload.c | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) commit b0fcee825c0ad05057a97d1f4685e1b9e9d00c53 Author: Steffen Klassert Date: Wed Feb 15 09:39:24 2017 +0100 xfrm: Add a secpath_set helper. Add a new helper to set the secpath to the skb. This avoids code duplication, as this is used in multiple places. Signed-off-by: Steffen Klassert include/net/xfrm.h | 1 + net/ipv6/xfrm6_input.c | 15 +++------------ net/xfrm/xfrm_input.c | 34 ++++++++++++++++++++++------------ 3 files changed, 26 insertions(+), 24 deletions(-) commit 2ba3e6e8afc9b6188b471f27cf2b5e3cf34e7af2 Author: Theodore Ts'o Date: Wed Feb 15 01:26:39 2017 -0500 ext4: fix fencepost in s_first_meta_bg validation It is OK for s_first_meta_bg to be equal to the number of block group descriptor blocks. (It rarely happens, but it shouldn't cause any problems.) https://bugzilla.kernel.org/show_bug.cgi?id=194567 Fixes: 3a4b77cd47bb837b8557595ec7425f281f2ca1fe Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org fs/ext4/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dcd36c436c9c1c5052be6bc2a9200e4e6dfbd267 Author: Rob Rice Date: Tue Feb 14 12:45:52 2017 -0500 crypto: brcm - Avoid double free in ahash_finup() In Broadcom SPU driver, in case where incremental hash is done in software in ahash_finup(), tmpbuf was freed twice. Reported-by: Dan Carpenter Signed-off-by: Rob Rice Signed-off-by: Herbert Xu drivers/crypto/bcm/cipher.c | 1 - 1 file changed, 1 deletion(-) commit eafa26696a648f974942e12f42460abff80a646d Author: Arnd Bergmann Date: Tue Feb 14 18:07:31 2017 +0100 crypto: cavium - fix Kconfig dependencies The driver fails to build if MSI support is disabled: In file included from /git/arm-soc/drivers/crypto/cavium/cpt/cptpf_main.c:18:0: drivers/crypto/cavium/cpt/cptpf.h:57:20: error: array type has incomplete element type 'struct msix_entry' struct msix_entry msix_entries[CPT_PF_MSIX_VECTORS]; ^~~~~~~~~~~~ drivers/crypto/cavium/cpt/cptpf_main.c: In function 'cpt_enable_msix': drivers/crypto/cavium/cpt/cptpf_main.c:344:8: error: implicit declaration of function 'pci_enable_msix';did you mean 'cpt_enable_msix'? [-Werror=implicit-function-declaration] On the other hand, it doesn't seem to have any build dependency on ARCH_THUNDER, so let's allow compile-testing to catch this kind of problem more easily. The 64-bit dependency is needed for the use of readq/writeq. Signed-off-by: Arnd Bergmann Acked-by: David Daney Signed-off-by: Herbert Xu drivers/crypto/cavium/cpt/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6ecb7d62bf8ef34325fa55e8cf167610ed7abe83 Author: George Cherian Date: Tue Feb 14 09:23:17 2017 +0000 crypto: cavium - cpt_bind_vq_to_grp could return an error code cpt_bind_vq_to_grp() could return an error code. However, it currently returns a u8. This produce the static checker warning. drivers/crypto/cavium/cpt/cptpf_mbox.c:70 cpt_bind_vq_to_grp() warn: signedness bug returning '(-22)' Reported-by: Dan Carpenter Signed-off-by: George Cherian Signed-off-by: Herbert Xu drivers/crypto/cavium/cpt/cptpf_mbox.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 36b05efc1b5b62054232d5b8453782ee7ca4efaa Author: Gilad Ben-Yossef Date: Tue Feb 14 08:21:45 2017 +0200 crypto: doc - fix typo Fix a single letter typo in api-skcipher.rst. Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu Documentation/crypto/api-skcipher.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a9f5a62a112b6cedcb0d13925a3b6e728caac002 Author: Russell King Date: Mon Feb 13 12:04:08 2017 +0000 hwrng: omap - update Kconfig help description omap-rng also supports Marvell Armada 7k/8k SoCs, but no mention of this is made in the help text, despite the dependency being added. Explicitly mention these SoCs in the help description so people know that it covers more than just TI SoCs. Fixes: 383212425c92 ("hwrng: omap - Add device variant for SafeXcel IP-76 found in Armada 8K") Signed-off-by: Russell King Signed-off-by: Herbert Xu drivers/char/hw_random/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5ba8e2a05ed6695f38f3961ca8cb5cfc1063a842 Author: Ard Biesheuvel Date: Sat Feb 11 19:25:22 2017 +0000 crypto: ccm - drop unnecessary minimum 32-bit alignment The CCM driver forces 32-bit alignment even if the underlying ciphers don't care about alignment. This is because crypto_xor() used to require this, but since this is no longer the case, drop the hardcoded minimum of 32 bits. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu crypto/ccm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 5338ad7065c0a4cb55e949638b1fdba6b09dc5a2 Author: Ard Biesheuvel Date: Sat Feb 11 19:25:21 2017 +0000 crypto: ccm - honour alignmask of subordinate MAC cipher The CCM driver was recently updated to defer the MAC part of the algorithm to a dedicated crypto transform, and a template for instantiating such transforms was added at the same time. However, this new cbcmac template fails to take the alignmask of the encapsulated cipher into account, which may result in buffer addresses being passed down that are not sufficiently aligned. So update the code to ensure that the digest buffer in the desc ctx appears at a sufficiently aligned offset, and tweak the code so that all calls to crypto_cipher_encrypt_one() operate on this buffer exclusively. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu crypto/ccm.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit 944c3d4dca34403e802287a1e7e9d02c06dce0d5 Author: Horia Geantă Date: Fri Feb 10 14:07:25 2017 +0200 crypto: caam - fix state buffer DMA (un)mapping If we register the DMA API debug notification chain to receive platform bus events: dma_debug_add_bus(&platform_bus_type); we start receiving warnings after a simple test like "modprobe caam_jr && modprobe caamhash && modprobe -r caamhash && modprobe -r caam_jr": platform ffe301000.jr: DMA-API: device driver has pending DMA allocations while released from device [count=1938] One of leaked entries details: [device address=0x0000000173fda090] [size=63 bytes] [mapped with DMA_TO_DEVICE] [mapped as single] It turns out there are several issues with handling buf_dma (mapping of buffer holding the previous chunk smaller than hash block size): -detection of buf_dma mapping failure occurs too late, after a job descriptor using that value has been submitted for execution -dma mapping leak - unmapping is not performed in all places: for e.g. in ahash_export or in most ahash_fin* callbacks (due to current back-to-back implementation of buf_dma unmapping/mapping) Fix these by: -calling dma_mapping_error() on buf_dma right after the mapping and providing an error code if needed -unmapping buf_dma during the "job done" (ahash_done_*) callbacks Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamhash.c | 107 ++++++++++++++++++++--------------------- 1 file changed, 52 insertions(+), 55 deletions(-) commit 0355d23d4034f42b28db19520bc8865e26053404 Author: Horia Geantă Date: Fri Feb 10 14:07:24 2017 +0200 crypto: caam - abstract ahash request double buffering caamhash uses double buffering for holding previous/current and next chunks (data smaller than block size) to be hashed. Add (inline) functions to abstract this mechanism. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamhash.c | 77 ++++++++++++++++++++++++++---------------- 1 file changed, 48 insertions(+), 29 deletions(-) commit 87ec02e7409d787348c244039aa3536a812dfa8b Author: Horia Geantă Date: Fri Feb 10 14:07:23 2017 +0200 crypto: caam - fix error path for ctx_dma mapping failure In case ctx_dma dma mapping fails, ahash_unmap_ctx() tries to dma unmap an invalid address: map_seq_out_ptr_ctx() / ctx_map_to_sec4_sg() -> goto unmap_ctx -> -> ahash_unmap_ctx() -> dma unmap ctx_dma There is also possible to reach ahash_unmap_ctx() with ctx_dma uninitialzed or to try to unmap the same address twice. Fix these by setting ctx_dma = 0 where needed: -initialize ctx_dma in ahash_init() -clear ctx_dma in case of mapping error (instead of holding the error code returned by the dma map function) -clear ctx_dma after each unmapping Fixes: 32686d34f8fb6 ("crypto: caam - ensure that we clean up after an error") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamhash.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit bbf2234494afd14a720d61a233c21b95e4261326 Author: Horia Geantă Date: Fri Feb 10 14:07:22 2017 +0200 crypto: caam - fix DMA API leaks for multiple setkey() calls setkey() callback may be invoked multiple times for the same tfm. In this case, DMA API leaks are caused by shared descriptors (and key for caamalg) being mapped several times and unmapped only once. Fix this by performing mapping / unmapping only in crypto algorithm's cra_init() / cra_exit() callbacks and sync_for_device in the setkey() tfm callback. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamalg.c | 275 +++++++++++------------------------------ drivers/crypto/caam/caamhash.c | 79 +++++------- 2 files changed, 102 insertions(+), 252 deletions(-) commit cfb725f6d3d31355fa4510da7d7bdce807045b42 Author: Horia Geantă Date: Fri Feb 10 14:07:21 2017 +0200 crypto: caam - don't dma_map key for hash algorithms Shared descriptors for hash algorithms are small enough for (split) keys to be inlined in all cases. Since driver already does this, all what's left is to remove unused ctx->key_dma. Fixes: 045e36780f115 ("crypto: caam - ahash hmac support") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamhash.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) commit 838e0a89e33a6e15492b8e4d700fc64c21ca3587 Author: Horia Geantă Date: Fri Feb 10 14:07:20 2017 +0200 crypto: caam - use dma_map_sg() return code dma_map_sg() might coalesce S/G entries, so use the number of S/G entries returned by it instead of what sg_nents_for_len() initially returns. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamalg.c | 133 ++++++++++++++++++++++-------------------- 1 file changed, 71 insertions(+), 62 deletions(-) commit fa0c92db1eb818a36c1b837b5f6da7e95b181247 Author: Horia Geantă Date: Fri Feb 10 14:07:19 2017 +0200 crypto: caam - replace sg_count() with sg_nents_for_len() Replace internal sg_count() function and the convoluted logic around it with the standard sg_nents_for_len() function. src_nents, dst_nents now hold the number of SW S/G entries, instead of the HW S/G table entries. With this change, null (zero length) input data for AEAD case needs to be handled in a visible way. req->src is no longer (un)mapped, pointer address is set to 0 in SEQ IN PTR command. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamalg.c | 189 ++++++++++++++++++--------------------- drivers/crypto/caam/sg_sw_sec4.h | 11 --- 2 files changed, 88 insertions(+), 112 deletions(-) commit fd144d83cc42cfe6c82cba76bc0113dacd53a4d4 Author: Horia Geantă Date: Fri Feb 10 14:07:18 2017 +0200 crypto: caam - check sg_count() return value sg_count() internally calls sg_nents_for_len(), which could fail in case the required number of bytes is larger than the total bytes in the S/G. Thus, add checks to validate the input. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamalg.c | 44 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) commit fd88aac93e4dc7810940e854be1c3dc5adb20120 Author: Horia Geantă Date: Fri Feb 10 14:07:17 2017 +0200 crypto: caam - fix HW S/G in ablkcipher_giv_edesc_alloc() HW S/G generation does not work properly when the following conditions are met: -src == dst -src/dst is S/G -IV is right before (contiguous with) the first src/dst S/G entry since "iv_contig" is set to true (iv_contig is a misnomer here and it actually refers to the whole output being contiguous) Fix this by setting dst S/G nents equal to src S/G nents, instead of leaving it set to init value (0). Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/caamalg.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 4d8348d8e3bfc3e37f3cbaaff3966a1fca8909ed Author: Tudor Ambarus Date: Fri Feb 10 14:07:16 2017 +0200 crypto: caam - fix JR IO mapping if one fails If one of the JRs failed at init, the next JR used the failed JR's IO space. The patch fixes this bug. Signed-off-by: Tudor Ambarus Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/ctrl.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit b3b5fce7364b674b66c58adea1dd2a2f85b61dd7 Author: Horia Geantă Date: Fri Feb 10 14:07:15 2017 +0200 crypto: caam - check return code of dma_set_mask_and_coherent() Setting the dma mask could fail, thus make sure it succeeds before going further. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/ctrl.c | 15 ++++++++++----- drivers/crypto/caam/jr.c | 19 ++++++++++++++----- 2 files changed, 24 insertions(+), 10 deletions(-) commit 78fd0fff7fbb55b352bd7058bf51caa46dd3a0f1 Author: Horia Geantă Date: Fri Feb 10 14:07:14 2017 +0200 crypto: caam - don't include unneeded headers intern.h, jr.h are not needed in error.c error.h is not needed in ctrl.c Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu drivers/crypto/caam/ctrl.c | 1 - drivers/crypto/caam/error.c | 2 -- 2 files changed, 3 deletions(-) commit 83d650ab78c7185da815e16d03fb579d3fde0140 Author: Gary R Hook Date: Thu Feb 9 15:50:08 2017 -0600 crypto: ccp - Simplify some buffer management routines The reverse-get/set functions can be simplified by eliminating unused code. Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-ops.c | 142 +++++++++++++++++-------------------------- 1 file changed, 56 insertions(+), 86 deletions(-) commit 4cdf101ef444e47bc8869ef3e90396e828fd9b61 Author: Gary R Hook Date: Thu Feb 9 15:49:57 2017 -0600 crypto: ccp - Update the command queue on errors Move the command queue tail pointer when an error is detected. Always return the error. Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-dev-v5.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit a60496a0ca0d34a3ae92e426138eab35f0f45612 Author: Gary R Hook Date: Thu Feb 9 15:49:48 2017 -0600 crypto: ccp - Change mode for detailed CCP init messages The CCP initialization messages only need to be sent to syslog in debug mode. Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-dev-v5.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 19998acb0ff67cb8843668f3b94bdbe6018fa7d8 Author: Cyrille Pitchen Date: Thu Feb 9 17:51:21 2017 +0100 crypto: atmel-sha - fix error management in atmel_sha_start() This patch clarifies and fixes how errors should be handled by atmel_sha_start(). For update operations, the previous code wrongly assumed that (err != -EINPROGRESS) implies (err == 0). It's wrong because that doesn't take the error cases (err < 0) into account. This patch also adds many comments to detail all the possible returned values and what should be done in each case. Especially, when an error occurs, since atmel_sha_complete() has already been called, hence releasing the hardware, atmel_sha_start() must not call atmel_sha_finish_req() later otherwise atmel_sha_complete() would be called a second time. Signed-off-by: Cyrille Pitchen Signed-off-by: Herbert Xu drivers/crypto/atmel-sha.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) commit dd3f9f40b58168f91f27ab686c7bae1f35edd3d4 Author: Cyrille Pitchen Date: Thu Feb 9 17:51:20 2017 +0100 crypto: atmel-sha - fix missing "return" instructions This patch fixes a previous patch: "crypto: atmel-sha - update request queue management to make it more generic". Indeed the patch above should have replaced the "return -EINVAL;" lines by "return atmel_sha_complete(dd, -EINVAL);" but instead replaced them by a simple call of "atmel_sha_complete(dd, -EINVAL);". Hence all "return" instructions were missing. Reported-by: Dan Carpenter Signed-off-by: Cyrille Pitchen Signed-off-by: Herbert Xu drivers/crypto/atmel-sha.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit f7cc02b3c3a33a10dd5bb9e5dfd22e47e09503a2 Author: Gary R Hook Date: Wed Feb 8 13:07:06 2017 -0600 crypto: ccp - Set the AES size field for all modes Ensure that the size field is correctly populated for all AES modes. Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-dev-v5.c | 3 +-- drivers/crypto/ccp/ccp-dev.h | 1 + drivers/crypto/ccp/ccp-ops.c | 8 ++++++++ 3 files changed, 10 insertions(+), 2 deletions(-) commit d5bc1613d02f1c3f1226e2f7d555f0384d973482 Author: Ivan Khoronzhuk Date: Tue Feb 14 16:02:36 2017 +0200 net: ethernet: ti: cpsw: use var instead of func for usage count The usage count function is based on ndev_running flag that is updated before calling ndo_open/close, but if ndo is called in another place, as with suspend/resume, the counter is not changed, that breaks sus/resume. For common resource no difference which device is using it, does matter only device count. So, replace usage count function on var and inc and dec it in ndo_open/close. Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 42 ++++++++++++------------------------------ 1 file changed, 12 insertions(+), 30 deletions(-) commit 0222967ba05a0a0f845f7dd54fb3da82afae024d Author: Scott Bauer Date: Tue Feb 14 17:29:37 2017 -0700 Maintainers: Modify SED list from nvme to block Signed-off-by: Scott Bauer Signed-off-by: Jens Axboe MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e225c20eb0fd0b6657e640408f11ee392dc82b5b Author: Scott Bauer Date: Tue Feb 14 17:29:36 2017 -0700 Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN When CONFIG_KASAN is enabled, compilation fails: block/sed-opal.c: In function 'sed_ioctl': block/sed-opal.c:2447:1: error: the frame size of 2256 bytes is larger than 2048 bytes [-Werror=frame-larger-than=] Moved all the ioctl structures off the stack and dynamically allocate using _IOC_SIZE() Fixes: 455a7b238cd6 ("block: Add Sed-opal library") Reported-by: Arnd Bergmann Signed-off-by: Scott Bauer Signed-off-by: Jens Axboe block/sed-opal.c | 133 ++++++++++++++++------------------------------- drivers/nvme/host/core.c | 3 +- include/linux/sed-opal.h | 4 +- 3 files changed, 50 insertions(+), 90 deletions(-) commit 24bff4d78a572d25fe2a0818f55bebda8a2d4709 Author: Scott Bauer Date: Tue Feb 14 17:29:35 2017 -0700 uapi: sed-opal fix IOW for activate lsp to use correct struct The IOC_OPAL_ACTIVATE_LSP took the wrong strcure which would give us the wrong size when using _IOC_SIZE, switch it to the right structure. Fixes: 058f8a2 ("Include: Uapi: Add user ABI for Sed/Opal") Signed-off-by: Scott Bauer Signed-off-by: Jens Axboe include/uapi/linux/sed-opal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1aa5ca6e3ec63aa5815d78646748e88a7ceb1c8e Author: Shunqian Zheng Date: Fri Jun 24 10:13:32 2016 +0800 drm/rockchip: Use common IOMMU API to attach devices Rockchip DRM used the arm special API, arm_iommu_*(), to attach iommu for ARM32 SoCs. This patch convert to common iommu API so it would support ARM64 like RK3399. Since previous patch added support for direct IOMMU address space management, there is no need to use DMA API anymore and this patch wires things to use the new method. Signed-off-by: Shunqian Zheng Signed-off-by: Tomasz Figa Signed-off-by: Mark Yao drivers/gpu/drm/rockchip/rockchip_drm_drv.c | 101 +++++++++++++++------------- 1 file changed, 54 insertions(+), 47 deletions(-) commit 38f993b7c59e261b8ff7deb66c96c7dff4017f7b Author: Tomasz Figa Date: Fri Jun 24 10:13:31 2016 +0800 drm/rockchip: Do not use DMA mapping API if attached to IOMMU domain The API is not suitable for subsystems consisting of multiple devices and requires severe hacks to use it. To mitigate this, this patch implements allocation and address space management locally by using helpers provided by DRM framework, like other DRM drivers do, e.g. Tegra. This patch should not introduce any functional changes until the driver is made to attach subdevices into an IOMMU domain with the generic IOMMU API, which will happen in following patch. Based heavily on GEM implementation of Tegra DRM driver. Signed-off-by: Tomasz Figa Signed-off-by: Shunqian Zheng Signed-off-by: Mark Yao Signed-off-by: rjan Eide drivers/gpu/drm/rockchip/rockchip_drm_drv.h | 6 +- drivers/gpu/drm/rockchip/rockchip_drm_gem.c | 244 ++++++++++++++++++++++++++-- drivers/gpu/drm/rockchip/rockchip_drm_gem.h | 8 + 3 files changed, 244 insertions(+), 14 deletions(-) commit a142f4d3e5c54db5e942fa6ee5f3dc0e8c83207b Author: Rajat Jain Date: Mon Jan 2 22:34:15 2017 -0800 PCI/ASPM: Add comment about L1 substate latency Since the exit latencies for L1 substates are not advertised by a device, it is not clear in spec how to do a L1 substate exit latency check. We assume that the L1 exit latencies advertised by a device include L1 substate latencies (and hence do not do any check). If that is not true, we should do some sort of check here. (I'm not clear about what that check should like currently. I'd be glad to take up any suggestions). Signed-off-by: Rajat Jain Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aspm.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit aeda9adebab8b5bdd90576e3065a1f3f948279ad Author: Rajat Jain Date: Mon Jan 2 22:34:14 2017 -0800 PCI/ASPM: Configure L1 substate settings Configure the L1 substate settings on the upstream and downstream devices, while taking care of the rules dictated by the PCIe spec. [bhelgaas: drop "inline"] Signed-off-by: Rajat Jain Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aspm.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 104 insertions(+), 2 deletions(-) commit f1f0366dd6be9624f7d355b72cc909ab821eb4c0 Author: Rajat Jain Date: Mon Jan 2 22:34:13 2017 -0800 PCI/ASPM: Calculate and save the L1.2 timing parameters Calculate and save the timing parameters that need to be programmed if we need to enable L1.2 substates later. We use the same logic (and a constant value for 1 of the parameters) as used by Intel's coreboot: https://www.coreboot.org/pipermail/coreboot-gerrit/2015-March/021134.html https://review.coreboot.org/#/c/8832/ Signed-off-by: Rajat Jain Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aspm.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) commit b5a0a9b59c8185aebcd9a717e2e6258b58c72c06 Author: Rajat Jain Date: Mon Jan 2 22:34:12 2017 -0800 PCI/ASPM: Read and set up L1 substate capabilities The PCIe spec (r3.1, sec 7.33) says the L1 PM Substates Capability may be implemented only in function 0. Read the L1 substate capability structures of upstream and downstream components of the link and set it up in the device structure. [bhelgaas: add specific spec reference] Signed-off-by: Rajat Jain Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aspm.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) commit b2103ccbb67e3ef0f7a75d21c989f9614ddbcaca Author: Rajat Jain Date: Mon Jan 2 22:34:11 2017 -0800 PCI/ASPM: Add support for L1 substates Add support for ASPM L1 substates. For details about L1 substates, see the PCIe r3.1 spec, which includes the ECN below in secs 5.5 and 7.33. Add macros for the 4 new L1 substates, and add a new ASPM "POWER_SUPERSAVE" policy that can be used to enable L1 substates on a system if desired. The new policy is in a sense, a superset of the existing POWERSAVE policy. The 4 policies are now: DEFAULT: Reads and uses whatever ASPM states BIOS enabled PERFORMANCE: Everything except L0 disabled. POWERSAVE: L0s and L1 enabled (but not L1 substates) POWER_SUPERSAVE: L0s + L1 + L1 substates also enabled [bhelgaas: add PCIe r3.1 spec reference] Link: https://pcisig.com/sites/default/files/specification_documents/ECN_L1_PM_Substates_with_CLKREQ_31_May_2013_Rev10a.pdf Signed-off-by: Rajat Jain Signed-off-by: Bjorn Helgaas drivers/pci/pcie/Kconfig | 8 ++++++++ drivers/pci/pcie/aspm.c | 39 +++++++++++++++++++++++++++++---------- 2 files changed, 37 insertions(+), 10 deletions(-) commit 2220fc1ab363e6fab1f321430d69be17a8b92bd7 Author: Denys Dmytriyenko Date: Tue Feb 14 15:00:47 2017 -0500 uapi: add missing install of dma-buf.h As part of c11e391da2a8fe973c3c2398452000bed505851e "dma-buf: Add ioctls to allow userspace to flush" a new uapi header file dma-buf.h was added, but an entry was not added on Kbuild to install it. This patch resolves this omission so that "make headers_install" installs this header. Signed-off-by: Denys Dmytriyenko Reviewed-by: Tomi Valkeinen Cc: Ville Syrjälä Cc: David Herrmann Cc: Sumit Semwal Cc: Daniel Vetter Cc: Tiago Vignatti Cc: Daniel Vetter Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1487102447-59265-1-git-send-email-denis@denix.org include/uapi/linux/Kbuild | 1 + 1 file changed, 1 insertion(+) commit fb3d769173d26268d7bf068094a599bb28b2ac63 Author: Jacek Anaszewski Date: Wed Nov 9 11:43:46 2016 +0100 leds: ledtrig-heartbeat: Make top brightness adjustable LED class heartbeat trigger allowed only for blinking with max_brightness value. This patch adds more flexibility by exploiting part of LED core software blink infrastructure. Signed-off-by: Jacek Anaszewski Acked-by: Pavel Machek Reviewed-by: Hans de Goede drivers/leds/trigger/ledtrig-heartbeat.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) commit ae3473231e77a3f1909d48cd144cebe5e1d049b3 Author: Jacek Anaszewski Date: Sun Jan 29 12:52:31 2017 +0100 tools/leds: Add led_hw_brightness_mon program LED subsystem supports POLLPRI on "brightness_hw_changed" sysfs file of LED class devices. This tool demonstrates how to use the feature. Signed-off-by: Jacek Anaszewski Acked-by: Hans de Goede Acked-by: Pavel Machek tools/leds/Makefile | 4 +- tools/leds/led_hw_brightness_mon.c | 84 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 2 deletions(-) commit 4610d240d691768203fdd210a5da0a2e02eddb76 Author: Paul Durrant Date: Mon Feb 13 17:03:24 2017 +0000 xen/privcmd: add IOCTL_PRIVCMD_RESTRICT The purpose if this ioctl is to allow a user of privcmd to restrict its operation such that it will no longer service arbitrary hypercalls via IOCTL_PRIVCMD_HYPERCALL, and will check for a matching domid when servicing IOCTL_PRIVCMD_DM_OP or IOCTL_PRIVCMD_MMAP*. The aim of this is to limit the attack surface for a compromised device model. Signed-off-by: Paul Durrant Signed-off-by: Boris Ostrovsky drivers/xen/privcmd.c | 88 +++++++++++++++++++++++++++++++++++++++++----- include/uapi/xen/privcmd.h | 2 ++ 2 files changed, 81 insertions(+), 9 deletions(-) commit ab520be8cd5d56867fc95cfbc34b90880faf1f9d Author: Paul Durrant Date: Mon Feb 13 17:03:23 2017 +0000 xen/privcmd: Add IOCTL_PRIVCMD_DM_OP Recently a new dm_op[1] hypercall was added to Xen to provide a mechanism for restricting device emulators (such as QEMU) to a limited set of hypervisor operations, and being able to audit those operations in the kernel of the domain in which they run. This patch adds IOCTL_PRIVCMD_DM_OP as gateway for __HYPERVISOR_dm_op. NOTE: There is no requirement for user-space code to bounce data through locked memory buffers (as with IOCTL_PRIVCMD_HYPERCALL) since privcmd has enough information to lock the original buffers directly. [1] http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=524a98c2 Signed-off-by: Paul Durrant Acked-by: Stefano Stabellini Signed-off-by: Boris Ostrovsky arch/arm/xen/enlighten.c | 1 + arch/arm/xen/hypercall.S | 1 + arch/arm64/xen/hypercall.S | 1 + arch/x86/include/asm/xen/hypercall.h | 7 ++ drivers/xen/privcmd.c | 139 +++++++++++++++++++++++++++++++++++ include/uapi/xen/privcmd.h | 13 ++++ include/xen/arm/hypercall.h | 1 + include/xen/interface/hvm/dm_op.h | 32 ++++++++ include/xen/interface/xen.h | 1 + 9 files changed, 196 insertions(+) commit 675d4d5c03d752edff3e1ef93c032a4eeb660552 Author: Tobias Klauser Date: Tue Feb 14 17:47:12 2017 +0100 pch_gbe: Omit private ndo_get_stats function pch_gbe_get_stats() just returns dev->stats so we can leave it out altogether and let dev_get_stats() do the job. Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c | 12 ------------ 1 file changed, 12 deletions(-) commit a06d4d672f76ef01d1fac38e2cefc22b7aaa7476 Author: Tobias Klauser Date: Tue Feb 14 15:10:06 2017 +0100 net: hip04: Omit private ndo_get_stats function hip04_get_stats() just returns dev->stats so we can leave it out altogether and let dev_get_stats() do the job. Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hip04_eth.c | 6 ------ 1 file changed, 6 deletions(-) commit 6f2e3f7d9785dacb358b48b44950182b5c13e4bc Author: Wei Yongjun Date: Tue Feb 14 14:19:32 2017 +0000 net_sched: nla_memdup_cookie() can be static Fixes the following sparse warning: net/sched/act_api.c:532:5: warning: symbol 'nla_memdup_cookie' was not declared. Should it be static? Signed-off-by: Wei Yongjun Signed-off-by: David S. Miller net/sched/act_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 044950cc48ced25ccb2f4ea7c31228399e19d5d6 Author: Manuel Lauss Date: Tue Feb 14 13:08:04 2017 +0100 net: irda: au1k_ir: drop useless include remove useless ioport.h include. Signed-off-by: Manuel Lauss Signed-off-by: David S. Miller drivers/net/irda/au1k_ir.c | 1 - 1 file changed, 1 deletion(-) commit 59bdb293fce30071bf62baed957a7b9d1f5fa3ea Author: Manuel Lauss Date: Tue Feb 14 13:08:03 2017 +0100 net: irda: au1k_ir: remove unused timer remove the unused timer. I suppose it was intended as a timeout detector, but never properly implemented. Signed-off-by: Manuel Lauss Signed-off-by: David S. Miller drivers/net/irda/au1k_ir.c | 7 ------- 1 file changed, 7 deletions(-) commit 7e57fbb2a341b5d44d30e71a6d782c5e6dbc429c Author: Alexander Alemayhu Date: Tue Feb 14 00:02:35 2017 +0100 bpf: reduce compiler warnings by adding fallthrough comments Fixes the following warnings: kernel/bpf/verifier.c: In function ‘may_access_direct_pkt_data’: kernel/bpf/verifier.c:702:6: warning: this statement may fall through [-Wimplicit-fallthrough=] if (t == BPF_WRITE) ^ kernel/bpf/verifier.c:704:2: note: here case BPF_PROG_TYPE_SCHED_CLS: ^~~~ kernel/bpf/verifier.c: In function ‘reg_set_min_max_inv’: kernel/bpf/verifier.c:2057:23: warning: this statement may fall through [-Wimplicit-fallthrough=] true_reg->min_value = 0; ~~~~~~~~~~~~~~~~~~~~^~~ kernel/bpf/verifier.c:2058:2: note: here case BPF_JSGT: ^~~~ kernel/bpf/verifier.c:2068:23: warning: this statement may fall through [-Wimplicit-fallthrough=] true_reg->min_value = 0; ~~~~~~~~~~~~~~~~~~~~^~~ kernel/bpf/verifier.c:2069:2: note: here case BPF_JSGE: ^~~~ kernel/bpf/verifier.c: In function ‘reg_set_min_max’: kernel/bpf/verifier.c:2009:24: warning: this statement may fall through [-Wimplicit-fallthrough=] false_reg->min_value = 0; ~~~~~~~~~~~~~~~~~~~~~^~~ kernel/bpf/verifier.c:2010:2: note: here case BPF_JSGT: ^~~~ kernel/bpf/verifier.c:2019:24: warning: this statement may fall through [-Wimplicit-fallthrough=] false_reg->min_value = 0; ~~~~~~~~~~~~~~~~~~~~~^~~ kernel/bpf/verifier.c:2020:2: note: here case BPF_JSGE: ^~~~ Reported-by: David Binderman Signed-off-by: Alexander Alemayhu Acked-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/verifier.c | 5 +++++ 1 file changed, 5 insertions(+) commit 2be4cb973f0cfaf051224fa5bc969c71c9fc3d5b Author: Ondrej Zary Date: Mon Feb 13 23:45:47 2017 +0100 pcnet32: fix BNC/AUI port on AM79C970A Even though the port autoselection is enabled by default on AM79C970A, BNC/AUI port does not work because the link is always reported to be down. The link state reported by the chip belongs only to the TP port but the driver uses it regardless of the port used. The chip can't detect BNC/AUI link state. Disable port autoselection and use TP port by default to keep current behavior (link detection works on TP port, BNC/AUI port does not work). Implement ethtool autoneg, port and duplex configuration to allow using the BNC/AUI port. Report the TP link state only if the TP port is selected. When the port autoselection is enabled or AUI port is selected, report the link as always up. Move pcnet32_suspend() and pcnet32_clr_suspend() functions to avoid forward declarations. Signed-off-by: Ondrej Zary Signed-off-by: David S. Miller drivers/net/ethernet/amd/pcnet32.c | 177 ++++++++++++++++++++++++++----------- 1 file changed, 125 insertions(+), 52 deletions(-) commit cce5fbadb65568015706d3ae169b419cc1c7a25f Author: Ondrej Zary Date: Mon Feb 13 23:45:46 2017 +0100 pcnet32: factor out pcnet32_clr_suspend() Move the code to clear SUSPEND flag to a separate function to simplify code. Signed-off-by: Ondrej Zary Signed-off-by: David S. Miller drivers/net/ethernet/amd/pcnet32.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) commit a0b2f5af4c99d3da7ce9bc2b3b4641c8ffd22615 Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 16:19:56 2017 -0300 perf tools: Be consistent on the type of map->symbols[] interator In a few cases we were using 'enum map_type' and that triggered this warning when using clang: util/session.c:1923:16: error: comparison of constant 2 with expression of type 'enum map_type' is always true [-Werror,-Wtautological-constant-out-of-range-compare] for (i = 0; i < MAP__NR_TYPES; ++i) { Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-i6uyo6bsopa2dghnx8qo7rri@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/machine.c | 4 ++-- tools/perf/util/session.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 35670dd0c9b421f1bb6ca69f389aa6b657b57d49 Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 16:18:02 2017 -0300 perf intel pt decoder: clang has no -Wno-override-init So set it only for other compilers, allowing us to overcome yet another build failure due to an inexistent clang -W option: error: unknown warning option '-Wno-override-init'; did you mean '-Wno-override-module'? [-Werror,-Wunknown-warning-option] Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-oaa1ici3j8nygp4pzl2oobh3@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/intel-pt-decoder/Build | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 1006ccccd03c0e420bf0398a5ab944759268f387 Author: Thomas Petazzoni Date: Wed Dec 21 11:26:56 2016 +0100 clk: mvebu: adjust clock handling for the CP110 system controller This commit: - makes the GOP_DP (bit 9) gatable clock a child clock of the SD_MMC_GOP (bit 18) clock, as it should have been. The clock for bit 18 was just named SD_MMC, but since it also covers the GOP block, it is renamed SD_MMC_GOP. - makes the MG (bit 5) gatable clock a child clock of the MG_CORE clock (bit 6) Signed-off-by: Thomas Petazzoni Signed-off-by: Stephen Boyd drivers/clk/mvebu/cp110-system-controller.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit c24ae6d96112b10ef703a58d7d74583716d2ce69 Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 10:59:04 2017 -0300 perf evsel: Do not put a variable sized type not at the end of a struct As this is a GNU extension and while harmless in this case, we can do the same thing in a more clearer way by using a existing thread_map and cpu_map constructors: With this we avoid this while compiling with clang: util/evsel.c:1659:17: error: field 'map' with variable sized type 'struct cpu_map' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end] struct cpu_map map; ^ util/evsel.c:1667:20: error: field 'map' with variable sized type 'struct thread_map' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end] struct thread_map map; ^ Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-207juvrqjiar7uvas2s83v5i@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/evsel.c | 62 ++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 34 deletions(-) commit fe8e52b9b9100c486051aaf5208dbf4072bb87b1 Author: Paul Moore Date: Mon Feb 13 16:21:25 2017 -0500 audit: remove unnecessary curly braces from switch/case statements Signed-off-by: Paul Moore kernel/auditsc.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 8a2efd6dd586ef0ff532180e6335ec21310c2cd5 Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 15:28:41 2017 -0300 perf probe: Avoid accessing uninitialized 'map' variable Genuine problem detected with clang, the warnings are spot on: util/probe-event.c:2079:7: error: variable 'map' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] if (addr) { ^~~~ util/probe-event.c:2094:6: note: uninitialized use occurs here if (map && !is_kprobe) { ^~~ util/probe-event.c:2079:3: note: remove the 'if' if its condition is always true if (addr) { ^~~~~~~~~~ util/probe-event.c:2075:8: error: variable 'map' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] if (kernel_get_symbol_address_by_name(tp->symbol, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ util/probe-event.c:2094:6: note: uninitialized use occurs here if (map && !is_kprobe) { ^~~ util/probe-event.c:2075:4: note: remove the 'if' if its condition is always false if (kernel_get_symbol_address_by_name(tp->symbol, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ util/probe-event.c:2064:17: note: initialize the variable 'map' to silence this warning struct map *map; ^ = NULL Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Masami Hiramatsu Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-m3501el55i10hctfbmi2qxzr@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 179125085bd4ca70e8e028913193a93653bd12f7 Author: Tony Lindgren Date: Tue Feb 14 10:26:03 2017 -0800 ARM: OMAP3: Fix smartreflex platform data regression Commit d9d9cec02835 ("ARM: OMAP2+: Remove legacy data from hwmod for omap3") dropped platform data that should no longer be used as we're booting with device tree. It turns out that smartreflex is still using platform data and produces the following errors during probe: smartreflex smartreflex.0: invalid resource smartreflex smartreflex.0: omap_sr_probe: ioremap fail smartreflex: probe of smartreflex.0 failed with error -22 smartreflex smartreflex.1: invalid resource smartreflex smartreflex.1: omap_sr_probe: ioremap fail smartreflex: probe of smartreflex.1 failed with error -22 Let's fix the regression by adding back the smartreflex hwmod data. The long term is to update the smartreflex driver to use device tree based probing. Fixes: d9d9cec02835 ("ARM: OMAP2+: Remove legacy data from hwmod for omap3") Reported-by: Adam Ford Tested-by: Adam Ford Signed-off-by: Tony Lindgren arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit eff0b85efb2bbdf15aee13f2922722a5e61c3a0d Author: Gustavo A. R. Silva Date: Tue Feb 14 12:20:39 2017 -0600 usb: musb: add code comment for clarification Add code comment to make it clear that the fall-through is intentional. Read the link for more details: https://lkml.org/lkml/2017/2/9/292 Addresses-Coverity-ID: 1397608 Signed-off-by: Gustavo A. R. Silva Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.c | 1 + 1 file changed, 1 insertion(+) commit 8d12f88257cd9039d9556585475deb46db055050 Author: Stephen Hemminger Date: Sat Feb 11 23:02:25 2017 -0700 vmbus: replace modulus operation with subtraction Takes less clock cycles to check for ring wrap and subtract than to do a modulus instruction. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/ring_buffer.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit e4165a0fad0963bf8b4a59f54d3360ccb6a6d1ea Author: Stephen Hemminger Date: Sat Feb 11 23:02:24 2017 -0700 vmbus: constify parameters where possible Functions that just query state of ring buffer can have parameters marked const. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/hyperv_vmbus.h | 6 +++--- drivers/hv/ring_buffer.c | 22 ++++++++++------------ include/linux/hyperv.h | 12 ++++++------ 3 files changed, 19 insertions(+), 21 deletions(-) commit 6e47dd3e2938f41d75045bbcb64aa9df3a463b2a Author: Stephen Hemminger Date: Sat Feb 11 23:02:23 2017 -0700 vmbus: expose hv_begin/end_read In order to implement NAPI in netvsc, the driver needs access to control host interrupt mask. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/hyperv_vmbus.h | 4 ---- drivers/hv/ring_buffer.c | 20 -------------------- include/linux/hyperv.h | 30 ++++++++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 24 deletions(-) commit 5529eaf6e79a61e0ca7ade257f31d2ababc7f6c9 Author: Stephen Hemminger Date: Sat Feb 11 23:02:22 2017 -0700 vmbus: remove conditional locking of vmbus_write All current usage of vmbus write uses the acquire_lock flag, therefore having it be optional is unnecessary. This also fixes a sparse warning since sparse doesn't like when a function has conditional locking. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/channel.c | 13 ++++--------- drivers/hv/channel_mgmt.c | 1 - drivers/hv/hyperv_vmbus.h | 3 +-- drivers/hv/ring_buffer.c | 11 ++++------- include/linux/hyperv.h | 15 --------------- 5 files changed, 9 insertions(+), 34 deletions(-) commit b71e328297a3a578c482fb4814e737a0ec185839 Author: Stephen Hemminger Date: Sat Feb 11 23:02:21 2017 -0700 vmbus: add direct isr callback mode Change the simple boolean batched_reading into a tri-value. For future NAPI support in netvsc driver, the callback needs to occur directly in interrupt handler. Batched mode is also changed to disable host interrupts immediately in interrupt routine (to avoid unnecessary host signals), and the tasklet is rescheduled if more data is detected. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/channel_mgmt.c | 7 ------- drivers/hv/connection.c | 27 ++++++++++++--------------- drivers/hv/hv_util.c | 3 +-- drivers/hv/vmbus_drv.c | 26 ++++++++++++++++++++++++-- drivers/uio/uio_hv_generic.c | 2 +- include/linux/hyperv.h | 31 +++++++++++++++++-------------- 6 files changed, 55 insertions(+), 41 deletions(-) commit 631e63a9f346cb657761ae22138f294718696501 Author: Stephen Hemminger Date: Sat Feb 11 23:02:20 2017 -0700 vmbus: change to per channel tasklet Make the event handling tasklet per channel rather than per-cpu. This allows for better fairness when getting lots of data on the same cpu. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/channel.c | 2 +- drivers/hv/channel_mgmt.c | 16 +++++----- drivers/hv/connection.c | 78 ++--------------------------------------------- drivers/hv/hv.c | 2 -- drivers/hv/hyperv_vmbus.h | 1 - drivers/hv/vmbus_drv.c | 58 ++++++++++++++++++++++++++++++----- include/linux/hyperv.h | 3 +- 7 files changed, 64 insertions(+), 96 deletions(-) commit 37cdd991fac810a727cd285629d1640fcf53cd19 Author: Stephen Hemminger Date: Sat Feb 11 23:02:19 2017 -0700 vmbus: put related per-cpu variable together The hv_context structure had several arrays which were per-cpu and was allocating small structures (tasklet_struct). Instead use a single per-cpu array. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/channel_mgmt.c | 35 ++++++++----- drivers/hv/connection.c | 20 ++++--- drivers/hv/hv.c | 130 ++++++++++++++++++++-------------------------- drivers/hv/hyperv_vmbus.h | 53 +++++++++++-------- drivers/hv/vmbus_drv.c | 39 ++++++++------ 5 files changed, 143 insertions(+), 134 deletions(-) commit 51c6ce2ae35980c755af33461c3138570ded615e Author: Stephen Hemminger Date: Sat Feb 11 23:02:18 2017 -0700 vmbus: callback is in softirq not workqueue The callback is done via tasklet not workqueue. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman include/linux/hyperv.h | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 89896051f8dae5a04ada1f5fbeeaedc23f484f68 Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 10:59:04 2017 -0300 perf tools: Do not put a variable sized type not at the end of a struct As this is a GNU extension and while harmless in this case, we can do the same thing in a more clearer way by using an existing thread_map constructor. With this we avoid this while compiling with clang: util/parse-events.c:2024:21: error: field 'map' with variable sized type 'struct thread_map' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end] struct thread_map map; ^ 1 error generated. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-tqocbplnyyhpst6drgm2u4m3@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/parse-events.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) commit 9d6aae725454beada044179f1005c8f8c206dd6a Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 10:59:04 2017 -0300 perf record: Do not put a variable sized type not at the end of a struct As this is a GNU extension and while harmless in this case, we can do the same thing in a more clearer way by using an existing thread_map constructor. With this we avoid this while compiling with clang: builtin-record.c:659:21: error: field 'map' with variable sized type 'struct thread_map' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end] struct thread_map map; ^ 1 error generated. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-c9drclo52ezxmwa7qxklin2y@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-record.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 423d856a4d6ab26a50309fd051f2bdf0e5d00fd6 Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 15:04:48 2017 -0300 perf tests: Synthesize struct instead of using field after variable sized type End result is the same, its an ABI, so the struct won't change, avoid using a GNU extension, so that we can catch other cases that may be bugs. Caught when building with clang: tests/parse-no-sample-id-all.c:53:20: error: field 'attr' with variable sized type 'struct attr_event' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end] struct attr_event attr; ^ 1 error generated. Testing it: # perf test sample_id 24: Parse with no sample_id_all bit set : Ok # Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-e2vs1x771fc208uvxnwcf08b@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/tests/parse-no-sample-id-all.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) commit 6aa4d8264003eb4f91fb09831ad25f059113f7b2 Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 14:19:34 2017 -0300 perf bench numa: Make sure dprintf() is not defined When building with clang we get this error: bench/numa.c:46:9: error: 'dprintf' macro redefined [-Werror,-Wmacro-redefined] #define dprintf(x...) do { if (g && g->p.show_details >= 1) printf(x); } while (0) ^ /usr/include/bits/stdio2.h:145:12: note: previous definition is here # define dprintf(fd, ...) \ ^ CC /tmp/build/perf/tests/parse-no-sample-id-all.o 1 error generated. So, make sure it is undefined before using that name. Cc: Adrian Hunter Cc: David Ahern Cc: Davidlohr Bueso Cc: Hitoshi Mitake Cc: Jakub Jelen Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-f654o2svtrutamvxt7igwz74@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/bench/numa.c | 1 + 1 file changed, 1 insertion(+) commit 16cab3226fc91fd8060a3d15d1f27051a7b189fb Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 14:12:43 2017 -0300 Revert "perf bench futex: Sanitize numeric parameters" This reverts commit 60758d6668b3e2fa8e5fd143d24d0425203d007e. Now that libsubcmd makes sure that OPT_UINTEGER options will not return negative values, we can revert this patch while addressing the problem it solved: # perf bench futex hash -t -4 # Running 'futex/hash' benchmark: Error: switch `t' expects an unsigned numerical value Usage: perf bench futex hash -t, --threads Specify amount of threads # perf bench futex hash -t-4 # Running 'futex/hash' benchmark: Error: switch `t' expects an unsigned numerical value Usage: perf bench futex hash -t, --threads Specify amount of threads # IMO it is more reasonable to flat out refuse to process a negative number than to silently turn it into an absolute value. This also helps in silencing clang's complaint about asking for an absolute value of an unsigned integer: bench/futex-hash.c:133:10: error: taking the absolute value of unsigned type 'unsigned int' has no effect [-Werror,-Wabsolute-value] nsecs = futexbench_sanitize_numeric(nsecs); ^ bench/futex.h:104:42: note: expanded from macro 'futexbench_sanitize_numeric' #define futexbench_sanitize_numeric(__n) abs((__n)) ^ bench/futex-hash.c:133:10: note: remove the call to 'abs' since unsigned values cannot be negative Cc: Adrian Hunter Cc: David Ahern Cc: Davidlohr Bueso Cc: Jiri Olsa Cc: Josh Poimboeuf Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-2kl68v22or31vw643m2exz8x@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/bench/futex-hash.c | 4 ---- tools/perf/bench/futex-lock-pi.c | 3 --- tools/perf/bench/futex-requeue.c | 2 -- tools/perf/bench/futex-wake-parallel.c | 4 ---- tools/perf/bench/futex-wake.c | 3 --- tools/perf/bench/futex.h | 4 ---- 6 files changed, 20 deletions(-) commit b98897166280c4cfb9bc5a6c1b5682528eb4abff Author: Arnaldo Carvalho de Melo Date: Tue Feb 14 13:55:40 2017 -0300 tools lib subcmd: Make it an error to pass a signed value to OPTION_UINTEGER Options marked OPTION_UINTEGER or OPTION_U64 clearly indicates that an unsigned value is expected, so just error out when a negative value is passed, instead of returning something undesired to the tool. E.g.: # perf bench futex hash -t -4 # Running 'futex/hash' benchmark: Error: switch `t' expects an unsigned numerical value Usage: perf bench futex hash -t, --threads Specify amount of threads # Cc: Adrian Hunter Cc: David Ahern Cc: Davidlohr Bueso Cc: Jiri Olsa Cc: Josh Poimboeuf Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-2mdn8s2raatyhz7tamrsz22r@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/lib/subcmd/parse-options.c | 4 ++++ 1 file changed, 4 insertions(+) commit e3f75db14d4bcef77908084afe1190b557d1b40f Author: Artur Lorincz Date: Sat Feb 11 22:08:31 2017 +0100 staging: comedi: fixed multiple line dereference Fixed multiple line dereference for &cmd->scan_begin_arg. Signed-off-by: Artur Lorincz Reviewed-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers/adl_pci9118.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit fa4508ddc3698566bf7b0b518d667aa75f355dfb Author: Artur Lorincz Date: Sat Feb 11 21:26:51 2017 +0100 staging: comedi: made comedi_lrange struct constant Added the const type qualifier to the comedi_lrange structure. Signed-off-by: Artur Lorincz Reviewed-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers/addi_apci_3501.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1ca6270b8d932475636364b989c6d2c2318fbabe Author: Nogah Frankel Date: Mon Feb 13 21:03:02 2017 +0100 mlxsw: spectrum: Change ipv6 unregistered mc table Point back the unregister IPv6 mc table to the bc table. It is done since IPv6 mcast snooping is not supported for Spectrum yet. Reported-by: Jiri Pirko Fixes: 71c365bdc439 ("mlxsw: spectrum: Separate bc and mc floods") Signed-off-by: Nogah Frankel Signed-off-by: Yotam Gigi Tested-by: Jiri Pirko Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 1 - 1 file changed, 1 deletion(-) commit 2867af2dcf4093d5617172c030ff449e5d5c5935 Author: Romain Izard Date: Fri Feb 10 16:24:46 2017 +0100 atmel_serial: Use the fractional divider when possible The fractional baud rate generator is available when using the asynchronous mode of Atmel USART controllers. It makes it possible to use higher baudrates, in exchange for a less precise clock with a variable duty cycle. The existing code restricts its use to the normal mode of the USART controller, following the recommendation from the datasheet for the first chip embedding this type of controller. This recommendation has been removed from the documentation for the newer chips. After verification, all revisions of this controller should be able to use the fractional baud rate generator with the different asynchronous modes. Removing the condition on ATMEL_US_USMODE makes it possible to get correct baudrates at high speed in more cases. This was tested with a board using an Atmel SAMA5D2 chip and a TI WL1831 WiFi/Bluetooth combo chip at 3 Mbauds, with hardware flow control enabled. Signed-off-by: Romain Izard Acked-by: Ludovic Desroches Signed-off-by: Richard Genoud Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/atmel_serial.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit afe3939eb9c8d95debb3c14d5576802b3837c179 Merge: bd08b53 bc221a3 Author: David S. Miller Date: Tue Feb 14 13:04:11 2017 -0500 Merge branch 'sunvnet-driver-updates' Shannon Nelson says: ==================== sunvnet driver updates The sunvnet ldom virtual network driver was due for some updates and a bugfix or two. These patches address a few items left over from last year's make-over. v2: - changed memory barrier fix to use smp_wmb - put NETIF_F_SG back into the advertised ldmvsw hw_features v3: - the sunvnet_common module doesn't need module_init or _exit v4: - dropped the statistics patch - fixed up "default" tag for SUNVNET_COMMON ==================== Signed-off-by: David S. Miller commit bc221a34ac473b444a7cfdd0c152b4c71f79326b Author: Shannon Nelson Date: Mon Feb 13 10:57:04 2017 -0800 ldmvsw: disable tso and gso for bridge operations The ldmvsw driver is specifically for supporting the ldom virtual networking by running in the primary ldom and using the LDC to connect the remaining ldoms to the outside world via a bridge. With TSO and GSO supported while connected the bridge, things tend to misbehave as seen in our case by delayed packets, enough to begin triggering retransmits and affecting overall throughput. By turning off advertised support for TSO and GSO we restore stable traffic flow through the bridge. Orabug: 23293104 Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller drivers/net/ethernet/sun/ldmvsw.c | 5 ++--- drivers/net/ethernet/sun/sunvnet_common.c | 3 ++- 2 files changed, 4 insertions(+), 4 deletions(-) commit 7602011f59cc32ebc3a5f9058d6ba11b096c8c50 Author: Shannon Nelson Date: Mon Feb 13 10:57:03 2017 -0800 ldmvsw: update and simplify version string New version and simplify the print code. Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller drivers/net/ethernet/sun/ldmvsw.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit daa86e50f649fccadafc53994ddc4254d75a008b Author: Shannon Nelson Date: Mon Feb 13 10:57:02 2017 -0800 sunvnet: remove extra rcu_read_unlocks The RCU read lock is grabbed first thing in sunvnet_start_xmit_common() so it always needs to be released. This removes the conditional release in the dropped packet error path and removes a couple of superfluous calls in the middle of the code. Reported-by: Bijan Mottahedeh Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller drivers/net/ethernet/sun/sunvnet_common.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit bf091f3f362b3c562a18bbf7a2d3e2f3a36eba1d Author: Shannon Nelson Date: Mon Feb 13 10:57:01 2017 -0800 sunvnet: straighten up message event handling logic The use of gotos for handling the incoming events made this code harder to read and support than it should be. This patch straightens out and clears up the logic. Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller drivers/net/ethernet/sun/sunvnet_common.c | 94 +++++++++++++++---------------- 1 file changed, 45 insertions(+), 49 deletions(-) commit fd263fb6e718c5bdf35cbc1de4f781c71794d2a4 Author: Shannon Nelson Date: Mon Feb 13 10:57:00 2017 -0800 sunvnet: add memory barrier before check for tx enable In order to allow the underlying LDC and outstanding memory operations to potentially catch up with the driver's Tx requests, add a memory barrier before checking again for available tx descriptors. Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller drivers/net/ethernet/sun/sunvnet_common.c | 1 + 1 file changed, 1 insertion(+) commit f2f3e210bffe5c8f8b30d0b0c7b0f733ff5db334 Author: Shannon Nelson Date: Mon Feb 13 10:56:59 2017 -0800 sunvnet: update version and version printing There have been several changes since the first version of this code, so we bump the version number. While we're at it, we can simplify the version printing a bit and drop a couple lines of code. Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller drivers/net/ethernet/sun/sunvnet.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit d4aa89cc2bbe021722c946eb11b21ebb0f13c825 Author: Sowmini Varadhan Date: Mon Feb 13 10:56:58 2017 -0800 sunvnet: remove unused variable in maybe_tx_wakeup The vio_dring_state *dr variable is unused in maybe_tx_wakeup(). As the comments indicate, we call maybe_tx_wakeup() whenever we get a STOPPED LDC message on the port. If the queue is stopped, we want to wake it up so that we will send another START message at the next TX and trigger the consumer to drain the dring. Signed-off-by: Sowmini Varadhan Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller drivers/net/ethernet/sun/sunvnet_common.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 2493b842f258e14938f278e44ecc26970dfabbf0 Author: Shannon Nelson Date: Mon Feb 13 10:56:57 2017 -0800 sunvnet: make sunvnet common code dynamically loadable When the sunvnet_common code was split out for use by both sunvnet and the newer ldmvsw, it was made into a static kernel library, which limits the usefulness of sunvnet and ldmvsw as loadables, since most of the real work is being done in the shared code. Also, this is simply dead code in kernels that aren't running the LDoms. This patch makes the sunvnet_common into a dynamically loadable module and makes sunvnet and ldmvsw dependent on sunvnet_common. Signed-off-by: Shannon Nelson Signed-off-by: David S. Miller drivers/net/ethernet/sun/Kconfig | 8 ++++++-- drivers/net/ethernet/sun/sunvnet_common.c | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) commit 973f7dd575891d0e67469861b47f43175553f30a Author: Wei Yongjun Date: Thu Feb 9 15:32:21 2017 +0000 spi: bcm-qspi: Remove unnecessary platform_set_drvdata() The driver core clears the driver data to NULL after device_release or on probe failure. Thus, it is not needed to manually clear the device driver data to NULL. Signed-off-by: Wei Yongjun Signed-off-by: Mark Brown drivers/spi/spi-bcm-qspi.c | 1 - 1 file changed, 1 deletion(-) commit 345309fa7c0c9206a5344d379b174499952d79d9 Author: Kamal Dasu Date: Wed Feb 8 15:15:04 2017 -0500 spi: bcm-qspi: Fix bcm_qspi_bspi_read() performance Let bcm_qspi_bspi_flash_read() return all the requested bytes by breaking up the reads for BSPI block into optimal chunks size that a BSPI block can handle. Signed-off-by: Kamal Dasu Signed-off-by: Mark Brown drivers/spi/spi-bcm-qspi.c | 83 +++++++++++++++++++++++++--------------------- 1 file changed, 46 insertions(+), 37 deletions(-) commit 07460b92db7c2d0808cfaae02b325a52c2f7c7a8 Author: Sven Eckelmann Date: Mon Feb 13 16:56:48 2017 +0100 ath9k: Access rchan::buf only with per_cpu helper The relayfs was changed to use per CPU constructs to handle the rchan buffers. But the users of the rchan buffers in other parts of the kernel were not modified. This caused crashes like BUG: unable to handle kernel paging request at 00003a5198a0b910 IP: [] ath_cmn_process_fft+0xea/0x610 PGD 0 [ 179.522449] Oops: 0000 [#1] SMP Modules linked in: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.0-rc5 #1 [...] Call Trace: [ 179.656426] [] ? ath_rx_tasklet+0x2f3/0xd10 [] ? ath9k_tasklet+0x1b6/0x230 [] ? tasklet_action+0xf1/0x100 [] ? __do_softirq+0xef/0x284 [] ? irq_exit+0xae/0xb0 [] ? do_IRQ+0x4f/0xd0 [] ? common_interrupt+0x82/0x82 [ 179.703152] [] ? poll_idle+0x2d/0x57 [] ? sched_clock+0x5/0x10 [] ? cpuidle_enter_state+0xf6/0x2d0 [] ? cpu_startup_entry+0x14e/0x230 [] ? start_kernel+0x461/0x481 [] ? early_idt_handler_array+0x120/0x120 [] ? x86_64_start_kernel+0x14c/0x170 Code: 31 db 41 be ff ff ff ff 4c 8b 26 48 8b 6e 08 49 8b 84 24 60 05 00 00 48 8b 00 0f b7 40 04 66 89 44 24 48 eb 11 48 8b 55 40 48 98 <48> 8b 3c c2 e8 ad a0 a4 ff 01 c3 41 8d 56 01 be 00 02 00 00 48 RIP [] ath_cmn_process_fft+0xea/0x610 RSP CR2: 00003a5198a0b910 Fixes: 017c59c042d0 ("relay: Use per CPU constructs for the relay channel buffer pointers") Cc: Akash Goel Cc: Nick Kossifidis Reported-by: Mathias Kretschmer Signed-off-by: Sven Eckelmann Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath9k/common-spectral.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a6e56d749f1b4c89f24d8cb008385d648fa52582 Author: Felix Fietkau Date: Sun Feb 12 14:29:31 2017 +0100 ath9k: clean up and fix ath_tx_count_airtime ath_tx_count_airtime is doing a lot of unnecessary work: - Redundant station lookup - Redundant rcu_read_lock/unlock - Useless memcpy of bf->rates - Useless NULL check of bf->bf_mpdu - Redundant lookup of the skb tid Additionally, it tries to look up the mac80211 queue index from the txq, which fails if the frame was delivered via the power save queue. This patch fixes all of these issues by passing down the right set of pointers instead of doing extra work Cc: stable@vger.kernel.org Fixes: 63fefa050477 ("ath9k: Introduce airtime fairness scheduling between stations") Signed-off-by: Felix Fietkau Acked-by: Toke Høiland-Jørgensen Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath9k/xmit.c | 52 +++++++++++------------------------ 1 file changed, 16 insertions(+), 36 deletions(-) commit 1235a3b66cbfe4262b52137115056829c1760120 Author: Tobias Klauser Date: Thu Feb 9 12:21:17 2017 +0100 ath6kl: Use net_device_stats from struct net_device Instead of using a private copy of struct net_device_stats in struct ath6kl_vif, use stats from struct net_device. Also remove the now unnecessary .ndo_get_stats function. Signed-off-by: Tobias Klauser Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath6kl/core.h | 1 - drivers/net/wireless/ath/ath6kl/main.c | 8 -------- drivers/net/wireless/ath/ath6kl/txrx.c | 22 +++++++++++----------- 3 files changed, 11 insertions(+), 20 deletions(-) commit a532293fcba4b6b041c1a91674bc284d51280eb7 Author: Ryan Hsu Date: Fri Feb 10 12:27:09 2017 -0800 ath10k: fix the garage chars in board file name creation The variant[] string will be valid only if the bdf_ext is set. The string memory needs to be null-terminated to avoid the undefined garbage appended by the subsequent board file name creation. ath10k_pci 0000:04:00.0: failed to fetch board data for "bus=pci,vendor=168c,device=003e,subsystem-vendor=168c,subsystem-device=3363��P�����" from ath10k/QCA6174/hw3.0/board-2.bin Fixes: f2593cb1b291 ("ath10k: Search SMBIOS for OEM board file extension") Reported-by: Kalle Valo Signed-off-by: Ryan Hsu Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7be52c03bbf7c8f53211ed13810d64dcb2bc7168 Author: Kalle Valo Date: Mon Feb 13 12:38:43 2017 +0200 ath10k: convert warning about non-existent OTP board id to debug message Currently ath10k unncessarily warns about board id not available from OTP: ath10k_pci 0000:02:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0 ath10k_pci 0000:02:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043202ff sub 0000:0000 ath10k_pci 0000:02:00.0: kconfig debug 1 debugfs 1 tracing 1 dfs 1 testmode 1 ath10k_pci 0000:02:00.0: firmware ver 10.2.4.70.9-2 api 5 features no-p2p,raw-mode crc32 b8d50af5 ath10k_pci 0000:02:00.0: board id is not exist in otp, ignore it ath10k_pci 0000:02:00.0: board_file api 1 bmi_id N/A crc32 bebc7c08 ath10k_pci 0000:02:00.0: htt-ver 2.1 wmi-op 5 htt-op 2 cal otp max-sta 128 raw 0 hwcrypto 1 But not all boards have the board id in OTP so this is not a problem and no need to confuse the user with that info. So this can be safely changed to a debug message. Also fix grammar in the debug message. Fixes: d2e202c06ca4 ("ath10k: ignore configuring the incorrect board_id") Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9f5bcfe93315d75da4cc46bd30b536966559359a Author: Michal Kazior Date: Mon Feb 13 12:38:42 2017 +0200 ath10k: silence firmware file probing warnings Firmware files are versioned to prevent older driver instances to load unsupported firmware blobs. This is reflected with a fallback logic which attempts to load several firmware files. This however produced a lot of unnecessary warnings sometimes confusing users and leading them to rename firmware files making things even more confusing. Hence use request_firmware_direct() which does not produce extra warnings. This shouldn't really break anything because most modern systems don't rely on udev/hotplug helpers to load firmware files anymore. For example it was confirmed that LEDE does not user helper. This also fixes a 60 second delay per _each_ unexistent firmware/calibration file with distros which have CONFIG_FW_LOADER_USER_HELPER_FALLBACK enabled, RHEL being a notable example. Using ath10k with firmware-2.bin this might end up into a five minute delay in boot. Signed-off-by: Michal Kazior [kvalo@qca.qualcomm.com: add more info to the commit log] Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 11 +++++------ drivers/net/wireless/ath/ath10k/testmode.c | 5 ++++- 2 files changed, 9 insertions(+), 7 deletions(-) commit 310c01afae0109c37c871887a7c64bc3e4a9e636 Author: Kalle Valo Date: Mon Feb 13 12:38:41 2017 +0200 ath10k: add directory to board data error message This way user has a better idea what file exactly is missing. This is needed when we switch to using request_firmware_direct() which doesn't print any errors anymore. Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1c61bedc0a725f0b019a70bba07cb2cf05c4ae2a Author: Erik Stromdahl Date: Mon Feb 13 12:38:40 2017 +0200 ath10k: fetch firmware images in a loop To make it easier to handle minimum and maximum firmware API numbers convert the firmware fetch functionality to a loop. If no firmware image is found print an error with minimum and maximum API numbers and the name of firmware directory. This is needed when we switch to using request_firmware_direct() which doesn't print any errors anymore. Also add a new function for creating the fw file name dynamically which makes it easier to add new bus support, for example SDIO and USB, later. Signed-off-by: Erik Stromdahl [kvalo@qca.qualcomm.com: remove sdio/usb part, new error message, clarify commit log] Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 51 +++++++++++++++------------------- drivers/net/wireless/ath/ath10k/hw.h | 4 +++ 2 files changed, 27 insertions(+), 28 deletions(-) commit bd08b532f49b640c8d2ba1a7a7344ab206e051cb Merge: 9b8e1056 62980cb Author: David S. Miller Date: Tue Feb 14 12:43:19 2017 -0500 Merge branch 'sfc-bogus-interrupt-mode-fallbacks' Edward Cree says: ==================== sfc: prevent bogus interrupt-mode fallbacks EF10 VFs only support MSI-X interrupts, not MSI or legacy. This series stops the probe logic from trying to fallback to those if MSI-X interrupt probe fails. It also prevents selecting them with the interrupt_mode module parameter. This avoids producing messages like "failed to hook legacy IRQ 0" and "IRQ handler type mismatch for IRQ 0", and ensures that the relevant error (from the attempt to enable MSI-X) is reported to the caller. ==================== Signed-off-by: David S. Miller commit 62980cb6dd2fd2dca34060c4fd77ebafa878272a Author: Andrew Rybchenko Date: Mon Feb 13 14:59:04 2017 +0000 sfc: only fall back to a lower interrupt mode if it is supported If we fail to probe interrupts with our minimum mode, return that error. Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/efx.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 6f9f6ec2e0acea398caf83bf750439c69068de43 Author: Andrew Rybchenko Date: Mon Feb 13 14:57:39 2017 +0000 sfc: MSI-X is the only interrupt mode for EF10 VFs Add min_interrupt_mode specification per NIC type. It is a bit confusing because of "highest interrupt mode is less capable". Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/ef10.c | 2 ++ drivers/net/ethernet/sfc/efx.c | 11 +++++++++-- drivers/net/ethernet/sfc/net_driver.h | 5 ++++- drivers/net/ethernet/sfc/siena.c | 1 + 4 files changed, 16 insertions(+), 3 deletions(-) commit 9b8e1056dbad7ea3f1bcd3db0ea7cf6682d077b1 Merge: 91eaa47 5019ab5 Author: David S. Miller Date: Tue Feb 14 12:41:04 2017 -0500 Merge branch 'bridge-fdb-minor-cleanup' Nikolay Aleksandrov says: ==================== bridge: minor fdb cleanup These patches aim to simplify the bridge fdb API a little by removing some redundant functions and converting them into wrappers of a single function. Also add proper lock checking to avoid future mistakes for the search functions. ==================== Signed-off-by: David S. Miller commit 5019ab50f26c247abb510a80635b25b64b6c1f4b Author: Nikolay Aleksandrov Date: Mon Feb 13 14:59:11 2017 +0100 bridge: fdb: converge fdb_delete_by functions into one We can simplify the logic of entries pointing to the bridge by converging the fdb_delete_by functions, this would allow us to use the same function for both cases since the fdb's dst is set to NULL if it is pointing to the bridge thus we can always check for a port match. Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_fdb.c | 62 +++++++++++++---------------------------------------- 1 file changed, 15 insertions(+), 47 deletions(-) commit 410b3d48f5111a28bb8d4c3d3dc5984c1baf7fc9 Author: Nikolay Aleksandrov Date: Mon Feb 13 14:59:10 2017 +0100 bridge: fdb: add proper lock checks in searching functions In order to avoid new errors add checks to br_fdb_find and fdb_find_rcu functions. The first requires hash_lock, the second obviously RCU. Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_fdb.c | 4 ++++ net/bridge/br_private.h | 9 +++++++++ 2 files changed, 13 insertions(+) commit bfd0aeac52f74bfb44c0974131e44abb33a13e78 Author: Nikolay Aleksandrov Date: Mon Feb 13 14:59:09 2017 +0100 bridge: fdb: converge fdb searching functions into one Before this patch we had 3 different fdb searching functions which was confusing. This patch reduces all of them to one - fdb_find_rcu(), and two flavors: br_fdb_find() which requires hash_lock and br_fdb_find_rcu which requires RCU. This makes it clear what needs to be used, we also remove two abusers of __br_fdb_get which called it under hash_lock and replace them with br_fdb_find(). Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller net/bridge/br_device.c | 2 +- net/bridge/br_fdb.c | 113 ++++++++++++++++++++---------------------------- net/bridge/br_input.c | 4 +- net/bridge/br_private.h | 5 ++- 4 files changed, 54 insertions(+), 70 deletions(-) commit 1427228d5869f5804b03d47acfa4a88122572a78 Author: Kalle Valo Date: Mon Feb 13 12:38:39 2017 +0200 ath10k: fix napi crash during rmmod when probe firmware fails This fixes the below crash when ath10k probe firmware fails, NAPI polling tries to access a rx ring resource which was never allocated. An easy way to reproduce this is easy to remove all the firmware files, load ath10k modules and ath10k will crash when calling 'rmmod ath10k_pci'. The fix is to call napi_enable() from ath10k_pci_hif_start() so that it matches with napi_disable() being called from ath10k_pci_hif_stop(). Big thanks to Mohammed Shafi Shajakhan who debugged this and provided first version of the fix. In this patch I just fix the actual problem in pci.c instead of having a workaround in core.c. BUG: unable to handle kernel NULL pointer dereference at (null) IP: __ath10k_htt_rx_ring_fill_n+0x19/0x230 [ath10k_core] __ath10k_htt_rx_ring_fill_n+0x19/0x230 [ath10k_core] Call Trace: [] ath10k_htt_rx_msdu_buff_replenish+0x42/0x90 [ath10k_core] [] ath10k_htt_txrx_compl_task+0x433/0x17d0 [ath10k_core] [] ? __wake_up_common+0x4d/0x80 [] ? cpu_load_update+0xdc/0x150 [] ? ath10k_pci_read32+0xd/0x10 [ath10k_pci] [] ath10k_pci_napi_poll+0x47/0x110 [ath10k_pci] [] net_rx_action+0x20f/0x370 Reported-by: Ben Greear Fixes: 3c97f5de1f28 ("ath10k: implement NAPI support") Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/pci.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6d21911356377d23b74b0336d228a83a2dfac5cd Author: Amadeusz Sławiński Date: Mon Feb 13 12:38:39 2017 +0200 ath10k: fix comment I wanted to take a look and it's apparently in other header Signed-off-by: Amadeusz Sławiński Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/wmi.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 182f1e5a626e6deb1e09a3d96a65cc64b31437f7 Author: Amadeusz Sławiński Date: Mon Feb 13 12:38:38 2017 +0200 ath10k: use size_t for len variables cleanup to consolidate type used for len variables Signed-off-by: Amadeusz Sławiński Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 2 +- drivers/net/wireless/ath/ath10k/debug.c | 49 +++++++++++++++--------------- drivers/net/wireless/ath/ath10k/spectral.c | 7 +++-- 3 files changed, 29 insertions(+), 29 deletions(-) commit 56ac13bfc703d5189e8b91c5c2f512830d1cb013 Author: Amadeusz Sławiński Date: Mon Feb 13 12:38:37 2017 +0200 ath10k: remove ath10k_vif_to_arvif() it adds unnecessary level of indirection, while we just access structure field Signed-off-by: Amadeusz Sławiński Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/mac.c | 68 +++++++++++++++++------------------ drivers/net/wireless/ath/ath10k/mac.h | 7 +--- drivers/net/wireless/ath/ath10k/p2p.c | 2 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 +- 4 files changed, 37 insertions(+), 42 deletions(-) commit 3ec72a2a1e5d79f64bbe7b89e1064f851d2620e9 Author: Richard Leitner Date: Fri Feb 10 09:19:27 2017 +0100 usb: misc: add USB251xB/xBi Hi-Speed Hub Controller Driver This patch adds a driver for configuration of the Microchip USB251xB/xBi USB 2.0 hub controller series with USB 2.0 upstream connectivity, SMBus configuration interface and two to four USB 2.0 downstream ports. Furthermore add myself as a maintainer for this driver. The datasheet can be found at the manufacturers website, see [1]. All device-tree exposed configuration features have been tested on a i.MX6 platform with a USB2512B hub. [1] http://ww1.microchip.com/downloads/en/DeviceDoc/00001692C.pdf Signed-off-by: Richard Leitner Signed-off-by: Greg Kroah-Hartman Documentation/devicetree/bindings/usb/usb251xb.txt | 83 +++ MAINTAINERS | 8 + drivers/usb/misc/Kconfig | 9 + drivers/usb/misc/Makefile | 1 + drivers/usb/misc/usb251xb.c | 605 +++++++++++++++++++++ 5 files changed, 706 insertions(+) commit ef5ec7f08d6750b4786efe8dc76184fd86f85d4c Author: Colin Ian King Date: Sun Feb 12 18:35:18 2017 +0000 usb: misc: usbtest: remove redundant check on retval < 0 The check for retval being less than zero is always true since retval equal to -EPIPE at that point. Replace the existing conditional with just return retval. Detected with CoverityScan, CID#114349 ("Logically dead code") Signed-off-by: Colin Ian King Reviewed-by: Peter Chen Signed-off-by: Greg Kroah-Hartman drivers/usb/misc/usbtest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cf13a747b169e355f55ac5d6504700936d5298e3 Author: Arushi Singhal Date: Tue Feb 14 22:31:20 2017 +0530 staging:nvec:nvec_ps2.c: Prefering kzalloc(sizeof(*ser_dev)...) over kzalloc(sizeof(struct serio)...) Prefer kzalloc(sizeof(*ser_dev)...) over kzalloc(sizeof(struct serio)...) as reported by checkpatch.pl. Signed-off-by: Arushi Singhal Signed-off-by: Greg Kroah-Hartman drivers/staging/nvec/nvec_ps2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5cec5bacd37784a1596d2f8fea377212948a0bf4 Author: Julia Lawall Date: Sun Feb 5 22:39:37 2017 +0100 tpm xen: drop unneeded chip variable The call that used chip was dropped in 1f0f30e404b3. Drop the leftover declaration and initialization. Signed-off-by: Julia Lawall Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen drivers/char/tpm/xen-tpmfront.c | 2 -- 1 file changed, 2 deletions(-) commit 39f5712b8f0167b446dd8a0a3754d6cd50e27dd8 Author: Dmitry Torokhov Date: Sun Feb 5 20:47:18 2017 -0800 tpm: fix misspelled "facilitate" in module parameter description I typoed "facilitate" as "faciltate" a few years back... Signed-off-by: Dmitry Torokhov Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen drivers/char/tpm/tpm-interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5939eaf4f9d432586dd2cdeea778506471e8088e Author: Wei Yongjun Date: Tue Feb 7 15:51:47 2017 +0000 tpm_tis: fix the error handling of init_tis() Add the missing platform_driver_unregister() and remove the duplicate platform_device_unregister(force_pdev) in the error handling case. Fixes: 00194826e6be ("tpm_tis: Clean up the force=1 module parameter") Cc: stable@vger.kernel.org Signed-off-by: Wei Yongjun Reviewed-by: Jason Gunthorpe Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen drivers/char/tpm/tpm_tis.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 842954a8e3ec2d3a5e117c95533eb02ad73b3a2f Author: Shishir Kulkarni Date: Tue Feb 14 00:09:00 2017 +0530 Staging: rtl8188eu: core/rtw_led.c: format line to reduce it below 80 characters Fixes checkpatch.pl warning: "WARNING: line over 80 characters" Signed-off-by: Shishir Kulkarni Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8188eu/core/rtw_led.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit ebd622860988b7c1ffd8bb22d6c0dfdecbda0c75 Author: Hendrik v. Raven Date: Tue Feb 14 10:35:15 2017 +0100 staging: bcm2835-audio: remove unused macro The VC_AUDIO_MAX_MSG_LEN macro is not used by anything in the bcm2835-audio driver. Signed-off-by: Hendrik v. Raven Signed-off-by: Greg Kroah-Hartman drivers/staging/bcm2835-audio/vc_vchi_audioserv_defs.h | 3 --- 1 file changed, 3 deletions(-) commit 65ab7c241038f0486600288adc1b449b52ae3e16 Author: Abhijit Naik Date: Tue Feb 14 00:42:17 2017 +0530 staging: bcm2835-audio: Fixed checkpatch warning due to line spacing bcm2835-vchiq.c: fixing ERROR: Checkpatch warnings due to extra blank lines or absence of blank lines where needed. Signed-off-by: Abhijit Naik Signed-off-by: Greg Kroah-Hartman drivers/staging/bcm2835-audio/bcm2835-vchiq.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) commit 4cf64a5f512da749ef635431fdf5da56bf1652af Author: Franck Demathieu Date: Mon Feb 13 09:35:19 2017 +0100 staging: nvec: Fix incorrect type of i2c address The i2c address is unsigned according to the dt-bindings. Fix sparse issue (-Wtypesign): drivers/staging/nvec/nvec.c:781:35: warning: incorrect type in argument 3 (different signedness) drivers/staging/nvec/nvec.c:781:35: expected unsigned int [usertype] *out_value drivers/staging/nvec/nvec.c:781:35: got int * Signed-off-by: Franck Demathieu Acked-by: Marc Dietrich Signed-off-by: Greg Kroah-Hartman drivers/staging/nvec/nvec.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 07e9ef146071adf316312b3dd4abfe41c9a45a7d Author: Bogdan Purcareata Date: Mon Feb 13 18:40:41 2017 +0200 staging: fsl-mc: Add missing header Compiling the fsl-mc bus driver will yield a couple of static analysis errors: warning: symbol 'fsl_mc_msi_domain_alloc_irqs' was not declared warning: symbol 'fsl_mc_msi_domain_free_irqs' was not declared. warning: symbol 'its_fsl_mc_msi_init' was not declared. warning: symbol 'its_fsl_mc_msi_cleanup' was not declared. Since these are properly declared, but the header is not included, add it in the source files. This way the symbol is properly exported. Signed-off-by: Bogdan Purcareata Signed-off-by: Greg Kroah-Hartman drivers/staging/fsl-mc/bus/fsl-mc-msi.c | 1 + drivers/staging/fsl-mc/bus/irq-gic-v3-its-fsl-mc-msi.c | 1 + 2 files changed, 2 insertions(+) commit 17f84b793c01452e8802ef80324863b8da7d900b Author: Hauke Mehrtens Date: Tue Feb 14 00:31:11 2017 +0100 spi: lantiq-ssc: add support for Lantiq SSC SPI controller This driver supports the Lantiq SSC SPI controller in master mode. This controller is found on Intel (former Lantiq) SoCs like the Danube, Falcon, xRX200, xRX300. The hardware uses two hardware FIFOs one for received and one for transferred bytes. When the driver writes data into the transmit FIFO the complete word is taken from the FIFO into a shift register. The data from this shift register is then written to the wire. This driver uses the interrupts signaling the status of the FIFOs and not the shift register. It is also possible to use the interrupts for the shift register, but they will send a signal after every word. When using the interrupts for the shift register we get a signal when the last word is written into the shift register and not when it is written to the wire. After all FIFOs are empty the driver busy waits till the hardware is not busy any more and returns the transfer status. Signed-off-by: Daniel Schwierzeck Signed-off-by: Hauke Mehrtens Signed-off-by: Mark Brown .../devicetree/bindings/spi/spi-lantiq-ssc.txt | 29 + drivers/spi/Kconfig | 8 + drivers/spi/Makefile | 1 + drivers/spi/spi-lantiq-ssc.c | 983 +++++++++++++++++++++ 4 files changed, 1021 insertions(+) commit 2c9c5f5a7310b62af66d7ecf6486371626b9ebf0 Author: Karthik Nayak Date: Thu Feb 9 17:36:50 2017 +0530 staging: comedi: ni_pcimio: remove unused variable 'serial_number' The struct 'ni_private' holds the variable 'serial_number' which post assignment is never used. Remove the variable and code pertaining to obtaining its value. As a side note, this also fixes the following sparse error: drivers/staging/comedi/drivers//ni_pcimio.c:1229:32: warning: incorrect type in assignment (different base types) drivers/staging/comedi/drivers//ni_pcimio.c:1229:32: expected restricted __be32 [usertype] serial_number drivers/staging/comedi/drivers//ni_pcimio.c:1229:32: got unsigned int Signed-off-by: Karthik Nayak Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers/ni_pcimio.c | 9 --------- drivers/staging/comedi/drivers/ni_stc.h | 1 - 2 files changed, 10 deletions(-) commit e1ea433d6ea42f0809a3214ca04053ad776ffcb0 Author: Saber Rezvani Date: Fri Feb 10 21:41:11 2017 +0330 staging: comedi: dyna_pci10xx: usleep_range is preferred over udelay Fix the checkpatch.pl issue: CHECK: usleep_range is preferred over udelay Signed-off-by: Saber Rezvani Reviewed-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers/dyna_pci10xx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit df6ff8a1ee3c6cfd7957cb26357ddcbbe9c25348 Author: Saber Rezvani Date: Fri Feb 10 21: